Information Security Policy

Security processes. We make commercially reasonable efforts to safeguard all Personal Information from loss or theft, unauthorized access, disclosure, duplication, use or modification through security measures appropriate to the sensitivity of the information. These measures include internal reviews of our data collection, storage and processing practices and security measures which include appropriate encryption and physical security measures to guard against unauthorized access to systems where we store Personal Information.

Confidentiality obligations. We restrict access to all Personal Information
to our employees, contractors and suppliers who need to know that information in order to process it on our behalf or to provide our products and services to you. Our employees, contractors and suppliers are bound by confidentiality obligations and may not use the information for any unauthorized purpose. Our employees may be subject to discipline, including termination and criminal prosecution, if they fail to meet their obligations described in this Privacy Policy. Our suppliers are required to protect your Personal Information in a manner that is consistent with this Privacy Policy.

“Confidential Information” means all confidential and proprietary information of a Party (the “Disclosing Party”) disclosed to the other Party (the “Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including, without limitation, the terms and conditions of this Agreement, the Customer Data, business and marketing plans, technology and technical information, product designs and business processes, provided that Confidential Information shall not include any information that:

(a) is now or subsequently becomes generally available to the public through no fault or breach of any obligation owed to the Disclosing Party;

(b) the Receiving Party can demonstrate was known to the Receiving Party prior to its disclosure by the Disclosing Party;

(c) is independently developed by the Receiving Party without the use of any Confidential Information; or

(d) is received from a third party who has the right to transfer or disclose it.

CUSTOMER DATA AND CUSTOMER PERSONAL DATA

1.01 Limelight may access the Customer’s Customer Data solely to provide the Support Services or at the Customer’s request.

1.02 The Customer hereby represents, warrants and covenants to Limelight that the Customer has obtained consent for the collection, use and transfer of the Customer Data in connection with the Limelight Software and that the Customer Data will not infringe or misappropriate any intellectual property rights or confidential information of any third party or otherwise violate any applicable laws.

1.03 The Customer is solely responsible for applying the appropriate level of access rights to Customer Data and to communications involving the use of the Products. Limelight shall not be responsible or liable for the accuracy of Customer Data.

1.04 Upon receipt of a written request by the Customer made within 30 days of the effective date of termination, Limelight will make available to the Customer for download, at the Customer’s sole cost, a file containing the Customer Data. After the expiry of such 30 day period, Limelight shall have no obligation to maintain or provide any Customer Data to the Customer and shall thereafter, unless legally prohibited, delete all Customer Data in its systems or otherwise in its possession or under its control.

1.05 Limelight shall implement appropriate technical and organizational measures to protect any Customer Personal Data against unauthorized or accidental loss, damage or disclosure.

1.06 Limelight shall promptly and fully notify the Customer in writing of any notices in connection with the processing of any Customer Personal Data, including subject access requests, and provide such information and assistance as the Customer may reasonably require with respect to such notices.

1.07 Except as expressly provided otherwise, this Agreement does not transfer ownership of, or create any licenses (implied or otherwise), in any Customer Personal

CONFIDENTIAL INFORMATION

2.01 Confidential Information shall remain the exclusive property of the Disclosing Party.

2.02 The Receiving Party shall not, at any time during the Term and at any time following the termination of this Agreement, disclose any Confidential Information of the Disclosing Party to any third party, except to those of the Receiving Party’s Personnel who have a need to know such Confidential Information and who are bound by confidentiality obligations no less stringent than those contained in this Agreement, nor shall the Receiving Party use any such Confidential Information of the Disclosing Party for any purpose other than to perform its obligations or exercise its rights under this Agreement.

2.03 Each Party agrees to protect the confidentiality of the Confidential Information of the other Party in the same manner that it protects the confidentiality of its own proprietary and confidential information of like kind, but in no event shall either Party exercise less than reasonable care in protecting such Confidential Information.

2.04 If the Receiving Party is compelled by law to disclose Confidential Information of the Disclosing Party, it shall provide the Disclosing Party with prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure.

2.05 If the Receiving Party discloses or uses (or threatens to disclose or use) any Confidential Information of the Disclosing Party in breach of this Section, the Disclosing Party may have the right, in addition to any other remedies available to it, to seek injunctive relief to enjoin such acts, it being specifically acknowledged by the Parties that any other available remedies may be inadequate.