Dated May 16, 2018, v4.                                                                                                                                   

MASTER SERVICES AGREEMENT

This Master Services Agreement is made and entered into as of the date of the first Work Order (“Effective Date”) and executed between Intralinks, Inc., located at 150 East 42nd Street, New York, New York 10017 ("Intralinks") and the Client, described in such Work Order (“Client”) (each, a "party," and together, the "parties").  CLIENT IS RESPONSIBLE FOR CAREFULLY READING THE TERMS OF THIS MASTER SERVICES AGREEMENT BEFORE SIGNING A WORK ORDER, CLICKING “ACCEPT” AND/OR ACCESSING OR USING ANY INTRALINKS SERVICES. BY (AS APPLICABLE) SIGNING A WORK ORDER, CLICKING “ACCEPT” AND/OR ACCESSING OR USING SUCH SERVICES, CLIENT CONFIRMS THAT CLIENT HAS READ AND ACCEPTS THIS MASTER SERVICES AGREEMENT. NOTWITHSTANDING ANY DIFFERENT OR ADDITIONAL TERMS CLIENT MAY REFERENCE OR PROVIDE, INTRALINKS’ OFFER OR ACCEPTANCE (AS APPLICABLE) TO ENTER INTO AN AGREEMENT WITH CLIENT WITH RESPECT TO THE SERVICES IS EXPRESSLY LIMITED TO THIS MASTER SERVICES AGREEMENT AND CONDITIONED ON CLIENT’S ASSENT HERETO. The terms and conditions of this Master Services Agreement shall govern the Services to be provided by Intralinks under any Work Order submitted by Client and accepted by Intralinks, as though the provisions of this Master Services Agreement were set forth in their entirety within such Work Order, and so that each Work Order and this Master Services Agreement shall be considered one, fully integrated document and agreement. 

DEFINITIONS:

"Affiliate" means any entity that directly or indirectly owns or controls, is owned or controlled by or is under common ownership or common control with Intralinks or Client, as the case may be.

"Agreement" means, collectively, any Work Order and this Master Services Agreement, as the same may be supplemented, amended or modified by schedules, exhibits, appendices, addenda and amendments hereto, executed by Intralinks and Client as of the Effective Date or from time to time thereafter.

Business Group Coordinator (Administrator)” or “Exchange Manager” means those End Users designated by Client to have the authority to instruct Intralinks in connection with the Services and to act as administrators of Client’s use of the Services.

"End User" means those persons (including without limitation, Client’s employees, advisors, representatives, consultants, contractors or agents or any other third party) who are authorized by or on behalf of Client to use the Services and have been supplied user identifications and passwords for the Services.

"End User File" means any printed, electronic or digital document that is uploaded or copied to the Services by or on behalf of Client or any party who is authorized to do so by Client.

"Exchange" means, collectively, those Intralinks’ URLs, online exchanges (also referred to as workspaces, dealrooms and virtual datarooms), web site contents and features provided to Client through which End Users may access, process, store and communicate End User Files.

Intralinks Courier” means Intralinks’ secure file transfer service which may be provided to Client through a web site, standalone software utility or plug-in.

Intralinks VIA®” means Intralinks’ ad hoc collaboration application, including the file synch and share capabilities, desktop, mobile and web applications and all included features and functions.

"Services" means, collectively, all Intralinks Exchanges, Intralinks Courier, Intralinks VIA, Intralinks’ web site features, software, application programming interfaces, systems delivered or accessible through any media or device, support, additional services and all related materials and documentation, provided by or on behalf of Intralinks to Client pursuant to this Agreement.

"Work Order" means the form evidencing the initial order for Services and any subsequent orders separately entered into by Client and Intralinks.  Each such fully executed Work Order shall be incorporated into and become a part of this Agreement. 

1. Master Terms; Work Orders: (a) This Agreement shall govern any Work Orders between Intralinks and Client and Client's Affiliates. Subject to the terms and conditions of this Agreement, Intralinks grants to Client a non-exclusive, non-sublicensable, non-transferable, limited right and license to utilize, and permit its Affiliates and its and their respective agents, employees, officers and directors (who are End Users) to utilize the Services strictly in accordance with the terms and conditions of this Agreement and each Work Order. The rights and obligations of the parties set out in any Work Order (or any other document comprising the Agreement) between the parties shall be governed by the terms and conditions of this Agreement; provided that in the event of any inconsistency between a provision of any Work Order and the terms and conditions of this Agreement, the provision of the relevant Work Order shall prevail solely with respect to the Services provided and used thereunder. Client may use the Services solely to the extent and for the purpose(s) and time period(s) provided expressly under each Work Order.

(b) If Client issues a purchase order in respect of this Agreement, Client acknowledges that any such purchase order is solely for the convenience of Client’s purchasing system and does not in any way modify or add to this Agreement or the rights or obligations of Intralinks or Client.

