MASTER PURCHASE ORDER TERMS AND CONDITIONS

These Consumer Cellular, Incorporated (“CCI”) Master Purchase Order Terms and Conditions (these “Terms”) govern the rights, remedies and obligations of CCI and the supplier (the “Supplier”) of items and materials, including products, hardware, software, furniture, equipment, and merchandise (“Products”) and services (“Services”) under purchase orders issued by CCI (each, a “Purchase Order”) in accordance with Addendum A (to the extent any personal information will be processed or collected by Supplier), as specified in Addendum B, for the respective process set forth in Addendum Cand any other agreements, engagement letters, statements of work, or other documents mutually executed by CCI and Supplier that refer to or incorporate this Agreement (collectively, the “Addenda” and together with these Terms, this “Agreement”). This Agreement will be deemed accepted by: (i) Supplier’s commencement of performance; (ii) Supplier’s shipment of any items specified in a Purchase Order; and/or (iii) any other indication of Supplier’s agreement to a Purchase Order, whichever occurs first (the “Effective Date”). Any terms, conditions or provisions of any Supplier quotation, confirmation, order acknowledgement, invoice, or other commercial document sent to CCI are hereby rejected and shall not constitute additional or modified terms. For the purposes of this Agreement, online terms, or agreements that CCI accepts to login or access Products or Services, such as a software as a service, are not an agreement that has been “mutually executed” and will not replace, supplement, or amend this Agreement in any way. Capitalized terms not defined in these Terms will have meanings provided in the Addenda. In the event of a conflict between this Agreement and any Purchase Order, the order of precedence shall be as follows: (a) this Agreement; and (b) the Purchase Order. Notwithstanding the foregoing, the terms of a Purchase Order may prevail for purposes of that Purchase Order if: (y) the Purchase Order expressly identifies and supersedes or modifies a provision in this Agreement; and (z) such Purchase Order is issued by, or signed by, CCI.

  1. NON-EXCLUSIVITY. Unless otherwise set forth in this Agreement, nothing herein shall be construed to create an exclusive arrangement between the parties or require CCI to make any minimum level of purchases.
  2. TERM AND TERMINATION. The term of this Agreement shall begin on the Effective Date and, unless earlier terminated in accordance herewith, shall remain in effect as long as this Agreement remain effective, or as specified on the Purchase Order. This Agreement and any Purchase Order or part thereof issued in connection herewith may be terminated by CCI at any time without cause or penalty upon written notice to Supplier at no cost to CCI for cancelled Products that have not yet been shipped, or Services not yet performed. Upon Supplier’s receipt of such notice, Supplier shall, unless otherwise specified in such notice, immediately stop all work hereunder and, upon CCI’s request, return all materials, including all tangible Confidential Information (defined below) provided to Supplier by CCI under these Terms.
  3. DELIVERY. Supplier will expediently perform its obligations under these Terms. Delivery of Products and Services shall be strictly in accordance with the schedule set forth in this Agreement, or as specified on the Purchase Order. Any delays in shipment shall be reported immediately by Supplier to CCI. CCI reserves the right to cancel any Purchase Orders, in whole or in part, if Supplier fails to make deliveries in accordance with its terms. Supplier will preserve, pack, package, and handle the Products so as to protect the Products from loss or damage and in accordance with industry best practices. Without limiting the foregoing, Supplier shall observe the requirements of any local laws and regulations relating to hazardous work, including, with respect to its accompanying information, packing, labeling, reporting, carriage, and disposal. Unless otherwise expressly agreed in writing or specified in a Purchase Order, all shipments shall be DDP (Incoterms 2010) to CCI’s Ship To location specified in the Purchase Order. Notwithstanding any prior inspections, Supplier maintains/bears all risk of loss, damage, or destruction until acceptance of Products or Services by CCI.
  4. INVOICING: Invoices shall be sent electronically per the instructions on the Purchase Order, immediately after shipment of Products or rendering of Services is complete. Delays in receiving invoices, errors, or omissions on invoices or lack of supporting documentation required by the terms of the Purchase Order will be cause for postponing the start of the payment terms until the correct information is received. CCI will not be responsible for charges on invoices received more than 120 days after the rendering of Services is complete or shipment of the Products unless indicated otherwise in writing between CCI and Seller. Invoice must include the Purchase Order number in order to be paid.
