LICENSE AND SUBSCRIPTION AGREEMENT

This License and Subscription Agreement (“Agreement”) is entered into by and between PAR Government Systems Corporation (“PAR”), having a place of business at 421 Ridge St. Rome, New York 13440, and the Customer accepting this License and Subscription Agreement (“Customer”) for the license of the mobile device application Team Connect On the Go (“Licensed Software” or “OTG”) and the use of the TeamConnect™ Service (“Service”). OTG can be downloaded to Customer’s mobile device from the Google App Store [Insert URL] and used in accordance with the terms therein. BY CLICKING THE "I ACCEPT" BUTTON BELOW, OR BY ACCESSING OR USING THE LICENSED SOFTWARE AND THE SERVICES, YOU (A) ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTAND THIS AGREEMENT; (B) REPRESENTAND WARRANT THAT YOU HAVE THE RIGHT, POWER, AND AUTHORITY TO ENTER INTO THIS AGREEMENT; AND (C) ACCEPT THIS AGREEMENT AND AGREE THAT YOU ARE LEGALLY BOUND BY ITS TERMS. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, PLEASE SELECT THE "I DO NOT ACCEPT” BUTTON BELOW. IF YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT, YOU MAY NOT ACCESS OR USE THE LICENSED SOFTWARE OR THE SERVICES.

PAR develops and commercializes proprietary products and services, which includes cloud-based computing technology that provides situational awareness solutions for organizations, allowing users to communicate, share, and see real-time information in emergency situations, along with any application programming interfaces (APIs) thereto (“Licensed Software”), and the Service (collectively, the “PAR Products”), and Customer wishes to acquire a license and subscription to the PAR Product, all pursuant to the terms and conditions of this Agreement. The PAR Products include all related PAR processes, algorithms, user interfaces, know-how, techniques, designs and other tangible and intangible technical material or information and content therein (other than Customer Data, defined in Section 0), and may include third-party components.

1. ORDERINGCustomer may license and use the PAR Products by accepting a sales order or proposal prepared by PAR (“Sales Order”) or by providing a written purchase order (“Purchase Order”) to PAR. This Agreement will apply to the Sales Order and/or the Purchase Order. In the event of any conflict between the terms of a Sales Order/Purchase Order and the terms of this Agreement, the terms of this Agreement will control unless the Sales Order prepared by PAR expressly states that it is overriding the conflicting term of this Agreement. Purchase Orders issued by Customer to PAR are solely for identifying the Service, the number of users and the Support Services (if any) to be licensed and specifying the bill-to address. All other terms on any Purchase Order shall have no force or effect. All Sales Orders/Purchase Orders are subject to acceptance by PAR (which acceptance may be evidenced by PAR providing access to the Services or performance of Support Services). All Sales Orders/Purchase Orders are non-cancellable by Customer.

2. SUBSCRIPTION AND LICENSE.

2.1. Access to the Service. Subject to Customer’s compliance with the terms of this Agreement, including its payment of all Fees (defined in Section 8), PAR hereby grants to Customer a nonexclusive, limited, nontransferable right to access and use the Services, in object code form, via PAR’s internet-hosted web site, solely (i) for Customer’s own internal business purposes, and (ii) for use by each employee or agent of Customer (a) who is authorized by Customer to access and/or use the Service for Customer’s internal business purposes in accordance with this Agreement; and (b) to whom a password-protected account for use of Service has been created by or on behalf of Customer (each an “Authorized User”), and no other users, in support of Customer’s internal business purposes, (iii) for the subscription term identified herein (as may be renewed by the parties in writing, the “Subscription Term”), (iv) in accordance with this Agreement; and (v) in accordance with all applicable laws, rules and regulations, in all jurisdictions where the PAR Products are being used. To the extent (if any) that Customer receives or provides personally identifiable information (“PII”) as such term is defined in applicable data protection laws in the course of using the Services, Customer agrees to comply with such data privacy laws applicable to its provision or receipt of such PII where the Customer provides PII to PAR under this Agreement, Customer is responsible for providing, obtaining and maintaining any notices, consents or approvals necessary to make such information available to the other party for processing and use.

2.2. Licenses. Subject to the terms of this Agreement, PAR hereby grants Customer (i) a personal, non-transferable, nonexclusive, limited license to install the Licensed Software on Customer hardware, or on third party hardware if PAR has advised Customer in writing that such hardware is substantially compatible with the Licensed Software, and to run the Licensed Software for the purpose of connecting to and operating the Team Connect Service as permitted herein, and (ii) a nonexclusive, limited, nontransferable right to use and copy the standard user guide, manual or other explanatory materials regarding PAR products and services as provided by PAR to Customer, as may be modified or updated by PAR from time to time (“Documentation”) in support of Customer’s rights hereunder.

2.3. Pre-Release Software. PAR may, from time to time, provide Customer with a non-production lab environment to give Customer the opportunity to review and evaluate new features/functionality of pre-released versions of the Licensed Software or the Service in a sandbox environment (“Pre-Release”). Pre-releases may not be used in live production environments and are provided for Customer’s internal evaluation purposes only, and to allow Customer to provide feedback to PAR. NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN, PRE-RELEASES, THEIR CONTENT, AND ANY SERVICES OR ITEMS OBTAINED IN CONNECTION WITH PRE-RELEASES ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT ANY WARRANTIES OF ANY KIND.

3. SCOPE AND RESTRICTIONS.

3.1. Restrictions. Customer shall not use, or allow others to use, the Service in any manner other than as expressly allowed in this Agreement. Customer may not (i) reverse engineer, decompile, disassemble, re-engineer or otherwise create or attempt to create or permit, allow, or assist others to create the source code of the Service or its structural framework, (ii) sublicense, subcontract, translate, license or grant any rights to the Service (including without limitation allowing any distribution or sublicense of the Service or other access to the Service by any person or entity that is not an Authorized User, or processing data using the Service on behalf of third parties or any affiliated entities), (iii) use any robot, spider, site search or retrieval mechanism or other manual or automatic device or process to retrieve, index, data mine, or in any way reproduce or circumvent the navigational structure or presentation of the Service, (iv) harvest or collect information about or from other users of the Service, (v) probe, scan or test the vulnerability of the Services, or breach the security or authentication measures on the Service, or take any action that imposes an unreasonable or disproportionately large load on the infrastructure of the Services (vi) modify or create derivative works of the Service, (vii) attempt to gain unauthorized access to the Service or its related systems or networks, (viii) use the Services in whole or in part for any illegal purpose, (ix) access or use the Service, Licensed Software or Documentation to build a competitive service or product, or copy any feature, function or graphic for competitive purposes; or (x) facilitate or encourage any violations of this Section 3.1. Customer shall (a) take all reasonable precautions to prevent unauthorized or improper use of the Service, (b) not interfere with or disrupt the integrity or performance of Service, (c) not attempt to gain unauthorized access to Service or its related systems or networks, and (d) not create Internet “links” to the Service or “frame” or “mirror” any content therein.

