Master Services Agreement

CLIENT COVENANTS AND OBLIGATIONS

Assistance

Client shall provide in a timely and professional manner, and at no cost to Provider, assistance,

cooperation, complete and accurate information and data, equipment, access to applicable computer

and telecommunications facilities, networks, firewalls, servers, programs, files, documentation,

passwords, a suitable work environment, and other resources requested by Provider to enable it to

perform the Services (collectively, “Assistance”). Provider shall not be liable for any deficiency in

performing the Services if such deficiency results from Client’s failure to provide full Assistance as

required hereunder. Assistance includes, but is not limited to, designating a project manager or

contact person to interface with Provider during the course of Services.

Software Licensing

Unless specifically otherwise agreed to in an applicable Order, Client represents and warrants that

Client has title to or has a license or the right to use or modify the Software and has a license or right

to permit Provider to use, access or modify any software that Client has requested Provider to use,

access or modify as part of the Services.

It is the Client’s responsibility to independently ensure that ALL software in use by Client is properly

licensed, and Client agrees to maintain records of applicable licenses. Provider will not promote the

use of, or knowingly support software which is not properly licensed by Client.

Assistance with software audits or licensing compliance matters are billable at Provider’s then-prevailing hourly rates.

Unsupported Software

Provider shall not be responsible or liable to Client for any consequences from the use of software no

longer under manufacturer product support or no longer supported by the software publisher

(“Unsupported Software”). THEREFORE, CLIENT AGREES TO HOLD PROVIDER HARMLESS

FROM ANY LOSS, INJURY OR DAMAGE TO CLIENT OR ANY HARDWARE, SOFTWARE,

AND/OR COMPUTER DATA OF CLIENT CAUSED BY ANY USE OF UNSUPPORTED

SOFTWARE.

Provider Access

Client shall supply Provider necessary access to its personnel, appropriate documentation and records

and facilities in order for Provider to timely perform the Services.

Broadband Internet access must be provided. Provider must be provided with remote access (via

VPN or other reasonable remote access) to covered equipment. Appropriate cabling to all covered

computers and devices must be provided. Appropriate air conditioning and ventilation for all covered

computers and devices must be provided, in order to maintain temperature and air quality as

specified by the applicable hardware manufacturers. Power surge protection must be provided for all

covered computers and devices. Provider must be allowed convenient and timely access to the

Equipment covered under this Agreement, adequate working space and facilities within a

reasonable distance of the equipment, and access to and use of all information, internal resources,

and facilities determined necessary to service the equipment.

Client may be required to conduct preliminary diagnostic steps or provide additional information

related to a support request, prior to a technician being dispatched to Client's facility. Client must

agree to assign one employee to be liaison or contact person to Provider in order to make

communications between both parties effective.

Remote Access

Client grants to Provider the explicit right to remotely access Client’s network systems without the

need to obtain expressed permission or consent each time remote access is established.

Third-Party Service Provider Fees

Unless expressly undertaken by Provider in writing, Client is responsible for any Third-Party Service

Provider service fees, charges and to arrange for disconnection or termination and payment of

charges related to the disconnection or termination of any related services with Client’s current

carrier(s) or service provider(s).

Network Security and Malicious Events

Unless specifically otherwise agreed to in an applicable Order, it is Client’s sole responsibility to

determine whatever actions deemed necessary to make Client’s data and voice networks and

circuits secure from unauthorized access. Hardware firewall must be in place. Wireless data traffic in

the environment must be securely encrypted. Provider is not responsible for the security of Client’s

network and circuits from third parties, or for any damages that may result from any unauthorized

access to Client’s network.

Client has an affirmative obligation to protect Client’s network environment, and to train its

employees for spam, malware, phishing, virus protection, and prevention from criminal acts of third

parties. Provider is not responsible for criminal acts of third parties, including but not limited

to hackers, phishers, crypto-locker, and any network environment subject to ransom.

If a security system for Client’s network is included within the Services to be provided by Provider,

Provider agrees to use commercially reasonable efforts to protect Client’s network from malicious

attack by computer viruses, computer worms and/or computer hackers (collectively, “malicious

activities”). However, Client understands that no security system can guaranty complete protection

against malicious activities as such attacks often involve the intentional action by third parties to

invade and injure computer systems. THEREFORE, UNLESS CAUSED BY PROVIDER’S

NEGLIGENCE OR WILLFUL MISCONDUCT, CLIENT AGREES TO HOLD PROVIDER

HARMLESS FROM ANY LOSS, INJURY OR DAMAGE TO CLIENT OR ANY HARDWARE,

SOFTWARE, AND/OR COMPUTER DATA OF CLIENT CAUSED BY SUCH MALICIOUS

ACTIVITIES.

