Legal Notices

Satcom Direct Privacy Policy
Effective: April 2024

Privacy Policy Applicability

This Privacy Policy is applicable to Satcom Direct, Inc., Satcom Direct Government, Inc., Satcom Direct International, Ltd., ndtHost, LLC d/b/a SD Data Center, and their respective subsidiaries and affiliates (collectively “SD”, “we”, “us”, or “our”). We operate www.satcomdirect.com; www.gosatcom.com; ps.satcomdirect.com; and www.sddatacenter.com (the “Websites”). This Privacy Policy is intended to inform you of our policies and practices regarding the collection, use, and disclosure of information through these Websites and the provision of our products and services (collectively with the Websites, the “Services”).

This Privacy Policy is subject to any agreements that govern your use of the Services, such as the SD Terms and Conditions for Use and Sale of Service & Equipment or SD Data Center Master Services Agreement. This Privacy Policy applies regardless of the means used to access or provide information through the Services.

Our Privacy Commitment

We understand that privacy is important to you and we value your trust. We are committed to preserving the privacy and confidentiality of your Personal Information, Account Information, and Anonymous Information (each defined below in the section, Definitions). In keeping with that commitment, we have developed this Privacy Policy to explain to you how we collect, use, and disclose such information, as well as describes the choices and rights you may have in relation to our collection, use, and disclosure of your Personal Information.

Definitions

“Account Information” means Personal Information that we may collect during registration for a Service that we provide or the purchase of a product, including names, e-mail addresses, e-mail preferences, account passwords, mailing addresses, and billing addresses. In cases where service subscriptions relate to maritime or aero usage, we will also request information about the vessel or aircraft, including the name, call sign, country of registry, type and IMSI of the vessel or aircraft; and, registration number, country of registry, manufacturer, model and fuselage/airframe number of the aircraft.

“Anonymous Information” means information that we do not link to Personal Information and does not enable contact with any identifiable person.

“Data Protection Laws” means laws relating to data protection, privacy, and/or information security, including all such laws governing use of Personal Information.

“Personal Information” is any information relating to an identified or identifiable individual, such as your name, address, email address, telephone number, job title, job industry, company/organization name, and any other information you voluntarily provide or any other non-public information that we associate with your contact information and that can identify you as an individual.

User Acknowledgements

By using our Services, you acknowledge that you have read and understand this Privacy Policy.

SD provides the Services principally from the United States, but may also provide the Services in other jurisdictions, as necessary. Be advised that, through your use of our Services, which are governed by United States law and applicable Data Protection Laws of other jurisdictions, this Privacy Policy, and our Terms and Conditions, you are transferring your Personal Information to the United States (or other jurisdictions as necessary for us to provide the Services), and you consent to that transfer.

Additionally, you acknowledge by your use of our Services that you understand your Personal Information may be processed in countries (including the United States) where Data Protection Laws may be different or less stringent than in your home jurisdiction.

Finally, you acknowledge that your Personal Information may become accessible as permitted by law in the United States, including to law enforcement and/or national security authorities.

Personal Information You Provide to Us

We collect Personal Information when you, or others on your behalf, provide it to us. For example, when you register for a Service we provide, we collect Account Information. In addition, depending on the Services used, we may collect flying preference information, including the type of plane on which SD products or Services are provided, and passenger-specific details, including departure and arrival locations, dietary preferences, and governmental-issued identification numbers, such as passport numbers.

When you contact us to inquire about certain products or Services, you must provide your certain Personal Information, including your name, email address, phone number, and other information necessary for us to respond to your inquiry. Likewise, when you leave us feedback, we collect any information that is contained in your feedback. When you contact us by sending us an e-mail, fax, or letter, we will collect your address, fax number, or e-mail address and any Personal Information contained in the e-mail, fax, or letter you send us.

Personal Information Collected via Technology

We use tools that passively collect certain information when you access our Website. These tools include Cookies and web beacons, and they allow us, our service providers, and other third parties to identify your device, track your interactions with other websites, and track activity over time and across websites by storing information locally on your device.

For example, Cookies store a small text file on your computer or device that tracks certain information about you and your activities on our Websites. We use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer or device until you delete them). If you register for a Service provided by us, we may include web beacons with the content and ads that we deliver to you as a part of that service, which we use to collect information regarding your interaction with such content and ads.

The information that these tools collect include your internet protocol address, unique device identification information, regional and language settings, browser type, and operating system, the network used to access our Website, and information about your use of our Website (such as how you navigate and move around the Website). Depending on applicable Data Protection Laws, this information may be considered Personal Information.

Personal Information from Other Sources

We may receive Personal Information about you from other third-party sources, including our service providers, analytics providers (including Google Analytics), and our business partners. Such information may include demographic information, itinerary details, dietary preferences, browsing preferences, language preferences, and other personal preferences. We may associate this information with the other Personal Information we have collected about you.

SD is engaged on social media platforms, and you may voluntarily choose to access these platforms, interact with us, or otherwise follow our activities online. We will only collect the information that you voluntarily provide to us or otherwise publicly post through these platforms. Such information may include names, online identifiers, email addresses, contact information, company affiliation, and feedback. Please do not post any sensitive Personal Information, or other information that is considered private, on our publicly available social media platforms, and keep in mind that you are separately subject to each social media platform’s own privacy policy and terms of use. Some of our social media platforms use cookie data and automated tracking tools in accordance with this Privacy Policy.

Legal Bases for Processing Personal Information

To the extent applicable under Data Protection Laws, we process Personal Information for, or based on, one or more of the following legal bases:

Performance of a Contract. We may use Personal Information to enter into, or perform under, an agreement between us, including: to complete a purchase; process payment; ship or provide goods or Services; and provide customer support.

Legitimate Interests. We may use Personal Information for our legitimate interests to the extent it does not infringe on any data subject’s fundamental rights and freedoms, including: improve our Services; providing information about our products and/or Services; to the extent necessary and proportionate for the purposes of ensuring network and information security; and for administrative, fraud detection, and legal compliance purposes.

Compliance with Legal Obligations and Protection of Individuals. We may use Personal Information to comply with the law and our legal obligations, as well as to protect you and other individuals from certain harms.

Your Consent. From time to time, and as required by applicable Data Protection Laws, we may seek your consent to collect and process your Personal Information, as well as communicate with you to provide information that may be useful or interesting.

How We Use Information That We Collect From You

SD uses Account Information and Personal Information for a variety of purposes, such as:

To deliver products and Service to our customers;
To establish and maintain customer relationships, including keeping records of the relationship designed to facilitate timely and accurate invoicing and to administer our billing and accounting systems;
To answer billing, account, or technical inquiries from our customers;
To activate, de-activate, suspend, un-suspend, bar, or un-bar your satellite terminal;
To establish and maintain supplier relationships to support the acquisition of communications products and services required for the delivery and provision of SD’s products and Services;
To measure and improve the effectiveness of our products, Services, and marketing efforts;
To communicate with our customers about additional SD products and Services that may be of interest to them or to send other special interest customer communications;
To provide you with accurate and high quality customer service, including responding to customer inquiries and troubleshooting technical issues;
To research and develop new products, services, or programs to better serve the needs of our customers;
To endeavor to protect our business partners’ rights, property, or safety, and the rights, property, and safety of our customers, users, and other third parties; and

To meet legal and regulatory requirements.

We may also use your Personal Information to create Anonymous Information by removing information that makes the information personally identifiable to you (such as your name or email address). We may use these records, and other Anonymous Information, to analyze usage patterns in order to enhance our Services and tailor them to your preferences.

How We Disclose Your Personal Information to Third Parties

We do not sell Personal Information or Anonymous Information, and it is SD’s policy not to share Personal Information outside of SD except as provided herein.

In order to effectively and efficiently continue operations, Personal Information that you provide to a SD affiliate is shared amongst the other companies within the SD family, including Satcom Direct, Inc., Satcom Direct Communications, Inc., Satcom Direct Avionics, ULC, Satcom Direct International, Ltd., and COMSAT, Inc. and other regional affiliates.

We share Personal Information with third parties to assist us in providing Services or products, or for other business purposes provided that disclosure is made on a confidential basis. Such third parties and purposes include:

Agents acting on behalf of SD, such as our authorized SD dealers or distributors, or companies hired to perform installation, maintenance, warranty work, or billing functions;
To third parties to whom you ask us to send Personal Information;
A person who, in the reasonable judgment of SD, is acting as an agent of a customer;
Other communications service providers or commissioning entities in order to provide efficient and effective communication services (e.g., to terminate a satellite call on a terrestrial line or to activate, de-activate, suspend, un-suspend, bar, or un-bar service on your satellite terminal);
Companies providing services to your aircraft’s satellite communication system, including the manufacturer, installation and repair centers, and trip planners;
Delivery companies in order to deliver our products or Services to our customers;
Information technology or other professional consultants and service providers in order to improve our Services, systems, and processes;
Other companies and professional advisors in conjunction with an amalgamation or sale of corporate assets or interests; and
To our parent company, subsidiaries, affiliates, or joint ventures;
As may otherwise be required by local and foreign law.

We will use reasonable efforts, using contractual or—where applicable—other arrangements, to ensure that third parties use Personal Information in a manner that is consistent with this policy. Should a customer not wish us to disclose Personal Information to third parties, we may be unable to process an application or transaction, communicate with you about products or Services that may be of interest, or provide other benefits or Services.

