CONTRACTOR CONFIDENTIALITY AND NON-DISCLOSURE AGREEMENT

This Independent Contractor Confidentiality and Non-Disclosure Agreement (hereinafter referred to as

the “Agreement”) is entered into by and between Productive Playhouse, Inc. (referred to as the “Company”) and
the contractor whose name and signature appear below (referred to as the “Contractor”) in regard to the
following facts:

A. While performing services for the Company, Contractor has or will be exposed to
and/or provided with trade secrets (hereinafter referred to as “Trade Secrets”) and proprietary and confidential
information (hereinafter referred to as “Confidential Information”) relating to the operation of the Company’s
business and its clients or customers. The Company wishes to protect its Trade Secrets and Confidential
Information from unauthorized possession, use or disclosure, and to protect itself from unfair competition.
Accordingly, Contractor acknowledges that a part of the consideration Contractor is providing the Company in
exchange for his/her services for the Company is Contractor’s agreement to maintain the secrecy of the
Company’s Trade Secrets and Confidential Information in the manner provided herein. The parties agree that
the effective date of this agreement is _________________________. In consideration of the foregoing,
Contractor agrees as follows:

1. Third-Party Information and Data Security Policy. Contractor recognizes that Company
may have received and in the future may receive from third parties their confidential or proprietary information
subject to a duty on Company’s part to maintain the confidentiality of such information and to use it only for
certain limited purposes. Contractor agrees to hold all such confidential or proprietary information in the
strictest confidence and not to disclose it to any person or entity, or to use it except as necessary in carrying out
Contractor’s work for Company consistent with Company’s agreement with such third party, as provided in the
Data Security Policy attached hereto as Exhibit A and incorporated herein by reference (the “Data Security
Policy”).

2. Protection of the Company’s Trade Secrets and Confidential Information.

A. Definition of Trade Secrets. Contractor acknowledges and agrees that, while

performing services for the Company, he/she has or will be exposed to and/or provided with the Company’s
Trade Secrets. As defined by California law, “Trade Secrets” mean information, including a formula, pattern,
compilation, program, device, method, technique or process, that: (1) derives independent economic value,
actual or potential, from not being generally known to the public or to other persons or entities who can obtain
economic value from its disclosure or use and (2) is the subject of efforts that are reasonable under the
circumstances to maintain it secrecy. The Company’s Trade Secrets include, but are not limited to, the
following: the names and addresses of the Company’s customers and prospective customers (collectively
referred to herein as "Customers" and defined herein as all customers that the Company sells or actively solicits
to sell the goods and services provided by the Company) and all other confidential information relating to those
Customers, including but not limited to all information such as information on the profitability and/or profit
margins of the Company, the Company's customer lists and potential leads customer lists, any other information
relating to the Company's Customers that have been obtained or made known to Contractor solely as the result
of Contractor performing his/her services for the Company, price list, product list, styles list, design list, patterns
list, marking & grading list, materials list, subcontractors list, product information, profitability of the Company,
business plans, strategy plans, sales figures, sales reports, software developed by or for the benefit of the
Company and related data source code and programming information (whether or not patentable or registered

1
under copyright or similar statutes), information about the Company’s print systems and formulations,
sublimation print techniques, manufacturing, production and/or design techniques, inventions (whether
patentable or not), works of authorship, copyrighted software and/or other copyrighted materials created by or
for the benefit of the Company, personnel policies, the Company's marketing methods and related data,
Customer buying and selling habits and special needs, accounting/financial records (including, but not limited
to, balance sheets, profit and loss statements, tax returns, payable and receivable information, bank account
information and other financial reporting information), marketing strategies, unique methods and procedures
regarding pricing and advertising, the names of the Company's vendors and suppliers, information relating to
costs, sales or services provided to the Company by such vendors and suppliers, the prices the Company obtains
or has obtained for the Company's products or services, compensation paid to the Company's employees, and
other terms of employment, information regarding the Company's relations with its employees, information
regarding other employees or agents of the Company, or any other confidential information regarding the
manner of business operations and actual or demonstrably anticipated business, research or development of the
Company. Contractor acknowledges and agrees that the Company’s Trade Secrets are not generally known to
the public or to the Company’s competitors, were developed or compiled at significant expense by the Company
over an extended period of time, are the subject of the Company’s reasonable efforts to maintain their secrecy,
and that the Company derives significant independent economic value by keeping its Trade Secrets a secret.