Third-Party Criminal Activity

Provider is not responsible for criminal acts of third parties, including but not limited to intrusions or

unauthorized access of any kind, hackers, phishers, crypto-locker, and any network environment

subject to ransom. CLIENT AGREES TO HOLD PROVIDER HARMLESS FOR ANY ACTIVITY

AFFECTING NETWORK SECURITY ON CLIENT’S ENVIRONMENT RELATED TO THIRD-PARTY

CRIMINAL ACTIVITY, NETWORK SECURITY OR PRIVACY.

Any costs or fees to rebuild or service machines will be billed at provider’s then-prevailing hourly rates.

Theft of Service

Client shall notify Provider immediately, in writing, by electronic mail or by calling the Provider

customer support line, if Client becomes aware at any time that the Services are being stolen or used

fraudulently. Failure to do so in a timely manner may result in the immediate termination of the

Services and additional charges to billed to Client. Client will be liable for all use of the Service using

Equipment stolen from Client and any and all stolen Service or fraudulent use of the Services.

Credits will not be issued for charges resulting from fraud that arises out of third parties hacking into

any Equipment. This includes, but is not limited to, modem hijacking, wireless hijacking or other fraud

arising out of a failure of Client’s internal/corporate procedures. Provider will not issue credit for

invoiced charges for fraudulent use resulting from Client’s negligent or willful acts or those of an

authorized user of Client’s service. THEREFORE, CLIENT AGREES TO HOLD PROVIDER

HARMLESS FROM ANY LOSS, INJURY OR DAMAGE TO CLIENT OR ANY THEFT OF SERVICE

AND OR CLIENT CAUSE BY SUCH THEFT OF SERVICE.

Hardware Equipment

Client Equipment must be in working order and maintained under a manufacturer’s warranty or

maintenance contract. Provider is not responsible for client equipment that is not maintained under

manufacturer’s warranty or maintenance contract or that is otherwise out of order. All Service Fees

assume equipment is under manufactures warranty or maintenance contract or is in working order.

Provider in its reasonable opinion and supported by manufacturer information, may designate certain

equipment as obsolete or defective, and therefore exclude it from coverage under this Agreement.

Physical Security

Client is responsible for the physical security of its on-premises hardware and software systems.

Independent Backup

Unless specifically otherwise agreed to in an applicable Order or Service Attachment, Client must

maintain an independent backup of all files that are sent to either the cloud or a data backup service.

A backup solution must be in place, with backup copies stored off-site. It is the Client’s responsibility

to verify that backups are made regularly, as well as the integrity of the backups. Provider shall not

be held liable in the event of data loss, backup software failure, backup selection, backup hardware

failure, backup media failure, or backup system failure even in the event that Provider was tasked to

perform the backups. Client will be solely responsible for all lost data.

Malware

An anti-malware solution must be in place, updated, with valid update subscription. Provider is not

responsible for any harm that may be cause by Client’s access to third party application programming

interfaces or the execution or transmission of malicious code or similar occurrences, including without

limitation, disabling devices, drop dead devices, time bombs, trap doors, Trojan horses, worms,

viruses and similar mechanisms. Any costs or fees to rebuild or service machines are provided and

sold separately by Provider.

Hardware and Software Configurations

All Hardware and Software Configurations implemented by Provider shall belong to Provider, and

shall constitute Provider’s Confidential Information.

Client Data Security & Privacy

In addition to its other confidentiality obligations under an applicable Service Attachment, Provider

shall not use, edit or disclose to any party other than Client any Client Data (defined below), except

as otherwise requested by Client, or required by court order or applicable law. For purposes of this

provision, all data stored on the virtualized machines assigned to Client, including locally stored

personal data of individual employees, will be considered Client Data by Provider.

As between Provider and Client, all Client Data is owned exclusively by Client. Client Data

constitutes Confidential Information subject to the Terms. Provider may access Client's User

accounts, including Client Data, solely to respond to service or technical problems or otherwise at

Client's request.