As well, there are special circumstances where we may disclose your Personal Information without prior consent or notice. These situations include: (1) where information is forwarded to a collection agency for the collection of past due bills; (2) where it would be reasonably in the best interest of an individual but where consent cannot be obtained in a timely manner; (3) where the life, health, or security of an individual is threatened or otherwise at risk; (4) where the purpose is related to the detection or prevention of fraud or for law enforcement; (5) where disclosure is to our legal counsel or other advisors; or (6) as may otherwise be required or permitted by law.

Third Party Content and Ads

If you register for a Service that we provide, we may enable certain third parties to deliver content and ads on our Website. These third parties may collect (via tracking technologies like cookies or web beacons as described in the section, Personal Information Collected via Technology) and use information regarding your interaction with the content or ads that they deliver and with which you interact.

Law Enforcement Compliance

If you have registered for a Service that we provide, we may be required by law, or by law enforcement officers acting under the color of law, to record some or all communications on or through that Service. In addition, we may disclose Personal Information (including Account Information and Anonymous Information) and communications through that Service if required by law or by law enforcement officers acting under the color of law, or if we believe in good faith that such disclosure is necessary to: (a) comply with relevant laws or to respond to subpoenas or warrants served on us; or (b) to protect or defend the rights, property, or safety of SD, you, other users, or third parties (especially in emergency situations).

Your Choices Regarding Your Personal Information

When you receive promotional communications from us, you may indicate a preference to stop receiving further promotional communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the promotional e-mail you receive or by contacting us directly (please see contact information below).

Despite your indicated e-mail preferences, if you have an Account, we may send administrative e-mails regarding your service, including, for example, purchase confirmation, account creation confirmation, and notices of updates to our Terms and Conditions or Privacy Policy.

Your Rights Regarding Personal Information

You have a variety of legal rights regarding the collection and processing of your Personal Information. You may exercise these rights, to the extent they apply to you under applicable Data Protection Laws, by contacting us as provided in the section, Contact Us.

You may request deletion of your Account Information or Personal Information by us, but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete Personal Information, we will delete it from our active databases but the information may remain in our archives or disaster recovery systems.

Note, however, that we may request certain reasonable, additional information (that may include Personal Information) to help us authenticate your request and/or to clarify or understand the scope of such requests.

These rights vary depending on applicable Data Protection Law, but may include:

The right to know whether, and for what purposes, we process Personal Information about you;
The right to be informed about the Personal Information we collect and/or process about you;
The right to learn the source of Personal Information about you that we process, and whether we obtain that Personal Information from a source other than you.
The right to access, modify, and correct Personal Information about you (as set forth in more detail below under the section, Accessing, Modifying, Rectifying, and Correcting Collected Personal Information).
The right to know with whom we have shared Personal Information about you, for what purpose, and what Personal Information has been shared (including whether Personal Information was disclosed to third parties for their own direct marketing purposes);
Where processing of Personal Information about you is based on consent, the right to withdraw your consent to such processing; and
The right to lodge a complaint with a supervisory authority located in the jurisdiction of your habitual residence, place of work, or where an alleged violation of law occurred.

For additional information about specific legal rights, please reference the following sections: Your California Privacy Rights, Your European Union Privacy Rights, and Your Canadian Privacy Rights.

Accessing, Modifying, Rectifying, and Correcting Collected Personal Information

We strive to maintain the accuracy of any Personal Information collected from you, and will use commercially reasonable efforts to respond promptly to update our records when you tell us your information is not accurate. However, we must rely on you to ensure that the information you provide to us is complete, accurate, and up-to-date, and to inform us of any changes. Please review all of your information carefully before submitting it to us, and notify us as soon as possible of any updates or corrections as outlined in the section, Contact Us.

In accordance with applicable Data Protection Laws, you may obtain from us certain Personal Information in our records. If you wish to access, review, or make any changes to Personal Information we hold about you, you may contact us as provided below in the section, Contact Us, or—for certain information—through your account on the Services. Please note, however, that we reserve the right to deny access as permitted or required by applicable Data Protection Laws.

Your California Privacy Rights

California Civil Code Section 1798.83, known as the “Shine the Light” law, permits our users who are California residents to request and obtain from us a list of what Personal Information (if any) we have disclosed to third parties for their own direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once per year per person, must be sent to the email address in the section, Contact Us, and are free of charge.

Notwithstanding this right, we do not disclose Personal Information to third parties for their own direct marketing purposes.

Your European Union Privacy Rights

In addition to the above-listed rights, European Union privacy law provides individuals with enhanced rights with respect to their Personal Information. Depending on the circumstances surrounding the processing of Personal Information, these rights may include:

- The right to object to decisions based on profiling or automated decision-making that produce legal or similarly significant effects on you;
- The right to request restriction of processing of Personal Information or object to processing of Personal Information carried out pursuant to (i) a legitimate interest or (ii) performance of a task in the public interest (including, but not limited to, processing for direct marketing purposes);
- In certain circumstances, the right to data portability (which means that you can request that we provide certain Personal Information we hold about you in a machine-readable format); and
- In certain circumstances, the right to erasure and/or the right to be forgotten (which means that you can request deletion or removal of certain Personal Information we process about you).

Please note that we may need to request additional information from you to validate your request.

Your Canadian Privacy Rights

Residents of Canada can request and obtain from us information relating to the existence, use, and disclosure of their Personal Information, as well as access to that information (subject to certain exceptions pursuant to applicable Data Protection Laws). Without limiting the above, residents of Canada will, upon request:

- Be informed of whether we hold Personal Information about you;
- Be provided with an account of third parties to which we have disclosed your Personal Information;
- Be able to challenge the accuracy and completeness of your Personal Information and have it amended as appropriate; and
- Be provided with information about our policies and practices with respect to the management of Personal Information, including: the name, title, and address of the person who is accountable for our privacy policies and practices; the means of gaining access to Personal Information; a description of the type of Personal Information held by us, including a general account of its use; a copy of any brochures or other information that explain our policies, standards, or codes; and what Personal Information is made available to related organizations.

Regarding Children

Children under the age of 18 are not permitted to use our Websites, and we do not knowingly gather Personal Information from people who are under the age of 18. By using the Services, you represent that you are 18 years of age or older, or are 16 years of age or older and have valid parental consent to do so.

Other Websites

Our provision of links to other websites or locations is for your convenience and does not signify our endorsement of such other websites or locations or their contents. We have no control over, do not review, and cannot be responsible for these outside websites or their content. Please be aware that the terms of our Privacy Policy do not apply to these outside websites.

Our Commitment to Maintaining Your Privacy

We employ reasonable physical, technical, and organizational measures designed to safeguard the confidentiality, integrity, availability, and resilience of your Personal Information, whether stored electronically or in paper format. Information is maintained in secure facilities, protected from unauthorized access, and retained only as long as is reasonably required. Electronic files are backed up for redundancy and password-protected to ensure access only by authorized employees. We encrypt Personal Information where we deem appropriate, and we periodically test, assess, and evaluate the effectiveness of our safeguards.

No method of safeguarding information, however, is completely secure. While we use measures designed to protect Personal Information, we cannot guarantee that our safeguards will be unconditionally effective or sufficient. In addition, you should be aware that internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing our Services is or will be completely secure.

Retention of Your Personal Information

Unless otherwise required by law or to the extent we reasonably deem necessary to protect our rights, property, or safety, and the rights, property, and safety of our users, we will delete Personal Information when: (1) it is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (2) when you withdraw your consent (where lawfulness of processing was based on your consent) and there is no other legal ground for the processing; (3) when you object to the processing and there are no overriding legitimate grounds for the processing; and (4) when it is necessary to comply with legal obligations.

Do Not Track

We use analytics systems and providers that process Personal Information about your online activities over time and across third-party websites or online services, and these systems and providers may provide some of this information to us. We do not currently process or comply with any web browser’s “do not track” signal or similar mechanisms.

Contact Us

Should you have any questions, concerns, or complaints about this Privacy Policy, our practices, or any choices or rights you choose to exercise, please contact:

Satcom Direct, Inc.

Legal Department

1050 Satcom Lane

Melbourne, FL 32940, USA

E-mail: [email protected]

We will respond to your request or investigate your concern as quickly as possible.

Changes to This Privacy Policy

This Privacy Policy replaces all previous disclosures we may have provided to you about our information practices with respect to our Services. To accommodate changes in our business, products, services, technology, and legal developments, we may add, change, or remove portions of this Privacy Policy as we feel it is appropriate to do so. Updated notices and disclosures will be posted to our Website. Please refer to the date on the policy and check back for updates.

Date of Last Revision: July 1, 2014

Conditions of Use

Welcome to the SD Data Center Website. By using the SD Data Center Web site YOU AGREE TO BE BOUND BY ITS TERMS OF USE (explained below), LEGAL NOTICES, PRIVACY POLICY and all disclaimers and terms and conditions that appear elsewhere on the SD Data Center Website.

References to SD Data Center herein refer to SD Data Center, or their affiliates, subsidiaries and designee’s as deemed appropriate by SD Data Center.

