The URL can be used to link to this page

Home My WebLink AboutFoundant Technologies Inc; 2023-02-17; PSALCA-23091CAFoundant Technologies Subscription Contract for: City of Carlsbad Date: Mar 1, 2023 Expires in 90 Days Foundant Technologies, Inc. Client Order Form v042022 Greetings! On the next page you will find the quote for your Foundant license renewal. It is our sincere hope that your relationship and investment with Foundant has exceeded expectations. We take your success seriously and would ask if you have any suggestions or comments, to please let us know. In an effort to save you time and paper, you have the option to sign electronically. Instructions for both electronic signature and for printing are located below. Directions for signing your Quote below: To Change Signees: Should you need to change signees, Choose “Other Actions” and Assign to Someone Else. Sign Electronically: 1. Review the following pages 2. Click the Start button above 3. If the quote is correct and you’re ready to approve, click the Sign button on the last page, select a signature, and hit Accept and sign 4. Complete the additional fields with your information 5. When your electronic signature shows up, click Finish 6. You will automatically receive a copy of this signed document via email Print, Sign, And Send: 1. Click the Other Actions button above 2. Select Download and as single PDF and review 3. If the quote is correct and you’re ready to approve, print, sign, scan/upload and email it back to us at: kim.zimmer@foundant.com After we receive your signed quote, we will send an invoice to the billing contact within 7 to 10 business days. I would also like to let you know about a couple of new opportunities available: Standard+2 Features and New Administrator Training: 1. The Standard+2 License was created to offer those clients who are happy with their Standard GLM License, but could use just a little boost… without having to jump up to Advanced. This option lets you choose only the capabilities most useful for your organization, at a price you can afford. 2. Onboarding a new team member? Take advantage of our New Administrator Training to get them ramped up with GLM fast! Please feel free to reach out to me with any questions about these options, or you can copy/paste this link into your browser and find more information: Boost Your Foundant Solution If you have any questions or concerns about the renewal process, please feel free to contact me. Best regards, Kim Zimmer PSALCA-23091CA Page 1 of 5 DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 FOUNDANT I technologies Foundant Technologies Subscription Contract for: City of Carlsbad Date: Mar 1, 2023 Expires in 90 Days Foundant Technologies, Inc. Client Order Form v042022 Foundant Technologies, Inc. Contact: Kim Zimmer kim.zimmer@foundant.com 143 Willow Peak Drive Bozeman, MT 59718 (406) 922-5125 City of Carlsbad Contact: Richard Schultz richard.schultz@carlsbadca.gov 1775 Dove Lane Carlsbad, CA 92011 3107569936 Software and Services Chart (“Software and Services Chart”): QTY SKU Product Description Subscription Start Subscription End Price (“Price”)Cost (USD) 1 GLM2STD Grant Lifecycle Manager (GLM) - Standard Two-Year Licensed Subscription Includes 5 GLM Grant Processes, hosting, maintenance and support with no limitations on the number of users or incoming requests. 2/17/2023 2/16/2025 $10,800.00 $10,800.00 Total $10,800.00 PSALCA-23091CA Page 2 of 5 DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 FOUNDANT I technologies Foundant Technologies Subscription Contract for: City of Carlsbad Date: Mar 1, 2023 Expires in 90 Days Foundant Technologies, Inc. Client Order Form v042022 Client Order Form for Grant Lifecycle Manager (“GLM”) and Scholarship Lifecycle Manager (“SLM”) 1.Foundant Technologies, Inc.’s Platform access and Services are provided in accordance with the terms and conditions listed in this Client Order Form (“Client Order Form”) as well as those set forth in the following, which are incorporated by reference, and collectively with any Statements of Work (“SOW”) represent the Agreement (the “Agreement”) between City of Carlsbad, 1775 Dove Lane, Carlsbad, CA 92011 (the “Client”), and Foundant Technologies, Inc., a Montana company located at 143 Willow Peak Drive, Bozeman, MT 59718 (“Foundant Technologies” ): a. Attached as EXHIBIT A - Master Subscription Agreement (“MSA”) b. Attached as EXHIBIT B - Data Processing Agreement (“DPA”) c. Attached as EXHIBIT C - Service Level Agreement (“SLA”) d. Attached as EXHIBIT D - Professional Services Agreement (“PSA”) 2.All quoted prices are in U.S. dollars. All payments shall be in U.S. dollars and are due net thirty (30) days from the invoice date. 3.This Client Order Form is valid for ninety (90) days after issuance and shall become binding upon execution by Client and Foundant Technologies. 4.A five percent (5%) discount will be applied to Client purchases of access to two (2) SAAS subscriptions for Service Provider Software and a ten percent (10%) discount will be applied to Client purchases of access to three (3) or more SAAS subscriptions for Service Provider Software. 5.The term of the Agreement (the “Term”) begins on the later date signed by both Parties below (the “Effective Date”). 6.The Subscription Term(s) (“Subscription Term”) for the Software commences on the initial date shown for each Subscription Term shown in the Software and Services Chart. 7.The Software identified in this Client Order Form requires Client to pay the Fees in full and in advance. Client will be invoiced for the Fees upon execution of this Client Order Form. All Platform access rights include maintenance and support with no limitations on the number of users. 8.Unless otherwise specified in the SOW, the Fees for Professional Services are fixed and will be invoiced upon execution of this Client Order Form. Travel expenses associated with Professional Services will be invoiced monthly, if incurred. All Professional Services shall expire at the end of the Subscription Term and must be initiated within the first twelve (12) months of the Effective Date of this Client Order Form. 9.Fees do not take into account any sales tax. Foundant Technologies collects and remits sales tax from our Clients located in certain state and local jurisdictions. Foundant Technologies determines your local taxing jurisdiction based upon shipping address (i.e., the primary business location from which the Platform is accessed). In order to determine if you are exempt from sales tax, you must provide proof of your organization's state sales tax exemption. Please note that states do not recognize your 501(c)3 letter as proof of exemption. 10.Should Foundant Technologies’ Prices increase prior to your renewal date, we commit that your next renewal will be no more than a ten percent (10%) increase over your most current Price. 11.All GLM and SLM subscriptions include hosting, maintenance, and support with no limitations on the number of users. 12.GuideStar by Candid is licensed for up to one thousand (1,000) total lookups per Software subscription (as applicable) over the subscription term based on the items purchased via this Client Order Form. 13.Unless otherwise noted, client activity level is expected to be less than five thousand (5,000) online form submissions through GLM and/or SLM per week (as applicable). Any deviation from this expectation should be communicated by Client to Foundant Technologies at least thirty (30) days prior to the initiation of such activity and Foundant Technologies reserves the right to limit access to GLM and/or SLM (as applicable) if adequate notice is not provided. 14.Capitalized terms used but not defined herein have the meaning given in the Agreement. 15.If there are special conditions documented below, the order of precedence in the MSA shall apply. PSALCA-23091CA Page 3 of 5 DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 FOUNDANT I technologies Foundant Technologies Subscription Contract for: City of Carlsbad Date: Mar 1, 2023 Expires in 90 Days Foundant Technologies, Inc. Client Order Form v042022 Special Conditions: Split Payment Terms: a.The first invoice of $5,400 due net 30 days of invoice for year one of subscription. b. The second invoice in the amount $5,400 will be sent on January 16th, 2024, and is due net thirty (30) days from the invoice date. 2. The MSA is amended as set forth below: A. Section 5.1 is replaced with the following Section 5.1: 5.1 Term. As noted in the Client Order Form, the Term of this Agreement commences on the Effective Date. The Term continues until the Subscription Term(s) in the Client Order Form has terminated. Prior to each Notice Period, updated pricing and Subscription Term(s) will be communicated to the Client with an updated Client Order Form. Such updated Client Order Form will become part of the Agreement. The Term and each Renewal Term are collectively referred to as the (“Order Term”). B. Section 12.5, Governing Law, is deleted in its entirety and replaced with “Omitted.” By accepting this Client Order Form that references the MSA, DPA, SLA, PSA, and SOW(s), Client agrees to the terms and conditions of this collective Agreement. Any additional or different terms (whether included in your purchase order, your response to this proposal, or elsewhere) not expressly listed herein, shall be disregarded and shall not bind either Party. Additionally, if you are entering into this Agreement on behalf of a Client or other legal entity, you warrant that: (i) you have the full legal authority to bind such entity and its Affiliates to these terms and conditions, and in the event such Affiliates exist, the term “Client” shall refer to such entity and its Affiliates; (ii) you have read and understand this Agreement; and, (iii) you agree, on behalf of Client, to this Agreement. If you do not have such legal authority, or if you do not agree with these terms and conditions, you must not accept this Agreement and shall not be permitted to use the Software or Services. //// // //////// // //////// // //////// // //////// // //// PSALCA-23091CA Page 4 of 5 DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 FOUNDANT I technologies City of Carlsbad Foundant Technologies, Inc. By: __________________________________ By: ____________________________________ Name: RICHARD SCHULTZ Name: CHRIS DAHL Title: Cultural Arts Manager Title: CEO & CFO Foundant Technologies, Inc. By: __________________________________ Date: ____________________________________ Name: SUZANNE SMITHSON Title: Library & Cultural Arts Director As authorized by the City Manager By: __________________________________ Name: ALLEGRA FROST Title: Assistant City Attorney APPROVED AS TO FORM For CINDI K. McMAHON, City Attorney By: __________________________________ Name: TAMMY R. McMINN Title: For SHERRY FREISINGER, City Clerk Date: __________________________________ Billing Information (please complete): Billing Contact Name Richard Schulz Billing Contact Email: Richard.Schultz@carlsbadca.gov Is a Purchase Order Required? (Check for Yes) ☒ PSALCA-23091CA Page 5 of 5 DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 CEO Foundant Technologies, Inc. 3/7/2023 3/13/2023 w Foundant Technologies, Inc. Master Subscription Agreement (MSA) v042022 Page 1 of 15 EXHIBIT A - MASTER SUBSCRIPTION AGREEMENT Foundant Technologies, Inc. This Master Subscription Agreement (“MSA”) is effective as of the Effective Date by and between Client (hereinafter referred to as “Client”) and Foundant Technologies, Inc. (“Foundant Technologies” or “Service Provider”) (singularly, a “Party” and collectively, the “Parties”). Client desires to use Service Provider’s Platform and the Services as outlined in the Client Order Form and elsewhere in the Agreement pursuant to the terms and conditions of the Client Order Form, this MSA, the Data Processing Agreement, the Service Level Agreement. the Professional Services Agreement, and any related Statements of Work (collectively, the “Agreement”). The Parties agree as follows: 1. DEFINITIONS. 1.1 “Affiliate” means, with respect to a Party, any other individual, corporation, partnership (formal or informal), joint venture, limited liability entity, foundation, governmental authority, unincorporated organization, trust, association, component funds, or other entity that directly or indirectly controls, is controlled by, or is under common control with such entity, through one or more intermediaries or contractual relationships, where “control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of such entity. 1.2 “Client Data” means the electronic data and information that is: (a) input into the Platform by or on behalf of Client; or, (b) provided by a User in connection with the use of the Platform and may include, but is not limited to, names and email addresses. Client Data does not include Usage Data. 1.3 “Content” means content, data, and information that is owned or licensed by Service Provider or any of its licensors that is provided or made available by Service Provider through use of the Platform or as part of or in connection with Service Provider’s provision of Services. Content does not include Client Data. 1.4 “Documentation” means any user materials, instructions, and specifications, written or otherwise, made available by Foundant Technologies to Client for the Software and Services. 1.5 “Platform” means the Service Provider’s proprietary Software identified in the Client Order Form and any Updates associated therewith. The Platform does not include Client’s connectivity equipment, internet and network connections, hardware, software, and other equipment as may be necessary for Client and its Users to connect to and obtain access to the Platform or to utilize the Services. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v042022 Page 2 of 15 1.6 “Prohibited Data” means any of the following: (i) “protected health information” or “individually identifiable health information” as defined under 45 C.F.R. § 160.103 or similar state laws; (ii) any information deemed to be special categories of data as set forth in Article 9 of the EU General Data Protection Regulation or similar data protection laws or regulations; (iii) “nonpublic personal information” as defined under the Gramm-Leach-Bliley Act; and/or, (iv) children’s personal information protected by the Children’s Online Privacy Protection Act. 1.7 “Professional Services” means the migration, training, implementation, integration, and configuration services to be performed by Service Provider as listed in the Client Order Form. 1.8 “Services” means, collectively, Professional Services, Support Services, and any other sub- processor services made available on, by, or through the Platform as described in this Agreement. 1.9 “Software” means Service Provider’s proprietary software-as-a-service (“SAAS”) subscription(s) identified in the Software and Services Chart shown in the Client Order Form. 1.10 “Support Services” means the technical support and Software maintenance as described in the Service Level Agreement located at: https://www.foundant.com/legal/. 1.11 “Third Party Services” means services provided by a third party. 1.12 “User/s” means Client’s employees, independent contractors, donors, grant or scholarship applicants, and other individuals who are authorized by Client to use the Software or receive the Services on behalf of Client. 1.13 “Usage Data” means any content, data, or information that is collected or produced by the Platform in connection with the use of the Services in an anonymized, aggregated format that is not identifiable to Client or a particular User, and may include, but is not limited to, usage patterns, traffic logs and user conduct associated with the Platform. 2. SERVICES. 2.1 Provision of Services. Subject to the terms and conditions of this Agreement, Service Provider shall provide the Services or enable the Services to be provided to Client and its Users. 2.2 Cooperation. Client shall supply to Service Provider the Client Data for input into the Platform. Client shall also provide Service Provider with access and personnel resources DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 FOUNDANT I technologies Foundant Technologies, Inc. Master Subscription Agreement (MSA) v042022 Page 3 of 15 reasonably requested by Service Provider to enable Service Provider to provide the Services and Software functionality as set forth in this Agreement and the Documentation. 2.3 Resources. Client is solely responsible for, at its own expense, acquiring, installing, and maintaining all connectivity equipment, internet and network connections, hardware, software, and other equipment as may be necessary for its Users to connect to and access the Platform. 3. GRANT OF RIGHTS. 3.1 Access Rights; Client’s Use of the Platform. Subject to the terms and conditions of this Agreement, Service Provider hereby grants to Client and Users, during the Order Term (as defined below), a nonexclusive, non-sublicensable right to remotely access and use the Platform for Client’s, and its Affiliates’, internal business purposes in accordance with the Documentation and the terms and conditions of this Agreement. Service Provider reserve all rights in and to the Platform not expressly granted to Client under this Agreement. Client may use reports generated from the Platform solely for Client’s lawful internal purposes and in accordance with this Agreement. 3.2 Restrictions on Use. Client shall not: (a) reproduce, display, download, modify, rent, license, sell, assign, distribute, outsource, sublicense, share, transfer, lease, create derivative works of, or distribute the Platform; (b) attempt to reverse engineer, decompile, disassemble, de-encrypt, access, or the like, the source code for the Platform or any component thereof; (c) use the Platform, or any component thereof, in the operation of a service bureau or to support or process any content, data, or information of any party other than Client or Client Affiliates; (d) permit any party, other than the then-currently authorized Users to independently access the Platform; (e) interfere with or disrupt the integrity or performance of the Platform or the data contained therein; (f) attempt to gain unauthorized access to the Platform or its related systems or networks; (g) access or use the Services to build or support, directly or indirectly, products, or services competitive to the Service Provider; (h) provide or make available Prohibited Data to Service Provider; or, (i) use the Platform or Services to collect or otherwise process Prohibited Data. 3.3 Users. Under the rights granted to Client under this Agreement, Client may permit independent contractors and employees of its Affiliates to become Users in order to access and use the Platform in accordance with this Agreement; provided that Client will be liable for the acts and omissions of all contractors, Affiliates and Users to the extent any of such acts or omissions, if performed by Client, would constitute a breach of, or otherwise give rise to liability to Client under, this Agreement. Client shall not, and shall not permit any User to, use the Platform, Software, or Documentation except as expressly permitted under this Agreement. Client shall be fully responsible for Users’ compliance with this Agreement. 