ASSIGNMENT OF RIGHTS

AND ACKNOWLEDGEMENT
OF CONFIDENTIALITY OBLIGATIONS
(“ASSIGNMENT AND ACKNOWLEDGEMENT”)

MoneyGram Payment Systems, Inc. (“MPSI”) has entered into the Agreement and associated
Statements of Work with (“Supplier”), dated , 20 , (the “Consulting Services
Documents”) wherein Supplier agrees to provide individuals to perform certain services for
MPSI and entities controlling, controlled by or under common control with MPSI (collectively
“Customer”).

Supplier has requested that you (“Representative” or “you”) perform certain services which
Supplier is obligated to perform under the Consulting Services Documents.

According to the Consulting Services Documents, before you are permitted access to Customer’s
facilities and/or information and/or to perform services under the Consulting Services
Documents, Customer requires that you agree to an Assignment of Rights as set forth below and
acknowledge that the obligations of confidentiality as set forth in the Consulting Services
Documents apply to you and you agree to adhere to them.

In consideration of Customer permitting you access to Customer’s facilities, systems and/or

information and/or to perform services under the Consulting Services Documents and other good
and valuable consideration, the receipt of which is acknowledged, you agree:

1. To assign all rights and interests in development materials, consulting services,

documentation and any and all other deliverables (collectively the “Deliverables”); Created
Works (as hereinafter defined); and other materials which may be created as a result of the
performance of services under the Consulting Services Documents, including any and all
copyright and patent rights.

2. You agree to promptly disclose any and all materials, ideas, inventions, discoveries and
improvements (whether patentable or not), that are developed, made conceived or reduced to
practice by you, solely or jointly with others, that are related to the performance of services
under the Consulting Services Documents. You further agree to assign to Customer all
right, title and interest in such materials and developments, including, but not limited to,
object code, source code and documentation, and all concepts and designs, inventions, ideas,
discoveries, “know how,” creations, works, processes, methods and works of authorship
created by you in rendering services under the Consulting Services Documents, and all shall
be the exclusive property of Customer (collectively the “Created Works”). You hereby
assign all rights in the Created Works, including without limitation, all patent rights, mask
work rights, copyrights and trade secret rights to Customer. All originals and copies of such
Created Works shall be provided to Customer upon Customer’s request or the termination or
expiration of the Consulting Services Documents. Notwithstanding the foregoing, you or
the Supplier, as the case may be, shall retain unrestricted rights to any pre-existing code
portions (including enhancements made thereto during the course of this work effort)
included in any software furnished to Customer, provided that you shall identify such pre-
 existing code prior to incorporating it into any Deliverable or Created Work, and provided
that Customer shall be deemed to have an unrestricted license to use such code.

3. You acknowledge that you have read the confidentiality provisions contained in the
Consulting Services Documents, reproduced below, they apply to you as a Representative of
Supplier and agree to adhere to them. Customer acknowledges that the you will be immune
from liability for disclosing Confidential Information (i) to law enforcement or an attorney
in confidence for the purpose of reporting or investigating a suspected violation of law, (ii)
in a lawsuit or other proceeding that is made under seal, or (iii) to your attorney in an anti-
retaliation lawsuit if the Confidential Information is filed under seal and is not disclosed
except by court order.

4. Confidential Information.

4.1 CONFIDENTIAL INFORMATION. In connection with the performance of the

Agreement, the Parties have furnished or may in the future furnish to the other
certain proprietary, non-public, confidential trade secret, and other such information.
The term “Confidential Information” includes all such information of the Parties,
their predecessors-in-interest, or their affiliates, now in existence or hereafter
created. Confidential Information includes the following:

(a) All customer-related information of the Customer, including but not limited
to, account numbers, account balances, and personally identifiable data;

(b) All personally identifiable data of Customer’s agents or business partners,

including but not limited to, account numbers, account balances and financial
information;

(c) All information marked as “confidential” or with similar designation or

otherwise treated as confidential and that which would be reasonably
understood to be confidential;

(d) All information protected by rights embodied in copyrights, whether

registered or unregistered, or pending unpublished patent applications, “know
how,” trade secrets, and any other intellectual property rights of the Parties;