2. Payments: (a) Client agrees to pay Intralinks fees and other charges according to each Work Order, as applicable. Intralinks may charge Client separately for services not specified in Work Orders (including without limitation additional Exchanges, new service features, consulting, programming and integration services), provided that Client has approved any such additional services and related charges in advance in writing. All fees and charges are payable in the currency used in the applicable Work Order.  Except as otherwise expressly specified herein or in a Work Order, all payment obligations are non-cancelable and fees paid are non-refundable.  Unless otherwise expressly agreed in a Work Order, all fees and charges are payable to Intralinks upon receipt of invoice.

(b) Charges and other amounts payable under this Agreement exclude applicable taxes (including VAT) and (i) if any such amount is in consideration for a taxable supply for VAT purposes, Client shall pay on receipt of a valid VAT invoice an amount equal to any VAT which may from time to time be properly chargeable in respect of such a supply; and (ii) such amounts shall be paid free and clear of any deduction or withholding (save as required by law), provided that if any deduction or withholding is required by law to be made from any payment due from Client under this Agreement, the amount of such payment shall be increased to an amount which will, after such deduction or withholding has been made, leave Intralinks with the same amount as it would be entitled to receive under this Agreement in the absence of any such deduction or withholding. For the avoidance of doubt,  Client shall be responsible for the payment of all taxes associated with provision and use of the Services (other than taxes on Intralinks' income).

3. Exchange Management: Intralinks shall provide Client with one or more user ID’s, initial passwords and/or other devices for Client's designated Exchange Managers to access and use each Exchange and to permit other End Users to access and use such Exchange. Client authorizes Intralinks to act on any instructions reasonably believed by Intralinks to be authentic communications from Client or its Exchange Managers with respect to the management of Client's Exchanges. Client acknowledges its Exchange Managers shall be authorized on Client's behalf, among other things, to appoint and remove other Exchange Managers, create, open and close Exchanges, permit any person to upload End User Files to Exchanges, manage each End User's access to End User Files and permit End Users to download End User Files and to transfer them to third parties (including through integrations with third-party services). It is Client's responsibility to keep all user IDs, passwords and other means of access to Exchanges within the possession or control of Client's End Users and Exchange Managers, employees and agents confidential and secure from unauthorized use. Client shall be responsible for monitoring its use of the Services within the limits set forth in the applicable Work Order. Intralinks retains the right to deregister any End User from the Services upon request of the employer of such End User.

4. Term & Termination; Billing Disputes: (a) This Agreement shall commence on the Effective Date and continue in effect until terminated (i) in accordance with Section 4(b); (ii) by written agreement of the parties; or (iii) by delivery of written notice of termination by either party to the other party after completion of performance or termination of all Work Orders governed by this Agreement in accordance with their terms. Except as otherwise expressly provided in any Work Order, upon termination of this Agreement, the Services shall cease and Client shall immediately discontinue use of any Exchanges provided hereunder.

(b) Notwithstanding the foregoing, either party may terminate this Agreement immediately upon written notice if the other party: (i) becomes insolvent; (ii) becomes the subject of a petition in bankruptcy which is not withdrawn or dismissed within sixty (60) days thereafter; (iii) makes an assignment for the benefit of creditors; or (iv) breaches any material obligation under this Agreement (including but not limited to payment obligations) and fails to cure such breach within thirty (30) days after delivery of notice thereof by the non-breaching party. Either party also may terminate or suspend this Agreement immediately upon notice if such party determines in its reasonable judgment that continuing to provide or use the Services pursuant to this Agreement would infringe upon the intellectual property rights of any third party, or that the Services have been or may be used by the other party for any illegal transaction or unlawful purpose. Without limiting the generality of any other provision of this Agreement, Intralinks may suspend access to Exchanges by Client and End Users upon ten (10) business days' prior written notice to Client in the event any Intralinks’ invoice that is not then subject to a timely asserted bona fide dispute has not been paid within forty-five (45) days after issuance and remains unpaid as of the end of such notice period. 

(c) In the event Client disputes a charge in good faith, an email containing the name of the contracted company, invoice number, the specific charge, amount being disputed and the reason for the dispute must be sent to billing@Intralinks.com within forty-five (45) days of the date of the invoice containing the disputed charge. Client must retain the automatic email response from Intralinks as proof that the dispute was timely asserted.  Intralinks shall act in good faith to resolve all disputes accurately and timely.  If a disputed charge is found to be valid, then payment of such charge is immediately due and payable by Client. Notification of a dispute does not relieve Client from its obligation to pay the undisputed portion of any invoices.

5. Ownership of Services; Acceptable Use:  (a) As between the parties, Intralinks owns and shall retain all right, title and interest in and to the Services, all components thereof, including, without limitation, all related applications, user interface designs, processes, software and source code and any and all future enhancements or modifications thereto howsoever made and all intellectual property rights therein.  Client and its End Users may use the Services for the intended business purposes only. Client shall not (i) reverse engineer, disassemble, transfer, distribute, make available or otherwise exploit the Services; (ii) modify or make derivative works based upon the Services; (iii) access the Services in order to build, operate or otherwise make available a competitive product or service; or (iv) use the Services in any manner inconsistent with the terms and conditions of this Agreement. Client hereby agrees, on behalf of itself and its End Users, that to the extent that any applicable mandatory laws (such as, for example, national laws implementing EC Directive 91/250 on the Legal Protection of Computer Programs) provide the right to perform any of the aforementioned activities without the consent of Intralinks to gain certain information about the Services, before it exercises any such rights, Client shall first request such information from Intralinks in a written notice delivered hereunder detailing the purpose for which the information is needed. Only if and to the extent Intralinks, at its sole discretion, denies such request, shall Client or its End Users exercise such statutory rights.  All information derived from the exercise of such statutory rights shall be and remain the Confidential Information of Intralinks.