4. FEES AND PAYMENT TERMS. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v042022 Page 4 of 15 4.1 Price. Client shall pay Service Provider the Price(s) in the Software and Services Chart of the Client Order Form (“Fees”) in accordance with the terms of this Agreement. The Fees associated with the Software in the Software and Services Chart comprise Software Fees (“Software Fees”). Fees are exclusive of, and Client shall pay, all taxes, fees, duties, levies and other governmental charges of any nature, including, for example, value-added, sales use, or withholding taxes, assessable by any jurisdiction arising from the payment of any Fees or any amounts owed to Service Provider under this Agreement (excluding any taxes arising from Service Provider’s income or any employment taxes). Fees for any Services requested by Client that are not set forth in Client Order Form will be charged as mutually agreed to by the parties in writing. 4.2 Payment. Except as otherwise set forth in Client Order Form Client shall pay to Service Provider all Fees within thirty (30) days from the invoice date. If Client disagrees with any Fees set forth in an invoice, it shall notify Service Provider of the dispute within thirty (30) days after receipt of such invoice. Client’s failure to provide Service Provider with notice of disputed invoiced amounts within the timeframe noted shall be deemed to be Client’s acceptance of the content of such invoice. All payments received by Service Provider are non-refundable except as otherwise expressly provided in this Agreement. Client shall make all payments in United States dollars. 4.3 Charges. Client shall pay a finance charge on any overdue payment hereunder of one and one-half per cent (1-1/2%) for each month or portion thereof that such payment is overdue, or the highest interest rate permitted by applicable law, whichever is the lower. Interest shall compound monthly. Such fees do not include any taxes, and Client shall pay any sales, use, value added or other taxes or import duties (other than corporate income taxes payable by Service Provider) based on or due as a result of any amounts paid hereunder. Client shall bear all of Service Provider’s costs of collection of overdue fees, including reasonable attorneys' fees. 4.4 Suspension. If any charge owing by Client under this Agreement is thirty (30) days or more overdue, Service Provider may, without limiting its other rights and remedies, suspend Services and access to the Platform until such amounts are paid in full on the condition that Service Provider provides Client with at least ten (10) days’ prior notice that its account is overdue before suspending Services to Client. 5. TERM, TERMINATION & SUSPENSION. 5.1 Term. As noted in the Client Order Form, the Term of this Agreement commences on the Effective Date. The Term continues until the Subscription Term(s) in the Client Order Form has terminated. Prior to each Notice Period, updated pricing and Subscription Term(s) will be communicated to the Client with an updated Client Order Form. Such updated Client Order Form will become part of the Agreement. The Term and each Renewal Term are collectively referred to as the (“Order Term”). DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v042022 Page 5 of 15 5.2 Suspension. In addition to any of its other rights or remedies (including, without limitation, any termination rights) set forth in this Agreement, Service Provider reserves the right to suspend provision of the Services and access to the Platform: (i) if Service Provider determines Client has breached Section 6; (ii) to avoid material harm to Client or Client’s customers, as determined by Service Provider, including if the Platform is experiencing denial of service attacks, mail flooding, or other attacks or disruptions outside of Service Provider’s control; (iii) as required by law or at the request of governmental entities; or, (iv) if Client uses the Services or Platform in association with illegal activity, harassment of any kind, or Software testing. Client acknowledges that if access to the Services or Platform is suspended, Client may no longer have access to the Client Data or may experience a decrease in the performance level of the Services or Platform. 5.3 Service Provider Termination for Cause. Service Provider may terminate this Agreement upon notice if the Client breaches any material provision of this Agreement and does not cure such breach (provided that such breach is capable of cure) within thirty (30) days after being provided with written notice of such breach. 5.4 Effects of Service Provider Termination for Cause. Upon termination of this Agreement under Section 5.3: (a) all amounts owed to Service Provider under this Agreement before such termination will be due and payable; (b) all rights granted in this Agreement will immediately cease; (c) Client shall promptly discontinue all access and use of the Platform and return or erase, all copies of the Documentation in Client’s possession or control; and, (d) Service Provider shall return or erase all Client Data in accordance with the Data Processing Agreement. 5.5 Client Termination for Convenience. Client may terminate this Agreement upon thirty (30) day notice to Service Provider for any reason. 5.6 Effects of Client Termination. If Client termination occurs within the first ninety (90) days of the Term, Service Provider will refund one hundred percent (100%) of the paid Software Fees. If Client termination occurs subsequent to the first ninety (90) days or during a Renewal Term, Service Provider will refund a prorated amount of the unused portion of the paid Software Fees. Furthermore, upon Client termination of this Agreement: (a) all rights granted in this Agreement will immediately cease; (b) Client shall promptly discontinue all access and use of the Platform and verify the return or erasing of all copies of the Documentation in Client's possession or control; and, (c) Service Provider shall return or erase all Client Data within thirty (30) days of termination, subject to Service Provider’s standard back-up retention schedules. 5.7 Return of Client Data. In the event that Client submits a written request to Service Provider to return Customer Data at the time of termination, Service Provider will provide Client with commercially reasonable assistance in extracting requested Customer Data via reporting DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v042022 Page 6 of 15 tool functionalities of the Platform. Customer Data will be provided to Client in the same format as such data is stored by Service Provider in one or more comma delimited text files (i.e., .CSV format) or another format reasonably determined by Service Provider. Service Provider shall have no other obligation to maintain any Customer Data stored in the Platform following any termination of this Agreement, or to forward any Customer Data to Client. Any requests for a customized export of Customer Data will be considered additional Professional Services, and the fees and scope must be mutually agreed by the parties in a separate Client Order Form or statement of work. 6. PROPRIETARY RIGHTS. 6.1 Client. As between the Parties, Client owns all right, title, and interest in Client Data, including all intellectual property rights therein. Any rights in Client Data not expressly granted to Service Provider hereunder are reserved by Client, its licensors, and suppliers. 6.2 Client Data License Grant. Client hereby grants to Service Provider, during the Order Term, a limited, non-exclusive, non-transferable (except as provided in this Agreement), non- sublicensable license to use the Client Data to: (a) provide the Platform and the Services to Client; (b) perform its obligations and exercise its rights under this Agreement; and, (c) generate anonymized and aggregated data and information (“Aggregated Data”). 6.3 Service Provider. All proprietary technology utilized by Service Provider to perform its obligations under this Agreement, including, but not limited to, the Software, and all intellectual property rights in and to the foregoing are the exclusive property of Service Provider. Any and all derivative works to the proprietary technology including the Software, Content, Documentation, and/or any other similar information shall be owned by Service Provider and Client shall have the same rights and licenses to such derivative works as Client has to the Software. Service Provider or its third party licensors retain ownership of all right, title, and interest to all copyrights, patents, trademarks, trade secrets, and other intellectual property rights in and to the Content and the Platform, including, without limitation, the Software, Service Provider’s database (and all data therein except for Client Data), Documentation, customizations, enhancements, and all processes, know-how, and the like utilized by or created by Service Provider in performing under this Agreement. Any rights not expressly granted to Client hereunder are reserved by Service Provider. Client shall not at any time, directly or indirectly, challenge the scope, validity, or ownership of Service Provider’s, or its licensors’, rights in the Software or do any act that could reasonably be expected to impair the scope, validity, or ownership of such rights. Each Party agrees to promptly notify, in writing, the other Party upon gaining knowledge of any infringement, dilution, or similar harm to the other Party’s intellectual property or related rights or information. 6.4 Usage Data. Service Provider owns all right, title, and interest in and to Usage Data and Aggregated Data (collectively, “Foundant Data”). Service Provider may use Foundant Data DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v042022 Page 7 of 15 in connection with its performance of its obligations in this Agreement and for any other lawful business purpose, including, but not limited to, benchmarking, data analysis, and to improve Service Provider’s services, systems, and algorithms. 7. WARRANTY & DISCLAIMERS. 7.1 Access to the Platform. Service Provider warrants that the Platform will perform in accordance with the Documentation and this Agreement. Service Provider does not warrant that the Platform will be completely error-free or uninterrupted. If Client notifies Service Provider of a reproducible error in the Platform that indicates a breach of the foregoing warranty (each, an “Error”) within thirty (30) days after Client experiences such Error, Service Provider shall, at its own expense and as its sole obligation and Client’s exclusive remedy: (a) use commercially reasonable efforts to correct or provide a workaround for any Error; or, (b) if Service Provider is unable to provide a correction or workaround for any such Error in a commercially reasonable manner after receiving notice of an Error from Client, Client may terminate this Agreement upon notice to Service Provider and, Service Provider shall refund the amounts paid by Client for access to the Platform for the period during which the Platform was not usable by Client. The warranties set forth in this Section 7.1 do not cover or apply to: (i) any Error caused by Client or its Users; (ii) any Error or unavailability of the Platform caused by use of the Platform in any manner or in any environment inconsistent with its intended purpose; (iii) any of Client’s hardware or software if modified or repaired in any manner which materially adversely affects the operation or reliability of the Platform; or, (iv) any equipment or software or other material utilized in connection with the Platform used by Client contrary to manufacturer's instructions. 7.2 Right to Client Data. Client represents and warrants that it has the right to: (a) use the Client Data as contemplated by this Agreement; and, (b) grant Service Provider the licenses as contemplated by this Agreement. 7.3 Disclaimer. EXCEPT AS EXPRESSLY PROVIDED IN THIS SECTION 7 AND SECTION 7.1 OF THE PSA, THE PLATFORM, PROFESSIONAL SERVICES, AND DELIVERABLES ARE PROVIDED “AS IS” AND NEITHER PARTY MAKES ANY WARRANTIES OF ANY KIND OR ANY REPRESENTATIONS TO THE OTHER PARTY OR ANY THIRD PARTY AND EACH PARTY SPECIFICALLY DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF MERCHANTABILITY, USABILITY, CONDITION, OPERATION, OR FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, COMPATIBILITY, SECURITY, ACCURACY AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR COURSE OF PERFORMANCE. 8. INDEMNIFICATION. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v042022 Page 8 of 15 8.1 Claims Against Client. Service Provider shall defend any claim, suit, or action against Client brought by a third party to the extent based on an allegation that the Software infringes any intellectual property rights of such third party (each, a “Client Claim”), and Service Provider shall indemnify and hold Client harmless, from and against damages, losses, liabilities, and expenses (including reasonable attorneys’ fees and other legal expenses) (collectively, “Losses”) that are specifically attributable to such Client Claim or those costs and damages agreed to in a settlement of such Client Claim. The foregoing obligations are conditioned on Client: (a) promptly notifying Service Provider in writing of such Client Claim; (b) giving Service Provider sole control of the defense thereof and any related settlement negotiations; and, (c) cooperating and, at Service Provider’s request and expense, assisting in such defense. In the event that the use of the Platform is enjoined, Service Provider shall, at its option and at its own expense either: (a) procure for Client the right to continue using the Platform; (b) replace the Software with a non-infringing but functionally equivalent product; (c) modify the Software so it becomes non-infringing; or, (d) terminate this Agreement and refund the amounts Client paid for access to the Platform that relate to the period during which Client was not able to use the Platform. Notwithstanding the foregoing, Service Provider will have no obligation under this Section 8.1 with respect to any infringement claim based upon: (1) any use of the Platform not in accordance with this Agreement; (2) any use of the Platform in combination with products, equipment, software, or data that Service Provider did not supply or approve of; or, (3) any modification of the Platform by any person other than Service Provider or its authorized agents or subcontractors. This Section 8.1 states Service Provider’s entire liability and Client’s sole and exclusive remedy for Client Claims. 8.2 Claims Against Service Provider. Client shall defend, any claim, suit, or action against Service Provider brought by a third party to the extent that such claim, suit or action is based upon Client's or Service Provider’s use of any Client Data in accordance with this Agreement (“Service Provider Claim”) and Client shall indemnify and hold Service Provider harmless, from and against Losses that are specifically attributable to such Service Provider Claim or those costs and damages agreed to in a settlement of such Service Provider Claim. The foregoing obligations are conditioned on Service Provider: (a) promptly notifying Client in writing of such Service Provider Claim; (b) giving Client sole control of the defense thereof and any related settlement negotiations; and, (c) cooperating and, at Client’s request and expense, assisting in such defense. Notwithstanding the foregoing, Client will have no obligation under this Section 8.2 or otherwise with respect to any Service Provider Claim to the extent based upon Service Provider’s use of the Client Data in violation of this Agreement. 9. LIMITATIONS OF LIABILITY. 9.1 IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY CONSEQUENTIAL, INDIRECT, PUNITIVE, EXEMPLARY, COVER, RELIANCE, SPECIAL, OR INCIDENTAL DAMAGES OF ANY TYPE OR KIND, OR FOR DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v042022 Page 9 of 15 ANY LOST DATA, LOST PROFITS, REVENUE OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, ARISING FROM OR RELATING TO THIS AGREEMENT, HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY (INCLUDING NEGLIGENCE, BREACH OR REPUDIATION OF CONTRACT, BREACH OF WARRANTY, OR OTHERWISE), EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. EACH PARTY’S TOTAL CUMULATIVE LIABILITY IN CONNECTION WITH THIS AGREEMENT, WHETHER IN CONTRACT OR TORT OR OTHERWISE, WILL NOT EXCEED ONE TIMES (1X) THE AMOUNT OF FEES PAID OR OWED BY CLIENT TO SERVICE PROVIDER UNDER THE CURRENT CLIENT ORDER FORM, AS THE CASE MAY BE, DURING WHICH THE EVENTS GIVING RISE TO SUCH LIABILITY OCCURRED. BOTH PARTIES ACKNOWLEDGE THAT THE FEES REFLECT THE ALLOCATION OF RISK SET FORTH IN THIS AGREEMENT AND THAT THE PARTIES WOULD NOT ENTER INTO THIS AGREEMENT WITHOUT THESE LIMITATIONS ON THEIR LIABILITY. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS SECTION, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY TO THE EXTENT SUCH LIABILITY WOULD NOT HAVE OCCURRED BUT FOR THE OTHER PARTY’S FAILURE TO COMPLY WITH THE TERMS OF THIS AGREEMENT. THE LIMITATION OF LIABILITIES SET FORTH IN THIS SECTION 9 SHALL NOT APPLY TO A PARTY’S OBLIGATIONS UNDER SECTION 8, OR TO LIABILITY ARISING FROM CLIENT’S BREACH OF SECTION 3.2. 9.2 IN NO EVENT WILL SERVICE PROVIDER BE LIABLE IN CONNECTION WITH ANY PROHIBITED DATA: (A) PROVIDED OR MADE AVAILABLE TO SERVICE PROVIDER BY OR ON BEHALF OF CLIENT; OR, (B) STORED IN, COLLECTED THROUGH, OR OTHERWISE PROCESSED ON THE PLATFORM OR VIA THE SERVICES. 10. CONFIDENTIALITY. 10.1 Definitions. “Confidential Information” means all information disclosed by one party (“Discloser”) to the other party (“Recipient”) under this Agreement during the Term. Confidential Information includes information that is marked or identified as confidential and, if not marked or identified as confidential, information that should reasonably have been understood by Recipient to be proprietary and confidential to Discloser or to a third party, whether or not such information is designated as confidential. Service Provider’s Confidential Information includes Software, Deliverables, and Documentation. Client’s Confidential Information does not include Controller Data, Personal Data, Client Data, and Usage Data. 10.2 Protection. Recipient shall not use any Confidential Information for any purpose not expressly permitted by this Agreement and shall not disclose Confidential Information to anyone other than Recipient’s employees and independent contractors who have a need to know such Confidential Information for purposes of this Agreement and who are subject to confidentiality obligations no less restrictive than Recipient’s obligations under this Section 10. Recipient shall protect Confidential Information from unauthorized use, access, and disclosure in the same manner as Recipient protects its own confidential or proprietary information of a similar nature and with no less than reasonable care. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v042022 Page 10 of 15 10.3 Exceptions. Recipient shall have no confidentiality obligations under Section 10.2 above with respect to any information of Discloser that Recipient can document: (a) was already known to Recipient prior to Discloser’s disclosure; (b) is disclosed to Recipient by a third party who had the right to make such disclosure without violating any confidentiality Agreement with or other obligation to the party who disclosed the information; (c) is, or through no fault of Recipient has become, generally available to the public; or, (d) is independently developed by Recipient without access to or use of Confidential Information. Recipient may disclose Confidential Information if so required as part of a judicial process, government investigation, legal proceeding, or other similar process, provided that, to the extent permitted by applicable law, Recipient gives prior written notice of such requirement to Discloser. Recipient shall take reasonable efforts to provide this notice in sufficient time to allow Discloser to seek an appropriate confidentiality Agreement, protective order, or modification of any disclosure, and Recipient shall reasonably cooperate in such efforts at the expense of Discloser. 11. RELATIONSHIP OF PARTIES 11.1 Independent Contractor. Service Provider acknowledges that it is an independent contractor and neither Client nor Service Provider is intended to be or should be construed to be an agent, subsidiary, partner, joint venture, affiliate, or employee of the other for any purpose, including reporting to any governmental authority. Neither Party shall become liable for any representation, act, or omission of the other Party or have the authority to bind or otherwise obligate the other Party in any manner, and neither Party may represent to anyone that it has a right to do so. Any Fees, expenses or other amounts paid by Client to Service Provider hereunder shall not be considered salary for pension or wage tax purposes and neither Service Provider nor its Professional Services Personnel will be entitled to any fringe benefits, including sick or vacation pay, or other supplemental benefits of Client, unless otherwise required by law. 11.2 Subcontractors. Nothing in this Agreement shall prevent a Party from utilizing the services of any subcontractor as it deems appropriate to perform its obligations under this Agreement; provided, however, that each Party shall require its subcontractors to comply with all applicable terms and conditions of this Agreement in providing such services and each Party shall remain primarily liable to the other Party for the performance of such subcontractor. For the purposes of this Agreement, Sub processors are not subcontractors. 11.3 Non-solicitation. Both Parties recognize and understand that they will be interacting with each other’s employees when performing under this Agreement, and that it may cause irreparable harm to a Party should one or more of employees be directly or indirectly solicited to work for the other Party. Because of this, each Party agrees that it shall not, directly or indirectly, personally or through others, solicit or encourage, or attempt to solicit or encourage, on its own behalf or on behalf of any other person or entity, to hire or use the work of any employee of the other Party. Each Party agrees to adhere to this DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v042022 Page 11 of 15 requirement for one year following termination of this Agreement. This provision shall survive termination of this Agreement. 11.4 Professional and business-like manner. Client personnel shall interact with Service Provider personnel in a professional and businesslike manner at all times. Unprofessional and unbusinesslike interactions may occur through direct verbal and non-verbal interactions, digital interactions via email, chat, etc., and other forms of communications. If any Client personnel interaction with Service Provider’s personnel is neither professional nor businesslike, the Service Provider will provide Client with a notice within ten (10) days of such incident informing the Client of such interaction and stating that such interaction must cease immediately. If unprofessional and unbusinesslike interaction continues by the Client’s personnel towards the Service Provider’s personnel, the Service Provider is entitled to hold the Client in breach of the Agreement and is entitled to cancel the Agreement for cause by providing thirty (30) days’ notice to the Client of such cancellation. The Client will have no recourse if the Agreement is canceled for such cause. // // //// // // // // // // // // // // // // // // // // // // // // // // // // // DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v042022 Page 12 of 15 12. GENERAL. 12.1 Third Party Services. Certain Third-Party Services may be integrated into or provided in connection with the Software. Service Provider does not control or otherwise influence any Third-Party Services, makes no claim or representation regarding the Third-Party services and accepts no responsibility or liability for the quality, content, nature, privacy, security, or reliability of the ThirdParty Services. Foundant does not warrant that the provision of the Third-Party Services will be uninterrupted, error free, timely, complete, or accurate, nor does Foundant make any warranties as to the results to be obtained from use of the same. Client expressly agrees that Client’s use of the Third-Party Services is at Client’s own risk and that Foundant will not in any way be liable to Client or any other entity for any inaccuracies, errors, omissions, delays, damages, claims, liabilities or losses, regardless of cause, in or arising from the use of the Third-Party Services. There is no implied affiliation, endorsement, or adoption by Service Provider of these Third-Party Services and Service Provider shall not be responsible for any content provided on or through these Third-Party Services. 12.2 Assignment. Neither Party may assign or transfer, by operation of law or otherwise, this Agreement or any of its rights under this Agreement to any third party without the other Party’s prior written consent, such consent shall not be unreasonably withheld or delayed; except that a Party may assign this Agreement, without consent from the other Party by operation of law or otherwise if notice is provided to the other Party, to: (a) an Affiliate; or, (b) any successor to its business or assets to which this Agreement relates, whether by merger, sale of assets, sale of stock, reorganization, or otherwise. Any attempted assignment or transfer in violation of the foregoing will be void. This Agreement does not confer any rights or remedies upon any person or entity not a party hereto. 12.3 Force Majeure. The performance of the Agreement by either Party shall be subject to force majeure, including, but not limited to: acts of God; fire; flood; natural disaster; war; acts of terrorism; riots; civil disorder; unauthorized strikes; governmental regulation or advisory; recognized health threats as determined by the World Health Organization, the Centers for Disease Control, or local government authority or health agencies; curtailment of transportation facilities; or, other similar occurrence beyond the control of the Parties, where any of those factors, circumstances, situations, or conditions or similar ones make it illegal, impossible, or commercially impracticable to fully perform under the terms of the Agreement, except for the payment of the Fees. In such a case, the Agreement may be canceled by either Party, without liability, damages, fees, or penalty, and any unused deposits or amounts paid shall be refunded, for any one or more of the above reasons, by written notice to the other Party. 12.4 Notices. Notices under this Agreement that do not relate to Agreement updates must be delivered in writing by electronic mail, courier, or certified or registered mail, (postage DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v042022 Page 13 of 15 prepaid and return receipt requested) to the other Party at the address for each Party set forth on the Client Order Form and will be effective upon receipt. Electronic mail may only be used to distribute routine communications (e.g., change in sub processors) and to obtain approvals and consents and shall not be used for material notices that do not relate to Agreement updates, including under Section 11.4. Client agrees that Foundant Technologies may modify this Agreement by notice to Client at least thirty (30) days before the change will take effect by either: (a) providing notice in accordance with the Agreement; or (b) alerting Client via the Services or Platform. If Client objects to any such modification, Client may immediately terminate this Agreement for convenience by giving written notice to Foundant Technologies within forty-five (45) days of being informed by Foundant Technologies of the modification. 12.5 Governing Law. Omitted 12.6 Remedies. Except as otherwise expressly provided in this Agreement, the Parties’ rights and remedies under this Agreement are cumulative. Each Party acknowledges and agrees that any actual or threatened breach of Sections 3.1 or 10 will constitute immediate, irreparable harm to the non-breaching Party for which monetary damages would be an inadequate remedy, that injunctive relief is an appropriate remedy for such breach, and that if granted, the breaching Party agrees to waive any bond that would otherwise be required. If any legal action is brought by a Party to enforce this Agreement, the prevailing Party will be entitled to receive its attorneys’ fees, court costs, and other legal expenses, in addition to any other relief it may receive from the non-prevailing Party. 12.7 Compliance with Laws. Each Party shall comply with all laws applicable to such Party, including, but not limited to, all applicable anti-corruption laws and regulations (“Anti- Corruption Laws”). AntiCorruption Laws include but are not limited to the United States Foreign Corrupt Practices Act and the UK Bribery Act, irrespective of whether either Party is legally subject to it. Neither Party shall engage in any deceptive or unethical trade practices or any act which might harm the other Party's reputation. Neither Party shall cause the other Party to violate any Anti-Corruption Laws in connection with the activities conducted under the Agreement or any other activities involving the other Party (collectively, the “Activities”). Neither Party shall, in connection with the Activities, pay, offer, promise, or authorize the payment or transfer of anything of value, directly or indirectly, to any other person or entity for the purpose of improperly obtaining or retaining business, for any other advantage, or for any other purpose prohibited by any Anti- Corruption Laws. 12.8 Export Controls. Service Provider’s Services and Platform are of United States origin and are provided subject to the U.S. Export Administration Regulations and the regulations of other jurisdictions. Diversion contrary to applicable law is prohibited. Without limiting the foregoing, each Party agrees that: (i) it is not, and is not acting on behalf of, any person who is a citizen, national, or resident of, or who is controlled by the government of any country DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v042022 Page 14 of 15 to which the United States or other applicable government body has prohibited export transactions (Iran, North Korea, etc.); (ii) it is not and is not acting on behalf of, any person or entity listed on a relevant list of persons to whom export is prohibited (the U.S. Treasury Department list of Specially Designated Nationals and Blocked Persons, the U.S. Commerce Department Denied Persons List or Entity List, etc.); and, (iii) it will not use any Service Provider’s Services or the Platform for, and will not permit any Service Provider’s Services or the Platform to be used for, any purpose prohibited by applicable law. 12.9 Waivers. To be effective, any waivers must be in writing and signed by the Party to be charged. Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion. 12.10 Severability. If any provision of this Agreement is, for any reason, held to be unenforceable, the other provisions of this Agreement will be unimpaired, and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law (unless such modification is not permitted by law, in which case such provision will be disregarded). 12.11 Counterparts. This Agreement may be executed in counterparts, each of which will be considered an original, but all of which together will constitute the same instrument. 12.12 Publicity. Service Provider shall have the right to list Client as a client on Foundant Technologies' website, on publicly available client lists, or in media releases unless Client specifically requests, in writing, to not be listed. Client, at its sole discretion, shall cooperate with any reasonable request by Service Provider for assistance in the preparation of a case study, testimonials, or quotes documenting Client’s experience in using the Services. The final text of the case study shall be subject to Client’s written approval before publication. 12.13 Survival. Those provisions of this Agreement that by their nature should survive expiration or earlier termination will remain in effect following expiration or termination. These provisions include the provisions under Sections 5.3 through 5.7, 6, 7, 8, 9, and 10 as well as other identified Sections in the Agreement including payment and any Statements of Work and Client Order Forms. 12.14 Verification. At the Service Provider's discretion, Service Provider shall have the right to virtually audit Client’s implementation of the Services and Platform for verification of compliance with the terms set forth in this Agreement. 12.15 Entire Agreement. This Agreement, including any Client Order Form, Data Processing Agreement, Services Level Agreement, any exhibits or attachments thereto, and Statements of Work constitute the final and entire Agreement between the parties regarding the subject hereof and supersedes all other Agreements, whether written or oral, between the DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v042022 Page 15 of 15 parties concerning such subject matter. No terms and conditions proposed by either party shall be binding on the other party unless accepted in writing by both parties, and each party hereby objects to and rejects all terms and conditions not so accepted. In the event of a conflict or inconsistency between any of the documents included in this Agreement, the following order of precedence shall apply: (1) Data Processing Agreement; (2) Service Level Agreement; (3) Client Order Form; (4) Master Subscription Agreement; (5) Statement(s) of Work; and, (6) Professional Services Agreement. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Data Processing Agreement (DPA) – v012023 Page 1 of 15 EXHIBIT B - DATA PROCESSING AGREEMENT Foundant Technologies, Inc. Prior Version: •Foundant Technologies, Inc. Data Processing Agreement (DPA) - v042022 This Data Processing Agreement (including its appendices, the “DPA”) is made and entered into as of the Effective Date of the Client Order Form by and between the entity agreeing to the Client Order Form (“Client”), and Foundant Technologies, Inc. (hereinafter referred to as “Foundant Technologies” or “Service Provider”) (singularly, a “Party” and collectively, the “Parties”). This DPA supplements and forms part of the Master Subscription Agreement between the parties (together with the Client Order Form and other terms and conditions incorporated therein, the “Agreement”). The Parties agree as follows: 1.DEFINITIONS. Capitalized terms in this DPA have the meanings given in this DPA. Capitalized terms used but not defined herein have the meaning given elsewhere in the Agreement. 1.1. “Applicable Data Protection Legislation” means all privacy and data protection laws and regulations of any jurisdiction applicable to the processing of Controller Data that is the subject matter of this DPA, including without limitation, in each case where applicable, European Data Protection Legislation, US Data Protection Legislation, and the Canada Personal Information Protection and Electronic Documents Act (”PIPEDA”). 1.2. “Controller” means the entity that determines the purposes and means of the processing of Controller Data. 1.3. “Controller Data” means any Personal Data Processed by Foundant Technologies on behalf of Client pursuant to the Agreement. 1.4. “Data Subject” means the identified or identifiable person to whom Personal Data relates. 1.5. “European Data Protection Legislation” means, in each case to the extent applicable to the Processing of Controller Data under the Agreement: (a) the EU General Data Protection Regulation 2016/679 (“GDPR”); (b) the UK General Data Protection Regulation, as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (the “UK GDPR”), the Data Protection Act 2018,and all other laws relating to data protection, the processing of personal data, privacy, or electronic communications in force from time to time in the United Kingdom (collectively, “UK Data Protection Laws”); and (c) the Swiss Federal Act on Data Protection (“Swiss FDPA”). 1.6. “Personal Data” means any information (a) relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly, or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person, or (b) that otherwise constitutes DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Data Processing Agreement (DPA) – v012023 Page 2 of 15 “personal information,” “personally identifiable information,” “personal data,” or similar terms defined in and governed by the Applicable Data Protection Legislation. 1.7. “Personal Data Breach” means a breach of Foundant Technologies’ security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Controller Data. 1.8. “Process” means any operation or set of operations performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, alignment, combination, restriction, erasure, destruction or disclosure by transmission, dissemination or otherwise making available. 1.9. “Processor” means an entity that Processes Personal Data on behalf of the Controller. 