3.2. Licensed Software Restrictions. Customer shall not directly or indirectly, nor permit any person or entity to: (i) sell, rent, lease, distribute, redistribute or transfer the Licensed Software or any rights in the Licensed Software, or use the Licensed Software in a hosted or managed services environment; (ii) reverse engineer, decompile, disassemble, re-engineer or otherwise create or attempt to create or permit, allow, or assist others to create or derive the source code of the Licensed Software or its structural framework; (iii) modify or create derivative works of the Licensed Software (and any modified or merged portion of the Licensed Software is deemed the Licensed Software and subject to this Agreement); (iv) use the Licensed Software for any purpose except as expressly provided under this Agreement; (v) remove any proprietary notice, labels, or marks on or in the Licensed Software; or (vi) disable or circumvent any access control or related device, process or procedure established with respect to the Licensed Software. Customer may not use the Licensed Software in any manner that does or could potentially undermine the security of PAR products or services. Specifically, with respect to the APIs, Customer shall not provide the APIs to any third-party without PAR’s prior written consent which shall be provided in the form of a separate License Agreement with such third-party and may be subject to a license fee.

3.3. Additional Restrictions. Customer may not directly or indirectly access or use the Licensed Software or the Service to process data or information for any person or entity other than Customer. Customer will not, and not attempt to, interfere with, modify or disable any features, functionality or security controls of the Service or the Licensed Software, or defeat, avoid, bypass, remove, deactivate or otherwise circumvent any protection mechanisms for the Service or the Licensed Software.

3.4. Acceptable Use Policy. Customer acknowledges that PAR engages third party vendors to host the Service and may change such vendors from time to time. Customer shall at all times use the Service in accordance with such vendors’ acceptable use policy as made available by PAR to Customer from time to time (“AUP”), and the AUP is incorporated into this Agreement in its entirety as if fully set forth herein. As of the Effective Date, PAR’s hosting provider is AWS, and Customer shall comply with AWS’s AUP found at https://aws.amazon.com/aup/. Customer acknowledges that the vendor’s AUP may change from time to time, and that it is Customer’s responsibility to review the current vendor’s AUP regularly to ensure Customer’s continued compliance.

3.5. Customer Security and Requirements. Customer shall ensure the security of its account ID, password, and connectivity with the Service and shall use commercially reasonable efforts to prevent unauthorized access to its account in the Service. If any administrative account ID or password is stolen or otherwise compromised, Customer shall immediately change the password and inform PAR of the compromise. Customer acknowledges that responsibility for all Customer Data, text, information, messages and other material submitted by its users to the Service lies solely with Customer. Customer is solely responsible for the accuracy and completeness of the Customer Data and all activity in its account in the Service. PAR may change the authorization method for access to the Service if it determines in its sole discretion that there are circumstances justifying such changes. PAR is not responsible for loss of any data in transmission or improper transmission by Customer or its users. As between the parties, Customer is responsible for obtaining and maintaining all computer hardware, software, communications and equipment needed to access and use the Service, and for paying all associated third-party access charges.

3.6. Monitoring and Use of Data. PAR may monitor any and all use of the Service. PAR may gather Customer system and usage data for the purpose of optimizing the Service. This information includes, but is not limited to, data regarding memory usage, connection speed and efficiency. PAR may use such data for its business purposes, including, but not limited to, the identification of trends and the formulation of statistics, and may disclose the same, provided that in connection with such use or disclosure, (i) such data and information are aggregated and do not identify individuals or Customer, and (ii) such data and information shall not be identifiable as originating from Customer. PAR may immediately suspend provision of or access to the Service at any time, without notice to Customer and without liability, if PAR suspects or becomes aware that the Service or the use thereof may infringe or violate any third-party rights or may violate applicable laws. PAR may suspend Customer’s and its users’ access to and use of the Service in order to comply with applicable laws, or upon having reason to believe that any improper activity or potential damage to PAR products or services or customers or consumers is associated with Customer’s or its users’ use of or access to the Service.

3.7. Privacy Policy and Cookie Policy. By using and accessing the Service, Customer hereby consents to PAR’s use and sharing of Customer’s Data as described in our Privacy Policy, located at and acknowledges and agrees to our Cookie Policy, both of which are incorporated into this Agreement by this reference. In the event of a conflict between the Privacy Policy and this Agreement, the Privacy Policy and/or the Cookie Policy shall take precedence.

3.8. Changes to PAR Products. PAR may make changes, upgrades and improvements to the PAR Products from time to time. PAR may modify or delete features and functions of the PAR Products from time to time, including to substitute old features with new features that have similar or improved functionality. PAR may modify the PAR Products in any manner as may be necessary to meet applicable laws or industry-standard requirements or demands or requirements of third-party service providers.

4. TECHNICAL SUPPORT SERVICES, SERVICE LEVELS AND SECURITY.

4.1. Customer Support.. PAR shall provide Customer with technical support services in accordance with PAR’s current technical support services terms attached hereto as Schedule A, the terms of which are incorporated into this Agreement by this reference as if set forth herein (a “PAR Technical Services Support Terms”) .

4.2. Security. PAR shall protect Customer data in accordance with PAR’s current Security Overview attached hereto as Schedule B, the terms of which are incorporated into this Agreement by this reference as if set forth herein (also a “PAR Security Overview”) and shall provide at least commercially reasonable security measures and controls. Without limiting the foregoing, at least once per year, PAR shall conduct site audits of the information technology and information security controls for all facilities used in providing the Service under this Agreement, including obtaining a network-level vulnerability assessment performed by a recognized third-party audit firm.

5. MUTUAL CONFIDENTIALITY.

5.1. Definition of Confidential Information.. Confidential Information means all information disclosed by a party (“Discloser”) to the other party (“Recipient”) in connection with this Agreement, whether orally, visually or in writing (“Confidential Information”). PAR’s Confidential Information includes without limitation the Service, the Licensed Software, Documentation, any part of the foregoing, and PAR’s pricing. Customer’s Confidential Information includes without limitation Customer Data.

5.2. Protection of Confidential Information. The Recipient must (i) protect the Discloser’s Confidential Information use the same degree of care that it uses to protect the confidentiality of its own confidential and proprietary information (but in no event less than reasonable care) and (ii) not disclose or use any Confidential Information of the Discloser for any purpose other than to perform its obligations and exercise its rights under this Agreement. The Recipient must make commercially reasonable efforts to limit access to Confidential Information of Discloser to those of its employees and contractors who need such access for purposes consistent with this Agreement and who have signed confidentiality agreements with Recipient no less restrictive than the confidentiality terms of this Section 5 and who are advised of the confidential nature of the Discloser’s Confidential Information. Recipient will be responsible for compliance with these confidentiality obligations by all persons and entities to which it discloses the Discloser’s Confidential Information.