(b) Additionally, Client shall not use or permit to use the Services to do or attempt to do any of the following: (i) send spam or otherwise duplicative or unsolicited messages in violation of applicable law; (ii) send or store infringing, obscene, threatening, libelous or otherwise unlawful material which may give rise to tortious liability, including material harmful to children or violative of third-party privacy rights; (iii) send or store material containing malicious software including without limitation viruses, worms, Trojan horses or other harmful computer code, files, scripts, agents or programs; (iv) interfere with or disrupt the integrity or performance of the Services or the data contained therein; or (v) attempt to gain unauthorized access to the Services or its related systems or networks.

6.  End User Files:  End User Files shall remain the property of Client (or their respective third party owners if any) and shall not be considered part of the Services.  Client acknowledges that the Services are intended to hold secondary copies of End User Files and not to maintain master or original documents.  Client acknowledges and agrees that Intralinks shall not be responsible for the content of End User Files or the modification, use or publication of End User Files by any End User or third party (other than Intralinks' agents and subcontractors).  Intralinks shall not be responsible for the content, accuracy or completeness of End User Files.  

7. Confidentiality: (a) "Confidential Information" means any and all information disclosed by or at the direction of either party to the other in connection with the provision or use of Services under this Agreement, including, without limitation, information relating to the business, operations, technology, properties, employees and clients of the disclosing party.  Without limiting the foregoing, all information, processes, know-how, designs and technology relating to the Services as well as the terms of this Agreement shall be deemed Intralinks' Confidential Information, and all End User Files shall be treated as Client's Confidential Information.  Notwithstanding the foregoing, Confidential Information does not include any information that a receiving party can demonstrate (i) was known to it prior to the information's disclosure in connection with provision or use of the Services; (ii) is or becomes known publicly through no wrongful act of the receiving party; (iii) was rightfully received from a third party under no contractual, legal or fiduciary obligation to keep such information confidential; or (iv) was independently developed by the receiving party, without the use of any Confidential Information.

(b) Each receiving party agrees that it shall use Confidential Information of the disclosing party solely in furtherance of the performance of this Agreement and for no other purpose.  Each party shall use the same degree of care to protect the other party's Confidential Information as it uses to protect its own Confidential Information of like nature, but in no circumstances less than a reasonable degree of care. Each party agrees not to disclose the other party's Confidential Information to any person or entity other than: (i) to employees, agents, subcontractors or consultants of the receiving party on an as-needed basis, provided such persons have entered into written confidentiality agreements consistent with this Section 7 or are otherwise bound by substantially similar confidentiality restrictions; (ii) with respect to End User Files, as authorized by Client or End Users granted rights by Client to access, use, distribute, and/or disclose End User Files through the Services; (iii) to the extent required by court order, legal process, governmental regulation or applicable law, provided that the party required to disclose the information provides prompt advance written notice thereof (to the extent permitted by law) to the other party; or (iv) otherwise solely as expressly authorized in writing by the disclosing party. Notwithstanding any provision hereof to the contrary, Intralinks may use and disclose statistical data regarding the use of the Services, provided that no Client, End User, End User File or particular transaction shall be identified in connection with such statistical data. Any costs and fees in excess of $500 incurred by Intralinks in connection with third-party document requests and subpoenas for production of End User Files shall be borne by Client.

(c) Each party acknowledges and agrees the use or disclosure of Confidential Information inconsistent with this Agreement could cause irreparable harm to a disclosing party, the extent of which would be difficult to ascertain.  Accordingly, each party agrees that, in addition to any remedies available at law, any non-breaching party shall have the right to seek immediate injunctive relief, without the necessity of posting a bond, in the event of a breach or threatened breach of this Section 7 by the other party, any of its Affiliates or its and their respective representatives. This Section 7 shall survive termination or expiration of this Agreement. This Agreement expressly supersedes and replaces in its entirety any non-disclosure agreement executed by Intralinks in connection with preliminary discussions regarding the provision of Services to Client.

(d) Client has no obligation to provide Intralinks with ideas, suggestions, concepts or proposals relating to the Services or Intralinks’ business (collectively, “Feedback”). However, if Client provides Feedback to Intralinks, Client grants Intralinks a non-exclusive, worldwide, sublicensable, transferrable, royalty-free license to make, use, sell, have made, offer to sell, import, reproduce, publicly display, distribute, modify and publicly perform the Feedback, without any reference, obligation or remuneration to Client. All Feedback shall be deemed non-confidential to Client. Client shall not provide to Intralinks any Feedback that is or may be subject to the intellectual property claims or rights of a third party.