Security and Regulatory Recommendations

Although it is under no obligation to do so, from time to time, Provider may make recommendations

regarding regulatory compliance, safety and security related to Client’s network and practices (e.g.,

multi-factored authentication). If Client fails to adopt or implement the recommended protocols, Client

is responsible for any and all damages related to regulatory, security, privacy, or data protection,

including but not limited to fines, data breach notification, malware or ransomware costs, restoration,

forensic investigation, restoring backups, or any other costs or damages related to Client’s refusal to

implement the recommended protocols.

Password-Management Services

If Provider provides password management services to Client, Client shall be responsible and liable

for any unauthorized use of passwords. THEREFORE, CLIENT AGREES TO HOLD PROVIDER

HARMLESS FROM ANY LOSS, INJURY OR DAMAGE TO CLIENT OR ANY THEFT OF

PASSWORDS CAUSED BY SUCH USE OF THE PASSWORD SERVICES BY CLIENT.

PROVIDER REPRESENTATIONS AND WARRANTY

Internal Network Security Compromise Policy

Provider monitors the availability and performance of its internal firewall and network security. This

process involves monitoring for intrusion attempts and potential security breaches. In order to

minimize a possible compromise of security, all services and applications exposed to the Internet on

Provider's servers are updated with all commonly available security hotfixes and best practices. As

appropriate, Provider proactively evaluates, investigates and reports security- related incidents to the

appropriate authorities. Provider also monitors and proactively manages the anti-virus protection of

its servers and applications using industry-recognized anti-virus software systems.

Service Warranty

We warrant that the Services will be performed in a professional and workmanlike manner and as

described in an applicable Service Attachment or Description. All Services will be deemed to be

accepted unless Client notifies Provider in writing within ten (10) working days after performance that

the Services did not conform to this warranty. Provider promptly will correct any non-conformities

and will notify Client in writing that the non-conformities have been corrected.

DISCLAIMER OF WARRANTY

PROVIDER DOES NOT WARRANT THAT THE SERVICES WILL BE PERFORMED ERRORFREE OR UNINTERRUPTED, THAT PROVIDER WILL CORRECT ALL SERVICES ERRORS, OR

THAT THE SERVICES WILL MEET CLIENT’S REQUIREMENTS OR EXPECTATIONS, OR THAT

THE SERVICE WILL BE COMPLETELY SECURE. THERE ARE RISKS INHERENT IN INTERNET

CONNECTIVITY THAT COULD RESULT IN THE TEMPORARY LOSS OF SERVICE

AVAILABILITY. PROVIDER IS NOT RESPONSIBLE FOR ANY ISSUES RELATED TO THE

PERFORMANCE, OPERATION OR SECURITY OF THE SERVICES THAT ARISE FROM

CLIENT’S CONTENT OR THIRD-PARTY CONTENT OR SERVICES PROVIDED BY THIRD

PARTIES. PROVIDER SHALL HAVE NO OBLIGATION WITH RESPECT TO A WARRANTY

CLAIM (i) IF NOTIFIED OF SUCH A CLAIM AFTER THE WARRANTY PERIOD OR (ii) IF THE

CLAIM IS THE RESULT OF THIRD-PARTY HARDWARE OR SOFTWARE FAILURES, OR THE

ACTIONS OF CLIENT OR A THIRD PARTY.

FOR ANY BREACH OF THE SERVICES WARRANTY, CLIENT’S EXCLUSIVE REMEDY AND

PROVIDER’S ENTIRE LIABILITY SHALL BE THE CORRECTION OF THE DEFICIENT SERVICES

THAT CAUSED THE BREACH OF WARRANTY, OR, IF PROVIDER CANNOT SUBSTANTIALLY

CORRECT THE DEFICIENCY IN A COMMERCIALLY REASONABLE MANNER, CLIENT MAY

END THE DEFICIENT SERVICES AND PROVIDER WILL REFUND TO CLIENT THE FEES FOR

THE TERMINATED SERVICES THAT CLIENT PRE-PAID TO PROVIDER FOR THE PERIOD

FOLLOWING THE EFFECTIVE DATE OF TERMINATION.