5.3. Exceptions. The parties shall have no obligation hereunder with respect to any information that is (i) already known to the receiving party at the time of the disclosure; (ii) publicly known at the time of the disclosure, or becomes publicly known thereafter through no wrongful act of the receiving party; or (iii) subsequently disclosed to the receiving party on a non-confidential basis by a third party not having a confidential relationship with the disclosing party and which third party rightfully acquired such information. A disclosure of Confidential Information shall not be a violation of this provision if it is legally compelled to be disclosed pursuant to a subpoena, summons, order or other judicial or governmental process, provided the disclosing party provides prompt notice of any such subpoena, order, etc. to the other party so that such party will have the opportunity to obtain a protective order.

5.4. Obligations. Both parties shall maintain as confidential and shall not disclose (except for those of its employees, attorneys, accountants and other professional advisors on a need-to-know basis, and who have in turn been advised of the confidentiality obligation hereunder), or use for purposes other than in performance of this Agreement, the other party’s Confidential Information. Each party shall protect the other party’s Confidential Information with the same degree of care a prudent person would exercise to protect its own confidential information and to prevent the unauthorized, negligent, or inadvertent use, disclosure, or publication thereof, but with not less than reasonable care. Each party shall be liable under this Agreement to the other for any use or disclosure in violation of this Section 5.4 by persons or entities to which it disclose the other party’s Confidential Information.

5.5. Publicity and Promotion.Neither party may (a) use the names(s), trademark(s), or trade name(s) (whether registered or not) of the other party for any marketing or advertising purposes, or (b) publicly refer to the other party as a customer/vendor (as applicable) or the existence of this Agreement, in publicity releases, promotional materials, business plans, investment materials, announcements, advertising, or in any other manner, without the other party’s prior consent. However, Customer hereby authorizes PAR to publicly identify Customer as a customer of PAR, and to offer Customer as a reference for PAR. In addition, Customer will not unreasonably withhold, condition or delay its consent to provide PAR with a press release or testimonial that PAR may publicly disclose.

6. PROPRIETARY RIGHTS.

6.1. Reservation of Rights. All rights not expressly granted to Customer herein are expressly reserved by PAR. As between the parties, the Service, the Licensed Software and the Documentation (collectively “PAR Items”) are and will remain the exclusive property of PAR, and PAR will retain ownership of all copyrights, patents, trademarks, trade secrets, know-how, databases, and other intellectual property rights relating to or residing in the PAR Items and any updates, improvements, modifications and enhancements (including error corrections and enhancements) thereto, and all derivative works thereof, and Customer will have no right, title, or interest in or to the same. Nothing in this Agreement will be deemed to grant, by implication, estoppel, or otherwise, a license under any of PAR’s or its licensors’ existing or future rights in or to the PAR Items. PAR trade names, trademarks, service marks, titles, and logos, and any goodwill appurtenant thereto, shall be owned exclusively by PAR and shall inure solely to the benefit of PAR.

6.2. Feedback. Customer hereby assigns to PAR all right, title and interest in and to all feedback, suggestions, ideas, improvements and other comments provided by Customer and Authorized Users to PAR relating to the Service (excluding Customer Data) (collectively, “Feedback”), and PAR will have the unrestricted right to use and disclose Feedback into and in connection PAR products and services, without duty or obligation to Customer, and Customer acknowledges that any improvements, modifications and changes arising from or in connection with the its contribution to the Service are the exclusive property of PAR; provided, however, that PAR will not identify Customer in connection with any such use or disclosure.

6.3. Customer Data. As between the parties, Customer has and shall retain sole and exclusive title and ownership of all information and data input by Customer and Authorized Users into the Team Connect Service, and all derivatives and transformations thereof (“Customer Data”), and Customer grants to PAR a limited and nonexclusive license to use, copy, modify, distribute and display Customer Data for purposes of providing the Service to Customer in accordance with this Agreement and as otherwise expressly authorized by this Agreement. Customer also grants PAR the right to use non-identifiable aggregate Customer Data for purposes of reviewing and auditing performance of, and improving, the Service. During the term of this Agreement and for thirty (30) days thereafter, after receipt of Customer’s written request, PAR will provide Customer Data in PAR’s possession as described in the Documentation. PAR reserves the right (but is not obligated to) destroy or discard Customer Data thirty (30) days following termination. Upon written request by Customer, PAR will discard all Customer Data, provided PAR shall not be required to destroy or alter any computer archival and backup media or archival and backup files, but such archival and backup materials shall be kept confidential in accordance with the terms of this Agreement. For any Customer Data that is also considered PII as described by the California Consumer Privacy Act, Customer agrees that PAR processes such data based on Customer’s instructions, and PAR shall do so in accordance with Schedule C, which is hereby incorporated. For any Customer Data that is also considered personal data under the EU General Data Protection Regulation (“GDPR”), PAR shall be considered a data importer or processor on behalf of Customer, as the data exporter and PAR shall process the personal data in accordance with the Data Processing Addendum set forth in Schedule D, which is hereby incorporated.

7. TERM AND TERMINATION.

7.1. Term and Renewal. Unless a different Subscription Term is agreed to by Customer and PAR within the Sales Order, the Subscription Term of this Agreement will commence on the Effective Date and continue for a period of twelve (12) months (“Initial Term”), automatically renewing for successive periods of twelve (12) months at a time (each a “Renewal Term”), unless and until Customer provides written notice of cancellation to PAR at least 30 days prior to the first day of any Renewal Term, or this Agreement is otherwise terminated in accordance with this Section 7; provided, however, that if Customer is an agency of the U.S. Government (“U.S. Government Customer"), this Agreement shall not automatically renew; rather, the U.S. Government Customer may renew this Agreement at the then-current fee, or as specified in an approved Sales Order or Purchase Order, by notifying PAR of its intent to do so at least thirty (30) days prior to the first day of the Renewal Term. The Initial Term or the Renewal Term shall be referred to collectively herein as the “Term”.

7.2. Termination. If a party materially breaches any term or condition of this Agreement or Sales Order, and if such breach has not been cured by the breaching party within thirty (30) days of receipt of notice of such breach, the non-breaching party may terminate this Agreement and/or Sales Order upon notice to the other party. Each party may terminate this Agreement immediately upon notice if the other party becomes the subject of a voluntary petition in bankruptcy or any voluntary proceeding relating to insolvency, receivership, liquidation or composition for the benefit of creditors, or if the other party becomes the subject of an involuntary petition in bankruptcy or any involuntary proceeding relating to insolvency, receivership, liquidation or composition for the benefit of creditors, and such petition or proceeding is not dismissed within ninety (90) days of filing.

7.3. Effect of Termination. Termination of this Agreement shall automatically terminate each then-outstanding Sales Order. Upon termination of this Agreement, Customer’s right to access or use the Service, and Customer’s license to the Licensed Software, shall immediately cease and PAR will have no obligation to maintain, deliver or provide access to any Customer Data. Customer’s payment obligations, and Sections 5, 6, 7.3, 9.2, 9.3, 10, 11, 14, 15 and 16 will survive termination of this Agreement. Upon any termination of this Agreement, Customer shall pay any amounts due to PAR, uninstall the Licensed Software and follow any instructions set forth in the Documentation, and destroy or return all Documentation and all other Confidential Information of PAR. Customer will confirm its compliance with this requirement in writing upon written request of PAR. Except as set forth in Section 0, PAR has no obligation to maintain Customer Data, and may destroy it in accordance with applicable laws.