  5. PAYMENT: In consideration of the performance of the completion of the obligations by Supplier and acceptance by CCI under these Terms, CCI will pay the applicable invoice amount. Unless indicated otherwise indicated on the Purchase Order, payment terms are net 60 days from: (i) CCI’s receipt of an accurate invoice, or (ii) completion of the Services or the day CCI receives the Products, whichever is later. CCI’s payment shall not constitute acceptance of Products or Services. Invoices will only be processed for payment if sent to CCI’s finance department per the instructions on the Purchase Order. Where any item or items on an invoice are disputed by CCI, CCI may withhold payment for the item or items so disputed until such time as the dispute is resolved. Payments are made with ACH batches on regular intervals typically once per week.
  6. REPRESENTATIONS AND WARRANTIES
    • Performance Warranties. Supplier warrants to CCI and CCI’s customers for the longer of Supplier’s normal warranty period or for one (1) year following the date of CCI’s acceptance of the Products that: (i) when received by CCI from Supplier, the Products will be free from defects in design, material, workmanship, and manufacture; (ii) the Products will conform to the applicable documentation; (iii) the Products will be suitable for the purposes for which they are intended including purposes made known to Supplier; and (iv) all Products will be new and unused and not refurbished, unless otherwise agreed to in writing by the parties. The foregoing warranties are in addition to all other warranties, whether express or implied, and will survive delivery, inspection, acceptance, or payment by CCI.
    • General Warranties. Supplier represents and warrants that: (i) Supplier has all necessary rights of title to the Products and Services and has transferred all such rights and title to CCI upon CCI’s acceptance of the Products and Services; (ii) the Products and Services will be of professional quality and/or performed consistently with generally accepted industry standards; (iii) Supplier’s performance under this Agreement will not conflict with, or be prohibited in any way by, any other agreement or statutory restriction to which Supplier is bound; (iv) Supplier will comply with all applicable laws and regulations; (v) software will be free from any virus, malicious device, worm, Trojan, time bomb, or other harmful or destructive code; and (vi) the Deliverables (defined below) will not contain any open source software licensed under the GNU General Public License, the GNU Lesser General Public License, or any other license that may require CCI to make any of its source code publicly available.
    • Pass-Through Warranties. Supplier assigns and passes through to CCI and CCI’s customers all of the third-party manufacturer’s and licensor’s warranties and indemnities for the Products.
    • Supplier Personnel. Supplier has conducted a criminal background check at its own expense on each employee, independent contractor, permitted subcontractor, vendor or agent performing Services or providing Products under this Agreement (collectively, “Supplier Personnel”). Subject to applicable law, Supplier Personnel shall not be eligible to perform Services for CCI if such Supplier Personnel has: (i) been convicted of or was placed in a pre-trial diversion program for any crime involving dishonesty or breach of trust; and/or (ii) been convicted of any sex, weapons, or violent crime. Supplier is responsible for ensuring that all Supplier Personnel meet the licensing, security, labor, and site requirements for the locale where the Services are being performed.
    • Defects. If Supplier breaches any the foregoing Services warranties, Supplier shall, at CCI’s option, promptly re-perform the Services, or refund the amount paid for such defective Services. If Supplier breaches any of the foregoing Product’s warranties, or the Products are otherwise defective or non-conforming, after CCI’s acceptance, Supplier shall, at CCI’s option, promptly repair, replace, or refund the amount paid for such Products. Supplier shall bear the cost of shipping and risk of loss of all defective or non-conforming Products or Services.
  7. CONFIDENTIALITY. “Confidential Information” means any information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether in written, electronic, digital, or other form, that a reasonable person would understand to be confidential given the circumstances and content of the disclosure, whether or not designated as “confidential” or “proprietary,” including any written or printed documents, proposals, designs, concepts, raw data, customer or employee information, drawings, ideas, inventions, specifications, techniques, discoveries, models, data, source code, object code, documentation, diagrams, flow charts, research, development, processes, procedures, know-how, marketing plans, strategies, pricing, policies, samples and physical items, financial information, software, hardware and all information of any kind relating to either party, their respective shareholders and/or affiliates. For the avoidance of doubt, the Deliverables constitute Confidential Information of CCI. Supplier agrees not to, directly or indirectly, use, make available, sell, disclose, or otherwise communicate to any third party, other than in Supplier’s assigned duties and for the benefit CCI, any of CCI’s Confidential Information, either during or after the term without CCI’s prior written consent. Notwithstanding the foregoing, Confidential Information will not include any information which: (i) was or becomes publicly known through no action or inaction of Receiving Party; (ii) is already in the possession of Receiving Party at the time of disclosure as shown by credible evidence; (iii) is obtained by Receiving Party from a third party without a breach of such third party’s obligations of confidentiality; or (iv) is independently developed by Receiving Party without use of or reference to Disclosing Party’s Confidential Information, as shown by credible evidence.