TO THE EXTENT NOT PROHIBITED BY LAW, CLIENT ACKNOWLEDGES THESE WARRANTIES

ARE EXCLUSIVE AND THERE ARE NO OTHER EXPRESS OR IMPLIED WARRANTIES OR

CONDITIONS BY THE PROVIDER OR ANY THIRD-PARTY VENDORS’ INCLUDING FOR

SOFTWARE, HARDWARE, SYSTEMS, NETWORKS OR ENVIRONMENTS OR FOR

MERCHANTABILITY, SATISFACTORY QUALITY AND FITNESS FOR A PARTICULAR

PURPOSE, AND THAT THOSE THIRD-PARTY VENDORS DISCLAIM ANY AND ALL LIABILITY,

WHETHER DIRECT, INDIRECT OR CONSEQUENTIAL, ARISING FROM THE SERVICES.

PROVIDER MAY LINK TO OR OFFER THIRD-PARTY SERVICES FOR RESALE. ANY

PURCHASE, ENABLING, OR ENGAGEMENT OF THIRD-PARTY SERVICES, INCLUDING BUT

NOT LIMITED TO IMPLEMENTATION, CUSTOMIZATION, CONSULTING SERVICES, E-MAIL,

WEB HOSTING, SERVER HOSTING, PHONE SERVICE, AND ANY EXCHANGE OF DATA

BETWEEN CLIENT AND ANY THIRD-PARTY SERVICE, IS SOLELY BETWEEN

CLIENT AND THE APPLICABLE THIRD-PARTY SERVICE PROVIDER AND IS SUBJECT TO THE

TERMS AND CONDITIONS OF SUCH THIRD-PARTY PROVIDER. PROVIDER DOES NOT

WARRANT THIRD-PARTY SERVICES AND IS NOT RESPONSIBLE OR LIABLE FOR SUCH

SERVICES OR ANY LOSSES OR ISSUES THAT RESULT FROM CLIENT’S USE OF SUCH

SERVICES. IF CLIENT PURCHASES, ENABLES OR ENGAGES ANY THIRD-PARTY SERVICE

FOR USE IN CONNECTION WITH THE SERVICES, CLIENT ACKNOWLEDGES THAT PROVIDER

MAY ALLOW THIRD-PARTY SERVICES PROVIDERS TO ACCESS CLIENT DATA USED IN

CONNECTION WITH THE SERVICES AS REQUIRED FOR THE INTEROPERATION OF SUCH

THIRD-PARTY SERVICES WITH THE SERVICES. CLIENT REPRESENTS AND WARRANTS

THAT CLIENT’S USE OF ANY THIRD-PARTY SERVICE SIGNIFIES CLIENT’S INDEPENDENT

CONSENT TO THE ACCESS AND USE OF CLIENT’S DATA BY THE THIRD-PARTY SERVICE

PROVIDER, AND THAT SUCH CONSENT, USE, AND ACCESS IS OUTSIDE OF PROVIDERS’S

CONTROL. PROVIDER WILL NOT BE RESPONSIBLE OR LIABLE FOR ANY DISCLOSURE,

MODIFICATION OR DELETION OF DATA RESULTING FROM ANY SUCH ACCESS BY THIRDPARTY SERVICE PROVIDERS.

COMPLIANCE WITH LAWS

Provider shall comply with all laws applicable to Provider in its role as a Managed IT Provider. For

the avoidance of doubt, unless otherwise provided in a separate Data Processing Agreement

(“DPA”), Provider is not responsible for complying with the laws applicable to Client or Client’s

industry. Client shall comply with all laws applicable to Client or in Client’s industry.

Although it is under no obligation to do so, from time to time, Provider may make recommendations

regarding legal requirements and regulatory compliance protocols related to Client’s network and

practices. If Client fails to adopt or implement the recommended legal requirements or regulatory

compliance protocols, Client is responsible for any and all damages related to legal and regulatory

compliance. Even if Client does take Provider’s advice regarding legal requirements and regulatory

compliance protocols, Provider does not take responsibility for any legal requirements and

regulatory compliance protocols or audits.

NO HIRING

Neither party shall solicit, hire, employ, or otherwise pay any employee or contractor with whom it has

had contact in connection with the Services during the Term of this Agreement and for twelve (12)

months following termination of this Agreement.