1.10. "Standard Contractual Clauses" or “Clauses” means “Module Two: Transfer controller to processor” and/or “Module Three: Transfer processor to processor,” as applicable, of the standard contractual clauses approved by the European Commission in decision 2021/914 of 4 June 2021, available at https://eur- lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=en, as supplemented and/or amended by Appendix 3. 1.11. “Sub-processor” means a third-party data processor engaged by Foundant Technologies to Process Controller Data. 1.12. “Supervisory Authority” means an independent public authority that is established or recognized under Applicable Data Protection Legislation. 1.13. “US Data Protection Legislation” means in each case to the extent applicable: (a) the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, when effective, and its implementing regulations (collectively, “CCPA”); (b) the Virginia Consumer Data Protection Act (“VCPDA”), when effective; (c) the Colorado Privacy Act and its implementing regulations (“CPA”), when effective; (d) the Utah Consumer Privacy Act (“UCPA”), when effective; (e) Connecticut SB6, An Act Concerning Personal Data Privacy and Online Monitoring (“CTDPA”); and (f) any other applicable law or regulation related to the protection of Controller Data in the United States that is already in force or that will come into force during the term of this DPA. 2.PROCESSING OF CONTROLLER DATA. 2.1. Roles of the Parties; Compliance. The Parties acknowledge and agree that, as between the Parties, with regard to the Processing of Controller Data under the Agreement (a) Client is the Controller and (b) Foundant Technologies is the Processor. In some circumstances, the Parties acknowledge that Client may be acting as a Processor to a third-party Controller in respect of the Processing of Controller Data, in which case Foundant Technologies will remain a Processor with respect to the Controller Data. Each Party shall comply with its obligations under Applicable Data Protection Legislation at all times. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Data Processing Agreement (DPA) – v012023 Page 3 of 15 2.2. Details of Processing. The details regarding Foundant Technologies’ Processing of Controller Data are set forth in Appendix 1 to this DPA. 2.3. Client’s Instructions. Foundant Technologies will only Process Controller Data: (i) as necessary to perform the Services and prevent or address technical problems with the Services; (ii) in accordance with Controller’s documented instructions under the Agreement; (iii) to perform its obligations and exercise its rights under the Agreement; and (iv) as required by applicable law. Processing outside the scope of these instructions (if any) shall require prior written agreement between the Parties. Client represents and warrants that it is, and at all relevant times will remain duly and effectively authorized to give instructions, with all necessary rights, permissions, and consents secured. Client shall have sole responsibility for the accuracy, quality, and legality of Controller Data and how Client acquired Controller Data. The Agreement and this DPA are Client’s complete and final instructions to Foundant Technologies for the Processing of Controller Data. Foundant Technologies will promptly inform Client in the event Foundant Technologies reasonably believes an instruction of Client violates Applicable Data Protection Legislation or if Foundant is unable to fulfill its obligations under this DPA, unless such notice is prohibited by applicable law. 2.4. Processing Subject to the CCPA. In the event that the Processing of Controller Data is subject to the CCPA, this Section 2.4 shall apply and the terms “Sell,” “Share,” “Business Purpose(s),” and “Commercial Purpose” shall have the meanings given in the CCPA and “Personal Information” shall mean any personal information (as defined in the CCPA) contained in Controller Data. Foundant Technologies shall not (i) Sell or Share any Personal Information; (ii) retain, use, or disclose any Personal Information for any purpose other than for the Business Purposes specified in the Agreement, or as otherwise permitted by the CCPA, including retaining, using, or disclosing Controller Data for a Commercial Purpose other than for the Business Purposes specified in the Agreement; (iii) retain, use, or disclose the Personal Information outside of the direct business relationship between Foundant Technologies and Client; (iv) combine Personal Information received from or on behalf of Client with Personal Data received from or on behalf of any third party, or collected from Foundant Technologies’ own interactions with Data Subjects, except to perform any Business Purpose permitted by the CCPA. The Parties acknowledge that Personal Information is provided to Foundant Technologies only for the limited and specified purposes set forth in the Agreement. Foundant Technologies will comply with applicable obligations under the CCPA and provide the same level of privacy protection to Personal Information as is required by the CCPA. Client has the right to take reasonable and appropriate steps to help ensure that Foundant Technologies uses Personal Information transferred to it in a manner consistent with Client’s obligations under the CCPA by exercising Client’s audit rights pursuant to Section 8 of this DPA. Foundant Technologies will notify Client if it makes a determination that Foundant Technologies can no longer meet its obligations under the CCPA. If Foundant Technologies notifies Client of unauthorized use of Personal Information, including under the foregoing sentence, Client will have the right to take reasonable and appropriate steps to stop and remediate such unauthorized use by limiting the Personal Information shared with Foundant Technologies, terminating the portion of the Agreement relevant to such unauthorized use, or such other steps mutually agreed between the Parties in writing. Foundant Technologies hereby certifies that it understands its obligations under this Section 2.4 and will comply with them. Notwithstanding anything in the Agreement, the Parties acknowledge and agree that Foundant Technologies’ access to Controller Data does not constitute part of the consideration exchanged by the Parties in respect of the Agreement. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Data Processing Agreement (DPA) – v012023 Page 4 of 15 2.5. Legal Requests. Foundant Technologies will promptly notify Client in the event of any request, inquiry, or demand from law enforcement or government authorities relating to Controller Data (including subpoenas, court orders, or other legal requests) (“Compelled Disclosure Request”), unless prohibited by applicable law or the requesting authority. Foundant Technologies will take commercially reasonable steps to: (i) direct the requesting party to submit their Compelled Disclosure Request directly to Client; (ii) challenge any such request, inquiry, or demand on appropriate grounds, including a conflict with European Data Protection Legislation; or (iii) limit the disclosure of Controller Data to only what is necessary to comply with the Compelled Disclosure Request. 3. SECURITY MEASURES. 3.1. Foundant Technologies Security Measures. Taking into account the state of the art, the costs of implementation and the nature, scope, context, and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Foundant Technologies shall implement commercially reasonable technical, security, and organizational measures designed to protect and safeguard the Controller Data against Personal Data Breaches, as set forth in Appendix 2. Such measures shall at least reach a level of security equivalent to what is prescribed by: (i) Applicable Data Protection Legislation; and (ii) the American Institute of Certified Public Accountants’ (“AICPA”) Trust Services Criteria for a services organization’s system. Foundant Technologies will maintain its security controls and audits, pursuant to, amongst others, the AICPA’s Trust Services Criteria for a services organization’s system and shall regularly monitor compliance with these safeguards. Foundant Technologies will not materially decrease the overall security of the Services during the term of the Agreement. 3.2. Client Controls & Responsibilities. In providing the Services, Client acknowledges that Foundant Technologies provides certain complementary user entity controls (“Controls”), and that Client is responsible for administering such Controls. Client is further responsible for: (i) validating that access to Services is authorized for Users that it creates; (ii) removing access to the Services for Users who no longer require access; (iii) assigning the appropriate roles and permissions for each User; (iv) protecting any data upon download from the Services by Users; (v) validating that administrative access to the Services is authorized for Users; (vi) configuring password complexity to its instance of the Services to comply with the complexity requirements for its organization; (vii) the protection of its Users' credentials; (viii) using multi-factor authentication when and where available in regards to Services; and (ix) complying with Section 3.2 of the MSA. 4. PERSONNEL AND CONFIDENTIALITY. 4.1. Personnel. Foundant Technologies shall take reasonable steps to ensure the reliability of any employee, agent, or contractor of Foundant Technologies who accesses the Controller Data (“Personnel”), ensuring in each case that access is limited to Personnel who need to know/access the relevant Controller Data, as necessary for the purposes of this Agreement, and to comply with the Applicable Data Protection Laws and the AICPA’s Trust Services Criteria for a services organization’s system in the context of such Personnel’s duties to Foundant Technologies. 4.2. Confidentiality. Foundant Technologies will impose appropriate contractual obligations upon its Personnel with access to Controller Data or ensure that such Personnel are subject to an DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Data Processing Agreement (DPA) – v012023 Page 5 of 15 appropriate statutory obligation of confidentiality, including relevant obligations regarding confidentiality, data protection, and data security. Personnel with access to Controller Data shall be informed of the confidential nature of Controller Data and shall have received appropriate training with respect to their responsibilities. 5.SUB-PROCESSORS. 5.1. Authorization. Client authorizes Foundant Technologies to appoint Sub-processors in accordance with this Section 5 for the purpose of providing the Services under the Agreement. Foundant Technologies is further authorized to use those Sub-processors set forth at https://info.foundant.com/rs/356-VHW-319/images/FT%20Subprocessors%20-%20Final% 20-%20v042022.pdf. 5.2. Notice of Sub-processor Changes. Foundant Technologies shall give Client thirty (30) days’ notice of the appointment of any new Sub-processor, including relevant details of the processing activities to be performed by such Sub-processor. If, within ten (10) days of receipt of such notice, Client notifies Foundant Technologies in writing of any reasonable objection to the appointment on data protection grounds, Foundant Technologies shall postpone the appointment until reasonable steps have been taken to address Client’s objection. Where such steps are not sufficient to relieve Client’s objection, to the extent that it relates to the Services which require the use of such Sub-processor, Client may, by written notice to Foundant Technologies, terminate the applicable portion of the Agreement. 5.3. Responsibility for Sub-processors. Where a Sub-processor fails to fulfill its data protection obligations, Foundant Technologies shall remain fully liable to Client for the performance of the Sub-processor’s obligations. 5.4. Sub-processor Requirements. With respect to each Sub-processor: (i) Foundant Technologies shall, before the Sub-processor first Processes Controller Data, carry out adequate due diligence to ensure that the Sub-processor is capable of providing the level of protection for Client Data required by the Agreement; and (ii) ensure that the arrangement between Foundant Technologies and the Sub-processor is governed by a written contract that substantially meets the same obligations under this DPA. 6.PERSONAL DATA BREACH. 6.1. Notice. If Foundant Technologies becomes aware of a confirmed Personal Data Breach it will notify Client without undue delay. Such notice will include, to the extent possible, details of the Personal Data Breach, the corrective actions taken or planned to be taken, and the steps Foundant Technologies recommends Client take to address the Personal Data Breach. 6.2. Investigation and Response. After becoming aware of a confirmed Personal Data Breach, Foundant Technologies shall promptly: a.Commence an investigation of the Personal Data Breach in order to determine the scope, nature, and the likely consequences of the Personal Data Breach; DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Data Processing Agreement (DPA) – v012023 Page 6 of 15 b. Take appropriate steps to prevent, mitigate, or rectify the possible adverse effects of the Personal Data Breach and minimize damage resulting therefrom; and c. Where possible, provide Client with such details relating to the Personal Data Breach as Client reasonably requires and provide reasonable assistance to support Client in complying with its obligations under Applicable Data Protection Legislation. 6.3. Public Disclosures. Neither Party shall make or provide any filings, communications, notices, press releases, or reports related to a Personal Data Breach that reference the other Party without obtaining the consent of such party, which cannot be unreasonably withheld, prior to any publication or communication thereof. 6.4. Client Security Incidents. In the event that Client experiences any security incident or other breach of security affecting the security or confidentiality of the Services, including without limitation any unauthorized access to a User account or a breach of user credentials, Client shall promptly notify Foundant Technologies and reasonably cooperate with Foundant Technologies in the investigation and remediation of any such matter. 7. RIGHTS OF DATA SUBJECTS. 7.1. Receipt of Data Subject Requests. Foundant Technologies shall promptly notify Client if it receives a request from a Data Subject to exercise the Data Subject’s rights in respect of Controller Data under Applicable Data Protection Legislation (i.e., rights of access, rectification, restriction of processing, erasure, data portability, or to object to Processing) (each, a “Data Subject Request”). Foundant Technologies will not respond to any such requests unless authorized to do so by Client (unless required to do so under Applicable Data Protection Legislation or under the instructions of a Supervisory Authority). 7.2. Data Subject Request Assistance. Foundant Technologies shall provide commercially reasonable assistance to Client by taking appropriate technical and organizational measures for fulfilling Client’s obligations in responding to Data Subject Requests, as provided in Applicable Data Protection Legislation, including by providing self-service functionality of the Services that allows Client to independently process requests, as available. Unless prohibited under Applicable Data Protection Legislation, Client will reimburse Foundant Technologies for any costs and expenses related to Foundant Technologies’ provision of such assistance. 8. AUDITS. 8.1. Independent Audits. Foundant Technologies utilizes external auditors to perform an audit to verify the adequacy of its security measures and other obligations under this DPA. This audit will: (i) be performed at least annually; (ii) be performed in accordance with the AICPA’s Statement on Standards for Attestation Engagements No. 16, Reporting on Controls at a Service Organization (or an equivalent audit under the successor standard as may then be in effect); (iii) be performed by independent third party security professionals at the Foundant Technologies’ selection and expense; and (iv) result in the generation of a System and Organization Controls Type 2 audit report (“SOC 2 Report”), which will be Foundant Technologies’ Confidential Information. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Data Processing Agreement (DPA) – v012023 Page 7 of 15 8.2. Audit Rights. Not more than once per year, and solely for the purpose of meeting its audit and information requirements under Applicable Data Protection Legislation to confirm Foundant Technologies’ compliance with this DPA, Client may request an audit in writing. Foundant Technologies shall then permit Client (or its appointed third-party auditors) to review Foundant Technologies' SOC 2 Report and other security and/or compliance documentation that Foundant Technologies may make generally available to customers, if any (collectively, the “Security Documentation”). Client will not exercise its audit rights more than once in any twelve (12) calendar month period and Client agrees that the Security Documentation will be used as the primary and only mechanism to audit and inspect Foundant Technologies' processing activities, except: (i) if and when required by instruction of a Supervisory Authority; or (ii) Client believes a further on-site audit is necessary due to a Personal Data Breach suffered by Foundant Technologies. 8.3. On-Site Audits. In the event that an on-site audit is required under Section 8.2(i) or (ii), then such audit requests must meet the following requirements: a.Any audit must be requested with at least thirty (30) days prior written notice and include a detailed audit plan that describes the proposed scope, duration, reimbursement rates, and start date of the audit which the Parties must mutually agree upon prior to the commencement of an audit. Audit requests must be sent to security@foundant.com. b.Prior to conducting the audit, the auditor must provide to Foundant Technologies an executed nondisclosure agreement provided by Foundant Technologies. c.The audit must be conducted during Foundant Technologies’ regular business hours, subject to Foundant Technologies' policies, and may not unreasonably interfere with Foundant Technologies’ business activities. d.Client will reimburse Foundant Technologies for any time expended at its then-current reasonable ancillary services rates, made available to Client upon request. All reimbursement rates will be reasonable and take into account the resources expended by Foundant Technologies. Additionally, Client is fully responsible for any and all costs associated with third-party auditors associated with the audit. 8.4. Results of Audits. For all audits, Client must immediately notify Foundant Technologies with information regarding any suspected or actual non-compliance revealed during an audit. Any information resulting or derived from any audit under this Section 8, including any analyses, notes, assessments, or other materials in whatever form or media, constitute Foundant Technologies’ Confidential Information subject to applicable protections defined in the Agreement. 