8. FEES, INVOICES, AND LATE PAYMENTS.

8.1. Fees. Customer shall pay PAR the fees, including but not limited to, as applicable, subscription service fees, support fees, activation fees and licensing fees, identified in the Sales Order (collectively "Fees”) in accordance with the terms thereof.

8.2. Invoice and Payment. Unless otherwise set forth on a Sales Order, Customer will be invoiced for subscription service fees and support fees on an annual basis, in advance (each as identified in a Sales Order), during the Subscription Term, which payment will commence upon the first Activation of the Service. For purposes of this Agreement, “Activation” shall be the first date Customer accesses the Service. Customer agrees to pay invoices, including any taxes that apply to Customer within thirty (30) days from date of invoice. All fees and payments are nonrefundable and exclusive of all taxes, including, but not limited to, sales, use, excise, value-added, goods and services, consumption, and other similar taxes or duties (except taxes on the income of PAR), and Customer agrees to pay such taxes, whether federal, state, local, or municipal.

8.3. Late Payment. Amounts outstanding beyond thirty (30) days from the invoice date will be subject to a late payment charge at the lesser of one and one half percent (1.5%) per month or the highest rate permissible under applicable law for the actual number of days elapsed. All billing and payment will be made in United States dollars. If Customer fails to make payment when due, PAR may, upon notice to Customer and without limiting PAR’s other available rights and remedies, suspend Customer’s access and use of the Service until such payment is made. PAR may impose a reconnection fee if Customer is suspended pursuant to this Section and thereafter requests access to the Service.

9. WARRANTIES AND DISCLAIMERS.

9.1. Customer Warranties. Customer represents, warrants and covenants that (i) Customer will comply with all applicable laws with respect to its and its users’ access to and use of the Service and Licensed Software; and (ii) Customer has received all third party consents and certifications necessary for the transmission of Customer Data to PAR. PAR is not responsible for ensuring that the Service, or any portion thereof, complies with Customer’s criteria for legal compliance

9.2. Disclaimers. PAR AND ITS SUPPLIERS AND LICENSORS EXPRESSLY DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, REGARDING THE SERVICE, LICENSED SOFTWARE, DOCUMENTATION AND ANY OTHER INFORMATION, MATERIALS AND SERVICES PROVIDED HEREUNDER, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. PAR DOES NOT REPRESENT OR WARRANT THAT THE SERVICE, THE LICENSED SOFTWARE, OR ANY SERVICES WILL BE AVAILABLE, ERROR FREE, COMPLETELY SECURE, VIRUS FREE, OR WITHOUT INTERRUPTION, OR THAT THEIR FUNCTIONS WILL MEET ANY PARTICULAR REQUIREMENTS, OR THAT DEFECTS OR ERRORS ARE CAPABLE OF CORRECTION OR IMPROVEMENT, OR THAT UNAUTHORIZED ACCESS BY THIRD PARTIES CAN BE PREVENTED. THE SERVICE MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS AND PAR IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGE RESULTING FROM SUCH PROBLEMS. CUSTOMER ASSUMES FULL RESPONSIBILITY AND RISK FOR USE OF PAR PRODUCTS AND SERVICES AND THE INTERNET.

9.3. Third Party Data. The Service may allow access to data, information, or services disseminated by outside data sources and Customer acknowledges that PAR and its suppliers and licensors disclaim responsibility for the use, content, accuracy, timeliness, completeness or availability of such third party data information, or services and make no warranty concerning such information. CUSTOMER USES SUCH THIRD PARTY DATA, INFORMATION, OR SERVICES AT ITS OWN RISK.

10. LIMITATIONS OF LIABILITY.TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, AND EXCEPT FOR A PARTY’S BREACH OF SECTION 5, PAR AND ITS LICENSORS AND SUPPLIERS ON THE ONE HAND, AND CUSTOMER ON THE OTHER HAND, WILL NOT BE LIABLE TO EACH OTHER FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT, SPECIAL, OR EXEMPLARY DAMAGES OF ANY KIND, INCLUDING WITHOUT LIMITATION ANY LOSS OF USE, LOSS OF DATA, LOSS OF BUSINESS, COST OF PROCUREMENT OF SUBSTITUTE PRODUCTS OR SERVICES OR LOSS OF PROFIT OR REVENUE, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, PAR PRODUCTS, AND ANY INFORMATION AND SERVICES RENDERED HEREUNDER (HOWEVER ARISING, INCLUDING NEGLIGENCE), EVEN IF SUCH PARTY IS OR SHOULD HAVE BEEN AWARE OF THE POSSIBILITY OF SUCH DAMAGES. PAR’S TOTAL CUMULATIVE LIABILITY TO CUSTOMER IN CONNECTION WITH THIS AGREEMENT, WHETHER IN CONTRACT OR TORT OR OTHERWISE, WILL NOT EXCEED AMOUNTS ACTUALLY PAID BY CUSTOMER TO PAR DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING ANY SUCH LIABILITY. NOTWITHSTANDING THE FOREGOING, PAR’S TOTAL LIABILITY FOR DAMAGES RELATING TO PRE-RELEASES SHALL BE LIMITED TO ONE HUNDRED DOLLARS ($100.00).

11. INDEMNITY

11.1. By PAR. PAR will defend, indemnify and hold harmless Customer and its officers, directors, employees and agents from and against any and all third party claims, actions, demands and lawsuits (each a “Claim”) brought against Customer, and shall pay all losses, damages, liabilities, costs and expenses payable to such third party pursuant to such Claim, to the extent arising out of relating to such third party’s allegation that the Service (other than Customer Data), the Licensed Software or the Documentation infringes a United States or Canadian patent, copyright or trademark. If a PAR Item (defined in Section 6.1) is or may become the subject of a Claim, PAR may, at its option, modify or replace the affected parts so the PAR Item becomes non-infringing or terminate this Agreement and refund Customer for any prepaid and unused recurring fees. PAR shall have no obligation with respect to any infringement claim based upon (a) Customer Data or (b) Customer's or its users' combination, operation or use of a PAR Item with non- PAR materials, data, applications, information or services if the infringement claim would have been avoided had such combination, operation or use not occurred. Where infringement claims arise with respect to third party products, PAR's sole obligation is to pass through to Customer any indemnity that may be available to Customer under the terms and conditions of the agreement between PAR and such third party vendor. THIS SECTION 11.1 STATES THE ENTIRE LIABILITY OF PAR, AND CUSTOMER'S SOLE AND EXCLUSIVE REMEDY, FOR ANY INFRINGEMENT INVOLVING THE PAR ITEMS.

