1. Customer Use. Customer is responsible for all activity occurring under Customer’s User accounts, the way it and its Users use the Subscription Service, and for the results obtained and conclusions drawn from the use of the Subscription Service. Customer will:
    1. select, purchase, configure, operate and maintain Customer’s equipment, hardware, websites, network and Internet, data and telephone connections necessary for use and support of the Subscription Service;
    2. use the Subscription Services only in accordance with the Agreement, Documentation and applicable laws and government regulations, including, but not limited to, those related to data privacy, consent, telecommunications, transmission of Personal Information or technical data, and spam; and obtain and maintain legal permission or consent from those persons or entities Customer contacts or to whom Customer provides services using the Subscription Service.
  2. Restrictions. Customer will not and will not permit others to: 
    1. make the Subscription Service accessible to third parties other than Customer’s subcontractors or Affiliates (in accordance with Section 4.2 of the Subscription Service Agreement), or sell, resell, license, sublicense, distribute, rent, lease or use for service bureau purposes a Subscription Service;
    2. use any method other than the one approved by Saviynt for connection to the Subscription Services or  contrary to the Documentation or use of any Subscription Service in combination with hardware, software, method or process not provided or approved by Saviynt, unless the Documentation expressly authorizes a combination with such hardware, software, method or process;
    3. knowingly use a Subscription Service to (i) send spam or otherwise duplicative or unsolicited messages, (ii) store or transmit infringing, offensive, abusive, libelous, or otherwise unlawful or tortious material, (iii) store or transmit material in violation of third-party privacy rights, or (iv) engage in fraudulent, deceptive, misleading or abusive activity;
    4. knowingly use a Subscription Service to store or transmit code, files, scripts, agents or programs intended to do harm, including, for example, viruses, worms, time bombs and Trojan horses (“Malicious Code”);
    5. knowingly interfere with or disrupt the integrity or performance of a Subscription Service or Saviynt’s networks, any other Saviynt customer’s use of a Subscription Service, or third- party data contained therein;
    6. knowingly permit direct or indirect access to or use of a Subscription Service in a way that circumvents a contractual usage limit;
    7. knowingly infringe or misappropriate Saviynt’s or its licensors’ current and future worldwide rights under patent, copyright, trade secrets, trademark, know-how, moral rights and other similar rights, whether or not specifically recognized or perfected under the laws of the jurisdiction in which the Subscription Service is used or offered (the “Intellectual Property Rights”); 
    8. create derivative works or copy a Subscription Service or any part, feature, function or user interface thereof, access a Subscription Service to build a competitive product or service, or reverse engineer, disassemble or decompile a Subscription Service or component, or attempt to discover or disclose the source code, underlying ideas or algorithms of the Subscription Service or any component; or
    9. remove, alter or obscure a Subscription Service’s confidentiality or proprietary rights notices (including copyright and trademark notices).  
  3. Security Responsibilities. Customer is responsible for maintaining the security of its Subscription Service login credentials, User passwords and access to the Subscription Service from its network. Log-in credentials are for Customer’s internal use only and Customer may not sell, transfer, or sublicense them to any other entity or person. Customer will: (a) use commercially reasonable efforts to prevent unauthorized access to or use of the Subscription Service; and (b) contact Saviynt promptly if Customer believes there is unauthorized access or use of Customer’s Subscription Service account, if Customer’s Subscription Service account information is lost or stolen, or if Customer is aware of another breach of security related to the Subscription Service.
  4. Data Responsibilities. Customer controls and owns all right, title, and interest in and to Customer Data and at all times remains the data controller under this Agreement and applicable data protection laws. Saviynt obtains no rights to Customer Data except as set forth in this Agreement. Customer warrants that it has complied with all relevant laws in collecting, using and disclosing the Customer Data. Customer is responsible for: (a) the accuracy, quality, reliability, legality and means by which Customer acquired the Customer Data; (b) obtaining the right and consent to use the Customer Data and its decisions concerning the processing and use of the Customer Data; (c) complying with applicable statutory data privacy laws including, but not limited to data retention periods; and (d) uploading, sharing, withdrawal, management and deletion (unless an automatic deletion period is specified for the Subscription Service) of Customer Data. Customer grants Saviynt, its licensors and subcontractors a non-exclusive and limited license to access, copy, store, process, transmit and display Customer Data for the purposes of (i) setting up, providing, monitoring and improving the Subscription Services, (ii) preventing or addressing service or technical problems, and responding to Customer’s requests in connection with customer support matters, (iii) communicating to and with Customer and its Users regarding the Subscription Services, (iv) enforcing this Agreement, and (v) complying with laws. Saviynt will not disclose Customer Data to a third party except to the extent necessary to carry out the terms of this Agreement or as permitted or required by law.