    Receiving Party will not use any Confidential Information of the Disclosing Party for any purpose except as solely required to perform its obligations pursuant to this Agreement. The Receiving Party will not disclose any Confidential Information of the Disclosing Party to any third parties without Disclosing Party’s prior written consent. The Receiving Party will immediately notify the Disclosing Party if Confidential Information of the Disclosing Party is used, distributed or communicated in a manner not authorized under these Terms. In the event that Receiving Party is required by law, or judicial, administrative, or other legal order to disclose any of the Disclosing Party’s Confidential Information, Receiving Party will first give written notice to Disclosing Party (if permitted by law) to allow Disclosing Party to obtain a protective order or otherwise protect its interests in the Confidential Information. In such cases, Receiving Party will provide full cooperation and assistance to Disclosing Party in seeking such protection, at Disclosing Party’s expense.
  8. INTELLECTUAL PROPERTY.
    • Definitions. “Intellectual Property” means all current and future copyrights, trademarks, trade names, logos, service marks, trade secrets, patents, utility models, design rights, know-how and applications, moral rights, database rights, contract rights, and other proprietary rights now or hereafter recognized by the laws of any jurisdiction or country, and any applications, registrations, reissues, and renewals of the same, throughout the world. “Pre-Existing IP” means any Intellectual Property owned, created, developed, leased and/or licensed by a party prior to, outside of or independently from this Agreement. “Deliverable” means all Intellectual Property and other materials uniquely created or developed for CCI under this Agreement; provided, however, none of the following are Deliverables: (i) hardware, software, SaaS, Services or Supplier Pre-Existing IP as provided to CCI that have not been specifically customized for CCI; or (ii) technology or Intellectual Property made available to CCI as part of generally-available maintenance Services for a Product.
    • Ownership. Each party shall own its Pre-Existing IP. To the extent any Services contain any Deliverables, CCI shall exclusively own Deliverables as of the date of their creation. Deliverables are “works made for hire” to the extent allowed by applicable law and all other Intellectual Property rights therein will be owned exclusively by CCI. To the extent that any Deliverable is not considered a “work made for hire”, Supplier shall and hereby does irrevocably assign and transfer all of its right, title, and interest in and to the Deliverable, including all Intellectual Property therein, to CCI. Supplier shall ensure that Supplier Personnel engaged under this Agreement shall comply with the requirements of this Section.
    • License to Pre-Existing IP. If and to the extent that any Pre-Existing IP or a portion thereof is incorporated in the Deliverables or is otherwise necessary for the use of the Deliverables, Supplier hereby grants to CCI a perpetual, irrevocable, non-exclusive, worldwide, royalty-free, fully paid-up license, with the right to sublicense through multiple tiers, to use, make, sell, distribute, execute, adapt, translate, reproduce, display, perform, modify, and create derivative works of Supplier’s Pre-Existing IP in connection with the Deliverables in which they are incorporated, and authorizes others to do any, some, or all of the foregoing.
  9. INDEMNIFICATION. Supplier shall indemnify, defend, and hold harmless CCI and its officers, directors, agents, employees, successors, and customers from and against any and all third party claims, liabilities, losses, damages, settlements, costs, and expenses (including reasonable attorneys’ fees) made against or sustained by CCI arising from: (i) any negligent or willful acts or omissions of Supplier, which results in tangible or intangible property damage, personal injury or death; (ii) Supplier’s breach of its confidentiality, privacy or data security obligations; (iii) actions by Supplier Personnel against CCI for wages, fringe benefits, other compensation, or similar claims, and claims challenging Supplier’s right to dismiss Supplier Personnel; (iv) Supplier’s non-compliance with applicable law; and (v) any claim that the Products or Services infringe or misappropriate any third party Intellectual Property rights. If CCI’s use of any of the Products or Services is enjoined or in CCI’s reasonable opinion, is likely to be enjoined as a result of any such claim or allegation of Intellectual Property infringement, Supplier agrees, at CCI’s option, to: (a) accept return of the Products or Services from CCI and refund to CCI the amounts paid by CCI with respect to such Products and Services; (b) modify the Products or Services so that they become non-infringing but equivalent in functionality, quality, compatibility, and performance; or (c) procure for CCI and its customers the right to continue using and distributing the Products and Services.
