Standard Provider Agreement

Standard Provider Terms and Conditions

The following Standard Provider Terms and Conditions (the “Master Agreement”), together with the GDPR Addendum attached as Annex A hereto, if applicable (the “GDPR Addendum,” and together with the Master Agreement, the “Agreement”) are made by and between Provider (the party indicated on the applicable Statement of Work incorporating these terms) and Illumio, Inc. ("Illumio" or “Client”), and shall govern any and all Statements of Work (as defined below) referring to this Agreement, and shall supersede any and all conflicting terms.

1. Services. The Client and the Provider shall execute one or more statements of work that describe the specific services to be performed by the Provider (each, a “Statement of Work”). Each Statement of Work shall expressly refer to this Agreement, form a part of this Agreement and be subject to the terms and conditions contained herein. A Statement of Work may be amended only by written agreement of each of the parties to this Agreement. The Provider will perform all services described in each Statement of Work (the “Services”) in accordance with the terms and conditions set forth in the applicable Statement of Work and this Agreement.

2. Delivery. In connection with the Services, the Provider will deliver to the Client the deliverables, designs, modules, software, products, documentation and other materials specified in each Statement of Work (the “Deliverables”), in accordance with the delivery schedule and other terms and conditions as set forth in such Statement of Work.

3. Acceptance. Following Provider’s delivery of any Deliverable, Client (with the assistance of Provider, if so requested) will review, evaluate and/or test each Deliverable in accordance with the procedures identified in the Statement of Work to confirm that the Deliverable satisfies, conform to and operates in accordance with all acceptance criteria, specifications or requirements for such Deliverable, as specified in the Statement of Work (collectively, the “Acceptance Criteria”), as applicable. Client will use its commercially reasonable efforts to review, evaluate and/or test the Deliverable within the time period set forth in the Statement of Work. If the Deliverable fails to satisfy, conform to or otherwise operate in accordance with all applicable Acceptance Criteria, then Client will as promptly as practicable furnish Provider the specific defects in the Deliverable and, if applicable, the modifications to the Deliverable required for the Deliverable to satisfy the applicable Acceptance Criteria. Upon receipt of such a defect report, Provider will use its best efforts promptly to modify the Deliverable and re-submit the Deliverable to Client to review, evaluate and/or test in accordance with the terms of this Section. The foregoing procedure will repeat until Client finally accepts or rejects the Deliverable. If Client finally rejects any Deliverable, then Client may terminate the applicable portion of the Statement of Work or, if specified in the Statement of Work, this Agreement, immediately upon written notice to Provider.

4. Payment. As Provider’s sole compensation for the performance of Services, Client will pay Provider the fees specified in the Statement of Work in accordance with the terms set forth therein. Without limiting the generality of the foregoing Provider acknowledges and agrees that, if specified in the Statement of Work, Client’s payment obligation will be expressly subject to Provider’s completion or achievement of certain milestones to Client’s reasonable satisfaction. All fees and other amounts set forth in the Statement of Work, if any, are stated in and are payable in U.S. dollars. Unless otherwise provided in the Statement of Work, Provider will invoice Client on a monthly basis for all fees and expenses payable to Provider. Client will pay the full amount of each such invoice within sixty (60) days following receipt thereof, except for any amounts that Client disputes in good faith. The parties will use their respective commercially reasonable efforts to promptly resolve any such payment disputes.

5. Relationship. Provider is an independent contractor and nothing in this Agreement will be construed as establishing an employment or agency relationship between Client and Provider or any Provider personnel. Provider has no authority to bind Client by contract or otherwise. Provider will perform Services under the general direction of Client, but Provider will determine, in Provider’s sole discretion, the manner and means by which Services are accomplished, subject to the requirement that Provider will at all times comply with applicable law. Provider will report to all applicable government agencies as income all compensation received by Provider pursuant to this Agreement. Provider will be solely responsible for the payment of all compensation to all Provider personnel, as well as for payment of all withholding taxes, social security, workers’ compensation, unemployment and disability insurance or similar items required by any government agency. Provider personnel will not be entitled to any benefits paid or made available by Client to its employees, including, without limitation, any vacation or illness payments, or to participate in any plans, arrangements or distributions made by Client pertaining to any bonus, stock option, profit sharing, insurance or similar benefits. Provider will indemnify and hold Client harmless from and against all damages, liabilities, losses, penalties, fines, expenses and costs (including reasonable fees and expenses of attorneys and other professionals) arising out of or relating to any obligation imposed by law on Client to pay any withholding taxes, social security, unemployment or disability insurance or similar items in connection with compensation received by Provider pursuant to this Agreement.

6. Liability Insurance. Provider acknowledges that Client will not carry any liability insurance on behalf of Provider. Provider will maintain in force adequate liability insurance to protect Provider from: (a) claims under workers’ compensation and state disability acts; and (b) claims of personal injury (or death) or tangible or intangible property damage (including loss of use) that arise out of any act or omission of Provider or any Provider personnel.

7. Intellectual Property. Provider will, as an integral part of the performance of Services, disclose in writing to Client all inventions, products, designs, drawings, notes, documents, information, documentation, improvements, works of authorship, processes, techniques, know-how, algorithms, specifications, specimens or samples, hardware, circuits, computer programs, databases, user interfaces, encoding techniques, and other materials of any kind that Provider may make, conceive, develop or reduce to practice, alone or jointly with others, in connection with performing Services, or that result from the Services, whether or not they are eligible for patent, copyright, mask work, trade secret, trademark or other legal protection (the “Provider Work Product”). Provider Work Product includes without limitation any Deliverables that Provider delivers to Client pursuant to this Agreement. Provider and Client agree that, to the fullest extent permitted by applicable law, each item of Provider Work Product will be a work made for hire owned exclusively by Client. Provider agrees that regardless of whether an item of Provider Work Product is a work made for hire, all Provider Work Product will be the sole and exclusive property of Client. Provider hereby irrevocably transfers and assigns to Client, and agrees to irrevocably transfer and assign to Client, all right, title and interest in and to the Provider Work Product, including all worldwide patent rights (including patent applications and disclosures), copyright rights, mask work rights and any and all other intellectual property or proprietary rights (collectively, “Intellectual Property Rights”) therein. At Client’s request and expense, during and after the term of this Agreement, Provider will assist and cooperate with Client in all respects and will cause all Provider personnel to assist and cooperate with Client in all respects, and will execute documents and will cause all Provider personnel to execute documents, and will take such further acts reasonably requested by Client to enable Client to acquire, transfer, maintain, perfect and enforce its Intellectual Property Rights and other legal protections for the Provider Work Product. To the extent that Provider owns or controls (presently or in the future) any patent rights, copyright rights, mask work rights, trade secret rights, or any other intellectual property or proprietary rights that may block or interfere with, or may otherwise be required for, the exercise by Client of the rights assigned to Client under this Agreement (collectively, “Related Rights”), Provider hereby grants or will cause to be granted to Client a non-exclusive, royalty- free, irrevocable, perpetual, transferable, worldwide license (with the right to sublicense) to make, have made, use, offer to sell, sell, import, copy, modify, create derivative works based upon, distribute, sublicense, display, perform and transmit any products, software, hardware, methods or materials of any kind that are covered by such Related Rights, to the extent necessary to enable Client to exercise all of the rights assigned to Client under this Agreement.