B. Definition of Confidential Information. Contractor acknowledges and agrees that,

while performing services for the Company, he/she has or will be exposed to and/or provided with the
Company’s Confidential Information. “Confidential Information” means information belonging to the Company,
whether reduced to writing or in a form from which such information can be obtained, translated or derived into
reasonably usable form, that has been provided to Contractor during his/her work with the Company and/or
Contractor has gained access to while working for the Company and/or was developed by Contractor in the
course of providing services for the Company, that is proprietary and confidential in nature. The Company’s
Confidential Information includes, but is not limited to, the following: Information believed by the Company to
be a Trade Secret that ultimately does not qualify as such under California law but nonetheless was maintained
by the Company as confidential; the names and addresses of the Company’s customers and prospective
customers (collectively referred to herein as "Customers" and defined herein as all customers that the Company
sells or actively solicits to sell the goods and services provided by the Company) and all other confidential
information relating to those Customers, including but not limited to all information such as information on the
profitability and/or profit margins of the Company, the Company's customer lists and potential leads customer
lists, any other information relating to the Company's Customers that have been obtained or made known to
Contractor solely as the result of Contractor performing his/her services for the Company, price list, product list,
styles list, design list, patterns list, marking & grading list, materials list, subcontractors list, product
information, profitability of the Company, business plans, strategy plans, sales figures, sales reports, software
developed by or for the benefit of the Company and related data source code and programming information
(whether or not patentable or registered under copyright or similar statutes), including, but not limited to
information stored on any network server or cloud system and the potential or actual vulnerabilities and
weaknesses of such network server or cloud system, information stored on any form of electronic storage
device(s), information relating to user identities, logins, or passwords, information stored on any enterprise
resource planning system, including, but not limited to, information stored on any company designed or utilized
information portal, both web-based and non web-based platforms, any and all video footage obtained on close
circuit television, information about the Company’s print systems and formulations, sublimation print
techniques, manufacturing, production and/or design techniques, inventions (whether patentable or not), works
2
of authorship, copyrighted software and/or other copyrighted materials created by or for the benefit of the
Company, personnel policies, the Company’s marketing methods and related data, Customer buying and selling
habits and special needs, accounting/financial records (including, but not limited to, balance sheets, profit and
loss statements, tax returns, payable and receivable information, bank account information and other financial
reporting information), marketing strategies, unique methods and procedures regarding pricing and advertising,
the names of the Company's vendors and suppliers, information relating to costs, sales or services provided to
Contractor by such vendors and suppliers, the prices the Company obtains or has obtained for the Company's
products or services, compensation paid to the Company's employees, and other terms of employment,
information regarding the Company's relations with its employees, information regarding other employees or
agents of the Company, or any other confidential information regarding the manner of business operations and
actual or demonstrably anticipated business, research or development of the Company.

C. Information Not Included Within the Definition of Trade Secrets and/or Confidential
Information. For avoidance of doubt, the Company’s Trade Secrets and Confidential Information do not include
any information that: (1) is already in the public domain or becomes available to the public through no breach by
Contractor of this Agreement; (2) was lawfully in the Contractor’s possession prior to disclosure to Contractor
by Company; (3) is lawfully disclosed to Contractor by a third party without any obligations of confidentiality
attaching to such disclosure; or (4) is developed by Contractor entirely on his/her own time without the
Company’s equipment, supplies or facilities and does not relate at the time of conception to the Company’s
business or actual or demonstrably anticipated research or development of the Company.

D. Property of the Company. Contractor acknowledges and agrees that all Trade Secrets
and Confidential Information developed, created or maintained by Contractor, alone or with others, while he/she
performs services for the Company, shall remain at all times the sole property of the Company.

E. Covenant Not to Use, Publish or Disclose the Company’s Trade Secrets and/or
Confidential Information During and After Cessation of Services. Contractor acknowledges and agrees that the
services he/she provides for the Company creates a relationship of confidence and trust with the Company with
respect to all of the Company’s Trade Secrets and Confidential Information. Therefore, at any time while
performing services for the Company, following the cessation of those services with the Company, whether
voluntary or involuntary, Contractor shall not, except as required in the conduct of the Company’s business or as
authorized in writing by the Company, use, publish or disclose any of the Company’s Trade Secrets and/or
Confidential Information in any manner whatsoever.

F. Covenant Not to Solicit the Company’s Clients and/or Customers After Cessation of
Services Through the Use of the Company’s Trade Secrets and/or Confidential Information. Contractor agrees
that following the cessation of his/her services with the Company, whether voluntary or involuntary, Contractor
shall not, directly or indirectly, solicit or attempt to solicit any business from any of the Company’s clients
and/or customers for the purposes of providing products or services that are competitive with those provided by
the Company where such solicitation and/or attempt at solicitation is done by Contractor through the use of the
Company’s Trade Secrets and/or Confidential Information.

Contractor acknowledges and agrees that if the Company’s Trade Secrets and/or Confidential
Information were disclosed to a competing business or used in an unauthorized manner as provided herein, such
unauthorized disclosure or use would cause immediate and irreparable harm to the Company and would give a
competing business an unfair business advantage against the Company for which the Company may not have an

3
adequate remedy at law. As such, Contractor agrees that the Company shall be entitled to any proper injunction,
including but not limited to temporary, preliminary, final injunctions, temporary restraining orders, and
temporary protective orders, to enforce provisions in this Agreement in the event of breach or threatened breach
by Contractor, in addition to any other remedies available to the Company at law or in equity. The restrictive
covenants contained in this Agreement are independent of any other obligations between the parties, and the
existence of any other claim or cause of action against the Company is not a defense to enforcement of said
covenants by injunction.

3. Covenant Not to Compete During Term of Agreement. Contractor promises that during the
term of the Agreement with the Company, he/she shall not, directly or indirectly, either as a Company, agent,
principal, partner, corporate officer, board member, director, or in any other individual or representative capacity,
engage or attempt to engage in any competitive activity relating to the subject matter of the Agreement with the
Company or relating to the Company’s line of business.

