Terms & Conditions

The TangoMe Affiliate Program and Company's Websites (the "Services") is owned and operated by TangoMe Inc.
(the "Company", "we", "us" or "our"). By signing up as an Affiliate and by using the Services and any content,
services or offers provided therein, you are entering into and accepting these terms and conditions, which
incorporate the applicable Companies' policies (including the Privacy Policy) and any and all appendices,
attachments or addenda referred to herein, which together form a binding agreement between yourself and the
Company (collectively, the "Terms"). Hereinafter, each of the Company and you shall be referred to as a "Party", and
together as the "Parties".

Please read these Terms carefully, if you do not agree with them, or are not authorized to accept them, you should
not continue with your application and immediately cease your use of the Services and the participation in the
Affiliate Program. By using the Services and participating in the Affiliate Program, you acknowledge that you accept
and agree to these Terms and all the provisions set forth below.

1. Definitions

For these Terms, the following capitalized terms shall have the meaning ascribed to them hereunder:

1.1. "Action" shall mean a sale, lead, click, ad impression, or other event, that has been specified as eligible for
remuneration by the respective Advertiser, which is linked to an Ad, provided the foregoing was performed
by an actual End User in the normal course of using any device. This excludes clicks or any other action
performed by robots, software or any Fraudulent Activities, or any other illegitimate tools or behaviors
which are not within the scope of these Terms.

1.2. "Advertisement Offer" An 'offer' or 'program' in the Affiliate Program, or in a Company's authorized
applicable third-party program, refers to a specific advertisement designed to promote the Company, its
Advertisements, services, or products. These promotions are subject to compliance with these Terms, as
well as any additional terms, conditions, or restrictions set by the Company for the distribution and
promotion of its advertisements and services.

1.3. "Ad(s)" or "Advertisement(s)" shall mean any promotional content, in whatever format (including without
limitation text, graphics, native, in-text, banners, video, audio, rich media and links), provided by Company
to the Affiliate to be served through or displayed on the Assets or on any.

1.4. "Affiliate" means any person or entity that has successfully completed the Application Form, was appointed
by the Company as an affiliate in accordance with these Terms, the Affiliate Program, and the Campaign
2

Conditions. Where the context requires, we may also refer to an Affiliate under these Terms as "you" or
"your".

1.5. "Affiliate Account" means the uniquely assigned account that is created for each Affiliate when it
completes an applicable application procedure at the applicable website, as determined by the Company in
its sole discretion, and is approved by the Company. The Affiliate may use the Affiliate Account to review
information about its Commissions or update its profile.

1.6. "Affiliate Fee" means the fee payable by the Company to Affiliate for Approved Activity, as described in the
applicable Campaign Conditions of the Affiliate Program, which may be amended by the Company at its sole
discretion from time to time.

1.7. "Affiliate Program" means the marketing program owned and operated by the Company aimed, among
other things, at facilitating the distribution of Ads by Affiliates. [Link]

1.8. "Applicable Law(s)" means any law, statute, rule, regulation, order, circular, decree, directive, judgment,
decision, or other similar mandate of any applicable central, national, federal, state, or local Governmental
Authority applicable to these Terms, to the Affiliate, to the Company and its services, and your use of the
Services.

1.9. "Application Form" means an application form located at the following link or participation in the Affiliate
Program, which is part of and subject to these Terms. The Company may change the link at its sole
discretion, upon the provision of a notice to you.

1.10. "Approved Activity" means an Action performed by an End User of an Affiliate's Asset or other Asset
approved by the Company and identified by a Tracker ID and Tracking URL, in accordance with the
provisions of these Terms, excluding any Action which, as determined by the Company in its sole discretion:
(1) resulted from or related to Fraudulent Activity; (2) violates the Campaign Condition, Advertisement Offer
or any provision of these Terms (including all addendums and appendices attached hereto by reference) or
any Applicable Laws; (3) such End User is already registered to the Affiliate Program; and (4) Such End User
has been rejected by the Company.

1.11. "Approved Territory(ies)" means territories in which the Company permits the Affiliate to conduct
activities under these Terms and the Affiliate Program, subject to all Applicable Laws and further
instructions provided by the Company. The list of such Permitted Territories is subject to change from time
3

to time, upon Company's written notice, and will be provided by the Company to the Affiliate in writing.

1.12. "Asset(s)" means online properties owned and operated, or otherwise duly licensed by an Affiliate, such as
websites and mobile applications, approved in writing by Company, on which the Affiliate intends to display
Ads to promote Company's services and the applicable Company Marks subject to these Terms. The
Company may require an Affiliate to adhere to a pre-approved Asset "whitelist" or a non-approved Asset
"blacklist", or at any time approve or disqualify any Assets, as a condition of participation in the Affiliate
Program, at Company's sole discretion.

1.13. "Campaign Conditions" means conditions or restrictions imposed by the Company for the promotion and
distribution of the Ads.

1.14. "Confidential Information" means (1) each Party’s trade secrets, business plans, strategies, methods or
practices; and (2) any other information relating to either Party or their business that is not generally known
to the public, including but not limited to information about either Party’s personnel, products, customers,
marketing strategies, services or future business plans. Notwithstanding the foregoing, Confidential
Information specifically excludes: (i) information that is now in the public domain or subsequently enters
the public domain by publication or otherwise through no action or fault of the other Party; (ii) information
that is known to either Party without restriction, prior to receipt from the other Party under these Terms,
from its own independent sources as evidenced by such Party’s written records, and which was not
acquired, directly or indirectly, from the other Party; (iii) information that either Party receives from any
third Party reasonably known by such receiving Party to have a legal right to transmit such information, and
not under any obligation to keep such information confidential; and (iv) information independently
developed by either Party’s employees or affiliates provided that either Party can show that those same
employees or affiliates had no access to the Confidential Information received hereunder.

1.15. "Company's Website(s)" means the following website: [Link] and any other websites
owned or operated by the Company

1.16. "Company's Marks" means any trade names, Trademarks, copyrights, design rights (whether registrable or
not), logos, copyright, service names, trade, business and domain names, moral rights, reputations, and any
other similar rights or obligations whether registrable or not (and including all applications and renewals or
extensions of such rights) in any country owned or used by the Company. This includes applications,
registrations, renewals, extensions, translations, adaptations, derivations, combinations, corporate names,
metatags, universal resource locators owned or used by the Company.
4

1.17. "CPA" means a one-time fixed amount, which shall be determined by the Company at its sole discretion and
shall be provided to the Affiliate in writing or as detailed in the Affiliate Program, payable for Approved
Transactions. The CPA shall be paid once per user, per household, per IP Address on the user making a
minimum deposit of $5.