8. Confidential Information. For purposes of this Agreement, “Confidential Information” means and will include: (a) any information, materials or knowledge regarding Client and its business, financial condition, products, programming techniques, customers, suppliers, technology or research and development that is disclosed to Provider or to which Provider has access in connection with performing Services; (b) the Provider Work Product; and (c) the terms and conditions of this Agreement. Confidential Information will not include any information that: (i) is or becomes part of the public domain through no fault of Provider; (ii) was rightfully in Provider’s possession at the time of disclosure, without restriction as to use or disclosure; or (iii) Provider rightfully receives from a third party who has the right to disclose it and who provides it without restriction as to use or disclosure. Provider agrees to hold all Confidential Information in strict confidence, not to use it in any way, commercially or otherwise, except in performing Services, and not to disclose it to others. Provider further agrees to take all actions reasonably necessary to protect the confidentiality of all Confidential Information including, without limitation, implementing and enforcing procedures to minimize the possibility of unauthorized use or disclosure of Confidential Information.

9. Information Security. Provider represents and warrants that its creation, collection, receipt, access, use, storage, disposal, and disclosure of Confidential Information does and will comply with all applicable federal, state and foreign privacy and data protection laws, as well as all other applicable regulations and directives. Provider shall implement and maintain a written information security program including appropriate policies, procedures, and risk assessments that are reviewed at least annually. Without limiting Provider’s obligations under this Section, Provider shall implement administrative, physical, and technical safeguards to protect Confidential Information from unauthorized access, acquisition, or disclosure, destruction, alteration, accidental loss, misuse, or damage that are no less rigorous than accepted industry practices, and shall ensure that all such safeguards, including the manner in which Confidential Information is created, collected, accessed, received, used, stored, processed, disposed of, and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Agreement. At a minimum, Provider’s safeguards for the protection of Confidential Information shall include: (a) limiting access of Confidential Information to authorized employees; (b) securing business facilities, data centers, paper files, servers, backup systems, and computing equipment, including, but not limited to, all mobile devices and other equipment with information storage capability; (c) implementing network, application, database, and platform security; (d) securing information transmission, storage, and disposal; (e) implementing authentication and access controls within media, applications, operating systems, and equipment; (vi) encrypting Confidential Information at all times, both at rest or in transit; (f) strictly segregating Confidential Information from information of Provider or its other customers so that Confidential Information is not commingled with any other types of information; (g) conducting risk assessments, penetration testing, and vulnerability scans and promptly implementing, at Provider’s sole cost and expense, a corrective action plan to correct any issues that are reported as a result of the testing; (h) implementing appropriate personnel security and integrity procedures and practices, including, but not limited to, conducting background checks consistent with applicable law; and (i) providing appropriate privacy and information security training to Provider’s employees. During the term of each authorized employee’s employment by Provider, Provider shall at all times cause such authorized employees to abide strictly by Provider’s obligations under this Agreement and Illumio’s standard policies and procedures. Provider further agrees that it shall maintain a disciplinary process to address any unauthorized access, use, or disclosure of Confidential Information by any of Provider’s officers, partners, principals, employees, agents, or contractors. Upon Illumio’s written request, Provider shall promptly identify for Illumio in writing by category all authorized employees as of the date of such request. Upon Illumio’s written request, Provider shall provide Illumio with a network diagram that outlines Provider’s information technology network infrastructure and all equipment used in relation to fulfilling its obligations under this Agreement, including, without limitation: (i) connectivity to Illumio and all third parties who may access Provider’s network to the extent the network contains Confidential Information; (ii) all network connections, including remote access services and wireless connectivity; (iii) all access control measures (for example, firewalls, packet filters, intrusion detection and prevention services, and access-list-controlled routers); (iv) all backup or redundant servers; and (v) permitted access through each network connection. Upon Illumio’s written request, to confirm compliance with this Agreement, as well as any applicable laws and industry standards, Provider shall promptly and accurately complete a written information security questionnaire provided by Illumio, or a third party on Illumio’s behalf, regarding Provider’s business practices and information technology environment in relation to all Confidential Information being handled and/or services being provided by Provider to Illumio pursuant to this Agreement. Provider shall fully cooperate with such inquiries. Provider shall: (A) provide Illumio with the name and contact information for an employee of Provider who shall serve as Illumio’s primary security contact and shall be available to assist Illumio twenty-four (24) hours per day, seven (7) days per week as a contact in resolving obligations associated with a Security Breach; (B) notify Illumio of a Security Breach as soon as practicable, but no later than twenty-four (24) hours after Provider becomes aware of it; and (C) notify Illumio of any Security Breaches by emailing Illumio at [email protected], with a copy by email to Provider’s primary business contact within Illumio. Immediately following Provider’s notification to Illumio of a Security Breach, the parties shall coordinate with each other to investigate the Security Breach. Provider agrees to fully cooperate with Illumio in Illumio’s handling of the matter, including, without limitation: (1) assisting with any investigation; (2) providing Illumio with physical access to the facilities and operations affected; (3) facilitating interviews with Provider’s employees and others involved in the matter; and (4) making available all relevant records, logs, files, data reporting, and other materials required to comply with applicable law, regulation, industry standards, or as otherwise required by Illumio. Provider shall at its own expense immediately contain and remedy any Security Breach (as defined below) and prevent any further Security Breach, including, but not limited to taking any and all action necessary to comply with applicable privacy rights, laws, regulations, and standards. Provider shall reimburse Illumio for all actual costs incurred by Illumio in responding to, and mitigating damages caused by, any Security Breach, including all costs of notice and/or remediation pursuant to this Section. Provider agrees that it shall not inform any third party of any Security Breach without first obtaining Illumio’s prior written consent, other than to inform a complainant that the matter has been forwarded to Illumio’s legal counsel. Further, Provider agrees that Illumio shall have the sole right to determine: (x) whether notice of the Security Breach is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies, or others as required by law or regulation, or otherwise in Illumio’s discretion; and (y) the contents of such notice, whether any type of remediation may be offered to affected persons, and the nature and extent of any such remediation. Service provider agrees to maintain and preserve all documents, records, and other data related to any Security Breach. Provider agrees to fully cooperate at its own expense with Illumio in any litigation, investigation, or other action deemed necessary by Illumio to protect its rights relating to the use, disclosure, protection, and maintenance of Confidential Information.