4. Assignment of Interest in Inventions.

A. Contractor agrees that any inventions made by Contractor solely or jointly with others
during the term of this Agreement, that (1) are made with the Company’s equipment, supplies, facilities, trade
secrets, or time or (2) that relate, at the time of conception or of reduction to practice, to the business of the
Company or the Company’s actual or demonstrably anticipated research or development, or (3) that result from
any work performed by Contractor for the Company or result from the use of premises owned, leased or
otherwise used or acquired by the Company (hereinafter referred to as “Invention” or “Inventions”), shall belong
to the Company, and Contractor promises to assign any and all rights in such Inventions to the Company.

B. Contractor agrees that any Inventions made by Contractor solely or jointly with others,
made after the date that this Agreement terminates, that are based on the Company’s Trade Secrets, shall belong
to the Company, and Contractor promises to assign any and all rights in such Inventions to the Company. For
the purposes of this Section, an Invention is based on the Company’s Trade Secrets if the invention incorporates
any such secrets in design or principal.

C. Contractor also agrees the Company shall have the right to keep any Inventions covered
by this Agreement as trade secrets, and Contractor agrees not to disclose such Inventions to any third parties
except as specifically authorized by the Company.

D. Contractor agrees to assign to the Company all rights in any other Inventions made by
Contractor of the Company as required to grant those rights to the United States government or any of its
agencies.

E. Notwithstanding any provision of this Section, Contractor shall not be required to

assign, nor shall he/she be deemed to have assigned, any of Contractor’s rights in any inventions, that Contractor
develops entirely on his/her own time without using the Company’s equipment, supplies, facilities, or trade
secrets, except for inventions that either (1) relate, at the time that the invention is conceived or reduced to
practice, to the Company’s business or to actual or demonstrably anticipated research or development of the
Company; or (2) result from any work performed by Contractor for the Company.

F. In order to permit the Company to claim rights to which it may be entitled, Contractor
agrees to disclose to the Company in confidence (1) all Inventions that Contractor makes, either solely or jointly
4
with others, during the term of his/her employment, and (2) all patent applications filed by Contractor during, or
within one (1) year after termination of his/her employment. Contractor also agrees to submit to a reasonable
and confidential review process under which the Company may determine such issues as may arise under this
Agreement.

G. Contractor shall assist the Company in applying for, prosecuting, obtaining or enforcing
any and all patents, copyrights or other right or protection relating to any Inventions, designs, improvements,
and discoveries deemed patentable by the Company in the United States and in all foreign countries, and shall
execute all documents and do all things necessary to obtain letters of patent, to vest the Company with full and
extensive titles to those patents and/or copyrights, and to protect the same against infringement by others, from,
during and after the termination of this Agreement. In the event that assistance of the Contractor is needed after
the termination of this Agreement, Contractor will be paid for that assistance at the hourly rate he/she earned
when this Agreement terminated.

H. For the purpose of this Agreement, an Invention is deemed to have been made during
the Contractor’s period of employment if the Invention was conceived or actually first reduced to practice during
that period.

I. If the Company is unable to secure Contractor’s signature on any document necessary

to apply for, prosecute, obtain, or enforce any patent, copyright, or other right or protection relating to any
Invention, whether due to Contractor’s mental or physical incapacity or any other cause, Contractor hereby
irrevocably designates and appoints the Company and each of its duly authorized Offices and Agents as
Contractor’s Agent and Attorney-In-Fact, to act for and in Contractor’s behalf to execute and file any such
document and to do all other lawfully permitted acts to further the prosecution, issuance, and enforcement of
patents, copyrights, or other rights or protections, with the same force and effect as if executed and delivered by
Contractor.

J. Except as disclosed in the form attached hereto as Exhibit B, Contractor represents and
warrants that he/she knows nothing about the Inventions of the Company, as defined in this Agreement, other
than the Inventions that have been or will be disclosed to Contractor by the Company.

5. Reasonableness of Restrictive Covenants. Contractor acknowledges that he/she has carefully

read and considered Sections 1, 2, 3, 4 and 5 of this Agreement and agrees that the restrictions set forth therein
are fair and reasonable, are supported by valid consideration, and are reasonably required to protect the
legitimate business interests of the Company.

6. Prior Agreements, Relationships and Commitments.

A. Except as disclosed in the form attached hereto as Exhibit C, Contractor has no

agreements, relationships, or commitments to any other person or entity that conflict with or would prevent
Contractor from performing any of Contractor’s obligations to the Company under this Agreement, or would
otherwise prevent Contractor from performing his/her services during the term of the Agreement.

B. Contractor will not disclose and has not disclosed to the Company and will not use, or
induce the Company to use, any trade secrets or confidential information of others. Contractor represents and

5
warrants that he/she has returned all property, trade secrets and confidential information belonging to others and
is not in possession of any such property, confidential information or trade secrets.

C. Contractor agrees to indemnify, defend and hold harmless the Company and its officers,
directors and employees from any and all claims, damages, costs, expenses or liability, including reasonable
attorney’s fees incurred in connection with or resulting from any breach or default of the representations and
warranties contained in this Section.