11.2. By Customer. Customer will defend, indemnify and hold harmless PAR and its affiliates and its and their officers, directors, employees and agents from and against any and all Claims brought against any of the foregoing persons or entities, and shall pay all losses, damages, liabilities, costs and expenses payable to such third party pursuant to such Claim, to the extent arising out of relating to (i) any breach of this Agreement by Customer and/or its users; (ii) PAR’s data transfer as permitted in Section 0; (iii) Customer’s and its users’ use not in accordance with this Agreement and/or modification of PAR Items; and/or (iv) Customer Data.

11.3. Process. The indemnified party shall (i) promptly notify the indemnifying party promptly upon becoming aware of the claim (but failure to promptly notify shall not relieve the indemnifying party of its obligations unless its ability to defend the claim is materially prejudiced thereby), and (ii) give the indemnifying party the right to solely control and direct the investigation, preparation, defense and settlement of the claim, and (iii) fully cooperate with the indemnifying party, at the indemnifying party’s expense, in the defense and settlement of the claim. The indemnified party shall have the right, at its cost, to employ counsel of its choice to participate in the defense of such claim.

12. COMPLIANCE WITH LAWS. Each party shall at all times comply in all material respects with all federal, state, and local laws, ordinances, regulations, and orders that are applicable to the operation of its business and to this Agreement and its performance hereunder, including but not limited to, any and all privacy laws relating to the receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (both technical and physical), disposal, destruction, disclosure or transfer of personal information as defined under such laws and any notification requirements thereunder in the event of a breach.

13. Export Regulation. The PAR Products, including any software, documentation, and any related technical data included with, or contained in, such PAR Products and any products utilizing any such PAR Products, software, documentation, or technical data (collectively, "Regulated Products") may be subject to US export control laws and regulations, including the Export Administration Regulations and the International Traffic in Arms Regulations. The Customer shall not, and shall not permit any third parties to, directly or indirectly, export, reexport, or release any Regulated Products to any jurisdiction or country to which, or any party to whom, the export, reexport, or release of any Regulated Products is prohibited by applicable federal or foreign law, regulation, or rule. The Customer shall be responsible for any breach of this Section by its, and its successors' and permitted assigns', parent, affiliates, employees, officers, directors, customers, agents, distributors, resellers, or vendors. The Customer shall comply with all applicable federal and foreign laws, regulations, and rules, and complete all required undertakings (including obtaining any necessary export license or other governmental approval), prior to exporting, reexporting, or releasing any Regulated Products. The Customer shall provide prior written notice of the need to comply with such laws and regulations to any person, firm, or entity which it has reason to believe is obtaining any such Regulated Products from the Customer with the intent to export or reexport.

14. US GOVERNMENT RIGHTS. The PAR Products are "commercial items" as that term is defined at 48 C.F.R. § 2.101, consisting of "commercial computer software" and "commercial computer software documentation" as such terms are used in 48 C.F.R. § 12.212, and were developed exclusively at private expense. Accordingly, if Customer is a U.S. Government Customer or any contractor therefor, Customer receives only those rights with respect to the PAR Products as are granted to all other users under license, in accordance with (a) 48 C.F.R. § 227.7201 through 48 C.F.R. § 227.7204, with respect to the Department of Defense and their contractors, or (b) 48 C.F.R. § 12.212, with respect to all other US Government licensees and their contractors.

15. GOVERNING LAW. This Agreement shall be construed and interpreted in accordance with the laws of the State of New York without regard to conflict of laws principles. Each party hereby agrees to submit to the jurisdiction and venue of the United States District Court for the Northern District of New York and the Supreme Court of the State of New York for the purposes of adjudicating any dispute or action arising out of or in connection herewith, and each party consents to the personal jurisdiction of such courts and waives any claim that it is an inconvenient forum. The prevailing party in litigation is entitled to recover its reasonable attorneys’ fees and reasonable costs from the other party. The U.N. Convention on the International Sale of Goods is excluded. Any breach or threatened breach by Customer of Section 3 or Section 5 may cause irreparable injury or harm to PAR for which damages may be difficult to ascertain and/or an insufficient remedy, and PAR may seek an injunction in any court having jurisdiction to stop any breach or avoid any future breach, without proving damages or posting a bond. Notwithstanding anything in this Section 15 to the contrary, if the Customer is a U.S. Government Customer, this Agreement, and the choice of forum and venue for adjudication of any dispute or action arising out of or in connection herewith, shall be governed by Federal law.

16. MODIFICATIONS TO AGREEMENTPAR may revise and update this Agreement from time to time in its sole discretion. PAR will notify Customer in accordance with Section 17.8. All changes are effective immediately and will apply to all access to and use of the PAR Products thereafter. However, any changes to the dispute resolution provisions set out in Governing Law will not apply to any disputes for which the parties have actual notice on or before the date Customer is notified of the changes. Customer’s continued use of the PAR Products following the notification of modifications to this Agreement means that Customer accepts and agrees to the changes.

17. MISCELLANEOUS

17.1. Force Majeure. PAR shall not be liable or responsible to Customer, nor be deemed to have defaulted under or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement, when and to the extent such failure or delay is caused by or results from acts beyond PAR’s reasonable control, including, without limitation: (a) acts of God; (b) flood, fire, earthquake, or explosion; (c) war, invasion, hostilities (whether war is declared or not), terrorist threats or acts, riot, or other civil unrest; (d) government order or law; (e) actions, embargoes, or blockades in effect on or after the date of this Agreement; (f) action by any governmental authority; (g) national or regional emergency; (h) epidemic, pandemic, or other public health emergency; (i) strikes, labor stoppages or slowdowns, or other industrial disturbances; and (j) shortage of adequate power or transportation facilities (each, a “Force Majeure Event”). PAR shall promptly give notice to Customer upon experiencing a Force Majeure Event stating the period of time the occurrence is expected to continue and shall use diligent efforts to end the failure or delay and ensure the effects of such Force Majeure Event are minimized. If PAR’s performance under any Sales Order is delayed by more than sixty (60) days, then PAR may cancel any unperformed portion of the Sales Order upon written notice to Customer without liability to Customer.

17.2. Entire Agreement. This Agreement, together with each Sales Order and with the PAR Policies, constitutes the entire agreement between the parties, and supersedes all prior or contemporaneous negotiations, agreements and representations, whether oral or written, with respect to this subject matter. Any terms or conditions contained in any Customer purchase order or similar document shall be without effect.

17.3. Waivers. The failure of either party to enforce any provision of this Agreement, unless waived in writing by such party, will not constitute a waiver of that party’s right to enforce that provision or any other provision of this Agreement.

17.4. No Assignment. Neither party may assign or transfer this Agreement without prior written consent of the other party, which shall not be unreasonably withheld; provided, however, that PAR may assign this Agreement to an affiliate or in connection with the sale of all or substantially all of its business or assets to which this Agreement relates, or pursuant to a similar change in control, unless otherwise prohibited by law.

17.5. Independent Contractors. Customer and PAR are independent contractors and nothing in this Agreement will be deemed to create any agency, employee-employer relationship, partnership, or joint venture between the parties. Except as otherwise specifically provided in this Agreement, neither party will have or represent that such party has the right, power or authority to bind, contract or commit the other party or to create any obligation on behalf of the other party.