9.DATA PROTECTION IMPACT ASSESSMENTS, TRANSFER ASSESSMENTS, AND PRIOR CONSULTATIONS. In the event that Applicable Data Protection Legislation requires Client to conduct a data protection impact assessment, transfer assessment, or prior consultation with a Supervisory Authority, Foundant Technologies shall, upon Client’s reasonable request, use commercially reasonable efforts to provide relevant information and assistance to Client for Client to fulfill such requirement, taking into account the DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Data Processing Agreement (DPA) – v012023 Page 8 of 15 nature of Foundant Technologies’ Processing of Controller Data and the information available to Foundant Technologies. 10. DOCUMENTATION. Foundant Technologies shall maintain complete, accurate, and up-to-date documentation of its Controller Data Processing activities and measures taken hereunder, as required under Applicable Data Protection Legislation and the AICPA’s Trust Services Criteria for a services organization’s system. 11. TRANSFERS OF CONTROLLER DATA. 11.1. Data Processing Facilities. Foundant Technologies may, subject to Section 11.2, Process Controller Data in the United States or anywhere Foundant Technologies or its Sub-processors maintain facilities. Subject to Foundant Technologies’ obligations in this Section 11, Client is responsible for ensuring that its use of the Services complies with any cross-border data transfer restrictions under Applicable Data Protection Legislation. 11.2. Standard Contractual Clauses. In the event that Client transfers Controller Data subject to European Data Protection Legislation to Foundant Technologies in a country which has not been recognized as providing an adequate level of protection for such Controller Data within the meaning of applicable European Data Protection Legislation, and no lawful alternative basis, mechanism, or framework for such transfer of Controller Data applies, such transfer will be governed by the Standard Contractual Clauses, the terms of which are hereby incorporated into this DPA. For the avoidance of doubt: (i) if Client is acting as the Controller with respect to Controller Data, “Module Two: Transfer controller to processor” shall apply; and/or (ii) if Client is acting as a Processor to a third-party Controller with respect to Controller Data, “Module Three: Transfer processor to processor” shall apply. The Standard Contractual Clauses shall automatically terminate once the Controller Data transfer governed thereby becomes lawful under European Data Protection Laws in the absence of such Standard Contractual Clauses on any other basis. 12. DELETION AND RETURN OF CONTROLLER DATA. Foundant Technologies shall promptly delete or return all copies of Controller Data, except where such copies are required to be retained in accordance with: (i) Applicable Data Protection Legislation; or (ii) the AICPA’s Trust Services Criteria for a services organization’s system. 13. GENERAL TERMS. 13.1. Survival. The obligations placed upon the parties under this DPA shall survive so long as Foundant Technologies and/or its Sub-processors process Controller Data on behalf of Client. 13.2. Governing Law. The parties to this DPA hereby submit to the choice of jurisdiction and/or forum stipulated in the Agreement with respect to any disputes or claims however arising under this DPA, including disputes regarding its existence, validity, or termination or the consequences of its nullity. This section shall not apply to the Standard Contractual Clauses. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Data Processing Agreement (DPA) – v012023 Page 9 of 15 13.3. Severability. Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible, or, if this is not possible, construed in a manner as if the invalid or unenforceable part had never been contained therein. 13.4. Modification. In the event that a modification to this DPA is required for compliance with Applicable Data Protection Legislation, Foundant Technologies may modify this DPA by notice to Client at least thirty (30) days (or such shorter period as may be required to comply with Applicable Data Protection Legislation) before the change will take effect by either: (a) providing notice in accordance with the Agreement; or (b) alerting Client via the Services or Platform. If Client objects to any such modification, Client may immediately terminate this DPA and the Agreement for convenience by giving written notice to Foundant Technologies within forty-five (45) days of being informed by Foundant Technologies of the modification. 13.5. Order of Precedence. To the extent of any conflict or inconsistency between this DPA and the other terms of the Agreement, this DPA will govern. 13.6. Liability. Any liabilities arising in respect of this DPA are subject to the limitations of liability under the Agreement. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Data Processing Agreement (DPA) – v012023 Page 10 of 15 Appendix 1 Subject Matter and Details of Processing This Appendix 1 includes certain details of the Processing of Controller Data. Subject matter and duration of the Processing of Personal Data: The subject matter and duration of the Processing of Controller Data are set out in the Agreement and this DPA. The nature and purpose of the Processing of Personal Data: Processing of Controller Data by Foundant Technologies is reasonably required to facilitate or support the provision of the Services as described under the Agreement and this DPA. Categories of Data Subjects: The categories of Data Subjects about whom the Controller Data relates will depend on the Services and Platform provided to and accessed by Client and are determined and controlled by Client in its sole discretion and/or dependent on the Services and Platform, and may include, but are not limited to: • Prospects, donors, visitors, grant or scholarship applicants, subscribers of the Client (who are natural persons); • Employees, agents, advisors, independent contractors, or business partners of the Client; and • Users authorized by the Client to use the Service. Types of Personal Data Processed: The types of Controller Data Processed will depend on the Services and Platform provided to and accessed by Client and are determined and controlled by Client in its sole discretion depending on services, products, licenses, and subscriptions purchased by the Controller, and may include, but are not limited to: • First and last name • Contact information (title, position, company, email, phone, physical business address) • Grant and/or scholarship application data • Other information which Client chooses to collect via the Services Special Categories of Personal Data Processed: • The special categories of Controller Data Processed will depend on the Services and Platform provided to and accessed by Client and are determined and controlled by Client in its sole discretion, and may include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, criminal convictions. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Data Processing Agreement (DPA) – v012023 Page 11 of 15 Appendix 2 Security Measures A. Information Security Program. Foundant Technologies implements, maintains and complies with information security policies and procedures designed to protect the confidentiality, availability, and integrity of Controller Data and any systems that store or otherwise Process it, which are: (a) aligned with an industry-standard control framework (e.g., NIST SP 800-53, ISO 27001, CIS Critical Security Controls); (b) approved by executive management; (c) reviewed and updated at least annually; and (d) communicated to all personnel with access to Controller Data. B. Risk Assessment. Foundant Technologies maintains risk assessment procedures for the purposes of periodic review and assessment of risks to the organization, monitoring and maintaining compliance with the organization’s policies and procedures, and reporting the condition of the organization’s information security and compliance to internal senior management. Risk assessment procedures include vulnerability scans and penetration testing. C. Personnel Training. Foundant Technologies trains personnel to maintain the confidentiality, integrity, availability and security of Controller Data, consistent with the terms of the Agreement and Applicable Data Protection Legislation. D. Vendor Management. Prior to engaging Sub-processors and other subcontractors, Foundant Technologies conducts reasonable due diligence and monitoring to ensure subcontractors are capable of maintaining the privacy, confidentiality, security, integrity and availability of Controller Data. E. Access Controls. Only authorized personnel and third parties are permitted to access Controller Data. Foundant Technologies maintains logical access controls designed to limit access to Controller Data and relevant information systems (e.g. granting access on a need-to-know basis, use of unique IDs and passwords for all users, periodic review and revoking/changing access when employment terminates or changes in job functions occur). F. Secure User Authentication. Foundant Technologies maintains password controls designed to manage and control password strength, expiration, and usage. These controls include prohibiting users from sharing passwords and requiring that passwords controlling access to Controller Data must: (a) be at least eight (8) characters in length and meet minimum complexity requirements; (b) not be stored in readable format on the organization’s computer systems; and, (c) a first time user will be prompted to create their own password after first use. G. Incident Detection and Response. Foundant Technologies maintains policies and procedures to detect and respond to actual or reasonably suspected Security Incidents, and encourages the reporting of such incidents. H. Encryption and Pseudonymization. Foundant Technologies applies industry standard encryption to Controller Data: (a) stored on any medium (i.e., laptops, mobile devices, portable storage devices, file servers and application databases); and (b) DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Data Processing Agreement (DPA) – v012023 Page 12 of 15 transmitted across any public network (such as the Internet) or wirelessly. Where applicable to the Services and Platform, Foundant Technologies will implement and maintain technical and organizational measures to pseudonymize Controller Data in accordance with Applicable Data Protection Legislation, such as attribute suppression, character masking, noise addition, differential privacy, swapping, k- anonymity, L-diversity/T-closeness, etc. I. Network Security. Foundant Technologies implements network security controls such as up-to-date firewalls (including AWS Web Application Firewall), layered DMZs, updated intrusion detection/prevention systems and other traffic and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack. J. Vulnerability Management. To detect, assess, mitigate, remove, and protect against new and existing security vulnerabilities and threats, including viruses, bots, and other malicious code, Foundant Technologies implements vulnerability management, threat protection technologies, and scheduled monitoring procedures. K. Change Control. Foundant Technologies follows change management procedures and has implemented tracking mechanisms designed to test, approve and monitor all changes to the organization’s technology and information assets that are used to provide the Services. L. Physical Security. The physical and environmental security of data centers, server room facilities and other areas containing Controller Data is designed to: (a) protect information assets from unauthorized physical access; (b) manage, monitor and log movement of persons into and out of the organization’s facilities; and (c) guard against environmental hazards such as heat, fire and water damage. M. Business Continuity and Disaster Recovery. Foundant Technologies maintains business continuity and disaster recovery policies and procedures designed to maintain service and recover from foreseeable emergency situations or disasters. This includes the use of commercially reasonable efforts to maintain service uptime requirements except for (a) planned downtime or (b) any unavailability caused by circumstances beyond Foundant Technologies’ reasonable control (e.g., acts of God, acts of government, acts of terror, Internet service provider failures or delays). DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Data Processing Agreement (DPA) – v012023 Page 13 of 15 APPENDIX 3 Standard Contractual Clauses Addendum The parties agree that the following terms shall apply to and supplement and/or modify the Standard Contractual Clauses, as applicable. 1. EXECUTION. The parties agree that execution of the DPA shall constitute execution of the Standard Contractual Clauses as of the Effective Date. 2. SELECTIONS. The parties agree to the selections in the table set forth below in respect of the corresponding clauses of the Standard Contractual Clauses. Section Reference Concept Selection by the Parties Section I, Clause 7 Docking Clause N/A Section II, Clause 9 Approval of Subprocessors Option 2: GENERAL WRITTEN AUTHORIZATION Specified time period: thirty (30) days Section IV, Clause 17 Governing law The laws of the Republic of Ireland. See also Sections 4 and 5 of this Appendix 3. Section IV, Clause 18 (b) Choice of forum and jurisdiction The courts of the Republic of Ireland. See also Sections 4 and 5 of this Appendix 3. Annex I.A List of Parties – Data exporter(s) Client Role: controller or processor, as governed by the circumstance and further described in this DPA Annex I.A List of Parties – Data importer(s) Foundant Technologies Role: processor Annex I.A. Description of the Transfer Categories of data subjects: See Appendix 1. Categories of personal data: See Appendix 1. Sensitive data transferred: See Appendix 1. The frequency of the transfer: For the duration of the Order Term. Nature of the processing: As set forth in the Agreement. Purpose(s) of the data transfer and further processing: To allow Foundant Technologies to provide the Services and Platform under the Agreement. The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: As set forth in the Agreement, the DPA, or as otherwise determined by Client. For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing: As above. Annex I.C Competent Supervisory Authority As determined by Clause 13 and the GDPR or Sections 4 and 5 of this Appendix 3. Annex II Technical and Organisational Measures See Appendix 2. 3. SUPPLEMENTAL BUSINESS-RELATED CLAUSES. In accordance with Clause 2 of the Standard Contractual Clauses, the parties wish to supplement the Clauses with business-related clauses, which shall neither be interpreted nor applied in such a way as to contradict the Clauses (whether directly or indirectly) or to prejudice the fundamental rights and freedoms of Data Subjects. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Data Processing Agreement (DPA) – v012023 Page 14 of 15 Foundant Technologies and Client therefore agree that the applicable terms of the Agreement and the DPA shall apply if, and to the extent that, they are permitted under the Clauses, including without limitation the following: a.In the event of a Data Subject request for a copy of the Clauses in accordance with Clause 8.3, Client shall make all redactions reasonably necessary to protect business secrets or other confidential information of Foundant Technologies. b.Certification of deletion of personal data under Clause 8.5 and Clause 16(d) shall be provided upon the written request of Client. c.Deletion and/or return of personal data by Foundant Technologies under the Clauses shall be governed by Section 12 of the DPA. d.Foundant Technologies shall be deemed in compliance with Clause 8.8 to the extent such onward transfers occur in accordance with Article 4 of the Commission Implementing Decision (EU) 2021/914 of 4 June 2021. e.Any information requests or audits provided for in Clause 8.9 shall be fulfilled in accordance with Section 8 of the DPA. f.Section 13.6 of the DPA and the terms of the Agreement which govern indemnification and limitation of liability shall apply to Foundant Technologies’ liability under Clauses 12(a), 12(d), and 12(f). g.The terms of the Agreement which govern termination shall apply to a termination pursuant to Clause 14(f) or Clause 16. 4.TRANSFERS FROM SWITZERLAND. If the Clauses apply to the Processing of Controller Data governed by the Swiss FDPA, the Clauses shall be modified as follows: a.the term “member state” shall not be interpreted in such a way as to exclude data subjects in Switzerland from suing for their rights in their place of habitual residence in accordance with Clause 18(c); b.the Clauses shall also protect the data of legal entities until the entry into force of the revised Swiss FDPA on or about 1 January 2023; c.references to the GDPR or other governing law contained in the Clauses shall also be interpreted to include the Swiss FDPA; and d.the Parties agree that the supervisory authority as indicated in Annex I.C shall be, insofar as the data transfer is governed by the Swiss FDPA, the Swiss Federal Data Protection and Information Commissioner. 5.TRANSFERS FROM THE UNITED KINGDOM. If Client transfers Controller Data to Foundant Technologies that is subject to the UK Data Protection Laws, this Section 5 shall apply to and modify the Standard Contractual Clauses to the extent that the UK Data Protection Laws applies to Client’s Processing when making that transfer. As used in this Section, “Approved Addendum” means the template addendum issued by the Information Commissioner and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under section 18 of such addendum (available at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer- addendum.pdf). The Parties acknowledge that the information required to be set forth in “Part 1: Tables” of the Approved Addendum shall be completed in accordance with Appendix 1 and this Appendix 3 of the DPA. “Part 2: Mandatory Clauses” of the Approved Addendum, as it is revised under section 18 of those Mandatory Clauses, is hereby incorporated herein by DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Data Processing Agreement (DPA) – v012023 Page 15 of 15 reference. For purposes of section 19 of the Mandatory Clauses, each Party to this Agreement may end the Addendum in accordance with section 19 thereof. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Service Level Agreement (SLA) v042022 Page 1 of 4 EXHIBIT C - SERVICE LEVEL AGREEMENT Foundant Technologies, Inc. This Service Level Agreement (“SLA”) is made and entered into as of the Effective Date by and between, Client (hereinafter referred to as “Client”), and Foundant Technologies, Inc. (hereinafter referred to as “Foundant Technologies” or “Service Provider”) (singularly, a “Party” and collectively, the “Parties”). This SLA is a supplement to and made part of the Client Order Form, the Master Subscription Agreement, the Data Processing Agreement, the Professional Services Agreement, and any related Statements of Work (collectively, the “Agreement”). The Parties agree as follows: 1.DEFINITIONS. 1.1 “Critical Function” means the level of functionality that can be considered as a core characteristic of the Software whose failure would contribute to, or cause, a failure condition that would prevent the continued use of the Software. 1.2 “Error” means an instance of failure in coding or logic that causes the Software to not function substantially as intended. 1.3 “Other Causes” means: (a) downtime caused solely by the Client’s or Users’ use of the Services or Platform other than in accordance with the Agreement; (b) lack of availability or untimely response time from the Client with regard to incidents that require its participation for source identification and/or resolution; (c) the impairment or unavailability of minor features or functionality that do not materially affect the end user experience or productivity such as cosmetic defects or pending Client requests to Foundant Technologies for functionality or configuration changes not included in the core Services or Platform offering; (d) system impairment or unavailability caused by scheduled routine activities such as the loading of new data; or, (e) the Client’s or Users’ computers or network equipment and any third party activities, equipment, or software not within Foundant Technologies’ direct control. 1.4 “Scheduled Downtime” means Software downtime resulting from either a Force Majeure event(s) or for regular maintenance, improvements, and updates, as determined by Service Provider. 1.5 “Support” means Service Provider team that will assist in technical maintenance and Error resolution. 1.6 “Support Services” means technical support and maintenance of the Software as described in Section 5 of this document. 1.7 “Update” means regular updates to the Software, including new features and functionalities, resolution of Software defects and smaller enhancements to the Software. 1.8 Capitalized terms that are not listed in this SLA have the same meaning as provided elsewhere in the Agreement. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Service Level Agreement (SLA) v042022 Page 2 of 4 2. ACCESS TO THE SOFTWARE. 2.1 For the Order Term, Service Provider shall provide the Client and the Users with access to the Software. 2.2 Client may grant Software access to as many Users as it desires. 3. HOSTING AND PLATFORM ADMINISTRATION. 3.1 Service Provider shall provide all site hosting for the Software. Service Provider shall use commercially reasonable efforts to make the Software available to Users twenty-four (24) hours a day, seven (7) days a week (excluding Scheduled Downtime and Other Causes), and Service Provider shall maintain disaster recovery procedures such that corrective action will be quickly taken should the Software become unavailable for any reason, excluding Scheduled Downtime and Other Causes. 3.2 The Service Provider will use commercially reasonable efforts to make the Software available on average of ninety-nine point five percent (99.5%) of each ninety (90) day period during the Order Term, excluding Scheduled Downtime and Other Causes. 3.3 Scheduled Downtime does not count against Software availability under Section 3.2, and is considered regularly scheduled if it is communicated with at least forty-eight (48) hours in advance of the Scheduled Downtime when the downtime is expected to last less than four (4) hours. In the event any Scheduled Downtime is expected to last over four (4) hours in duration (i.e., for an Update), Service Provider shall notify the Client at least seventy-two (72) hours in advance of the Scheduled Downtime. Service Provider shall use commercially reasonable efforts to limit Scheduled Downtime to a maximum of six (6) times within a ninety (90) day period. 3.4 Service Provider shall back up all data files associated with the Software on a daily basis to prevent the loss of critical data, with back-ups stored in a separate and secure location from the Software hosting location(s). 3.5 Scheduled maintenance periods for production environments will not take place between 7:00 AM and 6:00 PM Mountain Time Monday through Friday unless there is an emergency (e.g., to implement a security patch, etc.). 3.6 Service Provider shall not be held accountable for unavailability of the Software due to acts of Client or its agents or Affiliates, network unavailability outside of the Service Provider’s network, or due to any failure, defect, malfunction of any software or equipment not provided by Service Provider. The Service Provider’s network is defined to extend from the hosting device to, include, and terminate at a router controlled by the data center hosting the Software, and which interfaces with the data center’s wide area network (“WAN”) connections. The WAN connections to a data center’s backbone providers (e.g., Bell South, AT&T Local, MFS, etc.) and backbone provider connections are outside of the Service Provider’s network. 4. PLATFORM SECURITY. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Service Level Agreement (SLA) v042022 Page 3 of 4 4.1 The Platform will be designed to be accessible only to Users authorized by Client. 4.2 Platform passwords will be required in accordance with the provisions of the Agreement. 4.3 Service Provider shall maintain firewalls and network / intrusion detection software designed to monitor and prevent unauthorized access to the Platform. 5.SUPPORT SERVICES. 5.1 Technical and operational support services are available from 7:00 AM Mountain Time to 6:00 PM Mountain Time on Monday through Friday, excluding any Service Provider holidays (“Business Day”), and are included with the Support Services. 5.2 All Support communication is provided in English. 5.3 Support does not provide assistance with or support for non-Foundant Technologies products, services, or technologies, including databases, computer networks, communication systems, computers, hard drives, networks, printers, or the like. 5.4 Client shall promptly notify Service Provider of any Errors or other support request issues by contacting Service Provider Support through the following contact methods: 5.4.1 Online Support Hub – Clients login access to the Service Provider Support Hub located at https://support.foundant.com (the “Support Hub”). The Support Hub shall provide Client with access to its open and resolved tickets, information about the Services, including but not limited to, service announcements, Support contact methods, and access to the Documentation. 5.4.2 Telephone Support – Client may contact Service Provider Support at (877) 297-0043 or (406) 602-0600. If a Service Provider representative is unavailable to take the call, Client may leave a detailed message that describes the support issue and includes a contact phone number and email address. Tickets are created for all answered phone calls and voicemails and are assigned to the next available Service Provider Support team member. 5.4.3 Email Support – Client can contact Support through email. Support tickets are created for all requests received at support@foundant.com and assigned to the next available Service Provider Support team member.. 5.4.4 Chat Support – During the Business Day, Client can contact Support by using the chat widget located within the Software and the Support Hub. Support tickets are created for all chats and assigned to the next available Service Provider Support team member. 5.5 For each Error reported by Client, Service Provider shall maintain a record by creating a Support ticket and assigning a Support request number. Responses to Support emails are automatically logged with the original request. 5.6 Service Provider shall internally initiate commercially reasonable efforts to resolve each Error. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 FOUNDANT I technologies Foundant Technologies, Inc. Service Level Agreement (SLA) v042022 Page 4 of 4 5.7 Support shall use commercially reasonable efforts to respond to Errors reported to it by Client and shall use commercially reasonable efforts to provide a resolution timeline for correcting such Error. 5.8 In the event of a complete system outage impacting Client, or failure of a Critical Function, Service Provider will communicate with Client, through appropriate communication channels on the following schedule: 5.8.1 First Notification - Within one (1) hour from time of discovery and confirmation of outage or Critical Function failure. 5.8.2 Subsequent Notifications - Every three (3) hours until resolution is in place and confirmed. 6. UPDATES. 6.1 The Service Provider will make available to Client any and all Updates on the Platform as indicated on the Client Order Form, along with associated Documentation describing the purpose and function of the Update. 6.2 Service Provider will use commercially reasonable efforts that such Update does not degrade the performance, functioning, or operation of the Platform. 6.3 After an Update has been incorporated into the Platform, the Update shall be considered part of the Service or Platform indicated on the Client Order Form. 7. LEARNING & DEVELOPMENT. 7.1 The Service Provider’s interactive training tool, Foundant Courses, shall be available to Client during and after training implementation in their sandbox environment, if applicable. In accordance with this SLA, Foundant Courses will include Software updates, new features, and enhancements. 7.2 The Service Provider Support Hub will provide a library of product support and help articles. In accordance with this SLA, the Support Hub will include product updates, new features, or relevant enhancements. 8. DOCUMENTATION. 8.1 Within a reasonable amount of time after implementing an Update, the Service Provider will enable Client access to modified Documentation and corresponding changes to the Support Hub and Foundant Courses describing such Updates. 9. SERVICE GUARANTEE. 9.1 If the Service Provider does not consistently meet the Client’s expectations in the delivery of Services, the Client may terminate this Agreement upon thirty (30) day notice to Service Provider for any reason as outlined in the Master Subscription Agreement. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Professional Services Agreement (PSA) – v042022 Page 1 of 5 EXHIBIT D - PROFESSIONAL SERVICES AGREEMENT Foundant Technologies, Inc. This Professional Services Agreement (“PSA”) is made and entered into as of the Effective Date of the Client Order Form duly executed by and between Client (hereinafter referred to as “Client”), and Foundant Technologies, Inc. (hereinafter referred to as “Foundant Technologies” or “Service Provider”) (singularly, a “Party” and collectively, the “Parties”). This PSA is a supplement to and made part of the Client Order Form, Master Subscription Agreement, Data Processing Agreement, Service Level Agreement, and any related Statements of Work (“SOW”) (collectively, the “Agreement”). 1. DEFINITIONS. 1.1 “Change Order” means any change to an SOW as described in Section 4.7. Change Orders will be deemed incorporated by reference in the applicable SOW. 1.2 “Deliverable/s” means any tangible item or action, except for the Platform, identified as provided by Service Provider in (i) Section 1.2 of the SOW or (ii) any Change Order. 1.3 Capitalized terms that are not listed in this PSA have the same meaning as provided elsewhere in the Agreement. 2.PROFESSIONAL SERVICES. 2.1 Subject to the terms and conditions of the Agreement, Service Provider will provide Client with Professional Services as set forth in the applicable SOW(s) executed by Service Provider and Client, subject to Client’s payment of all fees as set forth in the Section 5 of this PSA. 2.2 This PSA is limited to Professional Services, the Deliverables, and does not convey any right to use any other of the Services or the Platform. Any use of other Services by Client will be governed by a separate document within the Agreement. Client agrees that its purchase of Professional Services is not contingent on the delivery of any future Services functionality or features, other than the Deliverables, subject to the terms of the applicable SOW or Client Order Form. 3.CLIENT COOPERATION. 3.1 Client agrees to provide, at no cost to Service Provider, reasonable assistance and other resources requested by Service Provider to enable the performance of the Professional Services (collectively, “Assistance”). 3.2 Client will act in good faith with Service Provider by, without limitation: (a)timely performing any tasks necessary to enable Service Provider to perform its obligations under each SOW or Client Order Form; (b)timely providing any Client obligations as outlined in each SOW or Client Order Form; (c)timely responding to Service Provider’s inquiries related to the Professional Services; DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Professional Services Agreement (PSA) – v042022 Page 2 of 5 (d) assigning an internal project manager for each SOW or Client Order Form to serve as a primary point of contact for Service Provider; (e) actively participating in scheduled project meetings; (f) providing, in a timely manner and at no charge to Service Provider: office workspace, telephone and other facilities, configured computer equipment with internet access, access to employees and agents of Client having knowledge and skills necessary to complete Service Provider’s request, and coordination of onsite, online and telephonic meetings, all of the above as reasonably requested by Service Provider or as otherwise defined in Agreement; and, (g) complete, accurate and prompt delivery of information, data and feedback all as reasonably requested by Service Provider or as otherwise defined in the Agreement. 3.3 Any delays in the performance of Professional Services or delivery of Deliverables, directly or indirectly related to Client’s acts or omissions may result in additional applicable charges for resource time. 3.4 Service Provider will not be liable for any deficiency in the performance of Professional Services to the extent such deficiency results from any acts or omissions of Client, including, but not limited to, Client’s failure to provide Assistance as required hereunder. 4. DELIVERY, ACCEPTANCE, AND CHANGE ORDERS. 4.1 Service Provider will provide the Professional Services, including any Deliverables, in accordance with the Agreement. 4.2 Client and Service Provider agree to cooperate in good faith to achieve completion of the Professional Services in a timely and professional manner. 4.3 Client is responsible for reviewing and testing all Deliverables in accordance with any reviewing and testing described in the related SOW or Client Order Form and pursuant to any acceptance criteria or test plans mutually agreed upon in writing by the parties for such Deliverable. Failure to reject a Deliverable, as set forth below, will be deemed as acceptance. If Client reasonably determines in good faith that any submitted Deliverable does not satisfy the acceptance criteria, Client must notify Service Provider in writing within ten (10) business days after Service Provider’s submission of the Deliverable, specifying any and all acceptance criteria deficiencies in detail. Service Provider will use commercially reasonable efforts to correct such deficiencies and, if necessary, shall resubmit the Deliverable to Client in a timely manner. Client will again review and test the Deliverable against the acceptance criteria, and shall detail any deficiencies to Service Provider in writing within ten (10) business days after resubmission of the Deliverable. If a Deliverable fails to meet the functional requirements specified in the applicable SOW or Client Order Form after the second submission of the Deliverable to Client, Client may either, as its sole and exclusive remedy: (i) again reject the Deliverable and return it to Service Provider for further correction and resubmission in accordance with the process described above. If the Deliverable is not DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Professional Services Agreement (PSA) – v042022 Page 3 of 5 accepted after two resubmissions, the matter will be escalated to Client’s executive sponsor for the project associated with the SOW or Client Order Form and the Service Provider Engagement Manager; or, (ii) terminate the relevant SOW or Client Order Form immediately upon written notice. If the parties determine that a Deliverable’s functional requirements specified in a SOW or Client Order Form require modification (for example, due to incorrect assumptions or changed requirements), they will cooperate in good faith to execute a Change Order for such revised requirements. 4.4 Acceptance of Professional Services, including a Deliverable, will not affect Client’s rights or remedies under Section 7. 4.5 Service Provider will perform the Professional Services through qualified employees (“Professional Services Personnel”). Service Provider may replace Professional Services Personnel in its normal course of business, provided that Service Provider will be responsible for the performance of Professional Services by all Professional Services Personnel. 4.6 Service Provider will control the method and manner of performing all work necessary for completion of Professional Services, including but not limited to the supervision and control of any Professional Services Personnel performing Professional Services. Service Provider will maintain such a number of qualified Professional Services Personnel and appropriate facilities and other resources sufficient to perform Service Provider’s obligations under the Agreement and in accordance with its terms. 4.7 A Party may request a change in a Statement of Work (whether in Fees or otherwise) by submitting a written change request to the other Party describing the requested changes (a “Change Order Request”) using the Change Order . Absent the execution of a Change Order, the Parties will proceed to fulfill their obligations under the applicable SOW in accordance with its original terms. 5. FEES, INVOICING, AND TAXES. 5.1 Client will pay Service Provider the Fees for the Professional Services. Professional Services are provided on a fixed fee basis. 5.2 Unless otherwise stated in the Agreement, and in accordance with the Service Provider’s travel and expense policies, Client will reimburse Service Provider for all reasonable travel and out-of-pocket expenses incurred in connection with Professional Services. If an estimate of expenses is provided in the applicable SOW or Client Order Form, Service Provider will not materially exceed such estimate without the written consent of Client. 