7. Termination of Agreement. At termination of the Agreement, Contractor shall promptly:

A. Inform the Company of and deliver to the Company all records, files, electronic data,
documents, plans, reports, books, notebooks, notes, memoranda, correspondence, contracts and the like in
Contractor’s possession, custody or control that contain any of the Company’s Trade Secrets or Confidential
Information which Contractor prepared, used, or came in contact with while employed by the Company;

B. Inform the Company of and deliver to the Company all records, files, electronic data,
documents, plans, reports, books, notebooks, notes, memoranda, correspondence, contracts and the like in
Contractor’s possession, custody or control that pertain in any way to the business of the Company and which
Contractor prepared, used, or came in contact with while employed by the Company;

C. Deliver to the Company all tangible property in Contractor’s possession, custody or

control belonging to the Company; and

D. Allow the Company’s representative to inspect Contractor’s personal desk top

computer, lap top computer, thumb drive, zip drive, and/or any other external hard drive to determine whether
any of the Company’s Trade Secrets and/or Confidential Information reside on said computer or drive and to
remove any such Trade Secrets and/or Confidential Information.

8. Injunctive Relief. Contractor acknowledges and agrees that if the Company’s Trade Secrets
and/or Confidential Information were disclosed to a competing business or used in an unauthorized manner as
provided herein, such unauthorized disclosure or use would cause immediate and irreparable harm to the
Company and would give a competing business an unfair business advantage against the Company for which the
Company may not have an adequate remedy at law. As such, Contractor agrees that the Company shall be
entitled to any proper injunction, including but not limited to temporary, preliminary, final injunctions,
temporary restraining orders, and temporary protective orders, to enforce this Agreement in the event of breach
or threatened breach by Contractor, in addition to any other remedies available to the Company at law or in
equity. The restrictive covenants contained in this Agreement are independent of any other obligations between
the parties, and the existence of any other claim or cause of action against the Company is not a defense to
enforcement of said covenants by injunction.

9. Independent Contractor Status. In the performance of Contractor’s obligations under this

Agreement, Contractor shall at all times act as and be deemed an independent contractor. Nothing in this
Agreement shall be construed to render Contractor or any of its employees, agents, or officers, an employee,
joint venture, agent, or partner of Company. Contractor is not authorized to assume or create any obligations or
responsibilities, express or implied, on behalf of or in the name of Company, except as specifically authorized
herein. The employees, methods, facilities, and equipment of Contractor shall at all times be under Contractor’s
exclusive direction and control.

6
 10. Waiver. No waiver by the Company of any breach of this Agreement shall be a waiver of any
preceding or succeeding breach. No waiver by the Company of any right under this Agreement shall be
construed as a waiver of any other right.

11. Tolling and Suspension. In the event of a breach by Contractor of any restrictive covenant
contained in this Agreement, the running of the period of restriction shall automatically be tolled and suspended
for the amount of time the breach continues, and shall automatically commence when the breach is remedied so
that the Company shall receive the benefit of Contractor’s compliance with the terms and conditions of this
Agreement.

12. Entire Agreement. This is the entire agreement between the Company and Contractor
regarding the secrecy, use and disclosure of the Company’s Trade Secrets and Confidential Information and this
Agreement supersedes any and all prior agreements regarding these issues.

13. Choice of Law/Forum Selection; Arbitration. The validity, interpretation, construction, and
performance of this Agreement will be governed by the laws of the State of California (with the exception of its
conflict of laws provisions). The parties agree that any controversy or claim arising out of or relating to this
Agreement, or any dispute arising out of the interpretation or application of this Agreement, shall be resolved by
binding arbitration before a retired Superior Court Judge and shall be conducted in accordance with the
provisions of the California Arbitration Act and the California Code of Civil Procedure. This Agreement
consists of a series of separate restrictive covenants, all of which shall survive and be enforceable in law and/or
equity after Contractor’s termination of service.

14. Severability. Each provision of this Agreement is intended to be severable. If any court of
competent jurisdiction determines that one or more of the provisions of this Agreement, or any part thereof, is or
are invalid, illegal or unenforceable, such invalidity, illegality or unenforceability shall not affect or impair any
other provision of this Agreement, and this Agreement shall be given full force and effect while being construed
as if such invalid, illegal or unenforceable provision had not been contained within it. If the scope of any
provision in this Agreement is found to be too broad to permit enforcement of such provision to its full extent,
Contractor consents to judicial modification of such provision and enforcement to the maximum extent
permitted by law.

The undersigned acknowledges that he/she has read and understood this Agreement, and that he/she
signs this Agreement intending to be bound by its terms as of the date indicated below.

Contractor’s Name: _____________________________________________________________

Contractor’s Signature: __________________________________________________________

Date: _____________________________

7
 EXHIBIT A
DATA SECURITY POLICY

This Data Security Policy (“Policy”) applies to you as an Contractor (“you”, “your”, or “Contractor”)
of Productive Playhouse, Inc. (the “Company”) in connection with data and information you process and handle
on behalf of the Company, in general and as described herein.

1. Definitions.

1.1. Definitions.

1.1.1. “Access” or “Accessing” means to create, collect, acquire, receive, record, consult, use, process,
alter, store, maintain, retrieve, disclose or dispose of. Access also includes “processing” as defined in the
Directive or the GDPR (as applicable).

1.1.2. “Agreement” means your employment agreement between you and Company.

1.1.3. “Applicable Laws” means all applicable laws, regulations and Legal Requests, including all
applicable privacy, data security and data protection laws, regulations and rules in any jurisdiction. For clarity,
applicable privacy, data security and data protection laws and regulations may include the Directive or the
GDPR (and any national implementing laws) and the Swiss Federal Data Protection Act.

1.1.4. “Applicable Standards” means all applicable government standards, industry standards, and best
practices.