Each party acknowledges that injury resulting from any breach of this provision would be significant

and irreparable and that it would be extremely difficult to ascertain the actual amount of damages

resulting from such breach. Therefore, in the event of a violation of this provision, in addition to any

other right the non-hiring party may have at law or in equity, the hiring party shall make a one-time

payment to the non-hiring party in the amount of one hundred percent (100%) of the payments to the

employee or contractor over the previous 12-month period, which accurately reflects the reasonable

value of the employee’s time and costs. The parties agree that such amount is not intended as a

penalty and is reasonably calculated based upon the projected costs the injured party would incur to

identify, recruit, hire and train suitable replacements for such personnel.

DISPUTE RESOLUTION

Arbitration Procedures

Each party shall attempt to settle amicably by mutual discussions any disputes, differences, or claims

related to this Agreement within sixty (60) days of the date any such dispute arises.

Failing such amicable settlement, any such dispute, including claim related to the existence, validity,

interpretation, performance, termination or breach of this Agreement, is to be settled by arbitration in

accordance with the Arbitration Rules of the International Centre for Dispute Resolution (ICDR). The

arbitration will be conducted in English and will have one (1) arbitrator. The Arbitrator will not have

the authority to award punitive damages to either party. Each party will bear its own expenses, but

shall share equally the expenses of the Arbitration Tribunal and the AAA. Any arbitration award will

be final, and judgment thereon may be entered in any court of competent jurisdiction. The

arbitration will be held in Ottawa, Ontario, or at another location upon which the parties may agree.

Notwithstanding the foregoing, claims for preliminary injunctive relief, other pre-judgment

remedies, and claims for Client’s failure to pay for Services may be brought in a provincial or

federal court in Canada with jurisdiction over the subject matter and parties.

Period for Bringing Claim

No claims may be made more than six (6) months after the date by which the fault or failure should

reasonably have been discovered; failure to make such a claim within the six (6) month period shall

forever bar the claim.

Continued Service

Unless Provider is bringing an action for Client’s failure to make payments for Services not otherwise

in dispute, Provider will continue to provide Services under this Agreement, and Client shall continue to

make payments to us, in accordance with this Agreement, during the period in which the parties seek

resolution of the dispute.

Attorneys’ Fees

In the event that there is any dispute, difference, or claim related to this Agreement that is resolved

either through arbitration or through litigation, the prevailing party will be entitled to an award of

reasonable attorneys’ fees incurred while defending or prosecuting such dispute, difference, or claim.

INDEMNIFICATION

By Client

Client shall defend, indemnify and hold Provider harmless against all costs and expenses, including

reasonable attorney’s fees, associated with the defense or settlement of any claim that:

• Provider’s use, access or modifications of any software that Client has requested that

Provider use, access or modify as part of the Services infringes any patent, copyright,

trademark, trade secret or other intellectual property right;

• Any claim related to software licensing and software licensing compliance; or

• Any claim related to any federal, provincial, or international law or regulation involving data

privacy, data protection, or data breach to which Client is subject.

Client shall pay any judgments or settlements based on any such claims.

By Provider

Subject to the limitation of liability set forth in the section titled LIMITATION OF LIABILITY, Provider

agrees to indemnify and hold Client harmless from and against all loss, liability, and expense

including reasonable attorney’s fees caused by Provider’s:

• negligent act, error, omission, or misrepresentation;

• breach of any contractual term implied by law;

• other act, error or omission giving rise to civil liability arising out of business activities

performed for Client.

Provider shall pay any judgments or settlements based on any such claims.

LIMITATION OF LIABILITY

EXCEPT AS MAY BE DESCRIBED IN AN APPLICABLE SERVICE DESCRIPTION OR IN A

SERVICE AGREEMENT FOR PROJECT SERVICES, PROVIDER’ LIABILITY UNDER THIS

AGREEMENT IS LIMITED TO ANY ACTUAL, DIRECT DAMAGES INCURRED BY CLIENT AND

WILL NOT EXCEED THE GREATER OF (1) THE PROCEEDS OF ANY PROVIDER’S

PROFESSIONAL LIABILITY INSURANCE MAINTAINED BY PROVIDER UNDER ITS

APPLICABLE INSURANCE POLICIES, OR (2) THE AMOUNTS PAID BY CLIENT TO PROVIDER

UNDER THIS AGREEMENT AND ALL SCHEDULES OF SERVICES DURING THE SIX (6)

MONTH PERIOD IMMEDIATELY PRECEDING THE ACCRUAL OF ANY SUCH CLAIM. IN THE

EVENT OF AN INSURANCE COVERAGE DISPUTE, PROVIDER IS NOT REQUIRED TO

DISPUTE THE COVERAGE DETERMINATION AND IS NOT REQUIRED TO FILE A

DECLARATORY JUDGMENT ACTION.