10. Warranties. Provider represents and warrants that Provider has no pre- existing obligations or commitments (and will not assume or otherwise undertake any obligations or commitments) that would be in conflict or inconsistent with or that would hinder Provider’s performance of its obligations under this Agreement. Provider represents and warrants that Services will be performed in a thorough and professional manner, consistent with high professional and industry standards by individuals with the requisite training, background, experience, technical knowledge and skills to perform Services. Provider represents and warrants that the Provider Work Product will not infringe, misappropriate or violate the rights of any third party, including, without limitation, any Intellectual Property Rights or any rights of privacy or rights of publicity, except to the extent any portion of the Provider Work Product is created, developed or supplied by Client or by a third party on behalf of Client. During the term of this Agreement, Provider will not, directly or indirectly, in any individual or representative capacity, engage or participate in or provide services to any business that is competitive with the types and kinds of business being conducted by Client. Provider represents and warrants that all Provider personnel who perform Services are and will be bound by written agreements with Provider under which: (a) Provider owns or is assigned exclusive ownership of all Provider Work Product; and (b) Provider personnel agree to limitations on the use and disclosure of Confidential Information no less restrictive than those provided in Section 8 hereof.

11. Indemnity. Provider will defend, indemnify and hold Client harmless from and against all claims, damages, liabilities, losses, expenses and costs (including reasonable fees and expenses of attorneys and other professionals) arising out of or resulting from: (a) any action by a third party against Client that is based on a claim that any Services performed under this Agreement, or the results of such Services (including any Provider Work Product), or Client’s use thereof, infringe, misappropriate or violate such third party’s Intellectual Property Rights; and (b) any action by a third party against Client that is based on any act or omission of Provider or any Provider personnel and that results in: (i) personal injury (or death) or tangible or intangible property damage (including loss of use); or (ii) the violation of any statute, regulation or ordinance.

12. Term; Termination. This Agreement will commence on the Effective Date (as defined in the applicable Statement of Work) and, unless terminated earlier in accordance with the terms of this Agreement, will remain in force and effect for as long as Provider is performing Services pursuant to the Statement of Work. Either party may terminate this Agreement (including the Statement of Work) if the other party breaches any material term of this Agreement and fails to cure such breach within thirty (30) days following written notice thereof from the non- breaching party. Client may terminate this Agreement (including the Statement of Work) at any time, for any reason or no reason, upon at least ten (10) days written notice to Provider. Upon the expiration or termination of this Agreement for any reason: (a) Provider will promptly deliver to Client all Provider Work Product, including all work in progress on any Provider Work Product not previously delivered to Client, if any; (b) Provider will promptly deliver to Client all Confidential Information in Provider’s possession or control; and (c) Client will pay Provider any accrued but unpaid fees due and payable to Provider pursuant to Section 4 hereof. The rights and obligations of the parties under Sections 6, 7, 8, 9, 10 and 12 will survive the expiration or termination of this Agreement.

12. Miscellaneous. Provider may not assign or transfer this Agreement, in whole or in part, without Client’s express prior written consent. Any attempt to assign this Agreement, without such consent, will be void. Subject to the foregoing, this Agreement will bind and benefit the parties and their respective successors and assigns. Except as expressly set forth in this Agreement, the exercise by Client of any of its remedies under this Agreement will not be deemed an election of remedies and will be without prejudice to its other remedies under this Agreement or available at law or in equity or otherwise. Because the Services are personal and unique and because Provider will have access to Confidential Information of Client, Client will have the right to enforce this Agreement and any of its provisions by injunction, specific performance or other equitable relief, without having to post a bond or other consideration, in addition to all other remedies that Client may have for a breach of this Agreement at law or otherwise. If any action is necessary to enforce the terms of this Agreement, the substantially prevailing party will be entitled to reasonable attorneys’ fees, costs and expenses in addition to any other relief to which such prevailing party may be entitled. This Agreement will be governed by and construed in accordance with the laws of the State of California, excluding its body of law controlling conflict of laws. Any legal action or proceeding arising under this Agreement will be brought exclusively in the federal or state courts located in the Northern District of California and the parties irrevocably consent to the personal jurisdiction and venue therein. If any provision of this Agreement is held invalid or unenforceable by a court of competent jurisdiction, the remaining provisions of this Agreement will remain in full force and effect, and the provision affected will be construed so as to be enforceable to the maximum extent permissible by law. The failure by either party to enforce any provision of this Agreement will not constitute a waiver of future enforcement of that or any other provision. All notices required or permitted under this Agreement will be in writing, will reference this Agreement, and will be deemed given: (a) when delivered personally; (b) one (1) business day after deposit with a nationally-recognized express courier, with written confirmation of receipt; or (c) three (3) business days after having been sent by registered or certified mail, return receipt requested, postage prepaid. All such notices will be sent to the addresses set forth above or to such other address as may be specified by either party to the other party in accordance with this Section. This Agreement constitutes the complete and exclusive understanding and agreement of the parties with respect to its subject matter and supersedes all prior understandings and agreements, whether written or oral, with respect to its subject matter. In the event of a conflict, the terms and conditions of this Agreement will take precedence over the terms and conditions of any Statement of Work. Any waiver, modification or amendment of any provision of this Agreement will be effective only if in writing and signed by each of the parties hereto.