1.1.5. “Confidential Information” either:

(i) has the meaning given in the Agreement; or

(ii) if no such meaning is given, means information that one party (or its affiliate) discloses to
the other party under the Agreement and that is marked as confidential or would normally be
considered confidential information under the circumstances. Confidential Information does not
include information that is independently developed by the recipient, is rightfully given to the
recipient by a third party without confidentiality obligations, or becomes public through no fault of
the recipient.

1.1.6. “Data Subject” has the meaning given in the Directive or the GDPR (as applicable).

1.1.7. “the Directive” means Directive 95/46/EC of the European Parliament and of the Council of 24
October 1995 on the protection of individuals with regard to the processing of personal data and on the free
movement of such data.

1.1.8. “EU” means the European Union.

1.1.9. “GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European
Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the
processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

8
 1.1.10. “Company Affiliate” means any subsidiary, subsidiary undertaking or holding company of
Company, and any subsidiary or subsidiary undertaking of any such holding company for the time being.

1.1.11. “Company Customer” means any of the following:

(i) a customer, end customer, reseller or distributor of the Company Services;

(ii) a Data Controller or Data Processor of Personal Information Accessed by you or a Third
Party Provider in performing the Services; or

(iii) an affiliate of a legal entity listed in (i) or (ii) above.

Upon request by you, Company will take reasonable steps to help you determine whether any natural or
legal person is a Company Customer for purposes of this Policy

1.1.12. “Company Confidential Information” means Confidential Information disclosed by Company

or a Company Affiliate to you or a Third Party Provider under the Agreement and, for clarity, includes all such
information relating to Company Customers and the Company Services.

1.1.13. “Company Services” means the transcription services provided by Company.

1.1.14. “Company Systems” means networks, systems and devices (including APIs, corporate email
accounts and equipment) owned or managed by Company or Company Affiliates.

1.1.15. “includes” means “includes without limitation” and “including” means “including but not
limited to”.

1.1.16. “Legal Request” means a binding disclosure request made pursuant to law, governmental
regulation, court order, subpoena, warrant or other valid legal authority or legal procedure.

1.1.17. “Non-Company Systems” means networks, systems or devices (including APIs, corporate
email accounts or equipment) other than Company Systems.

1.1.18. “Personal Data” has the meaning given in the Directive or the GDPR (as applicable).

1.1.19. “Personal Information” means (i) any information about an identified or identifiable
individual; or (ii) information that is not specifically about an identifiable individual but, when combined with
other information, may identify an individual. In this Policy, “Personal Information” includes names, email
addresses, postal addresses, telephone numbers, government identification numbers, financial account numbers,
payment card information, credit report information, biometric information, online identifiers (including IP
addresses and cookie identifiers), network and hardware identifiers and geolocation information, as well as
Personal Data.

1.1.20. “Protected Information” means the following information that you or a Third Party Provider
may Access in performing the Services: (i) Personal Information; (ii) Company Confidential Information; and
(iii) any other data submitted, stored, sent, received or otherwise provided by or on behalf of a Company

9
Customer via the Company Services.

1.1.21. “Regulator” means an entity with supervisory or regulatory authority over Company, any
Company Affiliate or any Company Customer under Applicable Laws.

1.1.22. “Safeguards” means the technical, organizational, administrative and physical controls
described in Section 7 (Specific Safeguards), Section 8 (Encryption), Section 9.3 (Your Continuous Self
Assessment) and Section 10.1 (Security Incident Response Program).

1.1.23. “Security Incident” means a breach of security leading to the following whether actual or
reasonably foreseeable: accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access
to, Protected Information. Security Incidents do not include unsuccessful access attempts or attacks that do not
compromise the Protected Information’s security or privacy, including unsuccessful log-in attempts, pings, port
scans, denial of service attacks and other network attacks on firewalls or networked systems.

1.1.24. “Services” means the services related to your employment with the Company.

1.1.25. “Third Party Provider” means any affiliate, agent, contractor, sub- contractor, sub-processor
or other third party that you authorize to act on your behalf in connection with performing any Services. For
clarity, any such authorization requires Company’s prior consent as described in Section 11 (Third Party
Providers).

1.1.26. “you” or “your” means the party (including any personnel or agent acting on behalf of such
party) that performs any Services for Company or any Company Affiliate under the Agreement

2. Obligations as a Data Processor.

2.1. You will:

2.1.1. Access the Personal Information:

(i) only on behalf of the Company; and

(ii) only in accordance with the instructions documented in this and any further instructions given by
Company or a Company Affiliate in writing;

2.1.2. implement and maintain appropriate technical and organizational measures to meet your
obligations under Applicable Laws and this Policy

2.1.3. promptly correct, amend, or delete the Personal Information at Company’s or any Company
Affiliate’s direction;

2.1.4. where requested, assist Company and Company Affiliates in relation to data protection impact
assessments and prior consultations conducted by Company, Company Affiliates and/or Company Customers in
relation to the Personal Information;

10
 2.1.5. promptly notify the Company through your manager if you determine that you can no longer
provide at least the same level of protection for the Personal Information as is required by Applicable Laws or
this Policy and, on making such a determination, cease Accessing the Personal Information or take other
reasonable and appropriate remediation steps;

2.1.6. promptly notify Company through your manager of Data Subjects’ requests: (i) to exercise their
legal rights; (ii) to review complaints you receive regarding the Personal Information; and (iii) to correct,
amend, or delete their Personal Information. You will not respond without Company’s prior written consent or
authorization by your manager;

2.1.7. cooperate with and assist Company and Company Affiliates in investigating and responding to
Data Subjects’ requests to exercise their legal rights.