  10. INSURANCE. Without limiting Supplier’s obligations hereunder, Supplier, at its own cost, shall procure, maintain, and keep in full force and effect insurance to protect Supplier and CCI from all claims that arise out of or result from Supplier’s provision of Products or Services under this Agreement. Supplier’s insurance must include the following coverage (or the local currency equivalent) to the extent these Terms create risks generally covered by these insurance policies: (i) Commercial General Liability of at least $1 million; (ii) Automobile Liability of at least $1 million; (iii) Statutory Workers’ Compensation; and (iv) Professional Liability, as applicable, of at least $1 million. CCI may require Supplier to carry additional insurance limits and/or coverages. Supplier will provide CCI documentation evidencing the required coverage within five (5) business days of CCI’s request.
  11. LIMITATION OF LIABILITY. To the maximum extent permitted by law, except for liability arising under THE INDEMNIFICATION SECTION, or PRIVACY AND DATA SECURITY SECTION, in no event shall either party be liable to the other party for damages for any cause whatsoever in an amount in excess of the amounts paid or due to supplier under this Agreement and any purchasE orders. To the maximum extent permitted by law, except to supplier liability arising out of supplier’s breach of THE CONFIDENTIALITY section, THE INDEMNIFICATION SECTION, or PRIVACY AND DATA SECURITY SECTION, in no event shall either party be liable to the other for consequential, incidental or special damages arising from any claim or action hereunder, whether based on contract, tort or other legal theory.
  12. PRIVACY AND DATA SECURITY. To the extent that personal data is processed under this Agreement, the parties will implement and maintain privacy and security measures to protect personal data in accordance with CCI’s current Data Processing Agreement (the “DPA”), as it may be updated by CCI from time to time. FOR THE AVOIDANCE OF ANY DOUBT, NOTHING IN THESE TERMS SHALL LIMIT SUPPLIER’S FINANCIAL OBLIGATIONS TO CCI in the event of a security breach, including, without limitation DATA BREACH NOTICE AND REMEDIATION COSTS (as each is defined in THE DPA), INCLUDING ANY POLICY LIMITS ON INSURANCE COVERAGES.
  13. EXPORT AND IMPORT COMPLIANCE. Supplier shall mark the Products with the appropriate country of origin marking sufficient to satisfy the requirements of the customs authorities of the country of receipt to prove importation and to transfer duty drawback rights to CCI. If any Products are imported, Supplier will, at CCI’s request, either: (i) allow CCI to be the importer of record; or (ii) provide CCI with any documents required to prove importation and to transfer duty drawback rights to CCI. Supplier acknowledges that the Products shipped, licensed, or sold under this Agreement, which may include technology and software, may be subject to the export control laws and regulations of the United States and other countries and Supplier agrees to abide by those laws and regulations.
  14. ANTI-CORRUPTION LAWS. CCI advises Supplier that CCI is subject to the US Foreign Corrupt Practices Act (“FCPA”). The FCPA prohibits the payment or promise of payment of anything of value by CCI, either directly or indirectly, to the representative of a commercial entity or an official of a foreign government, foreign political party, party official, or candidate for foreign office, for the purpose of influencing any act or decision in their official capacity, or inducing that official to use their influence with a foreign government to assist CCI in obtaining, retaining, or directing business to any person, or in securing any improper business advantage. Supplier agrees that it will not take any action which could cause CCI to be in violation of the FCPA or any other applicable anti-corruption law or regulation. Supplier will promptly notify CCI if it becomes aware of any such violation. In case of breach of the above, CCI may suspend or terminate this Agreement and any Purchaser Orders at any time without notice or liability.