ANNEX A

GDPR ADDENDUM

This GDPR Addendum is made as of the Effective Date (as defined in the applicable Statement of Work) by and between the Client and the Provider executing the Statement of Work if and to the extent that the Provider processes any Personal Data (as defined below) provided by or collected for the Client in connection with the Services under the Master Agreement and any Statement of Work. This GDPR Addendum sets out the additional terms, requirements and conditions on which the Provider will obtain, handle, process, disclose, transfer, or store any Personal Data when providing Services under the Master Agreement and any Statement of Work.

1. Definitions. The following definitions apply in this GDPR Addendum:

"Business Purpose" means the Services under the Master Agreement and any Statement of Work.

"Data Subject" means an individual who is the subject of Personal Data.

"Personal Data" means any information the Provider processes for the Client that (i) identifies or relates to an individual who can be identified directly or indirectly from that data alone or in combination with other information in the Provider's possession or control or that the Provider is likely to have access to, or (ii) the relevant Privacy and Data Protection Requirements otherwise define as protected personal information.

"Process" means any activity that involves the use of Personal Data or that the relevant Privacy and Data Protection Requirements may otherwise include in the definition of “process.” It includes obtaining, recording, or holding the data, or carrying out any operation or set of operations on the data including, but not limited to, organizing, amending, retrieving, using, disclosing, erasing, or destroying it; and also includes transferring Personal Data to third parties.

"Privacy and Data Protection Requirements" means all applicable federal, state, and foreign laws and regulations relating to the processing, protection, or privacy of the Personal Data, including where applicable, the guidance and codes of practice issued by regulatory bodies in any relevant jurisdiction.

"Security Breach" means any act or omission that compromises the security, confidentiality, or integrity of Personal Data or the physical, technical, administrative, or organizational safeguards put in place to protect it. The loss of or unauthorized access, disclosure, or acquisition of Personal Data is a Security Breach whether or not the incident rises to the level of a security breach under the Privacy and Data Protection Requirements.

"Standard Contractual Clauses” means the European Commission's Standard Contractual Clauses for the transfer of Personal Data from the European Union to processors established in third countries (controller-to-processor transfers), as set out in the Annex to Commission Decision 2010/87/EU.

2. Interpretation. GDPR Addendum is subject to the terms of the Master Agreement and is incorporated into the Master Agreement. Interpretations and defined terms set forth in the Master Agreement apply to the interpretation of this GDPR Addendum. In the case of conflict or ambiguity between: (a) any of the provisions of this GDPR Addendum and the provisions of the Master Agreement, the provisions of this GDPR Addendum will prevail; and (b) any of the provisions of this GDPR Addendum and any Standard Contractual Clauses, the provisions of the Standard Contractual Clauses will prevail.

3. Obligations. The Client retains control of the Personal Data and remains responsible for its compliance obligations under the applicable Privacy and Data Protection Requirements, including providing any required notices and obtaining any required consents, and for the processing instructions it gives to the Provider. The Provider will only process the Personal Data to the extent, and in such a manner, as is necessary for the Business Purposes in accordance with the Client's written instructions. The Provider will not process the Personal Data for any other purpose or in a way that does not comply with this GDPR Addendum or the Privacy and Data Protection Requirements. The Provider must promptly notify the Client if, in its opinion, the Client's instruction would not comply with the Privacy and Data Protection Requirements. The Provider must promptly comply with any Client request or instruction requiring the Provider to amend, transfer, or delete the Personal Data, or to stop, mitigate, or remedy any unauthorized processing. The Provider will maintain the confidentiality of all Personal Data and will not disclose Personal Data to third parties unless the Client or this GDPR Addendum specifically authorizes the disclosure, or as required by law. If a law requires the Provider to process or disclose Personal Data, the Provider must first inform the Client of the legal requirement and give the Client an opportunity to object or challenge the requirement, unless the law prohibits such notice. The Provider will reasonably assist the Client with meeting the Client's compliance obligations under the Privacy and Data Protection Requirements, taking into account the nature of the Provider's processing and the information available to the Provider. The Provider must promptly notify the Client of any changes to Privacy and Data Protection Requirements that may adversely affect the Provider's performance of the Master Agreement. The Provider will only collect Personal Data for the Client using a notice or method that the Client specifically pre-approves in writing, which contains an approved data privacy notice informing the Data Subject of the Client's identity, the purpose or purposes for which their Personal Data will be processed, and any other information that is required by applicable Privacy and Data Protection Requirements. The Provider will not modify or alter the notice in any way without the Client's prior written consent.

4. Employees. The Provider will limit Personal Data access to: (a) those employees who require Personal Data access to meet the Provider's obligations under this GDPR Addendum and the Master Agreement; and (b) the part or parts of the Personal Data that those employees strictly require for the performance of their duties. The Provider will ensure that all employees: (i) are informed of the Personal Data's confidential nature and use restrictions; (ii) have undertaken training on the Privacy and Data Protection Requirements relating to handling Personal Data and how it applies to their particular duties; and (iii) are aware both of the Provider's duties and their personal duties and obligations under the Privacy and Data Protection Requirements and this GDPR Addendum. The Provider will take reasonable steps to ensure the reliability, integrity, and trustworthiness of, and conduct background checks consistent with applicable law on, all of the Provider's employees with access to the Personal Data.

5. Technical Measures. The Provider must at all times implement appropriate technical and organizational measures designed to safeguard Personal Data against unauthorized or unlawful processing, access, copying, modification, storage, reproduction, display, or distribution, and against accidental loss, destruction, or damage. The Provider must document those measures in writing and periodically review them, at least annually, to ensure they remain current and complete. The Provider will immediately notify the Client if it becomes aware of any advance in technology and methods of working, which indicate that the parties should adjust their security measures. The Provider must take reasonable precautions to preserve the integrity of any Personal Data it processes and to prevent any corruption or loss of the Personal Data, including but not limited to establishing effective back-up and data restoration procedures.