IN NO EVENT IS EITHER PARTY TO BE HELD LIABLE TO THE OTHER PARTY FOR ANY

INCIDENTAL, CONSEQUENTIAL, SPECIAL, INDIRECT OR PUNITIVE DAMAGES OR CLAIMS,

INCLUDING BUT NOT LIMITED TO LOST PROFITS, LOST SAVINGS, LOST PRODUCTIVITY,

LOSS OF DATA, LOSS FROM INTERRUPTION OF BUSINESS, LOSS OF PROGRAMS OR

INFORMATION, AND THE LIKE THAT RESULT FROM THE USE OR INABILITY TO USE THE

SERVICES OR FROM MISTAKES, THE SERVICES NOT MEETING CLIENT’S REQUIREMENTS

OR EXPECTATIONS, OMISSIONS, TRANSLATIONS AND SYSTEM WORDINGS,

FUNCTIONALITY OF FILTERS, MIGRATION ISSUES, INTERRUPTIONS, DELETION OF FILES

OR DIRECTORIES, HARDWARE FAILURES, UNAVAILABILITY OF BACKUPS, ERRORS,

DEFECTS, DELAYS IN OPERATION,

TRANSMISSION, SECURITY BREACH, OR THIRD-PARTY SERVICE FAILURES, EVEN IF

PREVIOUSLY ADVISED OF THEIR POSSIBILITY AND REGARDLESS OF WHETHER THE

FORM OF ACTION IS IN CONTRACT, TORT OR OTHERWISE. PROVIDER WILL NOT BE

LIABLE FOR ANY KIND OF AUTHORIZED ACCESS OR ANY HARM THAT MAY BE CAUSED

BY CLIENT’S ACCESS TO THIRD PARTY APPLICATION PROGRAMMING INTERFACES OR

THE EXECUTION OR TRANSMISSION OF MALICIOUS CODE OR SIMILAR OCCURRENCES,

INCLUDING WITHOUT LIMITATION, DISABLING DEVICES, DROP DEAD DEVICES, TIME

BOMBS, LOGIC BOMBS, TRAP DOORS, TROJAN HORSES, WORMS, VIRUSES, HACKERS,

PHISHERS, CRYPTO-LOCKERS, RANSOMWARE, AND SIMILAR MECHANISMS. CLIENT

AGREES THAT THE TOTAL LIABILITY OF PROVIDER AND CLIENT’S SOLE REMEDY FOR

ANY CLAIMS FOR DAMAGES REGARDING THE SERVICES UNDER THIS AGREEMENT,

INCLUDING ANY SCHEDULE, OR OTHERWISE IS LIMITED TO PROCEEDS IN SECTION

APPLICABLE INSURANCE COVERAGE.

CLIENT ACKNOWLEDGES AND AGREES THAT PROVIDER WOULD NOT ENTER INTO THIS

AGREEMENT FOR THE CONSIDERATION GIVEN BY CLIENT BUT FOR THE LIMITATIONS OF

LIABILITY AND DAMAGES CONTAINED IN THIS AGREEMENT. CLIENT ACKNOWLEDGES AND

AGREES THAT THE RIGHT TO RECEIVE THE SERVICES IN EXCHANGE FOR THE

LIMITATIONS IN THIS AGREEMENT AND THE OTHER CONSIDERATION GIVEN BY CLIENT

FOR THE SERVICES CONSTITUTES A BARGAIN THAT IS FAIR AND REASONABLE.

INSURANCE

Client Obligations: Client shall maintain a minimum of One Million Dollars (CAD $1,000,000) in

insurance coverage through its respective carriers. Such insurance must include, at a minimum,

commercial general liability, workers compensation coverage, and first-party cyber liability.

Provider Obligations: Provider agrees to maintain during the Term, professional liability insurance

including errors and omissions with aggregate limits of at least One Million Dollars (CAD $1,000,000).

Client’s insurance shall be primary over Provider’s insurance. Client agrees to waive and to require

its insurers to waive any rights of subrogation or recovery they may have against Provider, its agents,

officers, directors and employees.