(e) All proprietary business, financial or technical information of the Parties or

their affiliates and any of their respective customers, agents, business
partners or vendors (including, but not limited to, customer lists, customer
financial information and software licensed from third parties or owned by
the Parties or their affiliates); and

(f) Each Party’s marketing philosophy and objectives, promotions, markets,

customer information, materials, financial results, technological
developments and other similar confidential and or proprietary information
and materials.
4.2 Exclusions to Confidential Information. Notwithstanding the foregoing, and except
to the extent protected by copyright, patent, or trademark law and with the exception
of Confidential Information described in Section 4.1 (a) and (b) above, Confidential
Information shall not include any portion of such information which the other Party
can establish by clear and convincing evidence to have:

(a) become publicly known without breach of the Agreement; or

(b) been known by the other Party without any obligation of confidentiality,
prior to disclosure of such Confidential Information to the other Party; or

(c) been received in good faith by the other Party from a third-party source
having the right to disclose such information.

4.3 Limited Use of Confidential Information. The Parties may use the Confidential
Information only for the purpose of performance of their obligations under this
Agreement. Unless otherwise agreed to in writing between Customer and Supplier,
from and after the date of the Agreement, the Parties shall:

(a) not reproduce, copy, duplicate, divulge or use any Confidential Information,
or allow any Confidential Information to be reproduced, copied, duplicated,
divulged or used, except as expressly permitted herein;

(b) require that all persons, employees, agents, partners, consultants, contractors,
representatives of the Parties, and any other third parties (collectively, the
“Representatives”) who are permitted access to any Confidential
Information to agree to assume all of the same obligations regarding the
protection of the Confidential Information assumed by the Parties under the
Agreement;

(c) keep all Confidential Information in a physically secure place which will
prevent anyone, except the Representatives who are permitted access to the
Confidential Information to satisfy the purposes of the Agreement, from
using or disclosing any Confidential Information; and

(d) if required by a court or governmental agency having proper jurisdiction to

disclose any Confidential Information, the recipient of such request or order
shall promptly notify the owner of such Confidential Information of such
request and/or order so that the owner may seek an appropriate protective
order.

4.4 Breach of the Confidentiality Covenants. Compliance by Supplier with

requirements for use of Confidential Information shall not limit Supplier’s or its
Representatives liability for any breach of its confidentiality obligations herein. In
the event that Supplier or its Representatives breach the confidentiality covenants
 contained herein, Supplier recognizes that irreparable injury will result to Customer
or third parties entrusting Confidential Information to Customer, that Customer’s
remedy at law for damages will be inadequate, and that Customer will be entitled to
an injunction to restrain the continuing breach by Supplier or its Representatives, or
any other persons acting for or with Supplier. If Supplier is found, by a court of
competent jurisdiction, to have breached the confidentiality covenants contained
herein, Customer shall be further entitled to recover from Supplier:

(a) actual, reasonable and provable damages to Customers or its directors,

officers, employees or agents;

(b) any costs, losses or damages associated with any claims by third parties
against Customer;

(c) reasonable attorneys’ and other professionals’ fees and all other costs and
expenses incurred in connection with the enforcement of this Section; and

(d) any other rights and remedies with Customer may have at law or in equity.

4.5 Effect of Termination. Unless otherwise provided herein, upon expiration or

termination of the Agreement for any reason:

(a) the limited right to use the Confidential Information granted to each Party
under the Agreement will immediately terminate, and neither the Parties nor
will their Representatives have any further right to use any Confidential
Information in any way;

(b) Supplier shall immediately return to Customer, or destroy at Customer’s

request, any developed software in source code and object code forms and all
related documentation, all documents, drawings, models, apparatus, sketches,
designs, source code, object code and any other tangible items containing any
Confidential Information including all complete or partial copies, recordings,
abstracts, notes or reproductions of any kind made from or about such
tangible items or information contained therein; and

(c) Supplier shall provide to Customer written certification, made under oath,
that Supplier has returned or destroyed all of the items identified above to
Customer, upon Customer’s request.