1.18. "Data Protection Laws" means, as applicable, any and all applicable domestic and foreign laws, rules,
directives and regulations, on any local, provincial, state or federal or national level, pertaining to data
privacy, data security or the protection of Personal Data, including the Privacy and Electronic
Communications Directive 2002/58/EC (and respective local implementing laws) concerning the processing
of personal data and the protection of privacy in the electronic communications sector (Directive on privacy
and electronic communications), the Regulation (EU) 2016/679 of the European Parliament and of the
Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data
and on the free movement of such data ("GDPR"), any applicable privacy and data protection laws in Hong
Kong, and any amendments or replacements to the foregoing.

1.19. "End User" means a natural person engaging with the Ads.

1.20. "Fraudulent Activity" means, without limitation, as determined by the Company in its sole reasonable
discretion: (a) any interaction with the Services or Ads in any manner that engages with anything other than
natural persons in the normal course of using a device; (b) any interaction with the Services or Ads resulting
from or related to: (1) a natural person who has been engaged for the purpose of generating Actions,
whether exclusively or in conjunction with any other activities of that person (including, without limitation,
employing any means to induce, encourage, incentivize or trick an End User into engaging with Ads); (2)
non-human visitors (such as bots); (3) links, texts or any material and content that are not actually visible to
the human eye, discernible to human senses or perceived by a human being; (4) masking or cloaking any
URL, or employing any means to obscure the true source of traffic, conceal conversions, etc.; (5) generating
automated, fraudulent or otherwise invalid impressions, inquiries, views, clicks or conversions, or artificially
inflating impressions, inquiries, views, clicks, or conversions, or employing any misleading or practices (such
as repeated manual clicks); (6) installing or transmitting malicious code or the automatic redirection of End
Users, misleading links, forced clicks, etc.

1.21. "Governmental Authority" means any federal, state, local, municipal, or other government; any
governmental, regulatory, or administrative agency, commission, body or other authority exercising or
entitled to exercise any administrative, executive, judicial, legislative, regulatory or taxing authority or
power; and any court or governmental tribunal having or asserting jurisdiction.
5

1.22. "Intellectual Property Rights" means (a) any and all property rights, including, without limitation: (a) all
inventions, whether patentable or not, all improvements thereto and derivatives thereof, and all patents
and patent applications; (b) all registered and unregistered: marks, trademarks, service marks, trade names,
trade dress and associated logos, domain names and registrations and applications for registration thereof;
(c) all copyrights in copyrightable works, all other rights of authorship, including without limitation moral
rights, and all applications and registrations in connection therewith; (d) all trade secrets and Confidential
Information; (e) all rights in databases and data compilations, whether or not copyrightable; and (f) all
copies and tangible embodiments of any or all of the foregoing (in whatever form, including electronic
media).

1.23. "Net Revenue" shall mean the gross revenue actually collected from Advertisers by Company, minus any
costs of collection, operation (such as serving costs), fees, taxes or similar costs associated therewith.

1.24. "Tracking Link", "Tracking URL" and "Tracker ID" means the unique hyperlink and identification number
assigned thereto and that the Company provides exclusively to the Affiliate, enabling the Affiliate to refer
End Users to the Company's Website or to the applicable landing page(s), and enabling the Company to
identify the Affiliate that has referred such End Users for the purpose of calculating the Affiliate Fee.

1.25. "Trademarks" means any and all trademarks, whether registered or unregistered, logos and service marks
which appear or in any way displayed on the Company's Website, including without limitation "TangoMe"
trademark and any other trademark which may be used by the Company from time to time.

2. Application Form
2.1. In order to participate in the Affiliate Program, an Affiliate must fill-in and submit the Application Form,
which will become an integral part of these Terms. This includes providing the required documentation and
any additional information we may request to verify your compliance with these Terms. By submitting an
Application Form, you hereby represent and warrant that:

a. you will provide accurate, true, current and complete and up-to-date information regarding your
identity including personal details as required to complete your application, such as: full legal name,
address, email address, contact information, occupation, or other required information, as determined
by the Company at its sole discretion. You are solely responsible for maintaining and promptly
updating any and all information you provided in your Application Form, as needed. You understand
that the Company will email its notices related to the Affiliate Program based on the information that
you have provided. In case the Affiliate's information is incorrect or misleading, the Company will not
be liable for any failure to fulfill any obligations that it may otherwise have to such Affiliate pursuant to
6

these Terms.

b. you are at least 18 years of age or of the legal majority in your country of residence, legally capable of
entering into a binding contract, and there is no legal, regulatory, commercial, contractual or other
restriction against your participation in the Affiliate Program in accordance with these Terms.

2.2. After the Company reviews an Affiliate's Application Form, the Company may reject such application at the
Company's sole discretion for any reason. The Affiliate shall have no right to appeal any decision by the
Company to reject the application.

2.3. You acknowledge that you shall not be regarded as an Affiliate, shall not be entitled to any Affiliate Fees or
any other compensation, and shall not use the Company's Marks, unless expressly approved in writing by the
Company.

2.4. The Company reserves the right to perform background checks on each Affiliate and request the Affiliate to
provide the Company with further documentation, at its sole discretion, including through the use of
dedicated third party companies, who perform the investigations on the Company’s behalf. The Company is
under no obligation to advise such Affiliate that such an investigation is taking place.

3. Service and License

3.1. These Terms shall prevail over any other terms and agreements between you and us, unless specifically
agreed by the Parties in writing otherwise.

3.2. Subject to the approval of an Affiliate's request to join the Affiliate Program, the Company hereby grants to
the Affiliate a limited, personal, non-sub-licensable, non-transferable, non-exclusive, revocable right and
permission, subject to and in accordance with these Terms, to: (i) access and participate in the Affiliate
Program; (ii) display Ads on Affiliate's Assets or other approved Assets, solely for the purpose of promoting
the Ads , its services or Company Marks approved by the Company.

3.3. Affiliate hereby acknowledges that the Company reserves the right to add or remove any offers, tools or
functionality from the Services or from an Affiliate Account at any time, at their sole and absolute discretion.

3.4. These Terms shall not be interpreted as granting the Affiliate exclusive right(s) or privilege(s) or license(s) to
promote or market the Company, its services or Company's Marks, and the Affiliate acknowledges and
agrees that the Company has the right to contract, in relation to the subject matter stated herein, with other
Affiliates.
7

3.5. Affiliate hereby agrees that upon termination or expiration of these Terms, or upon notice from the
Company, the Affiliate will immediately cease using any Ads as well as remove all such Ads from the Assets.
Actions generated following such notice shall not accrue or entitle an Affiliate to any Affiliate Fee.