(e) Upon termination of this Agreement and/or any Work Order by either party and upon Client’s written request, Intralinks shall provide Client with an offline archive of the End User Files uploaded to an Exchange for the fee set forth in the relevant Work Order. It is understood and agreed by the parties that upon termination of any Work Order or written notification by Client, the Exchange is marked for deletion forthwith, but remains on the Services for a period of sixty (60) days for technical reasons. The Exchange is not accessible to any End Users but can be reactivated if requested by Client in writing. Upon expiry of the sixty (60) day period, the End User Files uploaded to the Exchange are purged from the Services during the next scheduled purge job, which runs once a week. Any End User Files stored in Intralinks’ backup systems shall be destroyed within thirty-five (35) days after purging. The parties agree that, upon Client’s written request, Intralinks shall provide a certification of deletion or destruction of the End User Files uploaded to an Exchange.

8. Warranties: Intralinks warrants the Services shall be provided in a manner that (i) meets or exceeds prevailing industry standards; and (ii) is reasonably designed for the secure maintenance and distribution of End User Files.  Intralinks warrants, to the best of its knowledge after implementing reasonable measures, that the Services do not contain any third-party computer code intentionally designed to disrupt, disable or harm in any manner the operation of the Services (e.g., "viruses" or "worms"). Intralinks further warrants, to the best of its knowledge, that the Services do not infringe any third-party trade secret, copyright, U.S.- or U.K.-issued patent or trademark. OTHER THAN THE FOREGOING AND SECTION 12 BELOW, THE SERVICES ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT WARRANTY OF ANY KIND. INTRALINKS MAKES NO WARRANTY THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR FREE OR AVAILABLE AT ALL TIMES, NOR DOES INTRALINKS WARRANT THE COMPATIBILITY OR OPERATION OF THE SERVICES WITH ALL HARDWARE AND SOFTWARE CONFIGURATIONS. WITHOUT LIMITING THE FOREGOING, CLIENT ACKNOWLEDGES THAT FEATURES OF THE INTRALINKS SERVICE DESIGNED TO RESTRICT ACCESS TO OR USE OF END USER FILES CANNOT PREVENT MANUAL COPYING OF DISPLAYED INFORMATION AND MAY NOT PREVENT ELECTRONIC OR DIGITAL CAPTURE OF DOCUMENT CONTENTS BY END USERS USING THIRD-PARTY SOFTWARE DESIGNED TO CIRCUMVENT SUCH SYSTEM FEATURES.  EXCEPT AS SET FORTH IN THIS SECTION 8, INTRALINKS MAKES AND CLIENT RECEIVES NO WARRANTIES, EXPRESS OR IMPLIED, REGARDING OR RELATING TO THE SUBJECT MATTER HEREOF. INTRALINKS DISCLAIMS, TO THE FULLEST EXTENT PERMITTED BY LAW, ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT WITH RESPECT TO THE SUBJECT MATTER HEREOF. CLIENT HEREBY ACKNOWLEDGES THAT IT HAS NOT RELIED ON ANY WARRANTY, CONDITION, GUARANTY OR REPRESENTATION BY INTRALINKS OTHER THAN THOSE CONTAINED IN THIS AGREEMENT.

9. Representations: Client represents and warrants to Intralinks that the disclosure of End User Files to Intralinks and to End Users by or at the direction of Client shall not violate any applicable law, regulation or third-party rights in any material respect. Each party executing this Agreement represents to the other that it is authorized and has all rights necessary to enter into and be bound under this Agreement, and no law, regulation, court order or third-party agreement prohibits its performance of this Agreement.

10. Indemnification: (a) Intralinks shall indemnify, defend and hold harmless Client from and against any and all damages, liabilities, losses, costs and expenses (including, but not limited to, reasonable attorneys' fees) (collectively, “Losses”) resulting from any third-party claim, suit, action, investigation, proceeding or enforcement action (each, an “Action”) brought against Client based on: (i) the infringement by Intralinks of any third-party trade secret, copyright, U.S.- or UK-issued patent or registered trademark (an “Infringement Claim”) or (ii) the breach by Intralinks of any obligations, representations or warranties in this Agreement, including without limitation, with respect to Confidential Information, except, in any case, to the extent such Action is based on Client’s breach of an obligation or warranty hereunder, violation of any applicable law,  willful misconduct, negligence or a Force Majeure Event (as defined below). In the event of an Infringement Claim, Intralinks may mitigate any Losses indemnified hereunder by any of the following actions: (A) procure for Client the necessary right to continue using the Services; (B) replace or modify any infringing portion of the Services with a functionally equivalent non-infringing substitute thereof; (C) modify the Services so as to be non-infringing; or (D) if none of the foregoing are commercially reasonable, terminate this Agreement (and in the event of such termination, Client shall be entitled to a refund of any prepaid fees for the unexpired portion of any term of a Work Order). Intralinks’ obligations pursuant to Section 10(a)(i) above shall not apply to any Infringement Claim that arises as a result of (1) breach of this Agreement or the applicable End User License Agreement; (2) use of the Services other than in accordance with Intralinks’ documentation; (3) modification of the Services; (4) use of the Services in connection with any services, hardware, software, interfaces or other components not provided by Intralinks; or (5) End User Files.