SD Data Center reserves the right to make changes to the SD Data Center Web site and its Terms of Use and Legal Notices at any time. Each time you use the SD Data Center Website, you should visit and review the then current Terms of Use, Legal Notices and Privacy Policy that apply to your transactions and use of this site. If you are dissatisfied with the SD Data Center Website, its content or Terms of Use and Legal Notices, you agree that your sole and exclusive remedy is to discontinue using the SD Data Center Website.

Tampering with the site, misrepresenting the identity of a user or SD Data Center itself or conducting fraudulent activities on the site are prohibited.

Disclaimers and Limitation of Liability

By using the SD Data Center Website, you expressly agree that use of the SD Data Center Website is at your sole risk. The SD Data Center Website is provided on an “AS IS” and “as available” basis. Neither SD Data Center nor its affiliates, subsidiaries or designee’s nor each of their respective officers, directors, employees, agents, third-party content providers, designers, contractors, distributors, merchants, sponsors, licensors or the like (collectively, “Associates”) warrant that use of the SD Data Center Website will be uninterrupted or error-free. Neither SD Data Center nor its Associates warrant the accuracy, integrity or completeness of the content provided on the SD Data Center Website or the products or services offered for sale on the SD Data Center Website. Further, SD Data Center makes no representation that content provided on the SD Data Center Website is applicable to, or appropriate for use in, locations outside of the United States. SD Data Center and its Associates specifically disclaim all warranties, whether expressed or implied, including but not limited to warranties of title, merchantability or fitness for a particular purpose. No oral advice or written information given by SD Data Center or its Associates shall create a warranty. Some states do not allow the exclusion or limitation of certain warranties, so the above limitation or exclusion may not apply to you.

Under no circumstances shall SD Data Center or its Associates be liable for any direct, indirect, incidental, special or consequential damages that result from your use of or inability to use the SD Data Center Website, including but not limited to reliance by you on any information obtained from the SD Data Center Website that results in mistakes, omissions, interruptions, deletion or corruption of files, viruses, delays in operation or transmission, or any failure of performance. The foregoing Limitation of Liability shall apply in any action, whether in contract, tort or any other claim, even if an authorized representative of SD Data Center has been advised of or should have knowledge of the possibility of such damages. User hereby acknowledges that this paragraph shall apply to all content, products and services available through the SD Data Center Website. Some states do not allow the exclusion or limitation of incidental or consequential damages, so the above limitation or exclusion may not apply to you.

Errors on Our Site

Prices and availability of products and services are subject to change without notice. Errors will be corrected where discovered, and SD Data Center reserves the right to revoke any stated offer and to correct any errors, inaccuracies or omissions including after an order has been submitted and whether or not the order has been confirmed.

Termination of Use

SD Data Center may, in its sole discretion, terminate your account or your use of the SD Data Center Web site at any time. You are personally liable for any orders that you place or charges that you incur prior to termination. SD Data Center reserves the right to change, suspend or discontinue all or any aspects of the SD Data Center Website at any time without prior notice.

SD Data Center provides links only as a convenience to you, and the inclusion of any link does not imply endorsement by SD Data Center of the site or the information contained therein.

Master Services Agreement

ndtHOST, LLC dba SD Data Center

This Master Services Agreement (the “MSA”), between ndtHOST, LLC, a Florida limited liability company d/b/a SD Data

Center (“SD Data Center”) and the Customer as defined in the Quote, is effective as of the earlier of: i) the date it is

fully-executed by both parties, or ii) the date that Customer first accepts any SD Data Center services provided under

the MSA’s terms.

1. Description

1.1 General. This MSA sets forth the terms and conditions of SD Data Center’s delivery and Customer’s receipt of

Services provided by SD Data Center. Quotes for specific goods or services are generated by an automated system

based on Customer input. Quotes prepared by SD Data Center describe the specific goods or Services to be provided,

term and price and, when accepted by Customer, constitute acceptance of SD Data Center’s offer to form a binding

contract for such Services. The terms and conditions of this MSA, the SD Data Center Acceptable Use Policy (“AUP”),

the elements of the SD Data Center Service Level Agreement (“SLA”) specific to the services ordered by Customer

and, where necessary and appropriate, any Business Associate Agreement (“BAA”) are expressly incorporated by

reference into each, such that acceptance of the Quote constitutes acceptance of all such terms, which collectively

shall be the Contract. Any terms set forth in this MSA which apply specifically to a scope of work not ordered by

Customer on a Quote will not apply to Customer.

1.2 Definitions. Capitalized terms used and not elsewhere defined have the following meanings:

“Acceptable Use Policy (AUP)” means the SD Data Center Acceptable Use Policy governing Customer’s use of

Services, including, but not limited to, online conduct, and the obligations of Customer and its Representatives in

the SD Data Center.

“Cause” means (i) violation of any provision of the AUP by Customer; or (ii) the failure of a party to perform a material

obligation under the Agreement, which failure is not remedied: (a) for payment defaults by Customer, within five (5)

days of separate written notice from SD Data Center of such default; or (b) the other party becomes the subject of

a voluntary or involuntary petition in bankruptcy or any voluntary or involuntary proceeding relating to insolvency,

receivership, liquidation, or composition for the benefit of creditors, if such petition or proceeding is not dismissed

within sixty (60) days of filing; or (c) for any other material breach, within thirty (30) days after written notice.

“Customer Technology” means Customer’s proprietary technology, including Customer’s Internet operations design,

content, software tools, hardware designs, algorithms, software (in source and object forms), user interface designs,

architecture, class libraries, objects and documentation (both printed and electronic), know-how, trade secrets and

any related intellectual property rights throughout the world (whether owned by Customer or licensed to Customer

from a third party.

“SD Data Center(s) ” means any of the facilities used by SD Data Center to provide the Services.

“SD Data Center Technology” means SD Data Center’s proprietary technology, including SD Data Center Services,

software tools, hardware designs, algorithms, software (in source and object forms), user interface designs,

architecture, class libraries, objects and documentation (both printed and electronic), network designs, know-how,

trade secrets and any related intellectual property rights throughout the world (whether owned by SD Data Center

or licensed to SD Data Center from a third party) and also including any derivatives, improvements, enhancements

or extensions of SD Data Center Technology conceived, reduced to practice, or developed during the term of this

MSA by either party that are not uniquely applicable to Customer or that have general applicability in the art.

“Notice of Services Activation” means the written notice delivered by SD Data Center to Customer indicating the

Services Activation Date.

“Quote(s)” means any of the forms specifying the Services and prices of Services, to be provided by SD Data Center

to Customer, which, when approved by Customer and accepted by SD Data Center completes the contract for

Services as described on the Quote(s).

“Authorized Representative Form” means the list that contains the names and contact information of Customer and

individuals authorized by Customer to enter the SD Data Center, as delivered by Customer to SD Data Center and

amended in writing from time to time by Customer.

“Representatives” mean the individuals identified in writing on the Authorized Representative Form and authorized

by Customer to enter the SD Data Center.

“Services” means the specific scope of work to be provided by SD Data Center as described on the Quote(s).

2. Agreement and Services Term

This MSA shall remain in effect until terminated according to Section 7, or as otherwise allowed by its terms.

3. Delivery of Services

3.1 General. Upon accepting a Quote, Customer agrees to receive and pay for, and SD Data Center agrees to provide,

the Services specified on the Quote during the term specified.

3.2 Additional Work. Upon written request from Customer, SD Data Center may, but is not obligated to, perform

additional work for Customer not included within the scope of Services. Additional Work could include, as an

example, remote hands support for a temporary period. SD Data Center shall notify Customer of fees for any

Additional Work prior to providing such Services. Customer agrees to pay SD Data Center the fees charged by SD

Data Center for Additional Work.

4. Payments and Fees

4.1 Fees and Expenses. Customer will pay all fees and expenses due according to the prices and terms listed in the Quote(s). The prices for Services listed in the Quote(s) will remain in effect during the term indicated in the Quote(s), except that SD Data Center may increase pricing for power, consumption services, and vendor provided services at any time upon notice for the Customer. Additionally, SD Data Center may assess Customer for utility provider or government special assessments at any time upon notice to Customer.

4.2 Credit Approval. Provision of Services is subject to SD Data Center’s credit approval of Customer. SD Data Center

may require Customer to provide a deposit or other security. Additionally, during the Term, if the Customer’s

financial circumstances or payment history becomes unacceptable to SD Data Center, SD Data Center may require

adequate assurance of future payment as a condition of continuing SD Data Center’s provision of Services.

Customer’s failure to provide adequate assurances required by SD Data Center is a material breach of the MSA and

shall be grounds for immediate termination of this MSA and all executory Quote(s) but shall not otherwise affect

Customer’s obligation to pay for all services rendered up to the date of termination. Customer hereby agrees that

SD Data Center may provide Customer’s payment history or other billing/charge information to credit reporting

agencies or industry clearinghouses within SD Data Center’s sole discretion and without additional notice to

Customer.

4.3 Payment Terms. On the Services Activation Date for each Services, Customer will be billed an amount equal to

all non-recurring charges indicated in the Quote(s) and the monthly recurring charges for the first month of the term.

Monthly recurring charges for all other months will be billed in advance of the provision of Services. All other charges

for Services received and expenses incurred during a month (e.g., time and materials billing fees, travel expenses,

etc.) will be billed at the end of the month in which the Services were provided. Payment for all fees and expenses

is due upon receipt of each SD Data Center invoice. All payments will be made in the United States in U.S. dollars.