17.6. Remedies Cumulative. The enumeration herein of specific remedies shall not be exclusive of any other remedies unless otherwise expressly stated herein. Any delay or failure by any party to this Agreement to exercise any right, power, remedy or privilege herein contained, or now or hereafter existing under any applicable statute or law, shall not be construed to be a waiver of such right, power, remedy or privilege, nor to limit the exercise of such right, power, remedy, or privilege, nor shall it preclude the further exercise thereof or the exercise of any other right, power, remedy or privilege.

17.7. Severability. If any provision of this Agreement is held by a court of law to be illegal, invalid, or unenforceable, the legality, validity, and enforceability of the remaining provisions of this Agreement will not be affected or impaired thereby and the illegal, invalid, or unenforceable provision will be deemed modified such that it is legal, valid, and enforceable and accomplishes the intention of the parties to the fullest extent possible.

17.8. Notices. PAR may provide any notice to Customer under this Agreement by sending a message to the email address Customer provides upon registration with the Service; or (ii) by posting to the Service. Notices sent by email will be effective when PAR sends the email and notices PAR provides by posting will be effective upon posting. It is Customer’s responsibility to keep Customer’s email address current. In the case of notice to PAR, notices will be sent via postage prepaid certified mail or by overnight commercial courier to: PAR Government Systems Corporation (Attn: Contracts Department), 421 Ridge St. Rome, NY 13440. PAR may update the address for notices to PAR by posting a notice on the Service. Notices sent via overnight courier will be effective one (1) business day after they are sent. Notices provided by certified mail will be effective three (3) business days after they are sent.

17.9. Additional Terms. Your use of the Licensed Software must comply with the Google Play Terms of Service. PAR is solely responsible for providing maintenance and support services for the Licensed Software. Support for the Licensed Software will be provided in accordance with this Agreement.

SCHEDULE A

TECHNICAL SUPPORT SERVICES TERMS

These Technical Support Services are available to customers of PAR Government Systems Corporation (“PAR”) where such customers have subscribed to PAR’s Service through PAR’s License and Subscription Agreement (“Agreement”). Capitalized terms not otherwise defined herein shall have the meanings given them in the Agreement.

1. DEFINITIONS

  1. External Case Referral” means PAR’s referral of a Technical Support Case to Customer or to a third party, including, but not limited to Customer third-party providers of Customer’s firewall, cellular service, or networks after PAR has determined that the issue is not related to the Licensed Software or the Service.
  2. Response Times” shall mean the time by which PAR strives to respond to an incoming Technical Support Case from a Customer, as set forth in Section 2.f. below.
  3. Technical Support Case” shall mean a case from a Customer that relates to assistance with the use of, or an interruption in the operability of the Licensed Software and/or the Service.
  4. Technical Support Center” shall mean PAR’s technical support team that responds to Customer’s Technical Support Case.

2. TECHNICAL SUPPORT SERVICES.

  1. Customer will have on-demand access to online tutorial videos and other assorted online resources.
  2. If Customer has a paid Service plan, PAR will provide trained technical support representatives, available Monday through Friday, during regular business hours between 9:00am and 5:00pm EST, to respond to your requests for technical support either via telephone or email.
  3. For an additional fee, Customer can elect to receive support via phone twenty-four hours a day, seven days a week, three hundred sixty-five days a year (24/7/365).
  4. PAR will provide diagnostic and operational/procedural support to assist in identifying and resolving issues with the Licensed Software and/or the Service.
  5. Technical Support Services cover the following types of requests:
  6. PAR will use commercially reasonable efforts to respond to all your requests for technical support within our then current standard response times. PAR’s current standard response times are:
    1. Within one (1) business day for customers using the standard service plan
    2. Within sixty (60) minutes of contact for customers using paid service plans

3. CUSTOMER RESPONSIBILITIES. Customer agrees to:

4. EXCLUSIONS FROM COVERAGE. The following services are excluded from Technical Support Services and may be provided to Customer at an additional cost:

SCHEDULE B

Security Overview

1. Introduction. This Security Overview establishes the basic security requirements used by PAR Government Systems Corporation (“PAR”) in securing the Service for information security, as needed to ensure the confidentiality, availability and integrity of Customer Data.

2. Terminology. As used in this Security Overview, each of the following terms (whether used with initial upper case or in all lower case) shall have the corresponding meaning set forth below. Each other capitalized term used herein but not defined herein shall have the meaning ascribed to it in the License and Subscription Agreement (“Agreement”).

2.1 Customer Sensitive Information means any Customer Data that includes Personal Data, including but not limited to names, phone numbers (including mobile device ID, user’s device name), emails, GPS location and location history data.

2.2 Encryption means the reversible transformation of data from the original to an obfuscated format (cipher text) as a mechanism for protecting the information’s confidentiality, integrity and/or authenticity.

3. Specific Security Requirements.

3.1 Security Policy. PAR maintains a comprehensive set of written security policies and procedures which cover, at a minimum:

  1. PAR’s commitment to information security;
  2. information classification, labeling, and handling, and such policies and procedures related to information handling must describe the permissible methods for information transmission, storage, and destruction and such methods must be no less protective than what is commercially reasonable and comport with applicable industry standards;
  3. Acceptable use of PAR’s assets, including computing systems, networks, and messaging;
  4. information security incident management, including data breach notification and collection of evidence procedures;
  5. access controls, including periodic reviews of access rights;
  6. logging and monitoring of PAR’s production environment, including logging and monitoring of physical and logical access to PAR’s networks and systems that process or store Customer Data
  7. disciplinary measures for personnel who fail to comply with such policies and procedures; and
  8. the topics described in the remainder of this Section 3 in a manner consistent with the applicable requirements for such topics as set forth in this Section 3.

3.2 Responsibility for PAR’s Information Security Program. PAR has a Cyber Security department within its Information Technology Department which has staff with experience and training in Cyber Security and risk management. The Cyber Security department is responsible for PAR’s information security program.

3.3 Audits of PAR’s Information Security Program. PAR shall cause an independent third party to conduct at least once each year an ISO 27001 audit of the Service. PAR will provide a copy of these reports upon Customer’s request, subject to the Customer’s execution of a non-disclosure agreement.

In addition, and without limiting any of its obligations hereunder, PAR shall regularly monitor and review PAR’s information security program to ensure safeguards are appropriate to limit risks to Customer Data.

3.4 Asset and Information Management. PAR shall:

  1. maintain an inventory of all Customer Data that PAR processes or stores; and
  2. maintain an inventory of physical computing and software assets PAR uses in the performance of its activities under the License and Subscription Agreement.