(b) Client shall indemnify, defend and hold harmless Intralinks from and against any and all Losses arising from or relating to any Action brought against Intralinks based on: (i) the breach by Client of any of its representations or obligations in this Agreement; or (ii) the use of the Services or processing of any End User Files by Client (or any End Users acting for Client or its Affiliates) in violation of this Agreement, any applicable law, regulation or third-party rights, except, in any case, to the extent such Action is based on Intralinks' willful misconduct, negligence, breach of Applicable Data Privacy Laws or a Force Majeure Event.

(c) Indemnification under Section 10(a) and 10(b) hereof shall be provided only on the conditions that: (i) the indemnifying party is given written notice within fifteen (15) calendar days after the indemnified party receives notice of the subject Action; provided, however, that late notice shall only excuse the indemnifying party from its obligations hereunder if such late notice materially prejudices the indemnifying party; (ii) the indemnifying party has sole control of the defense and all related settlement negotiations, provided any settlement that would impose any monetary or injunctive obligation upon the indemnified party shall be subject to such party's prior written approval which shall not be unreasonably withheld, conditioned or delayed; and (iii) the indemnified party provides cooperation and information in furtherance of such defense, as reasonably required by the indemnifying party. This Section 10 shall survive termination or expiration of this Agreement.

11. Limitation of Liability: EXCEPT FOR CLAIMS FOR (I) PERSONAL INJURY DUE TO NEGLIGENCE, (II) WRONGFUL DEATH, (III) WILLFUL MISCONDUCT OR (IV) FRAUD, IN NO EVENT SHALL INTRALINKS BE LIABLE TO CLIENT FOR ANY LOSS OF PROFIT, LOSS OF BUSINESS, LOSS OF DATA OR FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL OR EXEMPLARY DAMAGES ARISING IN CONNECTION WITH THE SERVICES PROVIDED TO CLIENT OR ANY AGREEMENT BETWEEN THE PARTIES RELATING THERETO (WHETHER UNDER INDEMNITY, BASED ON BREACH OF CONTRACT, BREACH OF WARRANTY, NEGLIGENCE, OR ANY OTHER LEGAL THEORY), EVEN IF INTRALINKS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. EXCEPT FOR CLAIMS FOR (I) PERSONAL INJURY DUE TO NEGLIGENCE, (II) WRONGFUL DEATH, (III) WILLFUL MISCONDUCT, (IV) FRAUD OR (V) INDEMNIFICATION FOR INFRINGEMENT UNDER SECTION 10(a)(i), THE ENTIRE LIABILITY OF INTRALINKS TO CLIENT IN CONNECTION WITH SERVICES PROVIDED TO CLIENT AND ANY AGREEMENT BETWEEN THE PARTIES RELATING THERETO (WHETHER UNDER INDEMNITY, BASED ON BREACH OF CONTRACT, BREACH OF WARRANTY, NEGLIGENCE OR ANY OTHER LEGAL THEORY) SHALL NOT EXCEED, IN THE AGGREGATE, THE TOTAL AMOUNT OF FEES PAID OR BECOMING DUE UNDER THIS AGREEMENT IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO SUCH LIABILITY. NO ACTION, REGARDLESS OF FORM, ARISING OUT OF OR RELATED TO THIS AGREEMENT MAY BE BROUGHT BY CLIENT MORE THAN TWELVE (12) MONTHS AFTER THE CAUSE OF ACTION FIRST AROSE.  THIS SECTION 11 SHALL SURVIVE TERMINATION OR EXPIRATION OF THIS AGREEMENT.

12. Uptime:  Intralinks shall provide the Services with a minimum of Ninety-Nine and a Half percent (99.5%) Operational Time Twenty-Four (24) hours a day, Seven (7) days a week as measured over each calendar month.  “Operational Time” shall be calculated as [(Hours in Month – Downtime) / Hours in Month].  “Hours in Month” means the total number of hours in any given calendar month. “Downtime” means any period of time during that calendar month during which Client’s End Users are unable to access data on the Services (“Unavailability”), commencing on the receipt of Client's notification to Intralinks of such Unavailability or when Intralinks otherwise becomes aware of such Unavailability and ending when Intralinks has substantially restored the affected access or provided a workaround as described below.  Downtime shall not include any period of time during which Client and/or its End Users are unable to access the Services due to: (i) scheduled maintenance and/or upgrades; (ii) an action or omission of Client (including its employees, contractors and/or agents); (iii) data quarantined due to virus infection; or (iv) a Force Majeure Event. The period of Downtime due to such Unavailability shall be stopped in the event Intralinks provides to Client a workaround for such Unavailability that makes the affected portion of the Services available to End Users of affected Exchanges. Intralinks shall continue to work on a permanent correction for such Unavailability in the event it provides a workaround to Client.  In the event Client reasonably determines that the workaround materially impacts the use of such Exchanges, Client shall provide telephonic and email notice of such determination, and the period of Downtime due to such Unavailability shall resume as of the time of such notice to Intralinks but shall not include the interim period during which Intralinks provided such workaround to Client. Intralinks shall continue to work on a permanent correction for such Unavailability in the event it provides a workaround to Client.