Customer agrees to pay the rates and other charges within 30 days of receipt of SD Data Center’s invoice.

4.4 Late Payments. Any payment not received within thirty (30) days of the due date will accrue interest at a rate of

one- and one-half percent (1.5%) per month, or the highest rate allowed by applicable law, whichever is lower. If

Customer is delinquent in its payments, SD Data Center may in its sole discretion and in addition to any other

remedies it may have, upon written notice to Customer, modify the payment terms to require full payment before

the provision of all Services or require other assurances to secure Customer’s payment obligations under this MSA.

4.5 Taxes. All fees charged by SD Data Center for Services are exclusive of all taxes and similar fees now in force or

enacted in the future imposed on the transaction or the delivery of Services, all of which Customer will be responsible

for and will pay in full.

5. Confidential Information and Intellectual Property

5.1 Confidential Information

5.1.1 Nondisclosure of Confidential Information. Each party acknowledges that it will have access to certain

confidential information of the other party concerning the other party’s business, plans, customers, technology, and

products, and other information held in confidence by the other party (“Confidential Information”). Confidential

Information will include all information in tangible or intangible form that is marked or designated as confidential or

that, under the circumstances of its disclosure, should be considered confidential. Confidential Information will also

include, but not be limited to, SD Data Center Technology, Customer Technology, and the terms and conditions of

this MSA and all documents incorporated by reference into this MSA. Each party agrees that it will not use in any

way, for its own account or the account of any third party, except as expressly permitted by, or required to achieve

the purposes of, this MSA, nor disclose to any third party (except as required by law or to that party’s attorneys,

accountants and other advisors as reasonably necessary), any of the other party’s Confidential Information. Each

party also agrees that it will take reasonable precautions to protect the confidentiality of the other party’s

Confidential Information, at least as stringent as it takes to protect its own Confidential Information and in no case

less than a reasonable degree of care.

5.1.2 Exceptions. Information will not be deemed Confidential Information under this MSA if such information: (i)is

known to the receiving party prior to receipt from the disclosing party directly or indirectly from a source other than

one having an obligation of confidentiality to the disclosing party; (ii)becomes known (independently of disclosure

by the disclosing party) to the receiving party directly or indirectly from a source other than one having an obligation

of confidentiality to the disclosing party; (iii)becomes publicly known or otherwise ceases to be secret or confidential,

except through a breach of this MSA by the receiving party; or (iv)is independently developed by the receiving party.

The receiving party may disclose Confidential Information pursuant to the requirements of a governmental agency

or by operation of law, provided that it gives the disclosing party reasonable prior written notice sufficient to permit

the disclosing party to contest such disclosure to the extent allowed by such governmental agency or law.

5.1.3 Survival. The terms of this section 5.1 shall survive the termination of this MSA and any Quote(s) for a period

of three years from the later of the last provision Services by SD Data Center or payment therefore by Customer.

5.2 Intellectual Property

5.2.1 Property Ownership. Except for the rights expressly granted in this MSA, this MSA does not transfer from SD

Data Center to Customer any SD Data Center Technology, and all right, title and interest in and to SD Data Center

Technology will remain solely with SD Data Center. Except for the rights expressly granted in this MSA, this MSA does

not transfer from Customer to SD Data Center any Customer Technology, and all right, title and interest in and to

Customer Technology will remain solely with Customer. SD Data Center and Customer each agrees that it will not,

directly or indirectly, reverse engineer, decompile, disassemble or otherwise attempt to derive source code or other

trade secrets from the other party.

5.2.2 Knowledge. Notwithstanding anything to the contrary in this MSA, neither party is prohibited from utilizing any

skills or knowledge of a general nature acquired during the course of providing the Services, including, without

limitation, information publicly known or available or that could reasonably be acquired without breaching an

obligation of confidentiality in similar business relationships.

5.3. Survival. The terms of this section 5 shall survive the termination of this MSA and any Quote(s) for a period of

three years from the later of the last provision Services by SD Data Center or payment therefore by Customer.

6. Warranties, Representations, and Obligations

6.1 SD Data Center Warranties and Representations

6.1.1 General

6.1.1.1 Performance and Authority. SD Data Center represents and warrants that (i) it has the legal right and

authority to enter into this MSA and perform its obligations under this MSA, and (ii) the performance of its

obligations and delivery of the Services to Customer will not violate any applicable U.S. laws or regulations or cause

a breach of any agreements with any third parties. In the event of a breach of the warranties set forth in this section

paragraph, Customer’s sole remedy is termination pursuant to Section 7.

6.1.2 Service Warranties

6.1.2.1 Service Level Warranty. SD Data Center warrants that it will provide each Service at or above the service

levels defined in the applicable Quote, subject only to exceptions set forth in applicable Service Level Agreements,

if any.

6.1.2.2 Remedies. In the event that SD Data Center fails to provide Services at the level detailed in the Service Level

Agreement, Customer’s only remedies are those set forth in the SLAs applicable to that specific Service. In order to

receive any of the detailed remedies, Customer must notify SD Data Center in accordance with the terms and

conditions as outlined in SD Data Center’s Service Level Agreement. The aggregate maximum remedy for all failures

to provide Services at the level required by particular SLAs that occur in a single calendar month shall not exceed the

maximum set forth in such SLAs or total billings for that month whichever is less.

6.1.3 Service Performance Warranty

6.1.3.1 No Other Warranty. Except for the express warranties set forth in Section 6, the Services are provided on an

“as is” basis, and Customer’s use of the Services is at its own risk. SD Data Center does not make, and hereby

disclaims, any and all other express or implied warranties, including, but not limited to, warranties of

merchantability, no infringement and title, and any warranties arising from a course of dealing, usage, or practice.

SD Data Center does not warrant that the Services will be entirely uninterrupted, error-free, and/or secure.

6.1.3.3 Disclaimer of Liability for Actions of Third Parties. SD Data Center does not and cannot control the flow of

data to and from SD Data Center’s network or the Internet. Such flow depends in large part on the performance of

Internet services provided or controlled by third parties or on features of the Internet beyond any person’s control.

At times, actions or inactions of third parties can impair or disrupt customer’s connections to the Internet (or

portions thereof). SD Data Center will use commercially reasonable efforts to take all actions it deems appropriate

to remedy and avoid such events. Except to the extent of a Service Level Agreement, SD Data Center does not

warrant or represent that service disruptions or delays will not occur. SD Data Center disclaims all liability resulting

from or related to such events to the extent caused by third-parties.

6.2 Customer Warranties, Representations, and Obligations

6.2.1 Performance and Authority. Customer represents and warrants that (i) it has the legal right and authority to

enter into this MSA and perform its obligations under this MSA, and (ii) the performance of its obligations and use

of the Services (by Customer, its customers and users) will not violate any applicable laws, regulations or SD Data

Center’s Acceptable Use Policy (the “AUP”) or cause a breach of any agreements with any third parties or

unreasonably interfere with other SD Data Center customers’ use of SD Data Center Services.

6.2.2 Breach of Warranties. In the event of any breach of any of the aforementioned or subsequent warranties, in

addition to any other remedies available at law or in equity, SD Data Center will have the right, in its sole reasonable

discretion, to suspend immediately any related Services if deemed reasonably necessary by SD Data Center to

prevent any harm to SD Data Center and its business. SD Data Center may, in its discretion, provide notice and

opportunity to cure if practicable depending on the nature of the breach. Once such breach is cured and upon

reasonable assurances that Customer has taken sufficient measures to prevent recurrence, SD Data Center may, in

its discretion, restore the Services.

6.2.3 Compliance. Customer agrees that it will use the Services only for lawful purposes and in accordance with this

MSA. Customer will comply at all times with all applicable laws and regulations and the AUP, as updated by SD Data

Center from time to time. SD Data Center may change the AUP upon reasonable notice to Customer, and in any

event upon fifteen (15) days’ notice. Customer agrees that it has received, read, and will comply with the AUP.

Customer acknowledges that SD Data Center exercises no control over content passing through Customer’s data

networks or sites. Customer is solely responsible of for ensuring compliance with the AUP.

6.2.4 Data Center Access. Except with the advanced written consent of SD Data Center, Customer’s access to the SD

Data Center(s) will be limited to Authorized Representatives identified to SD Data Center in writing on an Authorized

Representative Form. Customer may designate up to three persons as Authorized Representatives, and more than

three if necessary to fulfil Customer’s obligations to SD Data Center. Authorized Representatives may access the SD

Data Center(s) once SD Data Center issues an appropriate access badge or when accompanied by an authorized SD

Data Center representative. SD Data Center reserves the right to deny any person access to the SD Data Center in its

sole discretion. Customer shall indemnify and hold harmless SD Data Center for all acts and omissions of Customer’s

Authorized Representatives.

6.2.5 Resale Restrictions. Customer shall not represent itself as SD Data Center nor resell SD Data Center services as

SD Data Center. Customer may utilize the services provided by SD Data Center to deliver services to their customer(s)

under their own company name.

6.3 Customer Notification. In some situations, where Customer equipment must be moved from a designated

location/cabinet to another, SD Data Center will provide in writing, at least thirty (30) business days of advance

notice of changes that will occur to a Customer’s assigned location/cabinet. It shall be the Customer’s responsibility

to work with SD Data Center personnel to ensure that such changes minimize the impact on Customer equipment

and the Services and limit the duration of any interruption.