3.5 Employee-related Matters. PAR shall:

  1. train its new personnel (including contingent workers provided by staffing agencies) and subcontractors on the acceptable use and handling of PAR’s confidential information and confidential information of other companies that has been entrusted to PAR (such as Customer Data);
  2. provide annual security education refreshers for its personnel (including contingent workers provided by staffing agencies and subcontractors) and maintain a record of personnel that completed such education; and
  3. implement a formal user registration and de-registration procedure for granting and revoking access to PAR’s information systems and services; and upon termination of any personnel (including contingent workers provided by staffing agencies and subcontractors), PAR shall revoke such individual’s access to Customer as soon as possible but in no event later than three (3) business days following termination of such individual.

3.6 Communications and Operations. PAR shall:

  1. perform regular backups sufficient to restore services to Customer within a commercially reasonable period of time;
  2. encrypt all backup media containing Customer Data;
  3. not do (or allow any Contractor to do) any of the following without, in each case, obtaining the prior written consent of Customer: (a) store or replicate any Customer Data outside of PAR’s premises (except for any third-party hosting provider), (b) transmit, transfer or provide any Customer Data to any third party, or (c) provide any third party with access to any Customer Data;
  4. on all Windows servers and networks maintain up to date malware detection and prevention on PAR’s servers and/or end user platforms, including virtual machine implementations, that transmit, access, process or store Customer Data;
  5. maintain a hardened Internet perimeter and secure infrastructure using firewalls, antivirus, anti-malware, intrusion prevention/detection systems, and other protection technologies as is commercially reasonable;
  6. implement regular patch management and system maintenance for all of PAR’s systems including virtual machine implementations, that transmit, access, process or store Customer Data; and
  7. upon Customer’s written request, provide details on how Customer’s Data is segregated and protected from PAR’s other client data, if deployed in a multi-tenant or multi-customer environment.

3.7 Access Control. PAR shall:

  1. enforce commercially reasonable practices for user authentication; if passwords are used to authenticate individuals or automated processes accessing Customer Data, such passwords will comply with the current commercially reasonable practices for password usage, creation, storage, and protection;
  2. ensure that user ID’s are unique to individuals and are not shared;
  3. assign access rights based upon the sensitivity of Customer Data, the individual’s job requirements, and the individual’s “need to know” for the specific Customer Data;
  4. review the access rights of PAR’s personnel (including Contractors) to ensure need-to-know restrictions are kept current; and
  5. restrict access to Customer Data by segregating administrator-level access from user-level access.

3.8 Application Development; Vulnerability Scans and Penetration Tests. PAR shall:

  1. implement a secure development methodology that incorporates security throughout the development lifecycle;
  2. develop and enforce secure coding standards;
  3. perform secure code reviews using automated scanning tools for all externally-facing applications and for any software developed by PAR (or a Contractor) and delivered to Customer;
  4. perform vulnerability scans at least once each year, either by PAR or through a 3rd party, for all internal and externally-facing applications that receive, access, process or store Customer Data; and
  5. perform penetration tests at least once each year for all externally-facing applications that receive, access, process or store Customer Data (“Penetration Test”).

3.9 Contractors. PAR shall:

  1. take reasonable steps to select and maintain Contractors that are capable of maintaining security measures to protect Customer Data in accordance with applicable laws and regulations and in a manner no less protective than the requirements set forth in the Agreement, including this Schedule and any annexes attached hereto, and maintain with each such Contractor a written contract requiring such Contractor, by contract, to implement and maintain such security measures;
  2. other than as permitted in the Agreement, not provide to any Contractor, or allow any Contractor to access, process, store, view or otherwise interact with, any Customer Data without obtaining the prior written consent of Customer;
  3. not use, in connection with the Agreement, any software or service provided by a third party where such software or service (a) is deployed by such third party acting as an application service provider (or similar), (b) is a “software as a service” offering (or similar), or (c) involves the use of “cloud computing” or “cloud services” (or similar) without obtaining the prior written consent of Customer; provided however, Customer shall be deemed to have provided its written consent for the use of a particular third party provider for authentication purposes when Customer makes an election through the Services to use a particular authentication protocol (“OAuth”) offered by PAR; and
  4. upon written request by Customer, use commercially reasonable efforts to obtain from each Contractor (or if Customer’s written request is limited to specific Contractors, each of those specific Contractors) the right for Customer to receive a copy of, or otherwise have the ability to review, the report(s) resulting from each audit or review of such Contractor's information security policies, practices and controls that was conducted by an independent third party (e.g. SSAE 16 SOC 1 Type II audit, ISO 27001 certification or similar) within the then most recent three (3) years and that is relevant to the security policies, practices and controls employed by such Contractor to protect Customer Data.

4. Information Security Incident Management. PAR shall:

4.1 establish, test, and maintain an information security incident response process that includes, among other things, processes for evidence preservation, informing and working with law enforcement agencies, government agencies and similar parties as appropriate, and performing forensic analyses; and

4.2 unless otherwise prohibited under federal, state or local law or at the direction of law enforcement, notify Customer of any actual breach of Customer Data, including any actual breach at or involving a Contractor’s systems, hardware, equipment, devices or premises computers or otherwise involving a Contractor’s personnel. PAR shall provide notification of any such incident promptly, but in no event later than seven (7) days (or if such incident involves Customer Sensitive Information, in no event later than two (2) days) following the date PAR first becomes aware of such incident.

5. Business Continuity Management. PAR shall:

5.1 establish and maintain a comprehensive business continuity plan (“BCP”) that covers the restoration of both technology and business operations in the event of an unplanned event; the planning process for the BCP will include risk analysis, business impact analysis, recovery strategies for different scenarios to include geographic/regional events, pandemics, and natural disasters (e.g., tornado, hurricane, flooding, fire, power outage), and the BCP shall cover, among other things, PAR’s operations associated with its activities under the Agreement; and

5.2 test its BCP at least annually and provide Customer, at Customer’s written request, with an annual attestation that PAR successfully conducted a test of its BCP (such attestation shall include the scope, location(s), and date(s) of the test(s)).

6. Compliance. PAR shall:

6.1 maintain a code of ethics and require employees to review and acknowledge it annually (except if and to the extent prohibited by law); and

6.2 if interacting directly with individuals, develop, implement and operate in accordance with a privacy policy (which among other things, describes the types of information collected, how the information is used, stored and shared, any options for an individual to “opt out” of any usage or sharing, and how an individual may access his or her information) and disseminate or otherwise make such privacy policy available to such individuals.

SCHEDULE C

California Consumer Privacy Act (“CCPA”) Schedule

This CCPA Schedule shall apply to PAR’s processing of personally identifiable information (“PII”) provided by Customer to PAR through Customer’s use of the Service as permitted under this Agreement.