13.  Data Processing:

(a)  Each party shall comply with all laws and regulations of the relevant jurisdictions that apply to its respective performance of obligations and exercise of rights under this Agreement, including, as applicable, Regulation (EU) 2016/679 of 27 April 2016, General Data Protection Regulation (the “GDPR”), the Personal Data (Privacy) Ordinance (Cap 486 of the Laws of Hong Kong), the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act and U.S. state data privacy and data protection laws, and related implementing regulations (collectively, “Applicable Data Privacy Laws”).

(b) “Personal Data” means any information relating to an identified or identifiable natural person (or, to the extent that Applicable Data Privacy Laws apply to information about legal persons, an identified or identifiable legal person), or as otherwise defined in Applicable Data Privacy Laws, which is included in End User Files.

(c) Client warrants that:

(i) it has complied, and shall continue to comply, with Applicable Data Privacy Laws in its collection, processing and provision to Intralinks of Personal Data; and

(ii) shall not process any Personal Data using the Services, or permit Intralinks to process any Personal Data, in breach or contravention of any order issued to, or limitation of processing imposed on, Client by any regulatory authority.

(d) Intralinks warrants to Client that it is certified under the EU-U.S Privacy Shield Framework operated by the U.S. Department of Commerce.

(e) Client authorizes Intralinks to process, and Intralinks shall process, Personal Data solely as reasonably necessary for the purposes set forth in, and in the manner required by, this Agreement or as otherwise required by law (including any requirement to comply with a court warrant or order or subpoena), in which case Intralinks shall notify Client in advance of such law, unless prohibited from doing so. It is agreed that Intralinks in performing the Services and its other obligations under this Agreement shall be deemed to be acting in accordance with Client’s instructions as documented herein.

(f) The subject-matter of the processing under this Agreement is limited to Personal Data. The duration of the processing shall be for the term of the Agreement, as determined under Section 4. The nature and purpose of the processing shall be to provide Services pursuant to this Agreement. The types of Personal Data processed by the Services include those expressly identified in Article 4(1) and “special categories of personal data” in Article 9(1) of the GDPR, to the extent such data forms part of the Personal Data. The categories of data subjects are individuals whose personal data is contained in End User Files.

(g) Both Intralinks and Client shall implement appropriate technical and organizational measures to protect Personal Data against (i) accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access and against all other unlawful forms of processing; and (ii) the risks presented by the processing of Personal Data in connection with the Services. Intralinks shall provide Client with any other information reasonably requested by Client in writing regarding Intralinks' current security practices and policies.

(h) It is acknowledged and agreed by Client that Intralinks, in providing the Services under this Agreement, transfers Personal Data to its servers in the U.S. and also wherever Intralinks’ Affiliates have offices. In addition, it is acknowledged and agreed by Client that Intralinks may subcontract: (i) data center and related management services; (ii) End User customer support services; (iii) administration and back office services; and (iv) such other functions and services necessary for the performance of the Services. Client hereby consents to Intralinks transferring Personal Data to the aforementioned Intralinks’ Affiliates and subcontractors (each, a “Sub-processor” and collectively, “Sub-processors”) in the relevant jurisdiction(s) strictly to the extent necessary for the Intralinks’ Sub-processors to perform the relevant specified services. An up-to-date list of Intralinks’ Sub-processors and their locations is available at www.intralinks.com/sub-processors. Intralinks shall ensure that any such Intralinks’ Sub-processor is bound by a written agreement containing data protection obligations not less protective than those in this Agreement with respect to the protection of Personal Data to the extent applicable to the nature of the services provided by such Sub-processor. Where an Intralinks’ Sub-processor fails to fulfil its data processing obligations under this Agreement, Intralinks shall remain fully liable to Client for the performance of that Intralinks’ Sub-processor's obligations.  Intralinks hereby agrees to notify Client of any change or addition to the Sub-processors listed in the URL identified above as of the Effective Date. In the event of a change of any such Sub-processor, or an appointment of a new Sub-processor, which will or is likely to process Personal Data, Intralinks undertakes to give Client notice of such change or appointment no less than forty-five (45) days prior to the change or appointment in question occurring. Further to such notice, Client shall be entitled to terminate this Agreement and/or any Work Order upon written notice to Intralinks where Client does not, in its absolute discretion, approve of the Sub-processor in question. Any such notice to terminate shall only be valid if received by Intralinks within thirty (30) calendar days of the date of the notice from Intralinks informing Client of the change or appointment of the relevant Sub-processor. It is understood and agreed by both parties that this Section 13(h) and the proposed notification process described above shall fulfil Intralinks' obligations in relation to complying with Articles 28(2) and 28(3)(d) of the GDPR and, where applicable, obtaining any consent required from Client with reference to any sub-processing as set forth in the Standard Contractual Clauses. 