3.6. Affiliates acknowledge that the Company is not obliged to review any offer or program in an authorized
applicable third-party Asset Advertiser, any Ads, or check their legality, compliance with applicable laws, or
accuracy. It is the Affiliate's sole responsibility to ensure that any Advertising Offers are lawful in their
applicable jurisdiction of operation. To the extent applicable, the Affiliate must hold all necessary
permissions, licenses, authorizations, registrations, and permits required for their use of the Advertising
Offers. Furthermore, the Company does not monitor, supervise, or review, and shall not be responsible for
any material or content appearing or otherwise distributed on, at, or in association with an authorized
applicable third-party Asset, Affiliates, their Assets, or any other services offered by or within. Nothing
contained in these Terms, or omitted from them, should be construed as a representation of any kind that
any materials, information, or content available on the Services are appropriate or available for use in any
specific locations.

3.7. The Company may add, alter, or delete any Advertisement Offer from the Affiliate Program in whole or in
part, including but not limited to any Ads, offers, Campaigns Conditions, or promotions therein, at any time
and at its sole discretion, without prior notice.

3.8. The Affiliate agrees to conduct activities under these Terms and the Affiliate Program, promoting the Ads, the
Company, its services, or Company Marks approved by the Company. Such activities require prior written
approval from the Company and are limited to the Approved Territories. Promotion is restricted to citizens or
residents of the Approved Territories. Additionally, the Affiliate must refrain from manipulating Company
Marks, misusing Company Marks, or using the Company's marks in Ads containing inappropriate language,
illegal content, or anything that may harm the Company's reputation.

4. Data Protection

4.1. The Parties shall operate in accordance with all applicable Data Protection Laws. To the extent personal data is
processed, the Parties shall be deemed to have entered the Data Protection Addendum (DPA) which will be
provided by the Company.

5. Marketing Materials and Ads

5.1. The Affiliate’s actions, marketing materials and Ads shall comply with the guidelines provided by the Company
from time to time and the restrictions and requirements set forth herein.
8

5.2. The marketing material and Ads may be used by the Affiliate only upon receiving explicit written approval by the
Company, which may be denied at the Company's sole and exclusive discretion.

5.3. The Affiliate hereby agrees to refrain from marketing any of the Company's Marks via any Asset or any other
medium or means, without obtaining prior written consent from the Company.

5.4. In the event that the Affiliate makes use of any marketing material and Ads not approved by the Company, the
Company shall have the right, in addition to any other right or remedy available to it under these Terms or
applicable law, to render the Tracking Link or Tracking URL assigned to such Affiliate inoperative, and
immediately block the Affiliate's access to the Affiliate Program and deny any Affiliate Fee. The Affiliate hereby
irrevocably waives any claim or demand against the Company, or their directors, officers, agents,
representatives, shareholders and employees in respect of such action taken by the Company.

5.5. The Affiliate hereby agrees and acknowledges that the Company has the right to review from time to time its
marketing material and the Ads (but shall in no way be obligated to do so). The Affiliate will be under an
obligation to immediately comply with all of the instructions provided by the Company with respect to the
marketing material and Ads and it shall immediately make any and all required or requested changes or
modifications or alterations or amendments following the conclusion of the review. The abovementioned review
conducted by the Company, shall in no way be deemed to constitute or infer approval of the marketing material
or Ads on behalf of the Company or serve as a confirmation that the marketing material and Ads comply with
these Terms and with Applicable Laws.

5.6. The Affiliate agrees and acknowledges that it may not send any marketing materials or Ads via email, that that it
may not conduct cold calling or telemarketing.

6. Restrictions

6.1. All Affiliate activities must adhere to professional standards and comply with all Applicable Laws, including
but not limited in relation to data protection, privacy, marketing and spam laws, financial services, anti-
money laundering and countering the financing of terrorism, corruption and sanctions to the extent that
such are required. The Affiliate is solely responsible for the content and conduct of their activities. The Assets
used by the Affiliate for conducting activities under these Terms, including the Affiliate's Assets must not
engage, directly or indirectly, in any Fraudulent Activity or any conduct that the Company, at its sole
discretion, deems illegal, improper, unfair, or detrimental to the operation or reputation of the Company.

6.2. The Affiliate may not conduct any marketing or promotional activity to any End Users on any medium,
including website, social network or search engine on which the Company conduct any marketing or
9

promotional activity in relation to the Company, its services or the applicable Company's Marks. The list of
such social networks and websites will be provided to the Affiliate by the Company. The Affiliate is not
permitted to use any of the Company's Marks or any variation or modification or combination thereof
without a written permission of the Company, including in any domain name of the Affiliate.

7. Commissions

7.1. The Affiliate Fees shall be determined based on a revenue share model, wherein the Affiliate is entitled to an
agreed-upon percentage of the Net Revenue, or on a CPA model. The Affiliate Fees, solely determined by the
Company and subject to periodic updates, will be published in the applicable Campaign Conditions of the
Affiliate [Link] Company reserves the right, at its sole and absolute discretion, to change, modify, add
or remove, any compensation plan, as described in the applicable Campaign Conditions of the Affiliate
Program at any time and at its sole and absolute discretion, by sending such Affiliate a notice to such effect
by e-mail. In the event Affiliate does not agree to such change, it shall notify the Company by return e-mail
within three (3) business days of receiving such notice from the Company, and the Agreement shall terminate
immediately. In the event Affiliate does not notify the Company within three (3) days from the notice, it shall
be deemed as an approval by the Affiliate to such change in the Compensation Plan.

7.2. In addition to any other terms and conditions stated in these Terms or a particular Campaign Conditions,
Affiliate Program and or under Applicable Law, the Affiliate is only entitled to receive an Affiliate Fee for
Approved Activity.

7.3. Affiliate's right to receive a Fee is subject to, and conditioned upon Affiliate's compliance with all of the
provisions of these Terms, the Affiliate Program and the Campaign Conditions. Failure to comply with any of
these provisions may result in the termination of Affiliate's Account and forfeiture of Affiliate's unpaid Fees
(upon notice from the Company) as well as possible commencement of legal proceedings against the
Affiliate.

7.4. Affiliate hereby acknowledges that Company shall not be obligated to remit any Affiliate Fee, and shall be
entitled to withhold Affiliate Fee or demand a refund (in the event Commission were already paid): (i) in
connection with payments that were not fully remitted to the Company; or (ii) if determined by the Company,
at its sole discretion, that the Affiliate has engaged in Fraudulent Activity, was in breach of these Terms,
Affiliate Program or Campaign Conditions, or any Applicable Law. The Company reserves the right to deduct,
set off, claw back or charge back any amounts the Affiliate may owe to the Company against any amounts
payable or otherwise owing to the Affiliate.
7.5. The Affiliate Fee shall be solely determined and tracked by the Company, whether through its own tracking
system or a third party's tracking system, based on the Tracker ID and Tracking URL provided to the Affiliate.
10

No other measurements or statistics of any kind shall be accepted or have any effect.