4.6 DATA PRIVACY. Supplier acknowledges that Customer may be required to

comply with various privacy and security requirements, including but not limited to,
Title V of the Gramm-Leach-Bliley Act, Canada’s Personal Information Protection
and Electronic Documents Act (PIPEDA), the European Union Directive 95/46,
other legal directives across the world as well as any applicable industry standards
such as the Payment Card Industry Data Security Standards (“PCI DSS”),
(collectively “Privacy Laws”) pursuant to which Customer wishes to obtain certain
undertakings from Supplier with regard to the use and protection of non-public
personally identifiable information of Customer’s or its affiliates’ clients or
prospective clients or that of its agents or business partners (“Client Data”).
Customer agrees that it will use reasonable efforts to restrict Supplier’s access to
Client Data.

(a) Supplier Obligations. To effectuate compliance with the Privacy Laws,

Supplier agrees that it shall:

(i) comply with Privacy Laws when performing under the Agreement
and make commercially reasonable efforts to assist Customer to
comply and conform with applicable Privacy Laws, as amended from
time to time;

(ii) not disclose, directly or through an affiliate, Client Data to any other
person or entity, or third parties or make any use of Client Data,
except as contemplated by the Agreement, or as otherwise allowed or
required by law;

(iii) establish and maintain data security policies and procedures designed
to anticipate and protect the security and confidentiality of Client
Data against threats or hazards to the security or integrity of Client
Data and against the unauthorized access of Client Data;

(iv) require any Representatives who provide services to Supplier for

delivery to Customer, directly or indirectly, or who have access to
Client Data, to implement and administer an adequate information
protection program and to contractually require any such
Representative to comply with the security obligations contained
herein or in the Agreement, and

(v) upon request by Customer, delete any instances of, or return all
tangible forms of Client Data to Customer, and provide to Customer
written certification, made under oath, that Supplier has deleted all
instance of and/or returned all tangible forms of Client Data to
Customer.

(b) Nothing in Section 4.6(a) relieves Supplier from its primary liability to
Customer for its own or its Representatives’ action or inaction regarding the
obligations set forth in this Section 4.6.

(c) Unauthorized Access. Supplier will promptly inform Customer if the

confidentiality or security of Client Data has been or is suspected to have
been, disclosed, misused or compromised (“Security Breach”) and shall take
appropriate action to prevent further unauthorized access.
 (d) Notice of Breach of Data Privacy. Supplier shall cooperate with Customer in
investigating any Security Breach and in providing any notices and
information regarding such Security Breach to the subjects of the data,
appropriate law enforcement agencies, and government regulatory authorities
in accordance with Customer’s reasonable request and direction. To the
extent such unauthorized access was due to Supplier’s negligence, intentional
misconduct or breach of the Agreement, at Supplier’s expense and in
consultation with Customer, Supplier shall provide the subjects of the data
with access to credit monitoring services, credit protection services, credit
fraud alerts or similar services to which Customer, in its sole but reasonable
discretion, deems necessary, advisable or required by law to protect such
individuals.

(e) Suspicion of Violation. If Customer reasonably suspects that Supplier has

violated applicable Privacy Law or this Exhibit or the Agreement, Customer
may suspend, revoke or terminate rights to Client Data in its sole discretion
upon written notice to Supplier. Upon receipt of that notice, Supplier shall
(i) immediately stop accessing and/or accepting Client Data and (ii) as
promptly as practicable (but no later than thirty (30) calendar days after
receipt of such notice) return to Customer at Supplier’s sole expense, all
Client Data in its possession on a medium acceptable to Customer and
provide written certification thereof as set forth in Section 2.1(e) above.”

5. This Assignment and Acknowledgement is effective upon execution by you and you shall
remain obligated as set forth herein regardless of the termination or expiration of the
Consulting Services Documents or the termination of your relationship with Supplier.

6. This Assignment and Acknowledgement shall be governed by and construed and enforced in
accordance with the laws of the State of Texas, the venue for any action arising out of or
relating to this Assignment and Acknowledgement will be in a state or federal court sitting
within the State of Texas and you hereby consent and submit to the personal jurisdiction of
said courts for that purpose and hereby specifically waives any other jurisdiction.

By signing below and agreeing to provide services to Customer, you consent to the collection
use, disclosure, and transfer (including cross-border transfer) of your personal information as
described in our Privacy Notice, which is available on our website at
www.moneygram.com/privacy-notice, or by emailing us at
privacyprogramoffice@moneygram.com.
ACKNOWLEDGED AND AGREED TO THIS DAY OF , 20 .

By (Signature):

Name:

Residing at:

Date: