1.1 General. The Service will not be used in or for any illegal, fraudulent, unauthorized or improper manner or purpose and will only be used in compliance with all applicable laws, rules and regulations, codes of conduct (including voluntary codes of conduct), and all applicable state, federal, national, and international internet, data, telecommunications, marketing, telemarketing, “spam,” and import/export laws and regulations.
1.2 Prohibited Use. Client is prohibited from and agrees to not use the Service to transmit, disseminate or process any:
a. material that infringes or violates any third party’s intellectual property rights, rights of publicity, privacy, or confidentiality, or the rights or legal obligations of any wireless service provider or any of its customers or subscribers;
b. material or data, that is illegal, or material or data, that is harassing, coercive, defamatory, libellous, abusive, threatening, obscene, materials that are harmful to minors, or materials the transmission of which could diminish or harm the reputation of SDL or any third-party service provider involved in the provision of the Service;
c. viruses, DDoS attacks, Trojan horses, worms, time bombs, cancelbots, or other computer programming routines that are intended to damage, detrimentally interfere with, surreptitiously or openly intercept or expropriate any system, or data;
d. any signal or impulse that could cause electrical, magnetic, optical, or other technical harm to the equipment or facilities of SDL or any third party; and/or
1.2.1 Without limitation of any of the foregoing, any use which is contrary to the applicable legal and regulatory provisions operative in any territory in which the Service is used or to or through which communications are sent. Where any of the country specific legal and regulatory provisions are less stringent than those set out above, those set out above shall apply.
1.3 Impediment. Client is responsible for notifying SDL immediately if Client becomes aware of an impending event that may negatively affect the Service.
1.4 No sharing. Client may not run on SDL’s servers any program that makes the Services available to others. Client may not run such programs on their own machines connected to the SDL network in order to make such Services or resources available to others. For the avoidance of doubt, SDL expressly confirms that Client is allowed to make their own products and services available to others, as long as the products and services do not violate these Security Terms and Conditions.
1.5 Violation. In the event of the breach of or failure to comply with these Security Terms and Conditions by Client, SDL expressly reserves the right, at its discretion, to pursue any remedies that it believes are needed, which may include, but are not limited to, suspension or termination of the provision of access to the Services. Such actions may be taken by SDL with prior notice to Client. If SDL deems that the non-compliance is not caused by Client, no remedies will be imposed on Client and all remedies already imposed on Client will immediately be lifted.
2.1 Security Program. SDL has implemented and shall maintain a Cyber Security and Privacy Program that incorporates industry best practices, applicable legislation and standards, and complies with applicable Security and Privacy Requirements. SDL’s Cyber Security and Privacy Program includes appropriate administrative, technical and physical safeguards, and assures the confidentiality, availability, integrity and privacy of Client information, including the Content, and Client systems directly connected to SDL’s network. SDL’s Cyber Security and Privacy Program includes, but is not limited to, the following safeguards:
a. Appropriate user authentication controls, including secure methods of assigning, selecting and storing access credentials; restricting access to active users; and blocking access after a reasonable number of failed authentication attempts.
b. Secure access controls, including controls that limit access to Client information and the Content to individuals that have a business need-to-know, supported by appropriate policies, protocols and controls to facilitate access authorization, establishment, modification and termination.
c. Appropriate and timely adjustments to SDL’s Cyber Security and Privacy Program based on: periodic risk assessments; regular comprehensive evaluations (such as third-party assessments) of the Cyber Security and Privacy Program; monitoring and regular testing of the effectiveness of safeguards; and a review of safeguards at least annually or whenever there is a material change in SDL’s technical environment or business practices that may implicate the confidentiality, availability, integrity or privacy of SDL’s information systems.
d. Appropriate, ongoing training and awareness programs designed to ensure workforce members and others acting on SDL’s behalf are aware of and adhere to SDL Cyber Security and Privacy Program policies, procedures and protocols.
e. Monitoring of systems designed to ensure data integrity and prevent loss or unauthorized access to, or acquisition, use or disclosure of, Client information, including the Content.
f. Technical security measures, including firewall protection, end-point security protection, patch management, logging of access to and disclosure of Client information, intrusion detection, and encryption of data in transit.
g. Physical facility security measures, including access controls, designed to restrict access to SDL facilities.
h. Logical segmentation of Client information from other data, including SDL data.
2.2 Filters. SDL reserves the right in its reasonable discretion to install and use any appropriate devices to prevent violations of these Security Terms and Conditions, including devices designed to filter or terminate access to the Service.
2.3 Security Review and Assessment.
a. Client may conduct a Security Review, Assessment or Audit based upon SDL’s Agreement to be Audited (which will be provided upon request).
b. SDL may also respond, upon a reasonable request, to questions regarding SDL’s information security and privacy practices that apply to the Content or Client’s information.
c. Such Security Reviews, Assessments or Audits, may be conducted by Client’s personnel or Client’s contracted third party assessors, at the option of the Client. Such may be conducted no more than once per year, or in the event of any Security or Privacy Incident.
d. The scope of any Security Review, Assessment or Audit shall be limited to data and records relating to Services provided to Client in order to (a) verify the integrity of the Content or Client’s information; (b) verify SDL’s compliance with the requirements of this Schedule B, and (c) review general controls and security practices and procedures in scope of this Agreement.
e. SDL shall provide Client with notice of any identified findings that are likely to adversely impact the Content or Client’s information or systems. Notice of these findings may be provided in the form of a written summary. SDL shall keep Client timely informed of remediation efforts to address these findings.
2.4 Security Certification. SDL shall maintain a level of security certification or assessment consistent with best practices and conducted by a qualified third party. Such certifications shall be provided to Client upon reasonable request.
2.5 Secure Return or Disposition; Termination of Access.
a. SDL shall return or dispose of the Content or Client information in its possession, custody, or control: (i) if no longer needed for Client’s business or legal purposes or upon termination of the Agreement to which this Schedule B is appended, whichever is longer; or (ii) upon Client’s direction which may be given at any time.
b. Notwithstanding the foregoing, SDL will be permitted to retain: (i) Content or Client information for a longer period if such retention is strictly necessary to meet SDL’s legal compliance obligations, is done pursuant to SDL’s records management program, and is limited to the minimum information and minimum retention period needed to meet these obligations; and (ii) backup media containing Content or Client information for so long as is permitted by SDL’s records management program, which retention shall not be indefinite and shall not exceed industry standards.
c. Any disposal of Content or Client’s information will ensure that the information is rendered permanently unreadable and unrecoverable.
d. Upon reasonable notice and if requested by Client, SDL shall provide a certification by an officer attesting to SDL’s return or destruction of the Content or Client’s information.
e. To the extent SDL accesses or has contact with Client’s systems, SDL will ensure that such access is discontinued upon termination of the Agreement.
2.6 Notice of Individual Requests and Complaints. SDL shall promptly notify Client in the event that SDL receives: (i) requests from individuals relating to the Content or Client information, including requests to access or rectify personal information; or (ii) complaints of any kind from individuals relating to the privacy, confidentiality, integrity or privacy of the Content or Client information.
2.7 Use Restrictions. Unless Client provides prior written approval, SDL shall not use, access, disclose, reconfigure, re-identify or aggregate the Content or Client information, nor permit any of the foregoing, for any purpose other than performing Services pursuant to the Agreement, fulfilling the obligations of this Schedule, or as strictly necessary to comply with law.
2.8 Interpretation. The underlined headings in this Schedule are for convenience only and are not meant to be included in the interpretation of this Schedule.