7.6. All payments due to the Affiliate under the Terms will be exclusive of taxes, duties, levies, tariffs, and other
governmental charges (including, without limitation, VAT, if applicable) (collectively, "Taxes"). The Affiliate
will be responsible for payment of all Taxes and any related interest and penalties resulting from any
payments made hereunder.

7.7. Subject to any limitations provided under these Terms, the Company will be responsible for the payment of
any Affiliate Fee earned by the Affiliate in a calendar month, provided that the Affiliate Account balance
exceeds 150$
7.8. Payments of Affiliate Fee shall be made directly to the Affiliate as per its preferred payment method and to
the account set out in the Application Form. It is the Affiliate’s responsibility to ensure that the payment
account details provided in the Application Form are both accurate and complete. The Company will have no
obligation whatsoever to verify the accuracy and completeness of such details.

7.9. The Commission shall be remitted to the Affiliate within thirty (30) days as of the date of Company's receipt
of an accurate invoice from Affiliate.

8. Statistics

8.1. The Tracker ID and Tracking URL shall be the only basis for determining Actions and Affiliate Fees. It is
Affiliates sole responsibility to implement the Tracking ID and Tracking URL in accordance with Company's
implementation requirements, as transmitted to Affiliate from time to time. Affiliate acknowledges and
agrees that no other means of recording or determining Actions or Affiliate Fees shall be recognized.

8.2. Only the Company's files and records will determine all statistics including but not limited to the number of
Actions and Approved Transactions, cancellation, and Affiliate Fee ("Reports"). Reports shall be made
available to Affiliate on the website chose by the Company, the Affiliate Account, or an external tracking
system, or otherwise provided to Affiliate via email or other means as determined by the Company in its sole
discretion periodically (but no less than on a weekly basis). Affiliate must notify the Company, in writing of
any objections and claimed discrepancies within fourteen (14) days from the end of the applicable month of
activity appearing in the Reports; Affiliate's failure to notify the Company in such timely manner shall be
interpreted as Affiliate's final and conclusive confirmation of the Reports' accuracy, and Affiliate shall be
deemed to have permanently waived any objections or claims it might otherwise have with respect thereto.

8.3. All calculations in connection with the Commission are made by the Company and are final and binding. No
other measurements or calculations of any kind shall be accepted or have any effect.
11

9. Affiliate Representations and Warranties

The Affiliate represents and warrants the following:

9.1. The Affiliate is legally competent and has full authority to enter into these Terms.

9.2. By entering into these Terms, the Affiliate is not in violation of any other agreements with third parties or any
Applicable Laws.

9.3. The Affiliate has carefully read and agrees to all terms and conditions outlined in these Terms and the
Affiliate Program. The Affiliate is not relying on any representations, guarantees, or statements other than
what is explicitly set forth in these Terms and the Affiliate Program.

9.4. The Affiliate commits to complying with all Applicable Laws while performing its obligations and activities
under these Terms and the Affiliate Program. This includes, but is not limited to, Applicable Laws related to
data protection, privacy, marketing, spam, financial services, anti-money laundering and countering the
financing of terrorism, sanctions and corruption.

9.5. The Affiliate has obtained and will maintain all required regulatory approvals, permits, authorizations,
consents, registrations, and licenses under the Applicable Laws to operate as an Affiliate and conduct
associated activities under these Terms and the Affiliate Program.

9.6. The Affiliate, and its employees or contractors as applicable, possess the necessary knowledge, skills and
qualifications in order to conduct the activities under these Terms and the Affiliate Program in accordance
with all Applicable Laws.

9.7. As part of its activity under the Terms, the Affiliate shall place appropriate warnings and disclosures where
required to do so under any Applicable Laws. The Affiliate shall also place appropriate warnings and
disclosures where required by the Company.

9.8. The Affiliate acknowledges being aware of the content of the Ads and understanding the Company's legal
and regulatory requirements, which may be modified from time to time. The Affiliate agrees to operate
strictly in accordance with these Terms and all Company's written instructions.

9.9. At the Company's written request, the Affiliate will promptly cease promoting any Ads or cease conducting
any other activity under these Terms or remove any Ads or cause any applicable third party to remove any
Ads, as instructed in writing by the Company. The Affiliate acknowledges that a breach of its obligations
12

under this section may require equitable relief in addition to legal remedies. Therefore, in case of such
breach or a threat thereof, the Company reserves the right to seek appropriate equitable relief, including
injunctive relief. Furthermore, the Affiliate shall indemnify the Company for any losses or damages, including
attorney's fees, as outlined in the Indemnification section. At Company's request, the Affiliate shall promptly
give the Company a certificate confirming in writing that it has fully complied with the requirements of this
section, including confirming ceasing any applicable activity and removal of the applicable Ads.

9.10. The Company shall have the right to suspend any Affiliate and its participation in the Affiliate Program, for
any period of time and with an immediate effect, in the Company's sole discretion, without any liability, by
providing a written notice to the Affiliate. At the end of the suspension, the Company will notify the Affiliate in
writing whether the Agreement is terminated or not.

9.11. The Affiliate shall not place or transmit orders on behalf of the End Users or any other person.

9.12. The Affiliate shall promptly disclose to the Company any legal or semi-judicial proceedings, any complaint
(including from End Users), any existing or potential regulatory investigation, disciplinary action or any other
matter which in relation to the Company, the affiliated entity, and their relationship to the Affiliate, or which
may have a material effect on the Affiliate's ability to conduct its activities or execute its obligations under
these Terms and the Affiliate Program, subject to all Applicable Laws.

9.13. The Affiliate and anyone on its behalf shall not distribute any promotional or marketing material that: (i) is
not clearly identified as such; (ii) may reasonably deceive any person or public; (iii) contains any material
misstatement of fact or a statement that may be reasonably considered as misleading; (iv) mentions the
possibility of profit; (v) has not received the prior, written approval of the Company; (vi) is considered to be in
breach of the 'fair, clear and not misleading' principle.

9.14. The Affiliate is not and shall not be authorized to bind by any means, directly or indirectly, the Company or
any other entity to any contract, agreement or other obligation, unless otherwise stated by the Company in
writing.

9.15. The Affiliate warrants and represents that any marketing activities and communications conducted under
these Terms and the Affiliate Program, including any Ads, will carry the disclaimers, risk and other warnings
that are provided by the Company, and in all cases, no materials or communications, including Ads, may be
distributed or presented to anyone without the prior approval of the Company.
13

10. Affiliate's Relationship with Advertisers

10.1. For the duration of these Terms the Affiliate will not, directly or indirectly, enter or attempt to enter into any
agreement, understanding or other form of arrangement (whether express or implied) with an applicable
advertiser where payments are made to the Affiliate in respect of any marketing services other than under
these Terms, without Company's prior written approval.