  15. SUBCONTRACTORS. Supplier will not subcontract any Products or Services to other persons or entities without the prior written approval of CCI. Supplier agrees to impose on its permitted subcontractors the same obligations imposed upon Supplier under these Terms. Supplier shall be responsible and liable for all acts of Supplier Personnel. Compensation for subcontracted services will be included in the fees and costs billed by Supplier.
  16. NO publicity; use of trademarks. Supplier shall not publicize or disclose the terms or existence of this Agreement, nor shall Supplier use or obtain any right or interest in the name(s), trademark(s), or tradename(s) of CCI. Upon CCI’s prior written approval, Supplier shall only use CCI’s marks, names, and logo in accordance with CCI’s usage guidelines. For the avoidance of doubt, Supplier shall not use CCI marks in any way that is in breach of applicable laws (e.g., in connection to any offensive content), nor will it portray CCI in any disparaging or negative way.
  17. Notices. All notices, permissions and approvals under this Agreement shall be in writing and shall be effective upon: (i) personal delivery; (ii) nationally (or internationally, if applicable) recognized overnight courier, with all fees prepaid; (iii) deposit with the relevant national postal service as certified mail, return receipt requested, postage prepaid; or (iv) electronically by email. Notices are deemed effective upon receipt or refusal of delivery. Notices of breach, termination or an indemnifiable claim may not be made by email. Notices to CCI shall be addressed to Consumer Cellular, Incorporated, Attn: General Counsel, 9363 E. Bahia Drive, Scottsdale, AZ 85260, with a copy to legal@consumercellular.com.
  18. Assignment. Supplier may not assign any of its rights or obligations under this Agreement, whether by operation of law or otherwise, without the prior written consent of CCI. Any attempted delegation or assignment by Supplier without such consent shall be void.
  19. Miscellaneous. The relationship of Supplier and CCI is that of independent contractor. Except as provided herein, no term or condition of this Agreement may be amended or deemed to be waived, except by a writing signed by both parties. This Agreement and each Purchase Order will be construed in accordance with the laws of the State of Arizona without regard to its principles of conflict of laws. The exclusive jurisdiction and venue of any action relating to this Agreement will be the state and/or federal courts located in Maricopa County and each of the parties hereto submits itself to the exclusive jurisdiction of such courts and waives any argument relating to the convenience of forum. The United Nations Conventions on Contracts for the International Sale of Goods is not applicable to this Agreement or any Purchase Order. The rights and remedies herein provided are in addition to those available to either party at law or in equity. Those provisions that by their nature are intended to survive termination or expiration of this Agreement or any Purchase Order shall survive.

Addendum A

DATA PROCESSING AGREEMENT

DATA PROCESSING Agreement

THIS DATA PROCESSING AGREEMENT (this “DPA”) is entered into as of the Effective Date of the Agreement by and between Supplier (“DATA PROCESSOR”), and Consumer Cellular, Incorporated (“CCI”)..

WHEREAS, DATA PROCESSOR wishes to provide CCI and CCI wishes to receive from DATA PROCESSOR certain (“Services”) as set forth in(the “Agreement”); and

WHEREAS, in order to provide the Services, DATA PROCESSOR has requested that CCI share (or make available to DATA PROCESSOR) certain “personal data” and/or “personal information” (“Personal Data”) as defined by and subject to applicable privacy and data protection laws (“Data Privacy Laws”) of its customers (“Customers”).

NOW, THEREFORE, for good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties hereby agree as follows:

  1. General. The term of this DPA shall commence on the Effective Date of the Agreement and expire upon completion of DATA PROCESSOR’S obligations set forth in the Agreement. CCI shall provide DATA PROCESSOR with Personal Data in connection with the Agreement, subject to the terms, covenants, obligations, agreements and provisions set forth below. The terms of this DPA will control over any conflicting terms and conditions contained in the Agreement. DATA PROCESSOR certifies that it understands and will comply with the requirements in this DPA relating to it as a “Data Processor” or “Service Provider” under applicable Data Privacy Laws.