3. Compliance with Laws; Legal Process; Use Limitation.

3.1. Compliance with Applicable Laws and Applicable Standards.

Whenever you Access Protected Information under the Agreement, you will comply with all
Applicable Laws and Applicable Standards, including any requirements applicable to the transfer of Personal
Information out of the European Economic Area (“EEA”) or Switzerland or to the onward transfer of data, and
will notify a manager of the Company of all requests pertaining to such Protected Information. You will not
respond to such request unless Company has authorized you to do so.

3.2. Use Limitation.

You will Access Protected Information under the Agreement only for the limited and specified purposes
stated in the Agreement and this Policy. You are expressly prohibited from accessing the Protected Information
for any other purpose.

4. Use of Company Networks, Systems, or Devices.

4.1. Unless you have Company’s prior written consent (which Company may grant or withhold in its sole
discretion and which may be subject to you agreeing to comply with additional conditions imposed by
Company in writing), You:

4.1.1. may only Access Protected Information using Company Systems; and

4.1.2. are expressly prohibited from Accessing Protected Information via Non-Company Systems

4.2. To the extent that you use Company Systems or Company facilities in order to Access Protected
Information, you agree to comply with Company’s or any Company Affiliate’s written instructions, system
requirements and policies made available to you in respect of those Company Systems.

5. Specific Safeguards.

5.1. Whenever you Access Protected Information, you will maintain reasonable technical and organizational
11
measures (including physical measures) that are designed to ensure the privacy, security and confidentiality
of the Protected Information and that comply with this Policy, Applicable Standards and Applicable Laws,
including the following:

5.1.1. Physical Access Controls. You will maintain physical Access controls designed to secure
relevant facilities, including layered controls covering perimeter and interior barriers, strongly-constructed
facilities, suitable locks with key management procedures, access logging and intruder alarms/alerts and
response procedures.

5.1.2. Logical Access Controls. Subject to Section 4.1, to the extent you Access Protected
Information from Non-Company Systems you will:

(i) maintain reasonable access controls to ensure that only individuals who have a
legitimate need to access Protected Information under the Agreement will have such
access;

(ii) promptly terminate an individual’s access to Protected Information when such

access is no longer required for performance under the Agreement;

(iii) log the appropriate details of access to Protected Information on your systems and
equipment, and retain such records for no less than 90 days; and

(iv) audit logging of access, plus alarms for attempted access violations, where
applicable.

5.1.3. Personnel Security. Company will maintain personnel policies and practices restricting Access
to Protected Information, including having written confidentiality agreements with and performing
background checks in accordance with Applicable Laws on all personnel who Access Protected Information
or who maintain, implement, or administer the Company information security program and Safeguards.

5.1.4. Malware Controls. You will maintain reasonable and up-to-date anti-malware, anti-spam, and
similar controls.

5.1.5. Security Patches. You will maintain controls and processes designed to ensure that networks,
systems and devices (including operating systems and applications) that Access Protected Information are
up-to-date, including prompt implementation of all security patches when issued.

5.1.6. Account Management. You will implement and adhere to Company user account management
procedures to securely create, amend and delete user accounts on networks, systems, and devices through
which you Access Protected Information, including monitoring redundant accounts and ensuring that
information owners properly authorize all user account requests.

5.1.7. Training and Supervision. You will adhere to ongoing Company privacy and information
protection training and supervision as someone who Accesses Protected Information. Company may require

12
you to take any additional training it reasonably deems necessary for you to perform the Services under the
Agreement.

6. Encryption.

6.1. Subject to Section 4.1, to the extent you Access Protected Information from Non-Company Systems you
will, using a reasonable encryption standard, encrypt all Personal Information that is (a) stored on portable
devices or portable electronic media; (b) maintained outside of Company’s or Company Affiliates’ facilities;
or (c) transferred across any third party network (including dedicated network connections).

7. Definitions Assessments; Audits; Corrections.

7.1. Company’s Security Assessment. On Company’s written request, you will:

7.1.1. promptly and accurately complete Company’s or any Company Affiliate’s written
information privacy and security questionnaire regarding any network or system, device or Safeguard
applicable to your Access to the Protected Information; and

7.1.2. provide any additional assistance and cooperation that Company or any Company Affiliate
may reasonably require during any assessment of your Safeguards, including by providing Company or a
Company Affiliate with reasonable access to personnel, information, documentation, infrastructure and
application software, to the extent any of the foregoing is involved in your Access to the Protected
Information.

Company will, and will ensure that Company Affiliates will, treat the information that you provide
in such questionnaires and assessments as your Confidential Information.

