Fair Use Policy (“FUP”) for Episerver Digital Experience Cloud™

1. Purpose and Background

1.1 This Fair Use Policy ("FUP") applies to the use of any product, service or website provided by Episerver, whether provided directly or another party to provides it to Customer ("Software Service(s)"). For Episerver to ensure compliance with the laws and regulations that apply to Software Services, and for Episerver to meet its SLA, the FUP is required. The FUP also protects the interests of all Episerver customers and their customers, as well as goodwill and reputation. By using the Software Services, Customer agrees to the FUP.

1.2 The FUP applies to all Users and Customer is solely responsible for any violations. Customer may not assist or engage others in a way that would violate the FUP. Episerver will enforce and ensure compliance with the FUP by using all appropriate methods, such as notice complaint and email failure monitoring.

1.3 Episerver periodically updates the FUP to meet changing laws and regulations. Customer and Users will be notified either through the Software Service, Episerver customer/partner portal, email or by posting a revised copy on http://www.episerver.com/legal/fair-use-policy and giving notice to Customer. Customer must review the FUP on a regular basis and always remain in compliance.

2. Equipment and Reporting

2.1 The Software Services are provided by Episerver from data center facilities to which Users have remote access via the Internet in conjunction with certain online and offline components provided by Episerver hereunder. Customer shall be responsible for obtaining and maintaining appropriate equipment and ancillary services needed to connect to, access or otherwise use the Software Services, including, without limitation, computers, computer operating system and web browsers (collectively, "Equipment"). Customer shall ensure that the Equipment complies with all configurations and specifications set forth in Episerver published documentation.

2.2 Customer shall report any defects with the Software Service to Episerver as soon as possible after such defect is discovered. If Customer knows of or suspects a violation of this FUP, Customer will promptly notify Episerver in writing of the known or suspected violation of this FUP.

2.3 Customer should encourage Users to report suspected violations of this FUP to Episerver by forwarding a copy of the received email with headers to [email protected] Episerver has a policy to investigate all of these reports and to respond in an appropriate way.

3. Fair Use of Software Services

3.1 Lawful use of Software Services - Customer may not use the Software Service if Customer or Users are legally prohibited from receiving or using the Software Service under the laws of the country in which Customer or Users are resident or from which Customer and/or Users access or use the Software Service. The Software Service is not provisioned to comply with industry-specific regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), or the Federal Information Security Management Act (FISMA), if Customer uses the Software Service where communications would be subject to such laws, then it is the full and sole responsibility of Customer for compliance and lawful use.

3.2 No Disruption - Customer agrees not to use the Software Service in a way that impacts the normal operation, privacy, integrity or security of another's property. Another’s property includes another’s account(s), domain name(s), URL(s), website(s), network(s), system(s), facilities, equipment, data, other information, or business operations. Customer also agrees not to use the Software Service to gain unauthorized access to, use, monitor, make an unauthorized reference to, another’s property, unless you have the appropriate express prior consent to do so. Examples of prohibited actions include (without limitation): hacking, spoofing, denial of service, mailbombing and/or sending any email that contains or transmits any virus or propagating worm(s), or any malware, whether spyware, adware or other such file or program. These restrictions apply regardless of Customer’s intent and whether Customer acts intentionally or unintentionally.

3.3 Customer Data, content, information and other data used within Software Services - Customer is fully responsible for all the Customer Data, content, information or other data that has been transferred or in any other way handled, including but not limited to any data and information Users insert, upload, download, generate, capture, relay or in any way transmit or store, on, through use or as a result of the Software Services, does not constitute an infringement of the right of a third-party or in any other way is in conflict with applicable legislation. Customer shall hold Episerver free from loss for any demands directed at Episerver by a third-party as a consequence of the information that Customer is responsible for. This continues to apply even if Episerver has terminated the Agreement with Customer due to a breach of this provision. Further, Customer may not use Software Services with Customer Data, content, information, and/or data in a manner that –

3.3.1 is threatening, abusive, harassing, stalking, defamatory, deceptive, false, misleading or fraudulent;

3.3.2 is invasive of another's privacy or otherwise violates another’s legal rights (such as rights of privacy and publicity);

3.3.3 contains vulgar, obscene, indecent or unlawful material;

3.3.4 publishes, posts, uploads, or otherwise distributes any software, music, videos, or other material protected by intellectual property laws (or by rights of privacy or publicity) unless Customer has all necessary rights and consents to do so;

3.3.5 uploads files that contain viruses, corrupted files, or any other similar software or programs that may damage the operation of another person's computer;

3.3.6 downloads any file that Customer knows, or reasonably should know, cannot be legally distributed in that way;

3.3.7 falsifies or deletes any author attributions, legal or proprietary designations, labels of the origin or source of software, or other material contained in a file that is uploaded;

3.3.8 restricts or inhibits any other user of the Software Service from using and enjoying their Episerver software or services;

3.3.9 harvests or otherwise collects information about others, including e-mail addresses, without their lawfully received consent;

3.3.10 violates the usage standards or rules of an entity affected by Customer use, including ISP, ESP, or news or user group;