  2. Permitted Purpose. DATA PROCESSOR shall use the Personal Data solely and exclusively for the limited purposes of providing the Services specified in the Agreement. DATA PROCESSOR shall not use or disclose the Personal Data for any other purpose, including, without limitation, using, retaining, marketing, selling, sharing, disclosing or combining with other Personal Data, the Personal Data or results of the Services provided pursuant to the Agreement. DATA PROCESSOR agrees that it is not authorized or permitted to use Personal Data collected or received in connection with the Agreement for, or in connection with, any other project; or for the purpose of creating or updating any panel, database, or list. Subject to reasonable notice, DATA PROCESSOR shall permit CCI to conduct a privacy and security audit of DATA PROCESSOR’S security program and systems and procedures that are applicable to the Agreement. In the event any Customer request is made directly to DATA PROCESSOR in connection with DATA PROCESSOR’S processing of Personal Data, DATA PROCESSOR will promptly inform CCI within five (5) business days of receipt of the request and provide details of the same. To the extent CCI does not have the ability to address directly a Customer’s request to exercise their rights under Data Privacy Laws, DATA PROCESSOR shall, upon CCI’s request, provider commercially reasonable assistance to CCI in resolving any such data subject rights request.
  3. Nondisclosure, Deletion, Erasure and Security Requirements.
    • DATA PROCESSOR will not disclose Personal Data to any third party and will use commercially reasonable efforts to keep the Personal Data as secure as its other confidential and/or protected customer information. DATA PROCESSOR shall implement and maintain administrative, technical, organizational and physical measures for ensuring the security, integrity and availability of the Personal Data being processed to protect the Personal Data against the loss, unavailability, destruction, theft, unauthorized access, use, modification, disclosure, or other processing. The security measures shall be appropriate to the nature and risk to Personal Data, and in any event shall not be less stringent than those prescribed under Data Privacy Laws. All Personal Data shall be encrypted when stored and in transit using secure encryption levels, with AES-256 or better for at rest, and TLS 1.2 or better in transit. DATA PROCESSOR shall maintain industry standard security certification, subject to regular independent third-party audits (e.g., ISO 27001 and SOC 2 Type II) and will provide copies of such audits to CII upon request. DATA PROCESSOR shall provide at least annual training and security awareness programs for its personnel who have access to Personal Data.
    • DATA PROCESSOR shall not disclose to or allow any third party, such as a subcontractor or sub-processor, to have access to, process or store Personal Data without CCI’s prior written consent (each a “Permitted Sub-processor”). In the event CCI provides consent, DATA PROCESSOR will ensure that any such third party has agreed in writing to protect the Personal Data in accordance with this DPA and Data Privacy Laws and requiring such third party to exercise the same degree of care in safeguarding and protecting the Personal Data as required hereunder and by Data Privacy Laws. DATA PROCESSOR shall remain liable for any breach of this DPA that is caused by an act, error or omission of such third parties. DATA PROCESSOR will provide CCI with at least ten (10) days’ notice of any proposed changes to the Permitted Sub-processors it uses to process Personal Data. CCI may object to DATA PROCESSOR’S use of a new sub-processor by providing DATA PROCESSOR with written notice of the objection within ten (10) days after DATA PROCESSOR has provided notice to CCI of such proposed change (an "Objection"). If CCI does not object to the engagement within the Objection period, consent regarding the engagement will be assumed. In the event CCI objects to DATA PROCESSOR’S use of a new sub-processor, CCI and DATA PROCESSOR will work together in good faith to find a mutually acceptable resolution to address such Objection. If the parties are unable to reach a mutually acceptable resolution within a reasonable timeframe, either party may, as its sole and exclusive remedy, terminate the portion of the Agreement relating to the Services affected by such change by providing written notice to the other Party. During any such Objection period, DATA PROCESSOR may suspend the affected portion of the Services.
    • Upon completion of the Agreement, DATA PROCESSOR will either return to CCI or securely and permanently destroy, delete, and/or erase all documents, records, and/or files, including, without limitation, all originals, copies, and derivative works, in hardcopy, electronic or other form or format, which contain, reference or incorporate Personal Data.