11. Proprietary Rights

11.1. The Company is and shall be the sole and exclusive owner of all right, title and interest in any and all
materials, Confidential Information and Company's Marks, provided by the Company to Affiliate hereunder,
deliverables, Ads and any results or products and any part thereof (all of which shall be deemed “work-
made-for-hire”), including any and all derivatives, emulations, modifications, or enhancements thereto and
including all Company's Marks included in, derived from or related to the aforementioned. Without
derogating from the aforementioned, the Affiliate and its personnel hereby assign to Company, or to any
entity designated by Company at its sole discretion, all right, title and interest, including and Company's
Marks, it may now or in the future have in or to the deliverables, Ads and marketing materials including any
and all derivatives, emulations, substitutes, improvements, modifications, enhancements or alterations.

11.2. Accessing or participating in the Affiliate Program does not grant any express or implied right to Affiliate or
any other person to any of the Company's Marks or any other Intellectual Property Right which is used or
owned by the Company. Except if specifically stated otherwise in these Terms, the Company, retains all
rights, title and interests in its Intellectual Property Rights. All Intellectual Property Rights which are not
expressly granted herein, subject to all Applicable Laws, are reserved by the applicable Party.

11.3. None of the Parties shall: (1) contest, or assist others to contest the other Party's Intellectual Property Rights
or interests in and to its respective intellectual property rights and all applications, registrations or other
legally recognized interests therein, or any element, derivation, adaptation, variation or name thereof; or (2)
seek to register, record, obtain or attempt to pursue any proprietary rights or protections in or to the other
Party's Intellectual Property Rights; or (3) remove, obscure or alter any notices of proprietary rights or
disclaimers appearing in or on any Intellectual Property Rights marked properties of the other Party.

12. Confidentiality

12.1. Affiliate will: (1) hold the Company’s Confidential Information in strict confidence; (2) take all steps
necessary or appropriate to protect the confidentiality of the Confidential Information and to ensure
compliance with these Terms by its officers, directors, employees, contractors, agents and representatives;
(3) use Confidential Information for the sole purpose of performing pursuant to these Terms; (4) restrict
disclosure of Confidential Information to those of its officers, directors, employees, contractors, agents and
14

representatives with a need to know such information for the sole purpose of performing pursuant to these
Terms; and (5) not modify, reverse engineer, decompile, create other works from, or disassemble any such
Confidential Information.

12.2. Upon termination of these Terms, at the written request of the Company, the Affiliate will, at its option,
either return to the Company or certify destruction of, any and all copies of the Company’s Confidential
Information in the possession of the Affiliate, its employees or agents.

12.3. You acknowledge and agree that due to the unique nature of the Company's Confidential Information, there
may be no adequate remedy at law for any breach of its obligations under this section, and that any such
breach or any unauthorized use or release of any Confidential Information may result in irreparable harm to
the Company. Therefore, upon any such breach or any threat thereof, the Company shall be entitled to
appropriate equitable relief, including without limitation, injunctive relief against any breach of this section
in addition to whatever remedies the Company might have at law, and the Company shall be entitled to be
indemnified by the Affiliate from any loss or harm, including, without limitation, attorney’s fees, as further set
forth in the Indemnification section, in connection with any breach or enforcement of the Affiliate’s
obligations pursuant to this section or the unauthorized use or release of any Confidential Information.

12.4. Nothing in this chapter shall prevent the Company from complying with any Applicable Law.

13. Non-Assignability

13.1. Affiliate shall not assign or transfer any rights that Affiliate may have under these Terms to any other person
or entity. Any assignment, or attempted assignment, by Affiliate shall automatically terminate any rights that
Affiliate or Affiliate's assignee may otherwise have under these Terms, including but not limited to any rights
to the payment of Commissions.

13.2. The Company may assign these Terms to any party at any time at its sole discretion.

13.3. Affiliate is solely responsible for the protection and safekeeping of its credentials used to access the Services
and shall promptly inform the Company of any suspected or confirmed breach of security. Affiliate shall
remain liable for any unauthorized use caused by Affiliate or its negligence, and shall defend against,
indemnify, and hold harmless the Company from any and all claims or damages (including loss of profits,
loss of property, fines and penalties), losses and costs (including reasonable attorneys' fees) resulting from
any attempted or actual unauthorized use, due to Affiliate's willful or negligent act(s) or omissions.
15

14. Termination

14.1. These Terms shall be in effect as of the date of Company's approval of Affiliate's Application Form and shall
continue thereafter until terminated as provided herein.

14.2. Unless mutually agreed otherwise, either Party may terminate these Terms, at any time, for any reason or
no reason, by providing the other party with at least seven (7) days advance, written notice of termination.

14.3. Notwithstanding the foregoing, Affiliate understands and agrees that in the event that the Company
determines in its sole and absolute discretion that the Affiliate or anyone under Affiliate's control is engaged
in any prohibited or Fraudulent Activity, the Company shall have the right, in its sole and absolute discretion,
to immediately cancel Affiliate's participation in the Affiliate Program and terminate Affiliate's Account, or
terminate the Terms, at any time, without prior notification, and to withhold any part or all of the Affiliate's
unpaid Fee, without derogation from any legal or other rights available to Company against Affiliate under
the Applicable Laws.

14.4. Upon termination of these Terms for whatever reason: (a) to the extent applicable, Affiliate shall promptly
return to Company all Company property in its possession or control (including all documentation, creative,
promotional materials and all Confidential Information), including any copies and derivations thereof or
shall promptly destroy all of the foregoing and certify in writing to the Company that they have been
destroyed; and (b) Affiliate shall immediately cease displaying, and remove any Ads and marketing materials,
and cease to market or promote the Company's services or Company's Marks.

14.5. Any provisions hereof which expressly or by their nature are required to survive termination or expiration of
these Terms to achieve their purpose shall so survive until it shall no longer be necessary for them to survive
in order to achieve that purpose.

15. Modifications

15.1. The Affiliate hereby acknowledges and agrees that the Company has the right to modify, alter, supplement,
or amend all or any of the terms and conditions of these Terms (including any Exhibit attached hereto as
applicable) at any time and at its sole discretion, by posting the modification on the Impact website or under
a specific offer. Also, it can be given as a written notice provided by the Company to the Affiliate. Any
modified version of these Terms will take effect two (2) days after its publication as aforementioned or earlier
if required by any Applicable Law. It remains the Affiliate's responsibility to ensure that it is aware of the
correct, current Terms and the terms and conditions of the Affiliate Program. The Company advises Affiliates
to check for updates regularly. If the Affiliate deems any of the above-mentioned modifications, alterations,
16

supplements, or amendments as unacceptable, its only recourse is to terminate these Terms and the Affiliate
Program, as applicable. The Affiliate’s continued participation in the Affiliate Program shall be deemed as
confirming the Affiliate’s implied acceptance of the said modifications, alterations, or amendments.