3.3.11 is legally actionable between private parties; and/or

3.3.12 is in violation of any applicable local, state, national or international law or regulation, including all export laws and regulations and without limitation the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) (15 U.S.C. § 7701 et seq.), the U.S Telephone Consumer Protection Act of 1991 (47 U.S.C. § 227), the Do-Not-Call Implementation Act of 2003 (15 U.S.C. § 6152 et seq.; originally codified at § 6101 note), the Directive 2000/31/EC of the European Parliament and Council of 8 June 2000, on certain legal aspects of information society services, in particular, electronic commerce in the Internal Market ('Directive on Electronic Commerce'), along with the Directive 2002/58/EC of the European Parliament and Council of 12 July 2002, concerning the processing of personal data and the protection of privacy in the electronic communications sector ('Directive on Privacy and Electronic Communications'), regulations promulgated by the U.S. Securities Exchange Commission, any rules of national or other securities exchange, including without limitation, the New York Stock Exchange, the American Stock Exchange or the NASDAQ, the Personal Information Protection and Electronic Documents Act (PIPEDA) (S.C. 2000, c. 5), Germany’s Gesetz gegen den unlauteren Wettbewerb (UWG) § 7, Swedish Marketing Act (Swedish Code of Statutes, SFS 1995:450) and any regulations having the force of law or laws in force in your or your email recipient's country of residence.

3.4 Customer alterations of Software Services - Customer is responsible for User alterations made in the Software Services (including the Customer’s customizations of Software and/or Software Services).

3.5 Customer Contact Information - Customer is responsible for keeping its contact information up to date with Episerver. Any changes shall require written notice given to Episerver.

3.6 No SPAM Permitted - Customer may not use Software Services in any way (directly or indirectly) to send, transmit, handle, distribute or deliver: (a) unsolicited email ("spam" or "spamming") in violation of the CAN-SPAM Act (referenced in Section 3.3) or any other law; (b) email to an address obtained via Internet harvesting methods or any surreptitious methods (e.g., scraping or harvesting); (c) email to an address that is incomplete, inaccurate and/or not updated for all applicable opt-out notifications, using best efforts and best practices in the industry, or (d) commercial electronic messages in violation of Germany’s UWG (referenced in Section 3.3).

3.7 Prohibited Email Content and Formatting; Email Best Practices - Email sent, or caused to be sent to or through the Software Services may not: (a) use or contain invalid or forged headers; (b) use or contain invalid or non-existent domain names; (c) employ any technique to otherwise misrepresent, hide or obscure any information in identifying the point of origin or the transmission path; (d) use other means of deceptive addressing; (e) use a third party's internet domain name without their consent, or be relayed from or through a third party's equipment without the third party’s permission; (f) contain false or misleading information in the subject line or otherwise contain false or misleading content; or (g) use Episerver trademark(s), tagline(s), or logo(s) without our prior written consent and only then pursuant to Episerver trademark usage guidelines.

3.8 Email Sending Policy - If Customer sends email through Software Services, Episerver recommends adoption of the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) Sender Best Communications Practices (BCP), which were created and agreed upon with collaborative input from both volume email senders and Internet Service Providers. The Sender Best Communications Practices document is available at https://www.m3aawg.org/sites/default/files/document/M3AAWG_Senders_BCP_Ver3-2015-02.pdf. Customer shall use commercially reasonable efforts to follow these practices. In addition, Customer is prohibited from using the Software Services to email: (a) purchased, rented, or borrowed lists, and (b) lists that are likely to result in an excessive number of unsubscribe requests or SPAM complaints or notices, as determined by acceptable industry practices.

3.9 Email Opt-out Requirements -Customer warrants that each email sent for or by Customer using the Software Services will contain: (a) header information that is not false or misleading; and (b) an advisement that the recipient may unsubscribe, opt-out or otherwise demand that use of its information for unsolicited, impermissible and/or inappropriate communication(s) as described in this FUP be stopped (and how the recipient can notify Customer that it wants to unsubscribe, opt-out, or stop this use of its information). These requirements may not apply if the email sent is a transactional email and these requirements are not otherwise required by law. Customer warrants that it will promptly comply with all opt-out, unsubscribe, "do not call" and "do not send" requests.

3.10 Text-Message and Telephone Marketing - Customer must comply with all laws relating to text-message and telephone marketing, including without limitation those specifically referenced in the ‘Proper Usage of Software Service’ section below. Customer must comply with all laws related to the texting individuals and ensure all proper consent to receive text messages is obtained prior to making any such distribution, and ability to opt-out of any such messages. If Customer uses the Software Service to send text messages or phone calls, Customer must also comply with all applicable industry standards, including those applicable guidelines published by the CTIA and the Mobile Marketing Association.

4. General Terms

4.1 Customer will use the Software Services in adherence with the applicable EUSA and terms, and will not: (i) willfully tamper with the security of the Software Service or tamper with other Episerver customer accounts; (ii) access data on the Software Service not intended for Customer; (iii) log into a server or account on the Software Services that Customer is not authorized to access; (iv) attempt to probe, scan or test the vulnerability of any Software Service or to breach the security or authentication measures without proper authorization; (v) willfully render any part of the Software Service unusable; (vi) lease, distribute, license, sell or otherwise commercially exploit the Software Service or make the Software Service available to a third party other than as contemplated in the Agreement for Software Service; (vii) use the Software Service for timesharing or service bureau purposes or otherwise for the benefit of a third party; or (viii) provide to third parties any evaluation version of the Software Service or Episerver Software without Episerver’s prior written consent.

4.2 Breach of this FUP qualifies for actions under Section 5.2, 5.3 and 5.5 of the EUSA.