  1. Customer agrees that PAR shall be a Service Provider, as that term is defined by the CCPA, of Customer for the processing of any PII provided by Customer to PAR for the use of the Service as permitted under this Agreement.
  2. PAR agrees not to retain, use, or disclose the PII provided by Customer to PAR through its use of the Service, as the term PII is defined by the California Consumer Privacy Act (“CCPA”) for any purpose other than for that which is necessary for the specific purpose of providing the Service, including as outlined in the Agreement, or as otherwise provided for by the CCPA. Customer agrees that transfers of data as outlined within the agreement to other parties, including to a franchisor are made pursuant to this agreement and at Customer’s direction. PAR further agrees to never sell any of the PII, including as the term “sell” is defined by the CCPA.
  3. If Customer directs PAR to delete any PII provided by Customer to PAR related to a given California consumer, as directed by a given consumer under the CCPA, PAR agrees to comply with same, as provided for by the CCPA.
  4. Further, should PAR receive a request to delete any PII PAR agrees to notify Customer in writing of the request as soon as is reasonably practical.
  5. Should Customer receive a valid “Right to Know” request from a CCPA consumer, PAR agrees to reasonably assist Customer in gathering PII within PAR’s custody or control where PAR’s assistance is necessary to do so.
  6. At all times, PAR agrees to implement and maintain reasonable security practices, including as described within the Agreement.
  7. PAR may charge a reasonable fee for providing the Customer assistance with Customer’s compliance with the CCPA.

SCHEDULE D

Data Processing Addendum

PAR and Customer have agreed upon the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Annex A in connection with the License and Subscription Agreement (“Agreement”) as of the effective date of the Agreement. For purposes of the Clauses, if Customer is a company located within the United States, Customer will act as the data exporter on behalf of its affiliated entities in the European Union or the United Kingdom who are controllers. Capitalized terms not otherwise defined herein shall have the meanings given to such terms in the Agreement.

  1. DEFINITIONSFor the purposes of the Clauses:
    1. 1.1. personal data, special categories of data, process/processing, controller, processor, data subject and supervisory authority shall have the same meaning as in EU General Data Protection Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1);
    2. 1.2. the data exporter means the controller or Customer who transfers the personal data;
    3. 1.3. the data importer means the processor or PAR who agrees to receive from the data exporter personal data intended for processing on its behalf after the transfer in accordance with its instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of EU General Data Protection Regulation;
    4. 1.4. the sub-processor means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with its instructions, the terms of the Clauses and the terms of the written subcontract;
    5. 1.5. the applicable data protection law means the EU General Data Protection Regulation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
    6. 1.6. technical and organizational security measures means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission
  2. DETAILS OF THE TRANSFER. The details of the transfer and in particular the special categories of personal data where applicable are specified in Annex A which forms an integral part of the Clauses.
  3. THIRD-PARTY BENEFICIARY CLAUSE.
    1. 3.1. The data subject can enforce against the data exporter this Clause 3, Clause 4.2 to Clause 4.9, Clause 5.1 to Clause 5.5 and Clause 5.7 to Clause 5.10, Clause 6.1 and Clause 6.2, Clause 7, Clause 8.2 and Clause 9 to Clause 12 as third-party beneficiary.
    2. 3.2. The data subject can enforce against the data importer this Clause, Clause 5.1 to 5.5 and 5.7, Clause 6, Clause 7, Clause 8.2 and Clause 9 to Clause 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
    3. 3.3. The data subject can enforce against the sub-processor this Clause 3.1, Clause 5.1 to 5.5 and Clause 5.7, Clause 6, Clause 7, Clause 8.2, and Clause 9 to Clause 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
    4. 3.4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
  4. OBLIGATIONS OF THE DATA EXPORTER. The data exporter agrees and warrants:
    1. 4.1. that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
    2. 4.2. that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
    3. 4.3. that the data importer will provide sufficient guarantees in respect of the technical and security measures specified in the Agreement;
    4. 4.4. that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
    5. 4.5. that it will ensure compliance with the security measures;
    6. 4.6. that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of EU General Data Protection Regulation;
    7. 4.7. to forward any notification received from the data importer or any sub-processor pursuant to Clause 5.2 and Clause 8.3 to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
    8. 4.8. to make available to the data subjects upon request a copy of the Clauses and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
    9. 4.9. that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subjects as the data importer under the Clauses; and
    10. 4.10. that it will ensure compliance with Clause 4.1 to Clause 4.9.
  5. OBLIGATIONS OF THE DATA IMPORTER. The data importer agrees and warrants:
    1. 5.1. to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
    2. 5.2. that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
    3. 5.3. that it has implemented the technical and organizational security measures specified in the Agreement before processing the personal data transferred;
    4. 5.4. that it will promptly notify the data exporter about:
      1. 5.4.1. any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
      2. 5.4.2. any accidental or unauthorized access; and
      3. 5.4.3. any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;
    5. 5.5. to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
    6. 5.6. at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
    7. 5.7. to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, and include a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
    8. 5.8. that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;
    9. 5.9. that the processing services by the sub-processor will be carried out in accordance with Clause 11; and
    10. 5.10. to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.
  6. LIABILITY
    1. 6.1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
    2. 6.2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or its sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.
    3. 6.3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.
    4. 6.4. The parties agree that if one party is held liable for a violation of the clauses committed by the other party, the latter will, to the extent to which it is liable, indemnify the first party for any cost, charge, damages, expenses, or loss it has incurred. Any limitation of liability of a party set forth in the Agreement shall apply to any liability under this Data Processing Addendum.

      Indemnification is contingent upon:
      1. (a)the data exporter promptly notifying the data importer of a claim; and
      2. (b) the data importer being given the possibility to cooperate with the data exporter in the defense and settlement of the claim.
  7. MEDIATION AND JURISDICTION.
    1. 7.1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
      1. 7.1.1. to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
      2. 7.1.2. to refer the dispute to the courts in the Member State in which the data exporter is established.
    2. 7.2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
  8. COOPERATION WITH SUPERVISORY AUTHORITIES.
    1. 8.1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
    2. 8.2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
    3. 8.3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5.2.
  9. GOVERNING LAW. The Clauses shall be governed by the law of the Member State in which the data exporter is established.
  10. VARIATION OF THE CONTRACT. The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clauses.
  11. SUB-PROCESSING.
    1. 11.1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor's obligations under such agreement.
    2. 11.2. The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
    3. 11.3. The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
    4. 11.4. The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5.10, which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.
  12. OBLIGATION AFTER THE TERMINATION OF PERSONAL DATA PROCESSING SERVICES.
    1. 12.1. The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
    2. 12.2. The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.

ANNEX A

This Annex forms part of the Clauses and must be completed and signed by the parties.

The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Annex A.

Data exporter

The data exporter is Customer as specified in the Sales Order and/or Purchase Order under the Agreement that is providing the data to PAR Government Systems Corporation (“PAR”) in connection with Customers’ use of the PAR Products as defined in the Agreement.

Data importer

The data importer is PAR that is providing the Licensed Software and the Service under the Agreement for Customer’s use in connection with Customer’s internal business purposes.

Data subjects

The personal data transferred concerns the personal data of Customer’s Authorized Users as defined under the Agreement and may include Customer’s employees, agents, subcontractors and/or third-parties also using the Licensed Software and Service who have connected with the Customer through the Service.

Categories of data

The personal data transferred concern the following categories of data:

Processing operations

The personal data transferred will be subject to the following basic processing activities: PAR will process the personal data in accordance with the Agreement to provide the Service to the Customer for Customer’s internal business purposes.