15.2. Notwithstanding the aforementioned, should the Company modify these Terms in order to comply with an
Applicable Law, regulation or directive, such modifications will be effective immediately, when the new
version of the Terms is posted online. The Affiliate’s continued participation in the Affiliate Program
following such three (3) business days’ notice period shall be deemed as confirming the Affiliate’s implied
acceptance of the said modifications, alterations, or amendments.

16. Indemnification

16.1. You hereby agree to indemnify, defend and hold harmless the Company, its respective shareholders,
stockholders, members, officers, directors, employees, agents, licensors, successors, and assigns (the
“Indemnified Parties”), from and against any and all claims, losses, liabilities, damages or expenses
(including reasonable legal fees and costs) of any nature whatsoever incurred or suffered by any of the
Indemnified Parties (collectively the "Losses"), in so far as such Losses (or actions in respect thereof) arise
out of or related to (1) a breach of these Terms, including but not limited to a breach of any representation,
warranty, condition, covenant, restriction or obligation undertaken by the Affiliate herein; (2) a breach of
applicable Law, or of any rights of End Users or third parties (including but not limited to Intellectual
Property rights or rights of privacy); (3) the Assets or any content made available thereon; and, (4) any use of
the Tracking Link(s) or Tracking URL by the Affiliate, or by a party under the Affiliate’s control.

17. Disclaimer of Warranty; Limitation of Liability

17.1. THESE TERMS CONTAINS THE ENTIRE AGREEMENT BETWEEN THE COMPANY AND AFFILIATE WITH RESPECT
TO THE SUBJECT MATTER HEREOF, AND SUPERSEDES ALL PRIOR OR CONTEMPORANEOUS AGREEMENTS OR
UNDERSTANDINGS, WRITTEN OR ORAL BETWEEN THE AFFILIATE AND THE COMPANY.

17.2. THE SERVICES, THE AFFILIATE PROGRAM, THE AFFILIATE ACCOUNT, THE TRACKER ID, THE TRACKING
LINK(S) OR TRACKING URL, AND OTHER SERVICES PROVIDED IN CONNECTION THEREWITH, AND THE
MARKETING MATERIALS AND ADS ARE PROVIDED "AS IS". TO THE FULLEST EXTENT PERMITTED BY
APPLICABLE LAWS, COMPANY DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, INCLUDING
BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, AND ANY WARRANTIES ARISING OUT OF OR IN CONNECTION TO THE COURSE OF DEALING, USAGE,
OR TRADE WITH RESPECT TO THE AFFILIATE PROGRAM, THE COMPANY'S SERVICES OR COMPANY'S WEBSITE
(S), THE AFFILIATE ACCOUNT, THE TRACKER ID, THE TRACKING LINK(S) OR TRACKING URL, THE MARKETING
MATERIALS AND ADS, AND ANY PRODUCTS AND SERVICES PROVIDED IN CONNECTION THEREWITH. THE
17

COMPANY DOES NOT WARRANT THAT ANY SERVICES OR THE AFFILIATE PROGRAM WILL MEET AFFILIATE'S
SPECIFIC REQUIREMENTS. COMPANY DOES NOT REPRESENT OR WARRANT THAT THE OPERATION OF THE
AFFILIATE PROGRAM, SERVICES, THE COMPANY'S WEBSITE (S), TRACKER ID, THE TRACKING LINK(S) OR
TRACKING URL AND ANY ADS WILL BE ERROR-FREE OR UNINTERRUPTED.

17.3. IN ADDITION TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAWS, IN NO EVENT SHALL COMPANY
PARTY BE LIABLE FOR ANY UNAVAILABILITY OR INOPERABILITY OF THESERVICES, COMPANY'S WEBSITE (S),
THE AFFILIATE ACCOUNT, TRACKER ID, THE TRACKING LINK(S) OR TRACKING URL, INCLUDING ANY
TECHNICAL MALFUNCTION, COMPUTER ERROR, CORRUPTION OR LOSS OF INFORMATION, OR OTHER
INJURY, DAMAGE OR DISRUPTION OF ANY KIND.

17.4. The Company does not make any representation that the Affiliate will earn any amount of Affiliate Fee.

17.5. To the maximum extent permitted by applicable law, in no event will the Company or any of its respective
officers, directors, agents, employees or representatives, be liable or assume any obligation whatsoever to
you or anyone on your behalf, regardless of the form of action, for any direct, indirect, special, incidental, or
consequential damages or loss of any kind, including without limitation, loss of business, loss of profits, loss
of revenue, loss of data, loss of contracts or loss of anticipated savings, for any unavailability or inoperability
of the Company's WEBSITE (s), the Affiliate Account, tracker ID, the tracking link(s) or tracking URL, Affiliate
Program, including technical malfunction, computer error, or corruption of data, any loss or any damage
arising out of or in connection with these Terms, any service, product or content provided by any third party,
whether based in contract, tort, negligence, strict liability. In the event of any such damage, loss or any
complaint with respect to the foregoing your sole and exclusive remedy is to discontinue your participation
in the Affiliate Program and cease all use of the Services and cease all activities under these Terms and the
Affiliate Program.

18. Miscellaneous

18.1. These Terms constitute the entire agreement between Affiliate and the Company with respect to the subject
matter hereof, and these Terms supersede all prior written or oral understandings, writings and
representations between the Affiliate and the Company, and apply in addition to any other terms or
conditions or policies of the website on which the Application Form is placed and of the Company's Website,
as applicable.

18.2. If any provision of these Terms is found by a court of competent jurisdiction to be held void or
unenforceable to any extent, such provision shall be deemed excised and removed only to the extent to
make the remaining provisions and these Terms enforceable.
18

18.3. The failure of any party to insist upon or enforce strict performance of any provision of these Terms or to
exercise any of its rights or remedies under these Terms will not be interpreted or construed as a waiver or
relinquishment to any extent of its rights to assert or rely on any such provision, right or remedy in that or
any other instance; rather, the same will be and remain in full force and effect. All waivers shall be in writing.

18.4. Neither party shall be liable for any failure to perform its obligations in accordance with these Terms due to
causes beyond its reasonable control, which may include denial-of-service attacks, interruption or failure of
the Internet or any utility service, failures in third-party hosting services, strikes, shortages, riots, fires, acts of
god, pandemic, war, terrorism, and governmental action ("Force Majeure".)