7.2. Penetration Testing. If you Access Protected Information using Non-Company Systems or your systems
connect to Company’s or Company Affiliates’ systems, then in addition to Section 7.1 (Company’s Security
Assessment), the following will apply:

7.2.1. on reasonable notice and in coordination with you, Company or any Company Affiliate (or
Company’s or a Company Affiliate’s independent third party auditor) may perform annual penetration testing
or other security assessment on your systems used to Access Protected Information. Company reserves the
right to perform more frequent testing or assessment in connection with material changes to the Services or a
Security Incident notified to Company under Section 8.2 (Security Incident Notification); or

7.2.2. instead of a Company-conducted penetration test under Section 7.2.1, Company in its sole
discretion may agree to accept, or to ensure that any Company Affiliate accepts, the results of your
penetration testing (and the status of your efforts to remediate findings, if any) performed by an accredited
third party vulnerability tester following commonly accepted guidelines consistent with Company’s
then-current guidelines.

7.3. Your Continuous Self Assessment. You will continuously monitor risk to the Protected Information and
ensure that the Safeguards (including your monitoring under this Section 7.3) are properly designed and
maintained to prevent unauthorized Access to the Protected Information. You will periodically (but no less

13
than once per year) ensure that third party penetration tests and other appropriate vulnerability tests are
conducted to assess the effectiveness of your Safeguards, and will document the results of all such testing.

7.4. Audits, Certifications and Reports. You will do the following, on reasonable notice from Company
(except in an emergency or crisis situation, when such notice requirement will not apply) and in coordination
with Company:

7.4.1. permit Company and Company Affiliates to perform, and provide Company and Company
Affiliates with reasonable assistance and cooperation in connection with, audits (including audits on the
premises where the Services are performed) on an annual or, if required by Applicable Laws, more frequent
basis in order to confirm your compliance with the Agreement (including this Policy);

7.4.2. make the following available, on request, to Company, Company Affiliates, and Regulators:

(i) your most recent third party performed penetration testing report; and

(ii) any SSAE 16/ISAE 3402 Type 2, ISO, NIST, PCI DSS, HIPAA, SOC and/or similar audit
reports performed by a qualified third party auditor in relation to the Services
within the prior twelve months; and

7.4.3. permit Company and Company Affiliates to perform, and provide Company and Company
Affiliates with any assistance and cooperation they determine is necessary in connection with, audits
(including audits on the premises where the Services are performed) as necessary to fulfill Company’s or any
Company Affiliate’s contractual obligations to Company’s Customers.

Company will, and will ensure that Company Affiliates will, treat all non-public information
accessed by Company and Company Affiliates under this Section 7.4 as your Confidential Information, and
impose appropriate confidentiality obligations on Company Customers who access non-public information
under this Section 7.4.

7.5. Correcting Vulnerabilities. If Company, any Company Affiliate or you discover(s) that your Safeguards
contain a vulnerability, you will promptly correct or mitigate (at your own cost if using Non-Company
Systems): any vulnerability within a reasonable period; and any material vulnerability within a period not to
exceed 60 days. If Company or any Company Affiliate identifies the vulnerabilities, you will provide
Company or the Company Affiliate with reasonable assurances that your corrections meet the requirements
of this Policy. If you are unable to correct or mitigate the vulnerabilities within the specified time period, you
must promptly notify Company and work with Company to identify reasonable remedies. Compliance with
this Section will not reduce or suspend your obligations under Section 8 (Security Incident Response), or
reduce or suspend Company’s or any Company Affiliate’s rights under Section 11 (Suspension) or 12
(Retention; Deletion; Sanitization)

8. Security Incident Response.

8.1. Security Incident Response Program. Company maintains a reasonable Security Incident response
program.

8.2. Security Incident Notification.

14
 8.2.1. If you become aware of a Security Incident, you will promptly and without undue delay:

(i) stop the unauthorized access;

(ii) secure the Protected Information;

(iii) notify Company through your manager (in no event more than 24 hours after
becoming aware of such Security Incident) by sending an email to your manager
with the information described in Section 8.2.2 below; and

(iv) assist Company and any Company Affiliate in ensuring compliance with its
Security Incident notification obligations under Applicable Laws and its contracts
with Company Customers, and as otherwise reasonably requested

8.2.2. You will provide reasonable information about any Security Incident notified to
Company under Section 8.2.1 above, including:

(i) a description of the Protected Information subject to the Security Incident (including,
where possible, the categories and number of data records and Data Subjects concerned);

(ii) the date and time of the Security Incident (if known or estimated);

(iii) a description of the likely consequences of the Security Incident a description of the
circumstances that led to the Security Incident (e.g., loss, theft, copying);

(iv) a description of the measures you recommend that Company, Company Affiliates and/or
Company Customers take to mitigate any potential risks and/or adverse effects of the
Security Incident;

(v) a description of the steps you have taken and further measures you propose to take to
address the Security Incident; and

(vi) details of relevant contact people who will be reasonably available until the Company
notifies you that the Security Incident has been resolved and, if a Security Incident
notified to Company under Section 8.2.1 involves Personal Information, “reasonably
available” will mean 24 hours per day, 7 days per week.

8.3. Remediation; Investigation. You will take appropriate steps to promptly remediate the root cause(s) of
any Security Incident, and will reasonably cooperate with Company, Company Affiliates and Company
Customers with respect to the investigation and remediation of such incident. You will promptly provide
Company with the results of the investigation and any remediation already undertaken.