7. Termination

7.1 Termination for Cause. SD Data Center may, in its sole discretion, immediately terminate any or all open Services

and/or Contracts for Cause. . In the case of any such termination for Cause, SD Data Center will notify Customer in

writing. Customer will have ten (10) days from the date of such notice to vacate space within the physical facility

and/or discontinue utilizing cloud hosted services. Services will be discontinued/disconnected on or after the

eleventh (11th) day. See section 7.4 for Termination Support.

7.2. Early Termination. Unless otherwise specified in this MSA or agreed by SD Data Center, in the event Customer

elects to terminate Services with SD Data Center, for reason of convenience, Customer agrees to i) provide at least

60 (sixty) day written notice to SD Data Center and ii) immediately pay SD Data Center all fees owed for past Services

as well as all monthly fees due and payable up to the effective date of such termination. If terminated in the first

year of the initial Term, Customer will owe 100% of the remaining monthly recurring charge for such Services, 75%

of the remaining monthly recurring charge if terminated in the second year of the initial Term, 50% of the remaining

monthly recurring charge if terminated in the third year of the initial Term and 25% of the remaining monthly

recurring charge if terminated in the fourth year of the initial Term.

7.3 Effect of Termination. Upon the effective date of termination of this MSA:

7.3.1 SD Data Center will immediately cease providing the Services

7.3.2 Any and all payment obligations of Customer under this MSA for Services provided through the date of

termination will immediately become due.

7.3.3 Within ten (10) days of such termination, each party will return all Confidential Information of the other party

in its possession and will not make or retain any copies of such Confidential Information except that each party may,

if necessary and only for so long as is necessary, retain one (1) copy of the other party’s Confidential Information for

archival purposes to (i) comply with legal record keeping requirements, (ii) evidence compliance of agreements

between the parties, (iii) pursue or respond to warranty claims and/or (iv) assist in legal proceedings involving the

parties. Each party agrees to continue to comply with the covenants of confidentiality and use restrictions contained

herein for so long as it maintains possession of the archived documents, even if such retention continues beyond

the termination of this MSA.

7.4 Termination Support. Notwithstanding the provisions of this section, upon the termination of this MSA for any

reason, SD Data Center will provide to Customer termination support relating to the Services, at SD Data Center’s

then current standard rates, as may be reasonably requested in writing by Customer. SD Data Center’s obligation to

provide support is limited to a period of ten (10) days. Customer will pay SD Data Center, on the first day of

termination Support and as a condition to SD Data Center’s obligation to provide termination support to Customer.

7.5 Section and Provision Survival. The following sections and stated provisions will endure any expiration or

termination of this MSA: Sections 4, 5, 6.1.3.1, 7, 8, 9, and 11 (excluding Section 11.2).

8. Liability Limitations

8.1 Personal Injury. Each Representative and any other person visiting a SD Data Center does so at his or her own

risk. SD Data Center assumes no liability whatsoever for any harm to such persons resulting from any cause other

than the negligence or willful misconduct of SD Data Center.

8.2 Consequential Damages Waiver. Except for a breach of Section 5.1 (“Confidential Information”) of this

agreement, in no event will either party be liable or responsible to the other for any type of incidental, exemplary,

special, punitive, indirect or consequential damages, including, but not limited to, lost revenue, lost profits,

replacement goods, loss of technology, rights or services, loss of data, or interruption or loss of use of service or

equipment, even if advised of the possibility of such damages, whether arising under theory of contract, tort

(including negligence), strict liability or otherwise.

8.3 Absolute Limitation of Liability. Regardless of any other term or condition of this MSA, any Quote issued in

connection herewith, or any other document relating in any way to the Services, under no circumstances shall SD

Data Center’s liability to Customer exceed the greater of: i) $10,000 (TEN THOUSAND U.S. DOLLARS), or ii) the total

of all sums paid by Customer to SD Data Center for Services under this MSA, regardless of the theory or basis of

recovery, including tort, contract, indemnification or otherwise. The Customer understands and agrees that pricing

and other terms of the Services have been offered specifically with respect to this clause, and that but for this

limitation of liability, such terms would be different. This limitation of liability may not be waived or modified UNLESS

the Parties specifically agree to a different limitation of liability in a writing signed by each that expressly references

this clause 8.3.

9. Indemnification

9.1 Indemnification. Each party will indemnify, defend and hold the other, its affiliates and customers (each

individually an “Indemnitee” and collectively, the “Indemnitees”) harmless from and against any and all Losses

resulting from or arising out of any claim brought against each Indemnitee, alleging any damage or destruction to

the other party’s facilities or equipment caused by the negligence or willful misconduct of such party, its

Representatives or designees.

10. Insurance

10.1 Customer Minimum Levels. Customer agrees to keep in full force and effect during the term of this MSA: (i)

comprehensive general liability insurance in an amount not less than $100,000 per occurrence for bodily injury and

property damage, with combined limits of not less than $1,00,000, and (ii) worker’s compensation insurance in an

amount not less than that required by applicable law. Customer agrees that it will ensure and be solely responsible

for ensuring that its agents (including contractors and subcontractors) maintain insurance coverage at levels no less

than those required by applicable law and customary in Customer’s industry.

SD Data Center does not provide insurance coverage for customer owned equipment. To the extent that Customer

desires insurance for any of its own equipment, Customer is solely responsible for securing such coverage.

11. Additional Agreement Provisions

11.1 No Lease. This MSA is a services agreement and is not intended to and will not constitute a lease of any real

property. Customer acknowledges and agrees that (i) any access or use of SD Data Center(s) is only a license in

accordance with this MSA; (ii) Customer has not been granted any real property interest in the SD Data Center(s);

(iii) Customer has no rights as a tenant or otherwise under any real property or landlord/tenant laws, regulations, or

ordinances; (iv) this MSA, to the extent it involves the use of space leased by SD Data Center, shall be subordinate

to any lease between SD Data Center and its landlords; and (v) the expiration or termination of any such lease shall

terminate this MSA as to such property subject to Customer retaining any rights or claims it may have against SD

Data Center arising from the expiration or termination of such lease.

11.2 Force Majeure. Except for the obligation to make payments, neither party will be liable for any failure or delay

in its performance under this MSA due to any cause beyond its reasonable control, including, but not limited to, acts

of war, acts of God, earthquake, flood, embargo, riot, sabotage, labor shortage or dispute, governmental act or

failure of the Internet (not resulting from the actions or inactions of SD Data Center), provided that the delayed

party: (a) gives the other party prompt notice of such cause, and (b)uses its reasonable commercial efforts to

promptly correct such failure or delay in performance. If SD Data Center is unable to provide Services for a period of

fifteen (15) consecutive days because of a continuing Force Majeure Event, Customer may cancel the Services and

this MSA on written notice to SD Data Center. Such termination will be effective on the date specified in the written

notice.

11.3 Government Regulations. Customer will not export, re-export, transfer, or make available, whether directly or

indirectly, any regulated item or information to anyone outside the U.S. in connection with this MSA without first

complying with all export control laws and regulations, which may be imposed by the U.S. Government and any

country or organization of nations within whose jurisdiction Customer operates or does business.

11.4 Non-Solicitation. During the Term of this MSA and continuing through the first anniversary of the termination

of this MSA, each party agrees that it will not, and will ensure that its affiliates do not, directly or indirectly, solicit

or attempt to solicit for employment any persons employed by either party or contracted by either party to perform

under this MSA.

11.5 Governing Law and Dispute Resolution. This MSA and the rights and obligations of the parties created hereby

will be governed by and construed in accordance with the internal laws of the State of Florida without regard to its

conflict of law rules and specifically excluding from application to this MSA that law known as the United Nations

Convention on the International Sale of Goods. The parties will endeavor to settle amicably by mutual discussions

any disputes, differences, or claims whatsoever related to this MSA. Failing such amicable settlement, any

controversy, claim, or dispute arising under or relating to this MSA, including the existence, validity, interpretation,

performance, termination or breach thereof, shall finally be settled by arbitration in accordance with the Arbitration

Rules (and if Customer is a non-U.S. entity, the International Arbitration Rules) of the American Arbitration

Association (“AAA”). This MSA will be enforceable, and any arbitration award will be final, and judgment thereon

may be entered in any court of competent jurisdiction. The arbitration will be held in Brevard County, Florida, USA.

Notwithstanding the foregoing, claims for preliminary injunctive relief, other pre-judgment remedies, and claims for

Customer’s failure to pay for Services in accordance with this MSA may be brought in a state or federal court in the

United States with jurisdiction over the subject matter and parties.

11.6 Severability. In the event any provision of this MSA is held by a tribunal of competent jurisdiction to be contrary

to the law, the remaining provisions of this MSA will remain in full force and effect.

11.7 Waiver. The waiver of any breach or default of this MSA, or the failure to exercise any right provided for in this

MSA, will not constitute a waiver of any subsequent breach, default, or right, and will not act to amend or negate

the rights of the waiving or non-exercising party.

11.8 Assignment. Customer may not assign its rights or delegate its duties under this MSA in whole or in part without

the prior written consent of SD Data Center, which consent shall not be unreasonably withheld, delayed or

conditioned, and any attempted assignment or delegation without such consent will be void. SD Data Center may

assign this MSA in whole or part, provided that it promptly notifies Customer of such assignment and Customer shall

thereafter have the right to terminate this MSA upon 30 (thirty) days’ notice if it reasonably determines that said

assignee is not capable of performing the duties of service-provider hereunder. SD Data Center also may delegate

the performance of certain Services to third parties, including SD Data Center’s wholly owned subsidiaries, provided

SD Data Center controls the delivery of such Services to Customer and remains responsible to Customer for the

delivery of such Services. This MSA will bind and inure to the benefit of each party’s successors and permitted

assigns.

11.9 Notices. Any notice or communication required or permitted to be given under this MSA may be delivered by

email, by hand, deposited with an overnight courier, confirmed facsimile, or mailed by registered or certified mail,

return receipt requested, postage prepaid, in each case to the address of the receiving party as listed on the Quote(s)

or at such other address as may hereafter be furnished in writing by either party to the other party. Such notice will

be deemed to have been given as of the date it is delivered, mailed, faxed, or sent to SD Data Center corporate

offices, whichever is earlier.

11.10 Relationship of Parties. SD Data Center and Customer are independent contractors and this MSA will not

establish any relationship of partnership, joint venture, employment, franchise or agency between SD Data Center

and Customer. Neither SD Data Center nor Customer will have the power to bind the other or incur obligations on

the other’s behalf without the other’s prior written consent, except as otherwise expressly provided in this MSA.

Unless SD Data Center otherwise expressly agrees in conjunction with a specific Business Associate Agreement, SD

Data Center shall not be a “Business Associate” within the meaning of the HITECH Act (42 USC §17931), or any

regulations implementing that law.

11.11 HIPAA. SD Data Center does not require or intend to access Customer Data in its performance hereunder,

including but not limited to any confidential health related information of Customer’s clients, which may include

group health plans, that constitutes Protected Health Information (PHI), as defined in 45 C.F.R §160.103 under the

Health Insurance Portability and Accountability Act of 1996 (HIPAA Rules). To the extent that any exposure to PHI is

incidental to SD Data Center’s provision of Service and not meant for the purpose of accessing, managing the PHI or

creating or manipulating the PHI, such exposure is allowable under 45 C.F.R §164.502(a)(1)(iii).

11.12 GDPR (General Data Protection Regulation). To the extent that the GDPR is applicable (which is determined

by variables such as type of Services purchased, when and where Services are used, what type of data is transmitted

or received via the Services, etc.), the Customer agrees as follows:

A. Customer is the Controller (as defined within the GDPR) and SDDC is the Processor (as defined within the GDPR) of all data sent or received by Customer through the Services. This Agreement constitutes written instructions from the Customer (as Controller) to SDDC (as Processor) with respect to the processing of data.
B. Customer is responsible for:
- a. the subject matter and duration of the processing;
- b. the nature and purpose of the processing;
- c. the type of personal data and categories of data subject; and
- d. the obligations and rights of the controller.
C. SDDC, acting exclusively subject to the written instructions of the Customer (unless required by law to act without such instructions), is responsible for:
- a. ensuring that those processing the data are subject to a duty of confidence;
- b. taking appropriate measures to ensure the security of processing;
- c. assisting the Customer in providing subject access and allowing data subjects to exercise their rights under the GDPR upon reasonable request;
- d. assisting the Customer in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments upon reasonable request;
- e. submitting to audits and inspections, providing the Customer with necessary and appropriate information to ensure that Customer and SDDC are meeting applicable GDPR Article 28 obligations;
- f. notifying Customer in the event of personal data breach as soon as SDDC reasonably becomes aware of the same; and
- g. either deleting or returning, in SDDC’s sole discretion, all personal data to the Customer as requested at the end of the contract; and
D. Customer represents and warrants to SDDC that Customer has provided to SD all information necessary for SDDC to meet its record-keeping obligations under GDPR Article 30.2.
E. Customer represents and warrants that SDDC shall not be required to appoint a data protection officer pursuant to GDPR Article 37 because:
- a. processing of personal data under this Agreement is not carried out by a public authority or body;
- b. the core activities of the controller or the processor do not consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; and
- c. the core activities of the controller or the processor do not consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.
F. Nothing in this Section 11.12:
- a. relieves SDDC of its own direct responsibilities and liabilities under the GDPR for data other than data sent or received by Customer through the Services; and
- b. reflects any indemnity other than as expressly agreed.

11.13 Entire Understanding. This MSA, including Quote(s) and all documents incorporated into this MSA by

reference, constitute the entire agreement between the parties with respect to the subject matter hereof, and

supersede all of the prior agreements and undertakings, both written and oral, among the parties, or any of them,

with respect to the subject matter of this MSA. Any additional or different terms in any Quote(s) or other response

by Customer shall be deemed objected to by SD Data Center without need of further notice of objection and shall

be of no effect or in any way binding upon SD Data Center.

11.14 Amendments. This MSA may be amended or changed only by a written document signed by authorized

representatives of SD Data Center and Customer in accordance with this Section.

11.15 Conflicting Terms. In the event of a conflict between or among the terms in this MSA, the Quote(s) and any

other Contract document made a part thereof, the precedence of the Contract documents shall be: the Quote(s)

with the latest date, this MSA and then the other document.

Service Level Agreement (SLA) | V6.0

ndtHost, LLC d/b/a SD Data Center (“SD Data Center”) recognizes that facility and network services are critical to customers (“Customers”) using SD Data Center’s services (“Services”). SD Data Center backs its commitment and focus on operational excellence and reliability by providing a facility and network uptime guarantee of 99.999% for Customers. The network is comprised of the Local Area network (LAN) in the data center and the SD Data Center IP backbone network. SD Data Center’s facilities include Environmental Controls, Power and Security.

This Service Level Agreement (“SLA”) applies to Customers agreeing to a minimum service period of one (1) year or more for Services and only in respect of the provision of such Services during such period and where Customer’s accounts with SD Data Center are in good standing. Availability of this SLA may be subject to further conditions or qualifications as set forth in SD Data Center’s Master Services Agreement (“MSA”). All remedies set out herein shall not be cumulative, and shall be Customer’s sole and exclusive remedy under the relevant MSA.

Network Availability
The SD Data Center IP Network is guaranteed to be available and capable of forwarding IP packets 99.999% of the time, as averaged over a calendar month. The SD Data Center IP Network includes the customer’s access port (the port on the SD Data Center aggregation router upon which the customer’s circuit terminates) and the SD Data Center IP backbone network. The SD Data Center IP backbone network includes SD Data Center owned and controlled routers and circuits (including any transit connections). The SD Data Center Network availability guarantee does not include local loop, Customer Premise Equipment, Customer’s Local Area Network (LAN), scheduled maintenance events, customer caused outages/disruptions or interconnection connectivity within other Internet Service Provider (“ISP”) networks.

OmniWatch – Managed Service Availability
SD Data Center provided managed service hardware and software availability guarantee for SD Data Center provided routers, firewalls, servers, and operating systems: SD Data Center will provide 24×7 monitoring of all managed network equipment. Any noted service outage will be ticketed within an hour of detection and engineering assigned to resolve noted issue(s). Equipment replacements will be expedited as quickly as possible. SD Data Center will guarantee restore time for hardware replacement and operational software within four (4) hours from the point of the known outage. SD Data Center will restore all services to the initial build specifications including hardware bios, operating system, antivirus, and security access.

Environmental Controls
SD Data Center will use commercially reasonable efforts to ensure that the temperature of open space in the Services area will remain between 64 and 80 degrees Fahrenheit, and relative humidity will remain between 30% and 70%. These efforts include temperature sensors in cabinets and built in to systems (i.e., HVAC units) in addition to monitoring systems that alert/notify SD Data Center staff when parameters are not met. This commitment does not apply to localized conditions within a particular customer cabinet, cage, rack, or other enclosed space.

Power
SD Data Center guarantees power availability to Customer’s cabinet / cage 100% of the time through generators, uninterruptible power supply (UPS), and dual power circuits in the form of an “A” circuit and a “B” circuit. The redundant power in our facility enables Customer equipment to run continuously, even in the event of a major outage. Failure of a single circuit “A” or “B” does not constitute a power outage. SD Data Center requires that all Customers utilize both circuits in order to qualify for power guarantees.

Security
SD Data Center will use commercially reasonable efforts to ensure that access to Customer’s facility(s) will be monitored and restricted at all times, including the use of an access control system with multi-factor authentication and onsite security personnel. Efforts to ensure security to the facility is maintained via security card, video surveillance, and security vestibule. SD Data Center has processes in place to ensure that only those with the authority are given access to the SD Data Center facility and that Customers understand these processes. Customers are held responsible for any changes of access. Whether it be to add or delete authorized representatives, the Customer is responsible to not only notify SD Data Center but also to return the assigned access badge that was issued without penalty.

Virtualized Infrastructure (Cloud Services)
The SD Data Center Virtualized Infrastructure (“Cloud Services”) is guaranteed to be available to the Customer 99.999% of the time, as averaged over a calendar month. The Cloud Services guarantee is limited to the network and hosted infrastructure foundationally supporting the Cloud Services and does not extend to the operating system layer or application layer configured by the Customer atop the virtual platform. Additionally, the guarantee does not include scheduled maintenance events, Customer caused outages/ disruptions, or interconnection connectivity within other ISP networks.

Service Outages
A service outage (“Service Outage”) begins when SD Data Center is notified or becomes aware of the failure, whichever occurs first. A Service Outage ends when the affected network or facility service is again operational. SD Data Center may undertake critical maintenance at any time deemed necessary and shall provide notice of Service Outage to Customer under practical circumstances.

Service Outage Reporting Process:
The Service Outage reporting process is applicable only to Services provided in the contiguous United States and is applicable only if Customer telephones the SD Data Center Network Operations Center (NOC) at 321-610-5900. In the event Customer subscribes to SD Data Center’s OmniWatch Managed and Monitoring Service, outage reporting notification will be proactive. Customer is solely responsible for providing SD Data Center accurate and current contact information for Customer’s designated points of contact. SD Data Center will be relieved of its obligations under this Service Outage reporting process if SD Data Center’s contact information for Customer is out of date or inaccurate due to Customer’s action or omission. Customer will be responsible for providing accurate, affected circuit identification, i.e. circuit ID and phone numbers.

Service Availability:
Unless otherwise stated in a previous section, SD Data Center’s Data Center Services will be available to Customer 99.999% of the time in a calendar month.

“Contracted Service Unavailability” is defined as the number of minutes in which a contracted service is not available, but does not include any unavailability attributable to:

Scheduled maintenance (whether by SD Data Center, a vendor or other third party, or Customer);
Acts or omissions of Customer or any user of the Customer System other than SD Data Center;
Device downtime as long as the service remains available (e.g., part of a redundant system is not functioning properly);
Hardware failure of devices with no redundant, active device configured to automatically take over service in case of a failure;
Customer owned premise equipment issues; or
Any of the force majeure events set forth in an MSA between SD Data Center and Customer.

If SD Data Center has an unexcused failure to meet this availability due to Contracted Service Unavailability as to a Customer contracted service, Customer shall be entitled to a credit against Customer’s recurring monthly service fees for the affected Services in the amount set out in the table below, not to exceed a total of fifteen (15) day’s prorated recurring monthly service charges. For clarity, ones day’s credit equals 1/30th of the applicable recurring monthly services fees.

Cumulative Service Unavailability Duration Per Month	Customer Credit (# Days Credit)
Less than or equal to 30 seconds	0
Greater than 30 seconds and less than or equal to 2 minutes	1
Greater than 2 minutes and less than or equal to 5 minutes	2
Greater than 5 minutes and less than or equal to 15 minutes	3
Greater than 15 minutes	15

Credit Claim Procedures
To initiate a claim for service credit with respect to the SLA described herein, Customer must submit a SD Data Center SLA Claim via the customer portal or request a SLA Claim form from a SD Data Center contact within seven (7) business days after the end of the month in which the event occurred.

Upon receipt of the SD Data Center SLA Claim Form, SD Data Center will perform the appropriate SLA measurement, qualification, validation, and verification process to determine whether a credit claim is warranted. SD Data Center will issue a service credit to the Customer’s account upon approval of its SLA Claim request. Service credit will appear on an invoice or Customer will be notified of its rejection within two (2) months following the month in which the SLA Claim Form was approved.

The service credit provided for this SLA assumes compliance by Customer with the terms and conditions of its Service agreements with SD Data Center. To preserve Customer’s rights under SLA:

Customer must report all outages and/or service failures to SD Data Center’s Network Management Center (NMC) at 321-610-5900, which must result in the opening of a SD Data Center trouble ticket.
Customers must retain all records of SD Data Center trouble ticket numbers for the purposes of making claims in accordance with this SLA.
Customer shall reasonably cooperate with SD Data Center in the service claim investigation.
Customer must provide for timely and adequate arrangement for access to the necessary facilities, locations, and equipment. If a technician dispatch to the Customer premises is required for resolution of Customer trouble ticket(s) on a timely basis, time and material charges may apply for non-business hour (i.e. evening or weekend) dispatches.
When service credit request forms are submitted, the Customer shall pay its entire service bill, and shall not offset any service credits it would anticipate receiving from SD Data Center.

Chronic Problems:
In accordance with Customer’s MSA, Customer may terminate Services due to Chronic Problems (as defined below). Termination of Services requires written notification to SD Data Center and will be effective within seventy-two (72) hours of receipt of said notice. The preferred method of notification is by email to [email protected]. Acknowledgement of canceled Services will be sent to the customer within three (3) business days of notification receipt.

“Chronic Problems” are defined as two (2) or more occurrences of Contracted Service Unavailability exceeding the defined SLA parameters for that service within a 90-day period.

Maintenance (Scheduled & Critical)
Scheduled Maintenance: Scheduled (non-emergency) maintenance shall mean any maintenance at SD Data Center’s facility. Normal maintenance includes (a) upgrades of hardware and software; (b) upgrades to capacity; (c) network activity that may degrade the quality of service or cause service interruptions.

Critical/Emergency Maintenance: Critical/Emergency maintenance may be performed at any time to correct network conditions that require immediate attention. Critical maintenance is performed at the discretion of SD Data Center and may degrade or disrupt service. All reasonable business efforts will be attempted to notify the Customer’s designated point of contact as is reasonably practicable under the circumstance.

SLA Change
SD Data Center reserves the right to change, amend, or revise this SLA at any time. Changes or revisions to the SLA will be deemed effective upon posting the applicable revision on SD Data Center’s publicly accessible website, but only with respect to Service renewals or new Services.

Acceptable Use Policy

Scope

This Acceptable Use Policy (“AUP”) is designed to protect ndtHOST, LLC d/b/a SD Data Center (“SD Data Center”), its customers, vendor/contractors, visitors and the Internet community in general from fraud, abuse of resources, and irresponsible or illegal activities. Usage of SD Data Center’s Services (as defined in the Master Service Agreement) and/or facility (“Facility”) requires agreement with this AUP.

SD Data Center makes no guarantee regarding and assumes no liability for, the security and integrity of data or information a user stores, transmits or receives via the Service or over the Internet. This includes data information stored, transmitted via any server designated as “secure.” SD Data Center does not monitor, exercise control over, or accept responsibility for the content of information passing through its network, but reserves the right to monitor data transmitted or received for diagnostic or investigative purposes and as a means of providing better service. All persons and organizations, including SD Data Center customers and vendor/contractors who transmit information over or who publish information made accessible through SD Data Center’s network, are responsible for the content of the information and for complying with the laws applicable to its publication.

Personnel Responsibilities

SD Data Center, vendor/contractors and Customers (as defined in the Master Service Agreement) are responsible for the activities of its own employees, contractors, visitors, customers or end-users while on site and during instances where they are remotely accessing resources. By accepting service from the SD Data Center, Customers and vendor/contractor designees agree to inform their customers, visitors and/or end-users of this AUP or of its own acceptable use policy, which must be coextensive and consistent with these policies.

All vendor/contractors, Customers and visitors of SD Data Center are expected to use the Internet with respect, courtesy, and responsibility, giving due regard to the rights of other Internet users. SD Data Center expects Customers to have a basic knowledge of how the Internet functions, the types of uses which are generally acceptable, and those uses to be avoided.

All personnel shall adhere to SD Data Center’s security policies with respect to ingress and egress (Standard and Emergency) operations while on-site. SD Data Center has established and enforces industry standard security controls designed to keep the Facility secure from access (i.e., two factor authentication) by unauthorized personnel and to preserve the integrity and availability of the Facility, its equipment and Customer equipment which is housed in trust. SD Data Center will make every effort to ensure that these controls are vetted on an annual basis through a third-party agency to maintain compliance with SOC II Type II attestation. As part of this process, this AUP governs and describes the responsibility and rules that all personnel must follow to ensure that these security controls are not violated. All personnel shall comply with the most current version of this AUP, which is accessible online at:

https://www.sddatacenter.com/legal-notices/

Only Authorized Representatives who have been registered with SD Data Center’s Compliance & Security Officer will be permitted access to the Facility. Companies with whom SD Data Center does business will assign a Master List Administrator (MLA) who will designate personnel that are listed on the Authorized Representative List. MLAs are exclusively authorized to add or remove personnel from the Authorized Representative List. MLAs are responsible for keeping the Authorized Representative List updated, and whenever a change is necessary the MLA shall notify the SD Data Center personnel at [email protected]. Requests to amend an Authorized Representative List will be validated with the MLA by SD Data Center personnel prior to executing the changes.

Authorized Representatives permitted to enter the Facility shall attend an orientation presentation, participate in their badge creation process, if applicable, and sign this AUP. When applicable, Customers and approved vendor/contractors will provide their driver license to obtain a Facility badge or key for their respective server cabinet/cage and will return all equipment, badges and/or keys before leaving the Facility. The driver license will be held to enforce this rule until these articles are returned or a missing badge/key report is completed to enforce this rule.

Customers and vendor/contractors shall be liable for all damages which may be caused by any Authorized Representative or their visitors who physically enter and/or visit the Facility or property or accesses services remotely. This also extends to the Customer and the Customer’s customer who is responsible for damages that may be incurred. Customer agrees to inform their customers and/or end-users of this AUP or your own acceptable use policy, which must be coextensive and consistent with these terms.

Customers and vendor/contractors will keep the Facility clean and clutter free, which includes being mindful of equipment and placement. At no time will others’ equipment be used as shelving or tools left where they pose a potential cause for accident.