(i) Upon Client’s request, Intralinks shall enter into the Standard Contractual Clauses (processors) with Client. It is acknowledged and agreed by Client that any claims arising in connection with breaches of data processing (including, but not limited to, claims for breach of the Standard Contractual Clauses entered pursuant to this Section 13(i)) shall be subject to the provisions of Section 11 of this Agreement. It is understood and agreed by Client that such provisions shall apply to all Intralinks’ Affiliates in the same manner as they apply to Intralinks. Notwithstanding the foregoing, the provisions of Section 11 of this Agreement shall not apply in a case where a ‘data subject’ raises any claims against Intralinks or its Affiliates in accordance with the Standard Contractual Clauses.

(j) Intralinks utilizes security systems and infrastructure customary in the industry, including but not limited to redundant data centers with a full range of back-up and business recovery services and anti-virus and intrusion detection software and systems. Client acknowledges that Intralinks shall provide Client with access to the latest SOC 2 Security and Availability Report for the Services and the Standard Information Gathering (“SIG”) questionnaire, which relates to controls of Intralinks. For all subcontractors, Intralinks shall provide Client a summary of the results of its audit of its subcontractors which Intralinks has undertaken of the subcontractor. Should Client request further information with reference to such audits, Intralinks shall reasonably assist with such requests. If such audits are, on reasonable grounds, deemed insufficient by Client on certain aspects or topics, Intralinks or an independent third-party auditor with appropriate experience and expertise acting on its behalf, shall be obliged to perform an additional audit on such aspects or topics. Intralinks shall share the results of such additional audit with Client, except for information which is confidential, commercially sensitive or privileged.

All reasonable costs and expenses incurred for such additional audits shall be paid for by Client.  Intralinks shall provide Client with a proposal, cost estimate and payment schedule for Client's acceptance prior to beginning any such additional audits. Client acknowledges that this Section 13(j) shall satisfy the requirements of Article 28(3)(f) of the GDPR.

(k) Intralinks shall notify Client in advance of implementing any new technology or other change to the Services which, in Intralinks' reasonable opinion, is likely to result in a high risk to the rights and freedoms of individuals whose personal data is processed as part of the Services (“Notifiable Change”). If requested by Client, Intralinks shall provide Client with any such information that Client is required to communicate to a regulatory authority about the Notifiable Change under Applicable Data Privacy Laws. 

(l) Each party shall cooperate and provide information to the other party as reasonably requested in writing or required to enable the other party to comply with Applicable Data Privacy Laws.

(m) Client agrees that upon expiration or termination of this Agreement or a Work Order, Client shall request the return of the End User Files in accordance with Section 7(e) of this Agreement. Intralinks shall make available or delete the End User Files in accordance with such procedure, unless required to do otherwise by applicable law.

(n) Each party shall, to the extent permitted by Applicable Data Privacy Laws, promptly notify the other party upon receiving a request from any third party or regulatory authority for access to, or to otherwise exercise their rights in respect of, Personal Data. Upon reasonable written request by either party and at the requesting party’s sole expense, the other party shall provide the requesting party with reasonable cooperation and assistance in (i) responding to any legal or regulatory proceeding that involves Personal Data or (ii) (if Client is the requesting party) to the extent that Client, in its use and administration of the Services, does not already have the ability to correct, amend or delete Personal Data, fulfilling Client's obligations under Applicable Data Privacy Laws to respond to requests for exercising data subject rights.

(o) Each party shall notify the other party without undue delay upon becoming aware of any unauthorized access to or acquisition, use, loss, destruction, compromise or disclosure of (i) Personal Data or (ii) End User credentials that enable access to or use of the Services (“Security Breach”). The parties shall cooperate in providing any notifications or communications required by Applicable Data Privacy Laws and seeking to ensure that similar Security Breaches do not reoccur.

(p) Neither party shall name the other party or otherwise refer to that other party in any communication to a regulatory authority or data subject relating to a Security Breach without the other party's prior written approval of the content of that communication, which approval shall not be unreasonably withheld, conditioned or delayed.

14.  Miscellaneous:

(a) Notices.  Except as otherwise expressly provided, all notices, requests, demands or consents under this Agreement must be in writing, and be delivered personally, by certified mail, by internationally recognized courier service to the addresses of the parties set forth in this Agreement or by email.  Notices to Intralinks shall be sent to the attention of the General Counsel or to contracts@Intralinks.com.

(b) Modification.  Any modification, amendment or waiver to this Agreement shall not be effective unless in writing and signed by both parties.  

(c) Independent Contractors; No Third-Party Beneficiaries.  The parties are independent contractors with respect to each other and neither shall be deemed an employee, agent, partner or legal representative of the other for any purpose or shall have any authority to create any obligation on behalf of the other. No third-party beneficiary rights are granted as a result of or pursuant to this Agreement.