8.4. No Unauthorized Statements. Except as required by Applicable Laws, you will not make (or permit any
third party to make) any statement concerning any Security Incident that directly or indirectly references

15
Company, any Company Affiliate or any Company Customer, unless Company provides its explicit written
authorization.

9. Third Party Providers.

9.1. You may not subcontract the performance of any part of the Services to any Third Party Provider
without Company’s prior written consent (which Company may grant or withhold in its sole discretion) and
any further subcontracting by any Third Party Provider of the performance of any part of the Services is
prohibited. Accordingly, you represent and warrant that, as of the effective date of this Policy:

9.1.1. You have not subcontracted the performance of any part of the Services to any Third Party
Providers without Company’s prior written consent; and

9.1.2. no Third Party Provider to whom you have subcontracted the performance of any part of the
Services with Company’s prior written consent has further subcontracted the performance of any part of the
Services.

10. Records of Processing.

10.1. Required Records. In accordance with the requirements of this Policy, you will keep at your normal
place of business detailed, accurate, and up-to-date records relating to your and any Third Party Provider’s
Access to any Personal Information contained within the Protected Information. You will make such records
available to Company or any Company Affiliate on request. Such records must contain the following
information at a minimum (the “Required Processor Information”) relating to your and any Third Party
Provider’s Access to such Personal Information:

10.1.1. Your and any Third Party Provider’s legal name(s), registered address(es) and contact
details;

10.1.2. if applicable, the name(s) and contact details of your and any Third Party Provider’s
representative(s) in the EU and data protection officer(s) (in both cases within the meaning of the GDPR);

10.1.3. a description of the nature of the Services you and any Third Party Provider are providing,
including the categories of processing activities carried out under the Agreement;

10.1.4. the location(s) from which you and any Third Party Provider provide the Services; and

10.1.5. where applicable, information on international data transfers, including identification of the
countries to which such Personal Information is transferred and where applicable, the documentation of
suitable safeguards to cover these transfers of such Personal Information.

10.2. Publication by Company. You agree that Company and Company Affiliates may disclose any Required
Processor Information relating to you publicly (including to Company Customers) in order for Company
and/or Company Affiliates to comply with any obligation they have under contract or Applicable Laws, and

16
you will ensure that Company and Company Affiliates may also disclose any Required Processor
Information relating to any Third Party Provider as described above in this Section 10.2.

11. Suspension.

11.1. Suspension. Company may immediately suspend your Access to Protected Information if Company
reasonably determines that you are not complying with this Policy or Applicable Laws.

12. Retention; Deletion; Sanitization.

12.1. Restricted Retention. You will not store or retain any Protected Information except as necessary to
perform the Services.

12.2. Deletion after End of Agreement. Subject to Section 12.3 (Deletion in Other Cases), upon expiry or
termination of the applicable Agreement under which you are Accessing Protected Information, you will:

12.2.1. promptly and within 90 days at the latest:

(i) delete (or procure deletion of) all copies (whether in written, electronic or other form or
media) of such Protected Information in your or a Third Party Provider’s possession or under
your or a Third Party Provider’s control, subject to Section to Section 12.2.1 (ii); and;

(ii)securely dispose of (or procure the secure disposal of) any hard copies of such
information; and

12.2.2. where requested, certify your compliance with this Section 12.2 (Deletion after End of
Agreement) in writing to Company.

12.3. Deletion in Other Cases. If you have completed the provision of Services for a Company Customer
involving use of Non-Company Systems to Access Protected Information in accordance with Section 4.1, or
if Company makes a request under Section 2.1.3 for deletion of any Personal Information contained within
the Protected Information, you will:

12.3.1. promptly and within 90 days at the latest:

(i) delete (or procure deletion of) all copies (whether in written, electronic or other form or
media) of the relevant Protected Information in your or a Third Party Provider’s possession
or under your or a Third Party Provider’s control, including any such copies that you or any
Third Party Provider have stored or retained in any Non-Company Systems, subject to
Section 12.3.1 (ii); and

(ii)securely dispose of (or procure the secure disposal of) any hard copies of such
information; and

(iii) where requested, certify your compliance with this Section 12.3 (Deletion in Other
Cases) in writing to Company.

17
12.4. Sanitization. You will use a media sanitization process that deletes and destroys data in accordance with
the US Department of Commerce’s National Institute of Standards and Technology’s guidelines in NIST
Special Publication 800-88 or equivalent standard.

13. Survival.

Your obligations under this Policy will survive expiry or termination of the Agreement and
completion of the Services and will continue for as long as you have any Access to Protected Information.

18
 EXHIBIT B

PRIOR KNOWLEDGE OF INVENTIONS

I represent and warrant that I know nothing about the Inventions of the Company, as defined in
this Agreement, other than the Inventions that have been or will be disclosed to me by the Company, except the
following (if none, so state):

____________________________________________________________________________

____________________________________________________________________________

____________________________________________________________________________

____________________________________________________________________________

____________________________________________________________________________

____________________________________________________________________________

____________ __________________________
Date Contractor’s Signature

19
 EXHIBIT C

PRIOR AGREEMENTS, RELATIONSHIPS, AND COMMITMENTS

I represent and warrant that, except as disclosed below, I have no agreements, relationships, or
commitments to any other person or entity that conflict with or would prevent me from performing any of my
obligations to the Company under this Agreement, or would otherwise prevent me from performing my services
during the term of this Agreement (if none, so state):

____________________________________________________________________________

____________________________________________________________________________

____________________________________________________________________________

____________________________________________________________________________

____________________________________________________________________________

____________________________________________________________________________

____________ __________________________
Date Contractor’s Signature

20