5.3 The Fees will be invoiced, in advance, in the manner as provided in the SOW or Client Order Form, as applicable, unless otherwise expressly stated therein. 5.4. Subject to Section 5.5, if any amount owing by Client under this or any other agreement for Professional Services is thirty (30) days or more overdue, Service Provider may, without limiting its other rights and remedies, suspend its performance of Professional Services until such amounts are paid in full. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Professional Services Agreement (PSA) – v042022 Page 4 of 5 5.5 Service Provider will not exercise its rights under Section 4.3 of the MSA or suspension of Professional Services section above if Client is reasonably disputing the applicable charges in good faith and cooperating diligently to resolve the dispute. 6. PROPRIETARY RIGHTS AND LICENSES. 6.1 Service Provider shall own all rights, title and interest in and to the Deliverables, including all related intellectual property rights. Deliverables are Service Provider’s Confidential Information and Client may not reverse engineer, decompile, disassemble, translate, copy, reproduce, display, publish, create derivative works of, assign, sell, lease, rent, license, sublicense or grant a security interest in all or any portion of the Deliverables. Subject to the terms and conditions of the Agreement, and during the Order Term, Service Provider hereby provides Client with a limited, non-exclusive, nontransferable terminable license to use the Deliverables solely for Client’s internal operations in connection with its authorized use of the Platform. 6.2 The Parties hereby agree that the Professional Services involve the configuration of Client’s subscription to Software and the integration of Client Data with and into the Platform, and therefore the Deliverables are inoperative without an active subscription to the Software. 7. WARRANTIES. 7.1 Service Provider hereby represents and warrants that: (a) the Professional Services provided pursuant to the Agreement will be performed in a timely and professional manner by Service Provider and its Professional Services Personnel, consistent with generally-accepted industry standards; provided that Client’s sole and exclusive remedy for any breach of this warranty will be, at Service Provider’s option, re- performance of the Professional Services or termination of the applicable SOW; and, (b) it is under no contractual or other restrictions or obligations which are inconsistent with the execution of the Agreement, or, to its best knowledge, which will interfere with its performance of the Professional Services. 7.2 IN THE EVENT THAT CLIENT MODIFIES ANY DELIVERABLES IN A MANNER NOT INSTRUCTED BY SERVICE PROVIDER, SERVICE PROVIDER SHALL NOT BE RESPONSIBLE, IN LAW OR OTHERWISE, FOR ANY DELIVERABLES DESPITE ANY OTHER WARRANTIES OR GUARANTEES. SERVICE PROVIDER DOES NOT WARRANT THAT CLIENT’S OR ANY THIRD PARTY’S ACCESS TO OR USE OF THE DELIVERABLES SHALL BE UNINTERRUPTED OR ERROR-FREE, OR THAT IT WILL MEET ANY PARTICULAR CRITERIA OF PERFORMANCE OR QUALITY. FURTHER, SERVICE PROVIDER EXPRESSLY DISCLAIMS ANY RESPONSIBILITY TO SUPPORT OR MAINTAIN ANY DELIVERABLE AND WILL NOT DO SO UNLESS OTHERWISE AGREED BY THE PARTIES. THIS DISCLAIMER OF WARRANTY AND LIABILITY IS EXPRESSLY MADE IN ADDITION TO ANY DISCLAIMERS MADE BY SERVICE PROVIDER OR ITS AFFILIATES UNDER THE AGREEMENT WITH RESPECT TO THE SERVICES, PLATFORM, AND DELIVERABLES. 8. GENERAL TERMS. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Foundant Technologies, Inc. Professional Services Agreement (PSA) – v042022 Page 5 of 5 8.1 Should any provision of this PSA be invalid or unenforceable, then the remainder of this PSA shall remain valid and in force. The invalid or unenforceable provision shall be either: (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible; or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein. DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 INSR ADDLSUBRLTRINSR WVD DATE (MM/DD/YYYY) PRODUCER CONTACTNAME: FAXPHONE(A/C, No):(A/C, No, Ext): E-MAILADDRESS: INSURER A : INSURED INSURER B : INSURER C : INSURER D : INSURER E : INSURER F : POLICY NUMBER POLICY EFF POLICY EXPTYPE OF INSURANCE LIMITS(MM/DD/YYYY) (MM/DD/YYYY) COMMERCIAL GENERAL LIABILITY AUTOMOBILE LIABILITY UMBRELLA LIAB EXCESS LIAB WORKERS COMPENSATION AND EMPLOYERS' LIABILITY DESCRIPTION OF OPERATIONS / LOCATIONS / VEHICLES (ACORD 101, Additional Remarks Schedule, may be attached if more space is required) AUTHORIZED REPRESENTATIVE INSURER(S) AFFORDING COVERAGE NAIC # Y / N N / A (Mandatory in NH) ANY PROPRIETOR/PARTNER/EXECUTIVEOFFICER/MEMBER EXCLUDED? EACH OCCURRENCE $ DAMAGE TO RENTED $PREMISES (Ea occurrence)CLAIMS-MADE OCCUR MED EXP (Any one person) $ PERSONAL & ADV INJURY $ GENERAL AGGREGATE $GEN'L AGGREGATE LIMIT APPLIES PER: PRODUCTS - COMP/OP AGG $ $ PRO- OTHER: LOCJECT COMBINED SINGLE LIMIT $(Ea accident) BODILY INJURY (Per person) $ANY AUTO OWNED SCHEDULED BODILY INJURY (Per accident) $AUTOS ONLY AUTOS AUTOS ONLYHIRED PROPERTY DAMAGE $AUTOS ONLY (Per accident) $ OCCUR EACH OCCURRENCE $ CLAIMS-MADE AGGREGATE $ DED RETENTION $$ PER OTH- STATUTE ER E.L. EACH ACCIDENT $ E.L. DISEASE - EA EMPLOYEE $ If yes, describe under E.L. DISEASE - POLICY LIMIT $DESCRIPTION OF OPERATIONS below POLICY NON-OWNED SHOULD ANY OF THE ABOVE DESCRIBED POLICIES BE CANCELLED BEFORE THE EXPIRATION DATE THEREOF, NOTICE WILL BE DELIVERED IN ACCORDANCE WITH THE POLICY PROVISIONS. THIS IS TO CERTIFY THAT THE POLICIES OF INSURANCE LISTED BELOW HAVE BEEN ISSUED TO THE INSURED NAMED ABOVE FOR THE POLICY PERIOD INDICATED. NOTWITHSTANDING ANY REQUIREMENT, TERM OR CONDITION OF ANY CONTRACT OR OTHER DOCUMENT WITH RESPECT TO WHICH THIS CERTIFICATE MAY BE ISSUED OR MAY PERTAIN, THE INSURANCE AFFORDED BY THE POLICIES DESCRIBED HEREIN IS SUBJECT TO ALL THE TERMS, EXCLUSIONS AND CONDITIONS OF SUCH POLICIES. LIMITS SHOWN MAY HAVE BEEN REDUCED BY PAID CLAIMS. THIS CERTIFICATE IS ISSUED AS A MATTER OF INFORMATION ONLY AND CONFERS NO RIGHTS UPON THE CERTIFICATE HOLDER. THIS CERTIFICATE DOES NOT AFFIRMATIVELY OR NEGATIVELY AMEND, EXTEND OR ALTER THE COVERAGE AFFORDED BY THE POLICIES BELOW. THIS CERTIFICATE OF INSURANCE DOES NOT CONSTITUTE A CONTRACT BETWEEN THE ISSUING INSURER(S), AUTHORIZED REPRESENTATIVE OR PRODUCER, AND THE CERTIFICATE HOLDER. IMPORTANT: If the certificate holder is an ADDITIONAL INSURED, the policy(ies) must have ADDITIONAL INSURED provisions or be endorsed. If SUBROGATION IS WAIVED, subject to the terms and conditions of the policy, certain policies may require an endorsement. A statement on this certificate does not confer any rights to the certificate holder in lieu of such endorsement(s). COVERAGES CERTIFICATE NUMBER:REVISION NUMBER: CERTIFICATE HOLDER CANCELLATION © 1988-2015 ACORD CORPORATION. All rights reserved. The ACORD name and logo are registered marks of ACORDACORD 25 (2016/03) ACORDTM CERTIFICATE OF LIABILITY INSURANCE Atlantic Specialty Insurance Company Travelers Indemnity Company HSB Specialty Insurance Company 10/06/2022 Marsh McLennan Agency LLC 350 Madison Avenue, 7th Floor New York, NY 10017 Marina Zaslavskaya 201 845-6600 Marina.Zaslavskaya@MarshMMA.com Foundant Technologies, Inc 143 Willow Peak Drive Bozeman, MT 59718 27154 25658 14438 A X X X 7110167540003 10/01/2022 10/01/2023 1,000,000 500,000 15,000 1,000,000 2,000,000 2,000,000 A X X 7110167540003 10/01/2022 10/01/2023 1,000,000 A X 7110167540003 10/01/2022 10/01/2023 2,000,000 2,000,000 B N UB4S3243032242G 07/01/2022 07/01/2023 X 1,000,000 1,000,000 1,000,000 C A Cyber Liability Errors+Omissions 661395801 7600106290003 10/29/2021 10/01/2022 10/29/2022 10/01/2023 $3MM Aggregate $1MM Occ/$1MM Agg ** Workers Comp Information ** Blanket Waiver of Subrogation Included states: UT, VT & WI (See Attached Descriptions) City of Carlsbad 1775 Dove Lane Carlsbad, CA 92011 1 of 2 #S11871686/M11871660 FOUNDTECHN3Client#: 742834 NNMZL 1 of 2 #S11871686/M11871660 DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 I I f--D □ f-- f-- f-- Fl □ □ f-- f--- f--- f--- f--H I I I I I □ I SAGITTA 25.3 (2016/03) DESCRIPTIONS (Continued from Page 1) Certificate holder is included as Additional Insured when required by written contract, agreement or permit, but only with respect to the General Liability insurance and subject to the provisions and limitations of the policy. 2 of 2 #S11871686/M11871660 DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 Policy Number: 711-01-67-54-0003 COMMERCIAL GENERAL LIABILITY THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY. BROAD FORM GENERAL LIABILITY ENDORSEMENT - TECHNOLOGY COMPANIES This endorsement modifies insurance provided under the following: COMMERCIAL GENERAL LIABILITY COVERAGE PART This endorsement extends certain coverages. The following listing and the headers in this endorsement are only for convenience. Provisions in this endorsement might be modified by other endorsements. Read the entire policy carefully to determine rights, duties and what is and is not covered. A. Section I -Coverages 1. Expected or Intended Injury (Property Damage) 2. Non-Owned Aircraft and Watercraft Under 55 Feet 3. Broadened Property Damage - Rented Premises, Borrowed Equipment and Use of Elevators 4. Personal and Advertising Injury Exclusions a. Insureds in Media and Internet Type Businesses b. Electronic Chatrooms or Bulletin Boards 5. Medical Payments - Increased Limits and Time Period 6. Product Recall Expense Coverage 7. Supplementary Payments - Cost of Bail Bonds and Loss of Earnings B. Section II -Who is an Insured 1. Broadened Named Insured 2. Additional Insured -Broad Form Vendor 3. Additional Insured -Written Contract, Agreement, Permit or Authorization A. Section I -Coverages 4. Incidental Malpractice by Employed Physicians, Nurses, EMTs and Paramedics 5. User of Covered Watercraft 6. Newly Acquired or Formed Organizations C. Section Ill -Limits of Insurance - Aggregate Limit Per Location D. Section IV -Commercial General Liability Conditions 1. Duties in Event of Occurrence, Offense, Claim or Suit 2. Waiver of Subrogation When Required by Written Contract or Agreement E. Section V -Definitions 1. Bodily Injury-Includes Mental Anguish 2. Coverage Territory-Worldwide 3. Mobile Equipment -Self-Propelled Snow Removal, Road Maintenance and Street Cleaning Equipment Less than 1,000 Pounds Gross Vehicle Weight 1. Expected or Intended Injury (Property Damage) The following is added to Exclusion 2.a. Expected Or Intended Injury of Section I -Coverages - Coverage A -Bodily Injury and Property Damage Liability: This exclusion does not apply to "property damage" resulting from the use of reasonable force to protect persons or property. 2. Non-Owned Aircraft and Watercraft Under 55 Feet a. The following is added to Exclusion 2.g. Aircraft, Auto or Watercraft of Section I -Coverages - Coverage A -Bodily Injury and Property Damage Liability: This exclusion does not apply to an aircraft that is: (a) Hired, chartered or loaned with a paid crew; and (b) Not owned by any insured. b. The following replaces Exclusion 2.g.(2)(a) of Section I -Coverages -Coverage A -Bodily Injury and Property Damage Liability: (a) Less than 55 feet long; and VCG 2070618 Includes copyrighted material of Insurance Services Office, Inc., with its permission. Copyright 2017, Intact Insurance Group USA LLC E-INSURED Page 1 of9 DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 c. The following is added to Paragraph b.(1) in Paragraph 4. Other Insurance of Section IV- Commercial General Liability Conditions: This insurance is excess over any of the other valid and collectible insurance available to the insured that provides coverage for aircraft or watercraft not owned by any insured, whether such insurance is primary, excess, contingent or on any other basis. 3. Broadened Property Damage -Rented Premises, Borrowed Equipment and Use of Elevators a. The following is added to Exclusion 2.j. Damage To Property of Section I -Coverages - Coverage A -Bodily Injury and Property Damage Liability: Paragraph (1) of this exclusion does not apply to "property damage" to real property you rent or temporarily occupy with permission of the owner. Paragraph (4) of this exclusion does not apply to "property damage" to equipment you borrow while at a job site if the equipment is not being used by anyone to perform work or operations at the time of loss. Paragraphs (3), (4) and (6) of this exclusion do not apply to "property damage" arising out of the use of elevators at premises you own, rent, lease or occupy. b. The following replaces Paragraph 6. of Section Ill -Limits Of Insurance: 6. Subject to Paragraph 5. above, the Damage to Premises Rented to You Limit shown in the Declarations is the most we will pay under Coverage A for damages because of "property damage" to any one premises while rented to you or occupied by you with permission of the owner. If a Damage to Premises Rented to You Limit is not shown in the Declarations, that Limit will be $500,000. c. The following is added to Paragraph b.(1) of Paragraph 4. Other Insurance of Section IV- Commercial General Liability Conditions: This insurance is excess over any of the other valid and collectible insurance available to the insured that provides coverage for real property you rent or temporarily occupy with the permission of the owner, borrowed equipment or use of elevators, whether such insurance is primary, excess, contingent or on any other basis. 4. Personal and Advertising Injury Exclusions a. Insureds in Media and Internet Type Businesses The following replaces Exclusion 2.j. Insureds In Media And Internet Type Businesses of Section I -Coverages -Coverage B -Personal and Advertising Injury Liability: "Personal and advertising injury'' committed by an insured whose business is: (1) Advertising, broadcasting, publishing or telecasting; or (2) Designing or determining content of web sites for others. However, this exclusion does not apply to Paragraphs 14.a., b. and c. of "personal and advertising injury'' under the Definitions section. For the purposes of this exclusion, the placing of frames, borders or links, or advertising for you, is not by itself considered the business of advertising, broadcasting, publishing or telecasting. b. Electronic Chatrooms or Bulletin Boards The following replaces Exclusion 2.k. Electronic Chatrooms Or Bulletin Boards of Section I - Coverages -Coverage B -Personal and Advertising Injury Liability: "Personal and advertising injury" arising out of an electronic chatroom or bulletin board the insured hosts, owns or maintains for others. 5. Medical Payments -Increased Limits and Time Period The following provisions are modified only if Coverage C is not otherwise excluded by the provisions of this Coverage Part or any endorsement. a. The following replaces Paragraph a.(3)(b) in Paragraph 1. Insuring Agreement of Section I - Coverage C -Medical Payments: (b) The expenses are incurred and reported to us within three years of the date of the accident; and VCG 2070618 Includes copyrighted material of Insurance Services Office, Inc., with its permission. Page2 of9 Copyright 2017, Intact Insurance Group USA LLC DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 b. The following is added to Paragraph 7. of Section Ill -Limits Of Insurance: The Medical Expenses Limit for Coverage C is the greater of $15,000 per person or the amount shown in the Declarations. 6. Product Recall Expense Coverage a. The following is added to Section I -Coverages: Product Recall Expense Schedule Product Recall Aggregate Limit $ 50,000 Each Product Recall Limit Each Product Recall Deductible $25,000 $1,000 The limits and deductible in this Schedule apply to Product Recall Expense Coverage unless other amounts are shown in the Declarations. PRODUCT RECALL EXPENSE COVERAGE We will pay "product recall expense" incurred by you or on your behalf for a "covered recall" to which this insurance applies. This insurance applies to "product recall expense" for a "covered recall" that takes place in the "coverage territory'' and during the policy period. The amount we will pay for "product recall expense" is limited as described in Section 111-Limits Of Insurance. We will only pay the amount of "product recall expense" in excess of the Each Product Recall Deductible shown in the Schedule above. You must pay the Each Product Recall Deductible for each "covered recall" that is initiated. b. The following is added to Section Ill -Limits Of Insurance: The Product Recall Aggregate Limit shown in the Schedule above is the most we will pay for the sum of all "product recall expense" incurred for all "covered recalls" initiated during the policy period. Subject to the Product Recall Aggregate Limit, the Each Product Recall Limit shown in the Schedule above is the most we will pay for all "product recall expenses" arising out of any one "covered recall" for the same defect or deficiency. c. The following is added Section IV -Commercial General Liability Conditions: Duties In The Event Of "Covered Recall" 1. You must report a "covered recall" to us as soon as practicable and no later than 30 days after you discover or are made aware of such recall. 2. No insured will, except at that insured's own cost, voluntarily make a payment, assume any obligation, or incur any expense, other than for first aid, without our consent. 