18.5. The Parties hereto are and shall remain independent contractors, and nothing herein shall be deemed to
create any agency, partnership or joint-venture relationship between the Parties. Neither Party shall be
deemed to be an employee or legal representative of the other, nor shall either Party have any right or
authority to create any obligation on behalf of the other Party.

18.6. Without giving effect to any choice of law or conflict of law rules or provisions, these Terms shall be
governed by the laws of the State of New-York and the applicable court in of the State of New-York, US shall
have exclusive jurisdiction with respect to any action arising from these Terms.

19. All notices pertaining to These Terms will be given by email as follows: (1) by the Company to Affiliate at the
email address provided by Affiliate in the Application Form; and (2) by Affiliate to the Company at
affiliates@[Link]. Unless otherwise stated herein, any notice sent by email shall be deemed received on the
earlier of an acknowledgement being sent or twenty-four (24) hours from the time of transmission.

By signature, the Publisher acknowledges that is has read and understood the terms of this DPA and
agree to be legally bound by it:

For TangoMe: For Publisher:

Name: ______________________ Name: ______________________
Position: ______________________ Position: ______________________
Date: ______________________ Date: ______________________
Signature: ______________________ Company ______________________
Name:
19

Schedule A – SCC

1. This Schedule A sets out the Parties' agreed interpretation of their respective obligations under Module
One of the Standard Contractual Clauses.

2. The Parties agree that for the purpose of transfer of Personal Data between TangoMe (Data Exporter)
and the Publisher (Data Importer), the following shall apply:

2.1. Clause 7 of the Standard Contractual Clauses shall not be applicable.

2.2. In Clause 11, data subjects shall not be able to lodge a complaint with an independent dispute
resolution body.

2.3. In Clause 17, option 1 shall apply. The Parties agree that the clauses shall be governed by the law
of Cyprus.

2.4. In Clause 18(b) the Parties choose the courts of Cyprus as their choice of forum and jurisdiction.

3. The Parties shall complete Annexes I–II below, which are incorporated in the Standard Contractual
Clauses by reference.
20

Annex I – Description of Processing Activities

A. Identification of Parties

"Data Exporter": TangoMe;

"Data Importer": the Publisher.

B. Description of Transfer

Data Subjects
The Personal Data transferred concern the following categories of Data Subjects (please specify):
☐ TangoMe's end-users
☐ TangoMe's employees
☐ TangoMe's customers
☐ Other: ________

Categories of Personal Data

The Personal Data transferred concern the following categories of data (please specify):
☐ Contact information (name, age, gender, address, telephone number, email address etc.)
☐ Financial and payment data (e.g. credit card number, bank account, transactions)
☐ Governmental IDs (passport, driver's license)
☐ Device identifiers and internet or electronic network activity (IP addresses, GAID/IDFA, browsing history,
timestamps)
☐ Geo-location information
☐ Other: ________

Special Categories of Data (if appropriate)

The Personal Data transferred concern the following special categories of data (please specify):
☐ None
☐ Genetic or biometric data
☐ Health data
☐ Racial or ethnic origin
☐ Political opinions, religious or philosophical beliefs
☐ Other: ________

The frequency of the transfer

The frequency of the transfer:
☐ One-off
☐ Continuous
☐ Other: ________
21

Nature of the processing

☐ Collection
☐ Recording
☐ Organization or structuring
☐ Storage
☐ Adaptation or alteration
☐ Retrieval
☐ Consultation
☐ Disclosure, dissemination or otherwise making available
☐ Analysis
☐ Erasure or destruction
☐ Other: ________

Purpose of the transfer and further processing

As defined in the Agreement.

Retention period
Personal Data will be retained for the term of the Agreement.
22

Annex II – Technical and Organizational Measures to Ensure the Security of the Data

Description of the technical and organizational measures implemented by the data importer (including any
relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope,
context and purpose of the processing, and the risks for the rights and freedoms of natural persons.

Security Management
Publisher maintains a written information security management system (ISMS), in accordance with this
Annex, that includes policies, processes, enforcement and controls governing all
storage/processing/transmitting of Personal Data, designed to (a) secure Personal Data against accidental
or unlawful loss, access or disclosure; (b) identify reasonable foreseeable and internal risks to security and
authorized access to Publisher Network, and (c) minimize security risks, including through risk assessment
and regular testing. The ISMS will include the following measures:
● Publisher actively follows information security trends and developments as well as legal
developments with regards to the services provided and especially with regards to Personal Data
and uses such insights to maintain its ISMS, as appropriate.
● To the extent Publisher process cardholder or payment data (such as payment or credit cards),
Publisher will maintain its ISMS in accordance with the PCI DSS standard, augmented to cover
Personal Data, or such other alternative standards that are substantially equivalent to PCI DSS for
the establishment, implementation, and control of its ISMS. Additionally, Publisher will be assessed
against PCI DSS annually by an on-site assessment carried out by an independent QSA (Qualified
Security Assessor) and upon TangoMe's request, not to exceed once annually, Publisher will
provide TangoMe with PCI DSS attestation of compliance.

Maintain an Information Security Policy

Publisher's ISMS is based on its security policies that are regularly reviewed (at least yearly) and maintained
and disseminated to all relevant Parties, including all personnel. Security policies and derived procedures
clearly define information security responsibilities including responsibilities for:
● Maintaining security policies and procedures;
● Secure development, operation and maintenance of software and systems;
● Security alert handling;
● Security incident response and escalation procedures;
● User account administration;
● Monitoring and control of all systems as well as access to Personal Data.

Personnel is screened prior to hire and trained (and tested) through a formal security awareness program
upon hire and annually. For service providers with whom Personal Data is shared or that could affect the
security of Personal Data a process has been set up that includes initial due diligence prior to engagement
and regular (typically yearly) monitoring.
Personal Data has implemented a risk-assessment process that is based on ISO 27005.

Secure Networks and Systems

Publisher has installed and maintains firewall configurations to protect Personal Data that controls all traffic
allowed between Publisher's (internal) network and untrusted (external) networks, as well as traffic into
and out of more sensitive areas within its internal network. This includes current documentation, change
control and regular reviews.
Publisher does not use vendor-supplied defaults for system passwords and other security parameters on
any systems and has developed configuration standards for all system components consistent with
industry-accepted system hardening standards.
23

Protection of Personal Data

Publisher keeps Personal Data storage to a minimum and implements data retention and disposal policies
to limit data storage to that which is necessary, in accordance with the needs of its customers.
Publisher uses strong encryption and hashing for Personal Data anywhere it is stored. Publisher has
documented and implemented all necessary procedures to protect (cryptographic) keys used to secure
stored Personal Data against disclosure and misuse. All transmission of Personal Data across open, public
networks is encrypted using strong cryptography and security protocols.