Upon request by Client, Provider may assist Client with: 1) the preparation of applications for

insurance; or 2) provide technical assistance to Client in connection with providing information for the

underwriting of insurance. Client acknowledges and agrees that Client is solely responsible for

reviewing the information for accuracy and Client will be solely responsible for adverse actions taken

by insurance carriers in connection with underwriting or claims administration.

DATA PRIVACY & PROTECTION

Client Data

Provider agrees that any electronic data or personal information submitted by Client to Provider as a

part of the Service (“Client Data”) remains the property of Client and/or its end user or other third party.

Provider agrees that it will comply with all applicable Canadian data privacy and data security laws that

the Services are subject to and as stated herein.

Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”) of 2004

Client agrees not to provide any data to Provider subject to the PIPEDA without first entering into an

appropriate Order with Provider that specifically references PIPEDA.

General Data Protection Regulation (“GDPR”) & United Kingdom Data Processing

Client agrees not to provide any data to Provider from any data subject of the European Union or the

United Kingdom that is regulated under the General Data Protection Regulation (“GDPR”) or similar

data protection regulation without first entering into an appropriate Order with Provider that

specifically references GDPR.

Data Processing Agreement

For Clients who require the processing of PIPEDA, AHA, GDPR, or United Kingdom data processing

or similar data privacy and/or data protection regulation, Client must enter into an applicable Order with

Provider that specifically references the regulation.

GENERAL

Observed Holidays

Provider reserves the right to identify observed holidays and adjust its holiday schedules from time

to time. When a holiday falls on a weekend, Provider may close on the closest business day in

observance of that holiday. After-hours emergency support is still available during these times, and

Client will be charged for Services at Provider’s then-prevailing Holiday support rates.

Notices

Except as otherwise provided under this Agreement, all notices, demands or requests to be given by

any party to the other party shall be in writing and shall be deemed to have been duly given on the

date delivered in person, or sent via fax, courier service, electronic mail, or on the date of the third

business day after deposit, postage prepaid, in the Canada Post, and addressed as set forth on the

applicable Order.

The address to which such notices, demands, requests, elections or other communications are to be

given by either party may be changed by written notice given by such party to the other party

pursuant to this Section.

Force Majeure

Provider will not be liable for any failure of performance of the Services due to causes beyond its

reasonable control, including, but not limited to, fire, flood, electric power interruptions, national or

regional emergencies, epidemics, pandemics, public health emergencies, stay-at- home orders,

furloughs, quarantines, or other restriction or prohibition, civil disorder, acts of terrorism, riots,

strikes, Acts of God, or any law, regulation, directive, or order of the Canadian government, or any

other governmental agency, including provincial and local governments having jurisdiction over

Provider or the Services provided hereunder (the “Affected Performance”).

Any party whose performance is so affected shall give written notice to the other party describing the

Affected Performance. The parties promptly shall confer, in good faith, to agree upon equitable,

reasonable action to minimize the impact on both parties of such condition. If the delay caused by the

force majeure event lasts for a period of more than thirty (30) days, the parties shall attempt to

negotiate an equitable modification to the Agreement pertaining to the Affected Performance. If the

parties are unable to agree upon an equitable modification, then either party may serve thirty (30)

days’ written notice of termination on the other party with respect only to the portion of the Agreement

relating to the Affected Performance. Client shall pay Provider for that portion of the Affected

Performance that was completed or that was in the process of being completed through the effective

termination date of the Affected Performance.

Waiver

No delay in exercising, no course of dealing with respect to, and no partial exercise of, any right or

remedy hereunder will constitute a waiver of any right or remedy, or future exercise thereof.

Assignment

Neither party may assign this Agreement, in whole or in part, or any of its rights or obligations

hereunder without the prior written consent of the other party. However, Provider may assign or

otherwise transfer its rights, interests and obligations under this Agreement without Client’s consent

in the event of a change in control of 50% or more of the equity of Provider, the sale of substantially

all the assets of Provider, or the restructuring or reorganization of Provider or its affiliate entities. If

Client transfer its rights, interests and obligations under this Agreement without Provider consent

then such assignment will not be valid, and Client shall remain responsible for all Fees under this

Agreement and any Attachment regardless of whether Client continues to derive any benefit from the

Services. In addition, unless otherwise agreed, Provider may contract with third parties to deliver

some or all of the Services, and no such third-party contract is to be interpreted as an assignment of

this Agreement. However, Provider will use commercially reasonable efforts to ensure that any and

all such third parties abide by all of the terms of this Agreement, and, except as otherwise agreed,

Provider will remain solely responsible for the fulfillment of all of Provider’s obligations under this

Agreement. This Agreement is binding upon the parties, their successors and permitted assigns.