6. Security Breach. The Provider will promptly notify the Client if any Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable. The Provider will restore such Personal Data at its own expense. The Provider will immediately notify the other party if it becomes aware of: (a) any unauthorized or unlawful processing of the Personal Data; or (b) any Security Breach. Immediately following any unauthorized or unlawful Personal Data processing or Security Breach, the parties will coordinate with each other to investigate the matter. The Provider will reasonably cooperate with the Client in the Client's handling of the matter, including: (i) assisting with any investigation; (ii) providing the Client with physical access to any facilities and operations affected; (iii) facilitating interviews with the Provider's employees, former employees and others involved in the matter; and (iv) making available all relevant records, logs, files, data reporting, and other materials required to comply with all Privacy and Data Protection Requirements or as otherwise reasonably required by the Client. The Provider will not inform any third party of any Security Breach without first obtaining the Client's prior written consent, except when law or regulation requires it. The Provider agrees that the Client has the sole right to determine: (A) whether to provide notice of the Security Breach to any Data Subjects, regulators, law enforcement agencies, or others, as required by law or regulation or in the Client's discretion, including the contents and delivery method of the notice; and (B) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy. The Provider will cover all reasonable expenses associated with the performance of the obligations under this GDPR Addendum, unless the matter arose from the Client's specific instructions, negligence, willful default, or breach of this GDPR Addendum, in which case the Client will cover reasonable expenses. The Provider will also reimburse the Client for actual reasonable expenses the Client incurs when responding to and mitigating damages, to the extent that the Provider caused a Security Breach, including all costs of notice and any remedy as set out in this Section.

7. Transfer. The Provider may receive, access, transfer, or store Personal Data. The Provider must not receive, access, transfer, or store Personal Data unless the transfer complies with the Privacy and Data Protection Requirements.

8. Subcontractors. The Provider may not authorize any third party or subcontractor to process the Personal Data.

9. Third Party Rights. The Provider must notify the Client immediately if it receives any complaint, notice, or communication that directly or indirectly relates to the Personal Data processing or to either party's compliance with the Privacy and Data Protection Requirements. The Provider must notify the Client within three (3) business days if it receives a request from a Data Subject for access to their Personal Data. The Provider will give the Client its full co-operation and assistance in responding to any complaint, notice, communication, or Data Subject request. The Provider must not disclose the Personal Data to any Data Subject or to a third party unless the disclosure is either at the Client's request or instruction, permitted by this GDPR Addendum or otherwise required by law.

10. Term; Termination. This GDPR Addendum will remain in full force and effect so long as: (a) the Master Agreement remains in effect; or (b) the Provider retains any Personal Data related to the Master Agreement in its possession or control. Any provision of this GDPR Addendum that expressly or by implication should come into or continue in force on or after termination of the Master Agreement in order to protect Personal Data will remain in full force and effect. The Provider's failure to comply with the terms of this GDPR Addendum is a material breach of the Master Agreement. In such event, the Client may terminate the Master Agreement effective immediately upon written notice to the Provider without further liability or obligation. If a change in any Privacy and Data Protection Requirement prevents either party from fulfilling all or part of its Master Agreement obligations, the parties will suspend the processing of Personal Data until that processing complies with the new requirements. If the parties are unable to bring the Personal Data processing into compliance with the Privacy and Data Protection Requirement, they may terminate the Master Agreement upon written notice to the other party.

11. Return; Destruction. At the Client's request, the Provider will give the Client a copy of or access to all or part of the Personal Data in its possession or control in the format and on the media reasonably specified by the Client. On termination of the Master Agreement for any reason or expiration of its term, the Provider will securely destroy or, if directed in writing by the Client, return and not retain, all or any Personal Data related to the Agreement in its possession or control. The Provider will certify in writing that it has destroyed the Personal Data within two (2) days after it completes the destruction.

12. Records. The Provider will keep detailed, accurate, and up-to-date records regarding any processing of Personal Data it carries out for the Client, including but not limited to, the access, control, and security of the Personal Data, the processing purposes, and any other records required by the applicable Privacy and Data Protection Requirements (the "Records"). The Provider will ensure that the Records are sufficient to enable the Client to verify the Provider's compliance with its obligations under this GDPR Addendum. At least once per year, the Provider will conduct site audits of its Personal Data processing practices and the information technology and information security controls for all facilities and systems used in complying with its obligations under this GDPR Addendum, including, but not limited to, obtaining a network-level vulnerability assessment performed by a recognized third-party audit firm based on recognized industry best practices. Upon the Client's written request, the Provider will make all of the relevant audit reports available to the Client for review, including, as applicable, the Provider's latest Statement of Controls audit report and reports relating to its ISO/IEC 27001 certification.

13. Indemnification. The Provider agrees to indemnify, keep indemnified, and defend at its own expense the Client against all costs, claims, damages, or expenses incurred by the Client or for which the Client may become liable due to any failure by the Provider or its employees, subcontractors, or agents to comply with any of its obligations under this GDPR Addendum or applicable Privacy and Data Protection Requirements.

‍

ウェブサイト利用規約（パートナーポータル）

本利用規約（以下に言及される追加規約とともに）は、本ウェブサイト、www.illumio.com（以下「本サイト」）のご利用を規定するものであり、本サイトには、http://partners.illumio.com/ にあるパートナーポータルが含まれます。本利用規約は、お客様が組織を代表してイルミオ社（「イルミオ」、「弊社」）と締結した再販業者または販売業者契約（「パートナー契約」）に追加されるものであり、パートナー契約と本利用規約が矛盾する場合は、パートナー契約が優先されます。本サイトの利用には、アクセス、閲覧、登録、ダウンロードが含まれます。本サイトの利用を開始する前に、利用規約をよくお読みください。本サイトの利用を継続することにより、利用者は、利用者自身および利用者の組織（「利用者」）を代表して、本利用規約および必要に応じて本サイトの製品およびサービスに適用されるその他の条件、ガイドライン、または規則に拘束されることに同意するものとします。利用規約のいずれかに同意しない場合は、本サイトの利用を継続しないでください。