Paper, cardboard and other flammable items are not to be stored inside racks or cages or on the data center floor. Proper storage or removal of items is required.

Customers and vendor/contractors shall not use or interfere with any equipment, cabling, device, power, heating or cooling device in the Facility which they do not own control or have the authority to use or interfere. If there are questions or inquiries related to cabling, device placement or related, such questions will be brought to SD Data Center personnel for guidance.

Customer Equipment Installation

Customers who will be installing equipment in the Facility shall give SD Data Center advance notification of their arrival with a date and time of their installation schedule and will make requests for any additional resources needed at the time so SD Data Center can ensure availability for the setup and configuration (i.e. The Customer needs a crash cart available or a server lift available). Customers who do not notify the Facility prior to arrival risk the possibility of not having the necessary resources available for the completion of their installation. The Customer will also allow for the inspection of the equipment by SD Data Center personnel to ensure proper installation of wiring connections and clearance considerations have been taken into account and there is no interference to other customers’ equipment. Additionally, SD Data Center personnel will verify the power consumption follows what has been agreed upon and noted in the contract.

At all times, unless otherwise stated in contract, SD Data Center reserves the right to allow authorized personnel to inspect the Customer’s cabinets and Customer equipment, without notice, to ensure the proper maintenance, care and security of the Facility. SD Data Center may, at any point, disconnect or remove Customer equipment if SD Data Center deems that the equipment is not appropriate for use in the Facility or if the equipment is creating a hazard to the SD Data Center network, infrastructure or to other Customer equipment. In most instances, immediate and unannounced action is not necessary, and SD Data Center will provide the Customer with prior notification along with an opportunity to resolve any such issues that are deemed inappropriate. In situations where remediation has been performed by the Customer to the satisfaction of SD Data Center personnel, Customer may reconnect or reestablish connectivity.

In some situations, where Customer equipment must be moved from a designated location/cabinet to another, SD Data Center will provide thirty (30) days’ prior written notice of changes that will occur to a Customer’s assigned location/cabinet. It shall be the Customer’s responsibility to work with SD Data Center personnel to ensure that such changes minimize the impact on Customer equipment/services and prevent any interruption.

Risk of Loss

SD Data Center shall not be held responsible for any loss or damage to any Customer equipment or any other Customer property if the loss is not caused by the gross negligence or intentional act of SD Data Center personnel. This may include loss or damage resulting from water, fire, fire suppression, floor, lightning or any other acts of God, electrical faults, terrorism, acts of war, or civil disturbance.

Service(s) Usage

The Services may only be used for lawful purposes. Transmission, distribution, or storage of any information, data or material in violation of United States, state or local regulation or law, or by common law, is prohibited. This includes, but is not limited to, material protected by copyright, trademark, trade secret, or any other statute, law or regulation. In addition, SD Data Center reserves the right to discontinue services to customers and environments, which compromise the network integrity.

All personnel are prohibited from engaging in the posting of defamatory, scandalous, or private information about a person without their consent, illegal pornography, intentionally inflicting emotional distress, or making physical threats against another person via email, news, or any other electronic media/service that SD Data Center provides to customers/personnel.

All personnel are prohibited from transmitting, on or through any of SD Data Center’s services, any material that is, in SD Data Center’s sole discretion, unlawful, threatening, abusive, or encourages conduct that would constitute a criminal offense, give rise to civil liability, or otherwise violate any local, state, national or international law, statute or regulation.

All personnel will be courteous to others in the Facility and maintain good standing with SD Data Center personnel.

All personnel shall maintain a professional appearance while in the Facility and wear appropriate attire for the business environment. Appropriate includes clean pants, slacks, polo or oxford type shirts, and closed toed shoes. Inappropriate attire includes tank top or strapless tops, shorts (unless approved by management), strappy sandals or soiled clothing. We recommend steel toe shoes and appropriate safety attire, based on the work to be done while in the Facility.

Prohibited Activities – All Personnel

Visitors under the age of 18 are not permitted in the Facility, unless specifically authorized in advance by SD Data Center personnel. All visitors must be accompanied by and remain in the presence of an Authorized Representative.
Harassment, whether through verbal or through digital means, is prohibited.
Food and drink are prohibited while on the Data Center Floor – Food and Drink are permitted in the area designated as the Lobby.
Smoking is NOT permitted in the Facility or on the Satcom Direct campus.
Explosives, incendiary devices or other flammable devices are NOT permitted.
Weapons (guns, knives) are NOT permitted, unless prior approval from SD Data Center management and/or appropriate licensing obtained.
Consumption of alcoholic beverages, unless prior approval has been obtained from SD Data Center management, is prohibited.
Animals – Working service animals will need to be approved in advance and in writing by SD Data Center.
Illegal drugs or other intoxicants are prohibited.

Additionally, Customers are prohibited from the following:

Sending unsolicited bulk email messages (“junk mail” or “spam”).
Forwarding or otherwise propagating chain letters, regardless if the recipient wishes to receive such mailings.
Sending malicious email, including but not limited to “mail bombing” (flooding a user or site with very large or numerous pieces of email) and “trolling” (posting outrageous messages to generate numerous responses) is prohibited.
Forging of packet headers for the purposes of mal-intent or the circumvention of security mechanisms in place on the network is not permitted.
Subscribing someone else to an email list or removing someone else from an email list without that person’s permission is prohibited.
SD Data Center accounts or services may not be used to collect replies to messages sent from another Internet service provider, where those messages violate this AUP or the usage policy of that other provider.
Operating or hosting any website or service promoting illegal activity such as: warez, illegal pornography, hacking, cracking, phishing, scams, credit card harvesting websites, and illegitimate ecommerce websites.
Participating in P2P networks such as bit torrent, Kazaa, streaming video, public proxy services, Napster, IRC, gnutella, edonkey, instant message proxying, http/https proxy, or any other proxy protocol. Attempts to circumvent firewall rules through a proxy, non-conventional ports, encryption or any other method will result in account termination without refund.
Attempting to circumvent access control user authentication or security of any host, network, or account (cracking). This includes, but is not limited to, accessing data not intended for the customer, logging into a server or account the customer is not expressly authorized to access, or probing the security of other networks.
Circumventing access control mechanisms that are in place to protect the physical security of the Facility. This includes, but is not limited to, restricted areas outside of your scope of work, cracking or tampering with card readers, authentication tokens or emergency control systems that may possibly allow access to unrestricted areas. Customers/personnel who are found to have attempted any of these activities will be removed from the Facility, their access terminated and may incur criminal or civil liability.
Attempting to circumvent or interfere with life safety controls within the Facility (i.e., fire suppression system, security/burglar alarm system and other environmental controls in effect for the safety and security of the Facility and its occupants) is strictly prohibited.
Attempting to interfere with service to any user, host, or network (denial of service attacks) is prohibited. This includes, but is not limited to, “flooding” of networks, overload of a service and any activity resulting in the “crash” of a host.
Using any kind of program/script/command, or send messages of any kind, designed to interfere with a user’s terminal session, via any means, locally or by the Internet is prohibited.
Customer must safeguard their account passwords and keep all websites, code, scripts, programs, etc. up to date to prevent unauthorized access to their account. Customer is liable for all resource fees incurred under Customer’s account. If Customer grants public write permissions to Customer’s account, Customer is liable for fees for disk space/bandwidth consumed by any others writing to the account.
Users who violate systems or network security may incur criminal or civil liability. SD Data Center will cooperate fully with investigations of violations of systems or network security at other sites, including cooperating with law enforcement authorities in the investigation of suspected criminal violations.

Violations and Enforcement

At SD Data Center’s sole and absolute discretion, SD Data Center may immediately suspend or terminate service and/or its agreement with Customer, with or without notice, if it determines that a violation of the AUP has occurred. Without limiting the foregoing, SD Data Center may otherwise enforce this AUP according to the severity of the offense and violator’s history of prior AUP infringements, where violations of any element of this AUP may result in a warning to the offender followed by suspension or termination of the affected service if Customer does not cease the violation. Severe and/or repeated offenses will result in immediate termination of service and/or the agreement with Customer. SD Data Center is not liable for damages of any nature suffered by any customer, end-user, or any third party resulting in whole or in part from SD Data Center exercising its rights under this AUP. SD Data Center has no practical ability to monitor all conduct, communications, or content that might violate this AUP prior to its transmission over the SD Data Center network but, where possible and necessary, may do so at its discretion. Therefore, SD Data Center does not assume liability for others’ violations of the AUP or failure to terminate those violations. SD Data Center reseerves the right to assess time and materials charges to resolve customer issues that are not resolved by the customer in a timely manner.

Privacy Policy

SD Data Center will not sell or disclose its customer lists or customer email address lists.
SD Data Center will attempt to protect the privacy of SD Data Center’s customers on SD Data Center’s network.
SD Data Center will only access and disclose information as necessary to comply with applicable laws and government requests, to operate and maintain SD Data Center’s systems and services, or to protect SD Data Center, or its customers.
SD Data Center will not monitor or disclose a customer’s private email messages, unless required by court order or law.
SD Data Center will cooperate with the authorities and will notify such authorities if it suspects that a customer is engaged in illegal activities.

CUSTOMER ACKNOWLEDGEMENT:

Signature: ________________________________
Print Name: _______________________________

Title: ____________________________________
Date: ____________________________________