1. Customer Use. Customer is responsible for all activity occurring under Customer’s User accounts, the way it and its Users use the Subscription Service, for the results obtained and conclusions drawn from the use of the Subscription Service, and for remitting payments for the access and use of the Subscription Services in accordance with Section 4 of the Subscription Services Agreement.Customer will:
    1. select, purchase, configure, operate and maintain Customer’s equipment, hardware, websites, network and Internet, data and telephone connections necessary for use and support of the Subscription Service;
    2. use the Subscription Services only in accordance with the Agreement, Documentation and applicable laws and government regulations, including, but not limited to, those related to data privacy, consent, telecommunications, transmission of Personal Information or technical data, and spam; and obtain and maintain legal permission or consent from those persons or entities Customer contacts or to whom Customer provides services using the Subscription Service;
    3. use only those methods approved by Saviynt for connection to the Subscription Services, and will not use the Subscription Services in combination with any hardware, software, method or process not expressly authorized in the Documentation or otherwise approved in writing by Saviynt.
  2. Restrictions. Customer and its Users shall not and shall not permit others to:
    1. make the Subscription Service accessible to third parties other than Customer’s subcontractors or Affiliates (in accordance with Section 4.2 of the Subscription Service Agreement), or sell, resell, license, sublicense, distribute, rent, lease or use
    2. send or store any Sensitive data in the Subscription Service, which means any data that constitutes sensitive personal data or special category data or like terms under applicable data privacy laws, intellectual property, proprietary business models, and any data which may be subject to the Health Insurance Portability and Accountability Act (HIPAA), Gramm Leach-Bliley Act (GLBA), the Payment Card Industry Data Security Standards (PCI Data Security Standards), or similar laws, government issued identification numbers, medical or health information, account security information, individual financial account information, credit/debit/gift or other payment card information, account passwords, individual credit and income information.
    3. knowingly use a Subscription Service to (i) send spam or otherwise duplicative or unsolicited messages, (ii) store or transmit infringing, offensive, abusive, libelous, or otherwise unlawful or tortious material, (iii) store or transmit material in violation of third-party privacy rights, or (iv) engage in fraudulent, deceptive, misleading or abusive activity;
    4. knowingly use a Subscription Service to store or transmit code, files, scripts, agents or programs intended to do harm, including, for example, viruses, worms, time bombs and Trojan horses (“Malicious Code”);
    5. knowingly interfere with or disrupt the integrity or performance of a Subscription Service or Saviynt’s networks, any other Saviynt customer’s use of a Subscription Service, or third- party data contained therein;
    6. knowingly permit direct or indirect access to or use of a Subscription Service in a way that circumvents a contractual usage limit;
    7. knowingly infringe or misappropriate Saviynt’s or its licensors’ current and future worldwide rights under patent, copyright, trademark or trade secrets, whether or not specifically recognized or perfected under the laws of the jurisdiction in which the Subscription Service is used or offered;
    8. create derivative works or copy a Subscription Service or any part, feature, function or user interface thereof, access a Subscription Service to build a competitive product or service, or reverse engineer, disassemble or decompile a Subscription Service or component, or attempt to discover or disclose the source code, underlying ideas or algorithms of the Subscription Service or any component; or
    9. remove, alter, modify or obscure any copyright, trademark or other proprietary notices contained in the Subscription Service or Documentation.
  3. Security Responsibilities. Customer is responsible for maintaining the security of its Subscription Service login credentials, User passwords and access to the Subscription Service from its network. Log-in credentials are for Customer’s internal use only and Customer may not sell, transfer, or sublicense them to any other entity or person. Customer will: (a) use commercially reasonable efforts to prevent unauthorized access to or use of the Subscription Service; and (b) contact Saviynt promptly if Customer believes there is unauthorized access or use of Customer’s Subscription Service account, if Customer’s Subscription Service account information is lost or stolen, or if Customer is aware of another breach of security related to the Subscription Service.
  4. Data Responsibilities. As between Saviynt and Customer, Customer controls and owns all right, title, and interest in and to Customer Data and at all times remains the data controller under this Agreement and applicable data protection laws. Saviynt obtains no rights to Customer Data except as set forth in this Agreement. Customer warrants that it has complied with all relevant laws in collecting, using and disclosing the Customer Data. Customer is responsible for: (a) the accuracy, quality, reliability, legality and means by which Customer acquired the Customer Data; (b) obtaining the right and consent to use the Customer Data and its decisions concerning the processing and use of the Customer Data; (c) complying with applicable statutory data privacy laws including, but not limited to data retention periods; and (d) uploading, sharing, withdrawal, management and deletion (unless an automatic deletion period is specified for the Subscription Service) of Customer Data. Customer grants Saviynt, its licensors and subcontractors a non-exclusive and limited license to host, store, transmit, display and process Customer Data as reasonably necessary for the purposes of (i) setting up, providing, monitoring and improving the Subscription Services, (ii) preventing or addressing service or technical problems, and responding to Customer’s requests in connection with customer support matters, (iii) communicating to and with Customer and its Users regarding the Subscription Services, (iv) enforcing this Agreement, and (v) complying with laws. Saviynt will not disclose Customer Data to a third party except to the extent necessary to carry out the terms of this Agreement or as permitted or required by law.