本利用規約は、https://www.illumio.com/legal/privacy-policy で入手可能なイルミオのプライバシー・ステートメントを参照しています。プライバシー・ステートメントは、本サイトの利用に適用され、当社がお客様から収集した、またはお客様から提供された個人データを処理する条件を定めています。

当社は、このページを修正することにより、いつでも本利用規約を改訂することができます。このような変更はお客様を拘束するものとなるため、お客様は随時このページを確認し、当社が行う変更を認識する必要があります。そのような変更はお客様を拘束するため、変更の通知は行われないものとします。当社は、本サイトを随時更新し、いつでも内容を変更することができます。当社は、本サイトまたは本サイト上のコンテンツに誤りや遺漏がないことを保証しません。当社は、当サイトが常に同じDNS名、IPアドレス、認証方法、URLで維持されること、または常に利用可能で中断されないことを約束するものではありません。

利用者は、利用者のインターネット接続を通じて本サイトにアクセスするすべての人が、本利用規約および言及されているその他の適用される規約および条件/ポリシーを認識し、それらを遵守することを保証する責任を負うものとします。本利用規約は、利用者に関係なく、利用者のインターネット接続からの本サイトの利用に関連して、利用者に適用されます。

当社のセキュリティ、購入またはダウンロード手続きの一環として、利用者識別コード、パスワードまたはその他の情報を選択または提供された場合、利用者はこれらの情報を機密情報として扱わなければなりません。

いかなる情報は、第三者にも開示しないでください。当社は、お客様が本利用規約の規定のいずれかに従わなかったと合理的に判断した場合、お客様が選択した、または当社が割り当てたユーザー識別コードまたはパスワードを、事前の通知なくいつでも無効にする権利を留保します。利用者以外の者が利用者のユーザー識別コードおよびパスワードを知っている、または知っていると疑われる場合は、直ちにパスワードを変更してください。

本サイトに掲載されている、あるいは本サイトに関連するすべてのコンテンツ、ソフトウェア、データ、知的財産権（ノウハウ、コンセプト、ロジックを含むがこれに限定されない）は、株式会社イルミオまたはそのライセンサーの所有物です。本サイトに掲載されているソフトウェア、データ、コンテンツは、当社の書面による事前の明示的な許可なく、複製、再発行、配布、掲載、販売、譲渡、改変することを禁じます。本サイトに表示される商標、ロゴ、サービスマークを含むがこれに限定されない全ての知的財産は、イルミオにより登録され、世界中で保護されています。いかなるイルミオの知的財産に対するライセンス、権利、利益もお客様に付与されるものではありません。お客様は、個人的な使用のために、本サイトのページの合理的なコピーを印刷することができ、また、お客様の組織内の他のユーザーに、本サイトに掲載されたコンテンツに注意を喚起することができます。ただし、(i)引用の最後にイルミオのクレジットを記載し、(ii)引用をウェブサイトに掲載する場合は、当該記事内からwww.illumio.com への帰属リンクを記載することを条件とします。お客様は、本サイト上の記事またはウェブページの内容の大部分をコピーすること、または、その全体をコピーすることはできません。上記で明示的に許可されている場合を除き、本サイトのコンテンツの利用を希望する場合は、事前に[email protected]に事前に許諾下さい。

コミュニティサイトやヘルプフォーラムでイルミオ社員が表明した意見は、あくまでも個人のものであり、イルミオの意見を代表するものでも、必ずしも一致するものでもありません。弊社は、お客様がかかる情報を使用または信頼した結果生じた、または生じたとされる直接的または間接的な損害または損失について、一切の責任を負いません。

本利用規約のいかなる条項も、当社の過失に起因する死亡もしくは人身傷害、詐欺もしくは詐欺的不実表示、または法律により制限もしくは除外できないその他の責任に対する当社の責任を除外もしくは制限するものではありません。法律で認められる最大限の範囲において、当社は本サイトを保証、表明または表明なしに提供します。当社は、利用者による本サイトの利用、アクセスまたは閲覧に起因する、利用者のコンピュータ機器またはその他の機器／財産に影響を及ぼす可能性のある損失または損害について、一切の責任を負わず、また責任を負わないものとします。当社は、契約、不法行為（過失を含むがこれに限定されない）、法定義務の違反、またはその他を問わず、たとえ予見可能であったとしても、以下の事項（ただしこれに限定されない）に起因または関連して生じる損失または損害について、本サイトのいかなるユーザーに対しても責任を負いません： (a)本サイトまたはそこに含まれるコンテンツの使用 (b)本サイトのいかなる構成要素の使用または使用不能、および本サイトのいかなるエラーまたは中断を含むがこれに限定されない、いかなる障害または遅延 (c)イルミオによる履行または不履行 (d)本サイトの不適当性、信頼性または不正確性； (e)本サイトがお客様の要求を満たすのに不十分であること、(f)本サイトがお客様の機器、ソフトウェア、または通信リンクと適合しないこと、(g)サービスの提供または提供の失敗、(h)本サイトを通じて入手した情報、ソフトウェア、製品、サービス、および関連グラフィック。上記の免責事項に加えて、お客様がビジネス・ユーザーである場合、特に、当社は間接的な損失について、それがどのように生じたとしても責任を負わないことにご注意ください。利用者は、商業目的または事業目的で本サイトを使用しないことに同意し、利益の損失、事業の損失、事業の中断、または事業機会の損失について、当社が利用者に対して責任を負わないことを認めるものとします。利用者が購入、試用、またはダウンロードした製品またはサービスの供給から生じる責任については、特定の購入、試用、またはダウンロードに適用される条件に規定される、異なる制限および除外が適用されるものとします。