(d) Force Majeure.  Any delay in or failure of performance by either party under this Agreement shall not be considered a breach and shall be excused to the extent caused by any event beyond the reasonable control of such party including, but not limited to, acts of God, acts of civil or military authorities, strikes or other labor disputes, fires, interruptions in telecommunications or Internet or network provider services, power outages and governmental restrictions and, in the case of Intralinks’ delay or failure to perform, problems due to Client-owned equipment (a “Force Majeure Event”).  If a Force Majeure Event prevails for a continuous period of more than thirty (30) days, the party not affected by the Force Majeure Event may terminate this Agreement by giving fourteen (14) days’ prior written notice to the other party and upon expiration of this notice period, this Agreement  shall terminate. Such termination shall be without prejudice to the rights of the parties in respect of any breach of this Agreement occurring prior to such termination.

(e) Entire Agreement. This Agreement contains the complete, full and exclusive agreement between the parties pertaining to the subject matter hereof. This Agreement supersedes all prior agreements, understandings, representations, warranties, proposals, requests for proposal and negotiations, if any, related to the subject matter hereof. 

(f)  Severability.  If any court of competent authority finds that any provision of this Agreement (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision shall, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this Agreement shall not be affected.  If any invalid, unenforceable or illegal provision of this Agreement would be valid, enforceable and legal if some part of it were deleted, the parties shall negotiate in good faith to amend such provision such that, as amended, it is legal, valid and enforceable, and, to the greatest extent possible, achieves the parties’ original commercial intention. This Section 14(f) shall survive termination or expiration of this Agreement.

(g) Assignment.  Except as otherwise provided below, neither party may assign this Agreement or any rights or obligations hereunder in whole or in part without the prior written consent of the other party.  In the event of any proposed assignment of this Agreement to an Affiliate of a party, such consent shall not be unreasonably withheld, conditioned or delayed.  Either Party shall have the right to assign this Agreement in connection with the merger, reorganization or acquisition of such party or the sale of all or substantially all of its assets related to this Agreement, without such consent.  Any purported assignment of this Agreement in violation of this Section 14(g) shall be invalid. This Agreement shall be binding upon and inure to the benefit of the parties, their respective successors and permitted assigns.

(h) Governing law; Jurisdiction. This Agreement is governed by and is to be construed in accordance with the laws of the State of New York, without giving effect to its conflict of laws principles. The parties agree the United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement. The parties agree to submit to the jurisdiction of the state and federal courts located in New York County, New York, for the adjudication of any case or controversy arising under this Agreement, and the parties hereby waive their right to a trial by jury in any such litigation. Notwithstanding the foregoing, if Client is organized under the laws of England, then this Agreement shall be governed by and construed in accordance with English law, without giving effect to its conflict of laws principles.  The parties agree the United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement.  All claims, controversies and disputes arising in connection with this Agreement shall be finally and exclusively settled by binding arbitration before a single arbitrator in London, England, such arbitration to be conducted pursuant to the UNCITRAL arbitration rules.  A judgment upon any award rendered in such arbitration may be entered in any court having jurisdiction of the parties.

(i) Marketing.  Client agrees that Intralinks may list Client as a customer in Intralinks’ marketing materials (including, without limitation, Intralinks’ website) and grants Intralinks the right to use Client’s name, mark and logo solely in connection with such purpose.  

(j) Waiver.  No failure or delay of either party to exercise any right or remedy provided under this Agreement or by law or to insist upon strict compliance by the other party to its obligation under this Agreement, and no custom or practice of the parties in variance with the terms of this Agreement, shall constitute a waiver of either party’s right to demand exact compliance with the terms of this Agreement. Any waiver of any breach of any provisions of this Agreement shall not be construed as a continuing waiver of other breaches of the same or other provisions hereof.

(k) Interpretation.  This Agreement has been mutually negotiated, and therefore shall be deemed to have been negotiated and prepared at the joint request, direction and construction of all parties, at arm’s length and shall be interpreted in accordance with the terms without favor to any party.

(l) Foreign Corrupt Practices Act, UK Bribery Act and Other Improper Payments. In connection with the parties’ compliance with the U.S. Foreign Corrupt Practices Act (“FCPA”) and the UK Bribery Act (and similar laws of other jurisdictions), the parties shall not offer, promise, approve or make payments, gifts or anything of value to foreign government officials or private parties for the purpose of influencing such individuals to obtain or retain business. In addition, neither party shall make any payments with a wrongful or corrupt intent, including without limitation payments a party knew or should have known were intended to influence a private party, government official or government.

(m) Export Compliance.  The Services and any standalone utilities that may be provided to Client for use with the Services may be subject to export laws and regulations of the U.S., the European Union and other jurisdictions.  Client represents that it is not named on any U.S. government or European Union member denied-party list.  Client shall not permit End Users to access or use the Services in a U.S.-embargoed country, in violation of any U.S. or European Union export law or regulation from where Client uses the Services.  Client is solely responsible for obtaining any necessary export license or other approval to transfer End User Files in connection with its use of the Service.