    • In the event of any reasonably suspected or confirmed breach of the security of DATA PROCESSOR’S or its Permitted Sub-processor’s systems, servers, networks, facilities, and/or infrastructure that impacts or affects Personal Data, or any unauthorized access to, or use and/or disclosure of, Personal Data while in DATA PROCESSOR’S or its Permitted Sub-processor’s possession (each a “Security Breach”), DATA PROCESSOR shall promptly notify CCI, but in no event later than twenty-four (24) hours, after DATA PROCESSOR or its Permitted Sub-processor first learns of or discovers the Security Breach. In the event of a Security Breach, DATA PROCESSOR will, in addition to other obligations imposed by Data Privacy Laws, this DPA and the Agreement (including, but not limited to CCI’s right to immediately terminate the Agreement), at its sole cost and expense: (i) use its best efforts to mitigate and remediate any harmful effect(s) of the Security Breach promptly; and (ii) fully cooperate with CCI in investigating the cause(s) of any Security Breach, including, without limitation, making sufficient resources and data available to CCI to assist in such investigation, and in providing notice to affected individuals and/or the appropriate legal and/or regulatory agencies, in each case as required by CCI and/or any Data Privacy Laws. DATA PROCESSOR agrees that CCI shall have the right, upon notice, to take reasonable and appropriate steps to stop and remediate unauthorized use of Personal Data. DATA PROCESSOR will be liable to CCI for any and all direct damages incurred by CCI in connection with any Security Breach to the extent such damages arise out of, resulting from, or caused by DATA PROCESSOR or its Permitted Sub-processors. DATA PROCESSOR will pay, or reimburse CCI, for all reasonable costs and expenses incurred by CCI resulting from a Security Breach, including, without limitation, all costs and expenses in connection with providing notice and credit monitoring and protection services to individuals affected by a Security Breach and the cost of any other legally required measures.
  4. Indemnity. Notwithstanding any limitations of liability contained in the Agreement, DATA PROCESSOR shall defend, indemnify, and hold harmless CCI, its parents, subsidiaries, and/or affiliates, and each of their respective members, managers, shareholders, directors, officers, employees and/or agents, from and against any and all claims, lawsuits, causes of action, demands, losses, liabilities, obligations, awards, fines, damages, judgments, penalties and/or costs and expenses of any kind (including, but not limited to, reasonable attorneys’ fees and court costs) arising out of, resulting from, or caused by, whether directly or indirectly, DATA PROCESSOR’S or its Permitted Sub-processor’s negligence, Security Breach, failure to comply with Data Privacy Laws or other violation of this DPA.
  5. Other Obligations. DATA PROCESSOR shall comply with all Data Privacy Laws and shall immediately notify CII in writing if it determines it can no longer meet its obligations under Data Privacy Laws. DATA PROCESSOR agrees that CII is entitled to take reasonable and appropriate steps to help ensure that DATA PROCESSOR uses the Personal Data in a manner consistent with the DATA PROCESSOR’S obligations under Data Privacy Laws. The parties agree that in the event of a change in Data Privacy Laws, the parties shall work together in good faith to address the legal requirements of the Data Privacy Laws in an expeditious manner. In the event the parties cannot agree on how to address the legal requirements of the Data Privacy Laws prior to the effective date of the change, CCI may terminate this DPA and the Agreement. DATA PROCESSOR will make available to CCI all information necessary to demonstrate DATA PROCESSOR’s compliance with its obligations hereunder and applicable Data Privacy Laws. DATA PROCESSOR certifies that it understands the restrictions set forth in this DPA and will comply with them.
  6. Equitable Relief. DATA PROCESSOR acknowledges and agrees that in the event of any breach of this DPA, CCI would be irreparably and immediately harmed and could not be made whole by monetary damages. Accordingly, it is agreed that, in addition to any other remedy to which it may be entitled at law or in equity CCI will be entitled, in addition to any and all other rights and remedies at law and/or in equity, to specific performance and injunctive relief (both temporary and permanent) without the posting of a bond and without objection from DATA PROCESSOR.
  7. Miscellaneous. This DPA shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to the conflict of law principles thereof, notwithstanding the actual residence of the parties. This DPA shall be binding upon, inure to the benefit of, and be enforceable by either party hereto and any permitted successors and assigns. The terms of this DPA shall be independent of, and unless agreed in writing, this DPA shall survive the execution of any further documents or agreements between the parties. This DPA may not be assigned by DATA PROCESSOR, whether by operation of law or otherwise, without the prior written consent CCI which may be withheld in its sole discretion. If any one or more provisions contained in this DPA shall for any reason be held to be invalid, illegal, or unenforceable in any respect, such invalidity, illegality, or unenforceability shall not affect any other provisions thereof, and this DPA shall be construed as if the invalid, illegal, or unenforceable provision had never been contained herein.