利用者が本サイトにコンテンツをアップロードできる機能を利用する場合、または本サイトの他の利用者と連絡を取る場合、利用者は、利用者および利用者がアップロードするコンテンツが以下のいずれにも該当しないことに同意するものとします： (a)地域、国、または国際的な法律または規制に違反すること、(b)違法または詐欺的であること、または違法または詐欺的な目的を持つこと、(c)未成年者に危害を加える目的または危害を加えようとする目的であること、(d)未承諾または無許可の広告または販売促進資料、またはその他の形式の同様の勧誘を送信すること、または送信を調達すること； (e) コンピュータ・ソフトウェアまたはハードウェアの動作に悪影響を及ぼすように設計された、ウイルス、トロイの木馬、ワーム、時限爆弾、キーストローク・ロガー、スパイウェア、アドウェア、その他の有害なプログラムまたは類似のコンピュータ・コードを含むデータを故意に送信したり、資料を送信したり、アップロードしたりすること； (f) 違法、嫌がらせ、中傷、罵倒、脅迫、有害、下品、ポルノ、わいせつ、またはその他の好ましくないマテリアルを広めること、(g) 他のコンピューター・システムへのアクセスを試みること、(h) 他者による本サイトの利用を妨害すること、(i) 本サイトに接続されているネットワークまたはウェブサイトを妨害または混乱させること。

お客様が本サイトにアップロードしたすべてのコンテンツは、非機密的かつ非独占的なものとみなされます。利用者はコンテンツの所有権をすべて保持しますが、当社（および本サイトの他の利用者）に対し、そのコンテンツを使用、保存、コピーし、第三者に配布および利用可能にするライセンスを付与する必要があります。当社は、利用者が本サイトに投稿またはアップロードしたコンテンツが知的財産権またはプライバシー権の侵害にあたると主張する第三者に対し、利用者の身元を開示する権利を留保します。当社は、利用者または本サイトの他の利用者によって投稿されたコンテンツの内容または正確性に関して、いかなる第三者に対しても責任を負わないものとします。当社は、利用者の投稿が本利用規約に準拠していないと当社が単独で判断した場合、利用者が本サイトに行った投稿を削除する権利を留保します。利用者はさらに、本サイトのいかなる部分も複製、複写、コピー、または再販売しないこと、本サイトのいかなる部分、本サイトの提供において使用されるいかなるソフトウェア、または第三者が所有または使用するいかなる機器、ネットワーク、またはソフトウェアに無権限でアクセスしないこと、干渉しないこと、損害を与えないこと、または混乱させないことに同意するものとします。

利用者は、本サイトへのアクセスおよび本サイトの利用が、適用されるすべての法律および規制に従っていること、および今後も従い続けることを保証するものとします。利用者は、利用者による本サイトの利用に起因または関連するいかなる請求、手続き、損害、費用、経費、または責任に対しても、当社を免責し、防御し、完全に補償するものとします。

イルミオのホームページへのリンクは、公正かつ合法的な方法であり、イルミオの評判を損なったり、それを利用したりするものではないことを条件とします。このような方法で、イルミオとの関連、承認、推薦が存在しないことを示唆するようなリンクを張ってはなりません。利用者は、利用者に帰属しないいかなるウェブサイトにおいても、本サイトへのリンクを確立してはなりません。また、当サイトのトップページ以外へのリンクを張ることはできません。イルミオは、いつでも予告なしにリンク許可を取り消す権利を有します。リンク先のウェブサイトは、すべての点で本利用規約を遵守している必要があります。上記以外の本サイトのコンテンツの利用を希望される場合は、[email protected]に連絡下さい。本サイトに第三者が提供する他のサイトおよびリソースへのリンクが含まれている場合、これらのリンクはお客様の参考のためにのみ提供されます。利用者は、当社がそれらのサイトやリソースのコンテンツを管理していないことを認めるものとします。

本利用規約、その主題および解釈（ならびに契約外の紛争または請求）は日本法に準拠し、利用者は東京（日本）に所在する裁判所の専属的管轄権に同意するものとします。当社は、当社の独自の見解により必要と判断した場合、管轄権を有する裁判所において差止命令またはその他の衡平法上の救済を求める権利を留保します。本利用規約は英語で作成されています。本利用規約の日本語版は、英語版を翻訳したものであり、あくまで便宜を図るためのものであり、両当事者を拘束するものではありません。両言語版の間に相違がある場合は、英語版が優先するものとします。本利用規約の解釈または適用に関して紛争が生じた場合は、英語版のみが適用されるものとします。

‍

WEBSITE TERMS OF USE (PARTNER PORTAL)

These Terms of Use (together with the additional terms referred to below) govern your use of this website, www.illumio.com (the "Site"), which Site includes the partner portal located at http://partners.illumio.com/. These Terms of Use are in addition to the reseller or distributor agreement (the "Partner Agreement") that you, on behalf of your organization, have entered into with Illumio, Inc. (“Illumio”, “we”, “our”, “us”), and in the event of conflict between the Partner Agreement and these Terms of Use, the Partner Agreement would take precedence. Use of the Site includes accessing, browsing, registering and downloading. Please read the Terms of Use carefully, before you start to use the Site. By continuing to use the Site you, on behalf of yourself and your organization (“you”, “your”), agree to be bound by the Terms of Use and, where appropriate any other terms or conditions, guidelines or rules applicable to the products and services herein. If you do not agree with any of the Terms of Use, you must not continue to use the Site.

These Terms of Use refer to Illumio’s Privacy Statement, available at https://www.illumio.com/legal/privacy-policy, which applies to the use of the Site and sets out the terms upon which we may process any personal data we collect from you, or that is provided by you.

We may revise these Terms of Use at any time by amending this page. You should check this page from time to time to take notice of any changes that we make; as such changes will be binding upon you. No notice of any changes shall be given. We may update the Site from time to time, and may change the content at any time. We do not guarantee that our Site or any content on it will be free from errors or omissions. We make no promise that the Site will always be maintained with the same DNS names, IP addresses, authentication methods or URLs, or that it will always be available and uninterrupted.

You are responsible for ensuring that all persons who access the Site through your internet connection are aware of these Terms of Use and the other applicable terms and conditions/policies mentioned, and comply with them. These Terms of Use apply to you, related to any use of the Site from your internet connection, regardless of the user.

Should you choose or be provided with a user identification code, password or any other piece of information as part of our security, purchasing or downloading procedures, you must treat such information as confidential. Such information should not be disclosed to any third party. We reserve the right to disable any user identification code or password, whether chosen by you or allocated by us, at any time and without prior notice, if in our reasonable opinion you have failed to comply with any of the provisions of these Terms of Use. If you know or suspect that anyone other than you knows your user identification code and password you should immediately change your password.