Vulnerability Management Program

Publisher protects all systems against malware and regularly updates anti-virus software or programs to
protect against malware – including viruses, worms, and Trojans. Anti-virus software is used on all systems
commonly affected by malware to protect such systems from current and evolving malicious software
threats.
Publisher develops and maintains secure systems and applications by:
● Having established and evolving a process to identify and fix (e.g. through patching) security
vulnerabilities, that ensures that all systems components and software are protected from known
vulnerabilities,
● Developing internal and external software applications, including web-applications, securely using a
secure software development process based on best practices, e.g. such as code reviews and
OWASP secure coding practices, that incorporates information security throughout the software-
development lifecycle,
● Implementing a stringent change management process and procedures for all changes to system
components that include strict separation of development and test environments from production
environments and prevents the use of production data for testing or development.

Implementation of Strong Access Control Measures

"Publisher Network" means the Publisher's data center facilities, servers, networking equipment, and host
software systems (e.g. virtual firewalls) as employed by the Publisher to process or store Personal Data.
The Publisher Network will be accessible to employees, contractors and any other person as necessary to
provide the services to the TangoMe. Publisher will maintain access controls and policies to manage what
access is allowed to the Publisher Network from each network connection and user, including the use of
firewalls or functionally equivalent technology and authentication controls. Publisher will maintain
corrective action and incident response plans to respond to potential security threats.
Publisher strictly restricts access to Personal Data on a need to know basis to ensure that critical data can
only be accessed by authorized personnel. This is achieved by:
● Limiting access to system components and Personal Data to only those individuals whose job
requires such access; and
● Establishing and maintaining an access control system for system components that restricts access
based on a user’s need to know, with a default “deny-all” setting.

Publisher identifies and authenticates access to all systems components by assigning a unique identification
to each person with access. This ensures that each individual is uniquely accountable for its actions and any
actions taken on critical data and systems can be traced to known and authorized users and processes.
Necessary processes to ensure proper user identification management, including control of
addition/deletion/modification/revocation/disabling of IDs and/or credentials as well as lock out of users
after repeated failed access attempts and timely termination of idling session, have been implemented.

User authentication utilizes at least passwords that have to meet complexity rules, which need to be
changed on a regular basis and which are cryptographically secured during transmission and storage on all
system components. All individual non-console and administrative access and all remote access use multi-
factor authentication.
24

Authentication policies and procedures are communicated to all users and group, shared or generic
IDs/passwords are strictly prohibited.

Restriction of Physical Access to Personal Data

Any physical access to data or systems that house Personal Data are appropriately restricted using
appropriate entry controls and procedures to distinguish between onsite personnel and visitors. Access to
sensitive areas is controlled and includes processes for authorization based on job function and access
revocation for personnel and visitors.
Media and backups are secured and (internal and external) distribution is strictly controlled. Media
containing Personal Data no longer needed for business or legal reasons is rendered unrecoverable or
physically destroyed.

Regular Monitoring and Testing of Networks

All access to network resources and Personal Data is tracked and monitored using centralized logging
mechanisms that allow thorough tracking, alerting, and analysis on a regular basis (at least daily) as well as
when something does go wrong. All systems are provided with correct and consistent time and audit trails
are secured and protected, including file-integrity monitoring to prevent change of existing log data and/or
generate alerts in case. Audit trails for critical systems are kept for a year.

Security of systems and processes is regularly tested, at least yearly. This is to ensure that security controls
for system components, processes and custom software continue to reflect a changing environment.
Security testing includes:
● Processes to test rogue wireless access points,
● Internal and external network vulnerability tests that are carried out at least quarterly. An external,
qualified party carries out the external network vulnerability tests.
● External and internal penetration tests using Publisher's penetration test methodology that is
based on industry-accepted penetration testing approaches that cover all the relevant systems and
include application-layer as well as network-layer tests

All test results are kept on record and any findings are remediated in a timely manner.
Publisher does not allow penetration tests carried out by or on behalf of its customers.
In daily operations IDS (intrusion detection system) is used to detect and alert on intrusions into the
network and file-integrity monitoring has been deployed to alert personnel to unauthorized modification of
critical systems.

Incident Management
Publisher has implemented and maintains an incident response plan and is prepared to respond
immediately to a system breach. Incident management includes:
● Definition of roles, responsibilities, and communication and contact strategies in the event of a
compromise, including notification of customers,
● Specific incident response procedures,
● Analysis of legal requirements for reporting compromises,
● Coverage of all critical system components,
● Regular review and testing of the plan,
● Incident management personnel that is available 24/7,
● Training of staff,
● Inclusion of alerts from all security monitoring systems,
● Modification and evolution of the plan according to lessons learned and to incorporate industry
developments.
Publisher has also implemented a business continuity process (BCP) and a disaster recovery process (DRP)
that are maintained and regularly tested. Data backup processes have been implemented and are tested
regularly.
25

Physical Security
Physical Access Controls
Physical components of the Publisher Network are housed in nondescript facilities ("Facilities"). Physical
barrier controls are used to prevent unauthorized entrance to Facilities both at the perimeter and at
building access points. Passage through the physical barriers at the Facilities requires either electronic
access control validation (e.g., card access systems, etc.) or validation by human security personnel (e.g.,
contract or in-house security guard service, receptionist, etc.). Employees and contractors are assigned
photo-ID badges that must be worn while the employees and contractors are at any of the Facilities.
Visitors are required to sign-in with designated personnel, must show appropriate identification, are
assigned a visitor ID badge that must be worn while the visitor is at any of the Facilities, and are continually
escorted by authorized employees or contractors while visiting the Facilities.

Limited Employee and Contractor Access

Publisher provides access to the Facilities to those employees and contractors who have a legitimate
business need for such access privileges. When an employee or contractor no longer has a business need
for the access privileges assigned to him/her, the access privileges are promptly revoked, even if the
employee or contractor continues to be an employee of Publisher or its affiliates.

Physical Security Protections

All access points (other than main entry doors) are maintained in a secured (locked) state. Access points to
the Facilities are monitored by video surveillance cameras designed to record all individuals accessing the
Facilities. Publisher also maintains electronic intrusion detection systems designed to detect unauthorized
access to the Facilities, including monitoring points of vulnerability (e.g., primary entry doors, emergency
egress doors, etc.) with door contacts, or other devices designed to detect individuals attempting to gain
access to the Facilities. All physical access to the Facilities by employees and contractors is logged and
routinely audited.

Continued Evaluation
Publisher will conduct periodic reviews of the Security of its Publisher Network and adequacy of its
information security program as measured against industry security standards and its policies and
procedures. Publisher will continually evaluate the security of its Publisher Network to determine whether
additional or different security measures are required to respond to new security risks or findings
generated by the periodic reviews.