3. You must see to it that the following are done as soon as practicable after an actual or anticipated "covered recall" that may result in "product recall expense": VCG 2070618 (a) Give us notice of any discovery or notification that "your product" must be withdrawn or recalled, including a description of "your product" and the reason for the withdrawal or recall; (b) Cease any further release, shipment, consignment or any other method of distribution of such product, as well as any similar products, until it has been determined that all such products are free from defects that could result in "product recall expense"; (c) As often as may be reasonably required, permit us to: (1) Inspect "your product" and take damaged and undamaged samples of "your products" for inspection, testing and analysis; and (2) Examine and make copies from your books and records; (d) Within 60 days of our request and providing you the necessary forms, send us a signed, sworn proof of loss containing the information we request to settle the claim; and Includes copyrighted material of Insurance Services Office, Inc., with its permission. Page3of9 Copyright 2017, Intact Insurance Group USA LLC DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 (e) Permit us to examine any insured under oath, while not in the presence of any other insured, at such times as may reasonably be required, about any matter relating to this insurance or your claim, including an insured's books and records. An insured's answers to the examination must be signed. d. The following are added to Section V -Definitions: "Covered recall" means a recall of "your product" made necessary because the insured or a government entity has determined that a known or suspected defect, deficiency, inadequacy or dangerous condition in "your product" has resulted in, or will result in, "bodily injury'' or "property damage". "Product recall expense": a. Means the following necessary and reasonable extra expenses incurred by you or on your behalf exclusively for the purpose of recalling "your product": (1) Expenses for communications, including broadcast announcements or printed "advertisements" and associated stationery, envelopes and postage; (2) Expenses for shipping the recalled products from any purchaser, distributor or user to the place or places designated by you; (3) Expenses for overtime paid to your regular non-salaried "employees"; (4) Expenses for hiring "temporary workers"; (5) Expenses incurred by "employees", including transportation and accommodations; (6) Expenses to rent additional warehouse or storage space; or (7) Expenses for proper disposal of "your product" if the disposal is necessary to avoid "bodily injury'' or "property damage" and is other than regularly used to discard, trash or dispose of "your product". b. Does not include the following: (1) Damages, fines or penalties; (2) Defense expenses; (3) The cost of regaining your market share, goodwill, revenue or profit; or (4) Any expenses resulting from: (a) Failure of any product to accomplish its intended purpose; (b) Breach of warranties of fitness, quality, durability or performance; (c) Loss of customer approval, or any cost incurred to regain customer approval; (d) Redistribution or replacement of "your product" that was recalled with like products or substitutes; (e) The insured's caprice or whim; (f) A condition any insured knew, or had reason to know, of at the inception of this insurance that was likely to cause loss; or (g) Recall of "your products" that have no known or suspected defect solely because a known or suspected defect in another of "your products" has been found. 7. Supplementary Payments -Cost of Bail Bonds and Loss of Earnings The following replaces Paragraphs 1.b. and 1.d. of Supplementary Payments -Coverages A and B in Section I -Coverages: b. Up to $2,500 for cost of bail bonds required because of accidents or traffic law violations arising out of the use of any vehicle to which the Bodily Injury Liability Coverage applies. We do not have to furnish these bonds. d. All reasonable expenses incurred by the insured at our request to assist us in the investigation or defense of the claim or "suit", including actual loss of earnings up to $250 a day because of time off from work. VCG 2070618 Includes copyrighted material of Insurance Services Office, Inc., with its permission. Page4of9 Copyright 2017, Intact Insurance Group USA LLC DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 B. Section II -Who is an Insured 1. Broadened Named Insured Section II -Who Is An Insured is amended to include as a Named Insured any legally incorporated entity in which you maintain ownership of more than 50 percent of the voting stock on the effective date of this endorsement, but only if there is no other similar insurance available to that organization. This insurance does not apply to any organization that is an insured under another policy or would be an insured under such policy but for its termination or the exhaustion of its limits of insurance. 2. Additional Insured -Broad Form Vendor a. Section II -Who Is An Insured is amended to include as an additional insured any person or organization (referred to below as "vendor'') with whom you have agreed in a written contract or agreement to provide insurance, but only with respect to "bodily injury'' or "property damage" arising out of "your products" that are distributed or sold in the regular course of the vendor's business. But none of these vendors are an additional insured: (1) If the "products-completed operations hazard" is excluded under the Coverage Part or by endorsement; (2) If the vendor is a person or organization from whom you have acquired the products, or any ingredient, part or container entering into, accompanying or containing those products; (3) For "bodily injury" or "property damage" for which the vendor is obligated to pay damages by reason of the assumption of liability in a contract or agreement unless that the vendor would have otherwise been liable for such "bodily injury'' or "property damage" in the absence of that contract or agreement; or (4) For "bodily injury" or "property damage" caused by or arising out of: (a) Any express warranty not authorized by you; (b) Any physical or chemical change in the product made intentionally by the vendor; (c) Repackaging, except when unpacked solely for the purpose of inspection, demonstration, testing or the substitution of parts under instructions from the manufacturer, and then repackaged in the original container; (d) Any failure to make such inspections, adjustments, tests or servicing as the vendor has agreed to make or normally undertakes to make in the usual course of business, in connection with the distribution or sale of the products; (e) Operations to demonstrate, install, service or repair, except those operations performed at the vendor's premises in connection with the sale of the product; (f) Products which, after distribution or sale by you, have been labeled or relabeled or used as a container, part or ingredient of any other thing or substance by or for the vendor; or (g) The sole negligence of the vendor for its own acts or omissions or those of its employees or anyone else acting on its behalf, unless such act or omission is: (i) In the course of repackaging "your products" in the original container after unpacking solely for the purpose of inspection, demonstration, testing or the substitution of parts under instructions from the manufacturer; (ii) A demonstration, installation, servicing or repair operation of "your products" performed at the vendor's premises in connection with the sale of the product; or (iii) An inspection, adjustment, test or servicing of "your products" the vendor has agreed to make or normally undertakes to make in the usual course of business, in connection with the distribution or sale of the products. b. The insurance afforded to such vendor under Paragraph a. above: (1) Applies only to the extent permitted by law; and (2) Will not be broader than that which you are required by the contract or agreement to provide to such vendor. VCG 2070618 Includes copyrighted material of Insurance Services Office, Inc., with its permission. Page5of9 Copyright 2017, Intact Insurance Group USA LLC DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 c. The following is added to Section Ill -Limits Of Insurance: The most we will pay on behalf of a vendor that qualifies as an additional insured is the amount of insurance: a. Required by the contract or agreement; or b. Available under the applicable Limits of Insurance shown in the Declarations; whichever is less. This provision does not increase the applicable Limits of Insurance shown in the Declarations. 3. Additional Insured -Written Contract, Agreement, Permit or Authorization a. Section II -Who Is An Insured is amended to include as an additional insured any person or organization with whom you have agreed in a written contract, agreement, permit or authorization to provide insurance but only with respect to liability for injury or damage caused, in whole or in part, by your acts or omissions or the acts or omissions of those acting on your behalf for: (1) "Bodily injury", "property damage" or "personal and advertising injury'' in the performance of your ongoing operations, and only until your operations are completed, for such person or organization at the location designated in the contract, agreement, permit or authorization; (2) "Bodily injury", "property damage" or "personal and advertising injury'' in the maintenance, operation or use of equipment leased to you by such person or organization; or (3) "Bodily injury", "property damage" or "personal and advertising injury'' in connection with premises you own, rent, lease or occupy. b. The insurance afforded to an additional insured under Paragraph a. above does not apply: (1) Unless: (a) The contract or agreement is executed, or the permit or authorization is issued, before the "bodily injury", "property damage" or "personal and advertising injury" occurs; and (b) The contract, agreement, permit or authorization is in effect or becomes effective during the policy period. (2) To any: VCG 207 0618 (a) Person or organization included as an insured under any other provision of this policy, including this or any other endorsement; (b) Lessor of equipment after the equipment lease terminates or expires; (c) Owner or other interests from whom land has been leased; (d) Manager or lessor of premises if: (i) The "occurrence" takes place after you cease to be a tenant in that premises; or (ii) The "bodily injury", "property damage" or "personal and advertising injury" arises out of structural alterations, new construction or demolition operations performed by or on behalf of the manager or lessor. (e) Person or organization if the "bodily injury", "property damage" or "personal and advertising injury" arising out of the rendering of, or the failure to render, any professional architectural, engineering or surveying services, including: (i) The preparing, approving, or failing to prepare or approve, maps, shop drawings, opinions, reports, surveys, field orders, change orders or drawings and specifications; or (ii) Supervisory, inspection, architectural or engineering activities. This exclusion applies even if the claims against any insured allege negligence or other wrongdoing in the supervision, hiring, employment, training or monitoring of others by that insured, if the "occurrence" which caused the "bodily injury" or "property damage", or the offense which caused the "personal and advertising injury", involved the rendering of or the failure to render any professional architectural, engineering or surveying services; or Includes copyrighted material of Insurance Services Office, Inc., with its permission. Page6of9 Copyright 2017, Intact Insurance Group USA LLC DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 (f) "Bodily injury'' or "property damage" occurring after: (i} All work, including materials, parts or equipment furnished in connection with such work, on the project (other than service, maintenance or repairs) to be performed by or on behalf of the additional insured(s) at the location of the covered operations has been completed; or (ii} That portion of "your work" out of which the injury or damage arises has been put to its intended use by any person or organization other than another contractor or subcontractor engaged in performing operations for a principal as a part of the same project. c. The insurance afforded to an additional insured under Paragraph a. above: (1) Applies only to the extent permitted by law; and (2) Will not be broader than that which you are required by the contract, agreement, permit or authorization to provide to such additional insured. d. With respect to the insurance afforded to an additional insured under Paragraph a. above: (1) The following is added to Paragraph 4. Other Insurance of Section IV-Commercial General Liability Conditions: Regardless of the provisions of Paragraphs a. and b. above, this insurance is primary to, and will not seek contribution from, any other insurance available to an additional insured if: (1) Such additional insured is a Named Insured under that other insurance; and (2) You have agreed in the contract, agreement, permit or authorization that this insurance would be primary and would not seek contribution from any other insurance available to such additional insured. (2) The following is added to Section Ill -Limits Of Insurance: The most we will pay on behalf of the additional insured is the amount of insurance: a. Required by the contract, agreement, permit or authorization; or b. Available under the applicable Limits of Insurance shown in the Declarations; whichever is less. This provision does not increase the applicable Limits of Insurance shown in the Declarations. 4. Incidental Malpractice by Employed Physicians, Nurses, EMTs and Paramedics a. The following is added to Paragraph 2.a.(1}(d} of Section II -Who Is An Insured: But an "employee" or "volunteer worker" employed or volunteering as a physician, dentist, nurse, emergency medical technician or paramedic is an insured if you are not engaged in the business or occupation of providing professional health care services. b. The following is added to Paragraph b.(1} in Paragraph 4. Other Insurance of Section IV- Commercial General Liability Conditions: This insurance is excess over any of the other valid and collectible insurance available to the insured for coverage for insured "employee" or volunteer worker who is a physician, dentist, nurse, emergency medical technician or paramedic, whether such insurance is primary, excess, contingent or on any other basis. 5. User of Covered Watercraft a. Section II -Who Is An Insured is amended to include as an additional insured any person or organization who uses, or is responsible for the use of, a watercraft covered by this policy if the use is with your express or implied consent. But no such person or organization is an insured with respect to: a. "Bodily injury'' to that person's or organization's "employee"; or b. "Property damage" to property: VCG 2070618 (1) Owned, occupied or used by; or (2) In the care, custody or control of, rented to or over which physical control is being exercised for any purpose by; that person or organization. Includes copyrighted material of Insurance Services Office, Inc., with its permission. Page7of9 Copyright 2017, Intact Insurance Group USA LLC DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 b. The following is added to Paragraph b.(1) in Paragraph 4. Other Insurance of Section IV- Commercial General Liability Conditions: This insurance is excess over any of the other valid and collectible insurance available to the insured for use of, or responsibility for use of, a watercraft covered by this policy, whether such insurance is primary, excess, contingent or on any other basis. 6. Newly Acquired or Formed Organizations The following replaces Paragraph 3.a. of Section II -Who Is An Insured: a. Coverage under this provision is afforded only until the end of the policy period; C. Section Ill -Limits of Insurance -Aggregate Limit Per Location The following is added to Paragraph 2. of Section Ill -Limits Of Insurance: The General Aggregate Limit applies separately to each "location" of yours. As used in this provision, "location" means premises you own, rent or lease involving the same or connecting lots, or whose connection is interrupted only by a street, roadway, waterway or right-of-way of a railroad. D. Section IV -Commercial General Liability Conditions 1. Duties in the Event of Occurrence, Offense, Claim or Suit The following is added to Paragraph 2. Duties In The Event Of Occurrence, Offense, Claim Or Suit of Section IV -Commercial General Liability Conditions: The requirements that you must notify us of an "occurrence", offense, claim or "suit", or send us documents concerning a claim or "suit", apply only if the "occurrence", offense, claim or "suit" is known to: (1) You, if you are an individual; (2) A partner, if you are a partnership; (3) An "executive officer" or insurance or risk manager, if you are a corporation; or (4) A manager, if you are a limited liability company. The requirement that you must notify us as soon as practicable of an "occurrence" or an offense that may result in a claim does not apply if you report the "occurrence" or offense to your workers' compensation insurer and that "occurrence" or offense later develops into a liability claim for which coverage is provided by this policy. But as soon as you become aware that an "occurrence" or offense is a liability claim rather than a workers' compensation claim, you must comply with all parts of Paragraph 2. Duties In The Event Of Occurrence, Offense, Claim Or Suit of Section IV -Commercial General Liability Conditions. 2. Waiver of Subrogation When Required by Written Contract or Agreement The following is added to Paragraph 8. Transfer of Rights of Recovery Against Others to Us of Section IV -Commercial General Liability Conditions: We will waive any right of recovery we may have against any person or organization because of payments we make for injury or damage arising out of your ongoing operations or "your work" included within the "products-completed operations hazard" if the operations or work is done under a written contract or agreement with that person or organization, but only if the contract or agreement is executed before the "bodily injury" or "property damage" occurs and requires you to waive your rights of recovery. E. Section V -Definitions 1. Bodily Injury -Includes Mental Anguish The following is added to Paragraph 3. of Section V -Definitions: "Bodily injury'' includes mental anguish resulting from bodily injury, sickness, or disease sustained by a person at any time. 2. Coverage Territory -Worldwide The following replaces Paragraph 4. of Section V -Definitions: 4. "Coverage territory'' means anywhere other than a country or jurisdiction that is subject to trade or other economic sanction or embargo by the United States of America. But the insured's VCG 2070618 Includes copyrighted material of Insurance Services Office, Inc., with its permission. Page8of9 Copyright 2017, Intact Insurance Group USA LLC DocuSign Envelope ID: 9D8E5036-62F5-48D0-B811-AF6F40305ED9 responsibility to pay damages must be determined in a settlement we agree to or in a "suit" on the merits brought within the United States of America (including its territories and possessions), Puerto Rico or Canada. 3. Mobile Equipment -Self-Propelled Snow Removal, Road Maintenance and Street Cleaning Equipment Less than 1,000 Pounds Gross Vehicle Weight The following is added after Paragraph 12.f.(1) of Section V-Definitions: But a self-propelled vehicle of less than 1,000 pounds gross vehicle weight that is maintained primarily for purposes other than transportation of persons or cargo with permanently attached equipment for snow removal, road maintenance (other than construction or resurfacing) or street cleaning will be considered "mobile equipment" and not an "auto". VCG 2070618 Includes copyrighted material of Insurance Services Office, Inc., with its permission. Page9 of9 Copyright 2017, Intact Insurance Group USA LLC