All content, software, data and intellectual property rights, including but not limited to all know how, concepts and logic found on or relating to the Site is the property of Illumio, Inc. or its licensors. None of the software, data or content found on the Site may be reproduced, republished, distributed, posted, sold, transferred or modified in any way without our prior express written permission. All intellectual property including but not limited to trademarks, logos and service marks displayed on the Site is registered by Illumio and protected throughout the world. No license, right or interest in any Illumio intellectual property is granted to you. You may print off reasonable copies of any page(s) from the Site for your own personal use and you may draw the attention of other users within your organization to content posted on the Site. You may quote short portions of content on the Site, provided that (i) you credit Illumio at the end of such quote, and (ii) if you publish the quote on a website, you include an attribution link to www.illumio.com from within such article. You may not copy substantial portions of the content of an article or webpage on the Site or copy same in their entirety. Should you wish to make use of any of the content on the Site other than as expressly permitted above, please contact [email protected] for permission prior to any such use.

The opinions expressed by Illumio employees on the community site or help forums are the individual's own and do not represent or necessarily correspond to the opinions of Illumio. We will not be responsible for any direct or indirect damages or losses caused or alleged to have been caused as a result of your use or reliance on such information.

Nothing in these Terms of Use shall exclude or limit our liability for death or personal injury arising from our negligence, fraud or fraudulent misrepresentation, or any other liability which cannot be limited or excluded by law. To the maximum extent permitted by law we provide the Site without warranties, guarantees or representations. We assume no responsibility and shall not be liable for any loss or damage which may affect your computer equipment or other equipment/property arising out of your use of, access to or browsing of the Site. We will not be liable to any user of the Site for any loss or damage, whether in contract, tort (including but not limited to negligence), breach of statutory duty, or otherwise, even if foreseeable, arising under or in connection with including (but not limited to) the following: (a) any use of this Site or content found therein; (b) any failure or delay (including but not limited to) the use of or inability to use any component of the Site and any errors or interruptions of the Site; (c) the performance or non-performance by Illumio; (d) unsuitability, unreliability or inaccuracy of the Site; (e) inadequacy of the Site to meet your requirements; (f) incompatibility of the Site with any of your equipment, software or telecommunications links; (g) the provision of or failure to provide services; or (h) any information, software, products, services and related graphics obtained through the Site. In addition to the above exclusions, if you are a business user, please note that in particular, we will not be liable for any indirect losses however so arising. You agree not to use the Site for any commercial or business purposes, and acknowledge that we have no liability to you for any loss of profit, loss of business, business interruption or loss of business opportunity. Different limitations and exclusions of liability shall apply arising out of the supply of any product or services purchased, trialed or downloaded by you, which will be set out in the terms and conditions applicable to the particular purchase, trial or download.

Whenever you make use of a feature that allows you to upload content to the Site, or to make contact with other users of the Site you agree that your use and the content you upload shall not: (a) breach any applicable local, national or international law or regulation; (b) be unlawful or fraudulent, or have any unlawful or fraudulent purpose; (c) be for the purpose of harming or attempting to harm minors in any way; (d) transmit, or procure the sending of, any unsolicited or unauthorized advertising or promotional material or any other form of similar solicitation; (e) knowingly transmit any data, send or upload any material that contains viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware or any other harmful programs or similar computer code designed to adversely affect the operation of any computer software or hardware; (f) disseminate any unlawful, harassing, libelous, abusive, threatening, harmful, vulgar, pornographic, obscene or otherwise objectionable material; (g) attempt to gain access to other computer systems; (h) interfere with anyone else's enjoyment of the Site; or (i) interfere with or disrupt networks or websites connected to the Site.

All content you upload to the Site shall be considered non-confidential and non-proprietary. You retain all ownership rights in your content, but you are required to grant us (and other users of the Site) license to use, store and copy that content and to distribute and make it available to third parties. We reserve the right to disclose your identity to any third party who claims that any content posted or uploaded by you to the Site constitutes a violation of their intellectual property rights or of their right to privacy. We accept no responsibility, or liability to any third party, for the content or accuracy of any content posted by you or any other user of the Site. We reserve the right to remove any posting you make on the Site if, in our sole opinion, your post does not comply with these Terms of Use. You further agree not to reproduce, duplicate, copy or re-sell any part of the Site; not to access without authority, interfere with, damage or disrupt any part of the Site, any software used in the provision of the Site or any equipment or network or software owned or used by any third party.

You warrant that your access to and use of the Site is and will remain in accordance with all applicable laws and regulations. You shall hold harmless, defend and fully indemnify us against any claims, proceedings, damages, costs, expenses or liabilities whatsoever arising out of or relating to your use of the Site.

You may link to our home page, provided that you do so in a way that is fair and legal and does not damage our reputation or take advantage of it. You must not establish a link in any such way that suggests a form of association, approval or endorsement with or by Illumio where none exists. You must not establish a link to the Site in any website that does not belong to you. The Site must not be framed on any other site, nor may you create a link to any part of our Site other than the home page. Illumio reserves the right to withdraw linking permissions at any time and without notice. The website in which you are linking must comply with these Terms of Use in all respects. Should you wish to make use of any of the content on the Site other than that which is set out above, please contact [email protected]. Where our Site contains links to other sites and resources provided by third parties, these links are provided for your information only. You acknowledge that we have no control over the content of those sites or resources.

These Terms of Use, their subject matter and construction (and any non-contractual disputes or claims) are governed by the laws of Japan and you agree to the exclusive jurisdiction of the courts located in Tokyo, Japan. We reserve the right to seek injunctive, or any other equitable relief, in any courts of competent jurisdiction should we, in our sole opinion, consider this to be necessary. These Terms of Use are drafted in English. The Japanese language version of these Terms of Use is a translation of the English language version and is intended as an accommodation only and shall not be binding upon the parties. In case of discrepancies between the two language versions, the English version shall prevail. In the event of any dispute as to the interpretation or application of these Terms of Use, only the English version shall govern.

‍

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?

Try illumio