Marketing

Client hereby grants Provider the right to reference Client’s name, industry, logo, and URLs in its

marketing literature, website, and/or correspondence to potential new clients, so as to identify Client

as a customer of Provider for marketing purposes and for Provider’s benefit. Such information is not

considered Confidential Information subject to non-disclosure.

Notifications and Alerts

Client hereby grants Provider the right to utilize Client information to send alerts, notifications, news,

and general correspondence to Client to provide the Services.

Survival

The parties’ respective duties and obligations with respect to proprietary rights, intellectual property

rights, and non-disclosure and confidentiality will survive and remain in effect, notwithstanding the

termination or expiration of this Agreement.

Amendment

Provider may, from time to time, in its sole discretion, and for any reason, amend the Order, the

Master Services Agreement and any Service Attachments other Schedule of Services posted on

Provider’s web page. However, the Master Services Agreement and Service Attachments in effect

as of the date that Client signed the Order are the agreements that will govern the relationship until

this Agreement expires or one of the parties terminates it. This Agreement may be modified or

amended only by a writing signed by both parties.

Governing Law

This MSA is to be governed by and construed in accordance with the laws of Ontario, Canada

Litigation Holds, Testimony, and E-Discovery

If Client sends a clear, unambiguous litigation hold or a request for assistance with litigation matters

or e-discovery, Provider will make reasonable efforts to comply with the request. There may be

additional fees for assistance with litigation holds, testimony, and e-discovery requests, as none are

included in the scope of Services. Provider takes no responsibility for ambiguous requests, or for

compliance with litigation holds, litigation assistance, discovery requests, or court orders, which

remain the sole responsibility of Client.

Severability

If any term or provision of this agreement is declared invalid by a court of competent jurisdiction, the

remaining terms and provisions will remain unimpaired, and the invalid terms or provisions are to be

replaced by such valid terms and provisions that most nearly fulfill the parties’ intention underlying the

invalid term or provision.

Third-Party Beneficiaries

This Agreement is for the sole benefit of the parties hereto and their respective successors and

permitted assigns, and nothing herein is to be construed to give any person or entity, other than the

parties hereto and their respective successors and permitted assigns, any legal or equitable rights

hereunder.

No Disparagement

Neither Party, nor any of its respective partners, principals, shareholders, members, officers,

directors, employees, affiliates, subsidiaries, agents, or representatives, shall initiate or participate in

any action or conduct tending to injure, bring into disrepute, ridicule, damage, or destroy the goodwill

of Provider or Client, or the others affiliates. The foregoing shall not be construed to prevent or

prohibit a Provider or Client, or any of its respective partners, principals, shareholders, members,

officers, directors, employees, affiliates, subsidiaries, agents, or representatives, from: (i) exercising

its rights under this Agreement; (ii) complying with a legal obligation or a professional responsibility;

or, (iii) reporting, providing, or disclosing information to federal, provincial, municipal, or local

government agencies, authorities, or officials in the ordinary course of business or as required by

law. Further, in the event Provider or Client or any of its respective partners, principals, shareholders,

members, officers, directors, employees, affiliates, subsidiaries, agents, or representatives breach

this Section, the non-breaching party and its respective partners, principals, shareholders, members,

officers, directors, employees, affiliates, subsidiaries, agents, and representatives shall no longer be

bound by the obligations set forth under this Section.

Entire Agreement

This Master Services Agreement, the Order, the Service Attachments or Descriptions, and any other

attachments thereto (collectively, the “Agreement”) set forth Provider’s entire understanding with

respect to the subject matter hereof and are binding upon both parties, their successors, and their

permitted assigns, in accordance with the terms of the Agreement. There are no understandings,

representations or agreements other than those set forth herein. Each party, along with its

respective legal counsel, has had the opportunity to review this agreement. Accordingly, in the event

of any ambiguity, such ambiguity will not be construed in favor of, or against either party.