Tektronix Partner Agreement and Data Processing Addendum

TEKTRONIX PARTNER AGREEMENT

Appointment, Obligations. Tektronix, Inc. or the Tektronix, Inc. affiliate entity identified in the Supplement (hereinafter individually and collectively referred to as “Tektronix”), hereby appoints company which has executed the Supplement as an authorized, nonexclusive reseller and/or representative (“Partner”) of those Tektronix products (“Products”) and/or Tektronix services (“Services”) within the territory (“Area of Authorization”) identified herein and in the successor supplements (the “Supplement”). As an authorized partner, Partner will:
- Purchase, promote and sell (as applicable) within the Area of Authorization the Products and/or Services to end-user customers not affiliated with Partner, under the terms of this Partner Agreement and in accordance with applicable policies and programs issued from time to time by Tektronix as stated within Tektronix’s applicable policies, procedures and/or manual issued for the relevant Area of Authorization (the “Tektronix Policies, Procedures and/or Manual”).
- Provide complete pre- and post-sales or installation support as applicable. This may include pre-sale demonstration and training, complete installation, and continuous technical support, as well as hardware and software maintenance support.
- Act as a conduit between Tektronix and the customer with respect to Services.
- Maintain records and provide point of sale and other reports as set out in the Policies, Procedures, and/or Manual or as otherwise directed by Tektronix.
- Conduct its affairs in an ethical and businesslike manner.
- Comply with the functional criteria and further obligations applicable to the Partner as detailed in the Supplement.
- Partner will not appoint any representative, agent, sub-distributor or dealer (“Appointee”) to assist in the promotion and/or sale of the Products and/or Services in any Area of Authorization without the prior written consent of Tektronix, which consent may be withheld in Tektronix’s sole and absolute discretion, as further provided in the Supplement.

Independent Contractors. The relationship created by this Partner Agreement is that of independent contractor and neither Partner nor any of its owners, directors, employees, representatives, agents or affiliate entities is authorized to hold itself out as an employee or agent of Tektronix, appoint others as partners, distributors, resellers or agents of Tektronix, enter into contracts or commitments in the name of Tektronix, or bind or otherwise obligate Tektronix in any manner. Nothing contained in this Partner Agreement is intended to create, nor does it create, a joint venture or partnership, or other relationship between the parties hereto other than the relationship of independent contractor between Partner and Tektronix.

Confidentiality. Partner will maintain in confidence for Tektronix and not disclose to others or use for any purpose other than the performance of this Partner Agreement any information or materials received from Tektronix that (i) are identified as confidential or proprietary either in writing or verbally or (ii) a reasonable person would understand to be confidential, given the nature or the circumstances surrounding their disclosure. Partner shall also keep confidential the terms and conditions of this Partner Agreement and the Supplement and any plans or strategies of Tektronix which are shared with Partner.

Some Products may be or include software or software-as-a-service (collectively, “Software”). The supply of Software by Tektronix is subject to the End User License agreement available at https://www.tek.com/en/terms_and_conditions.

Trademark License to Partner. Tektronix grants to Partner a limited, nontransferable, nonexclusive license during the term of the relevant Supplement or this Agreement (as applicable) to use Tektronix trademarks, service marks, trade dress, and other registered and common law trademarks, copyrights which are specifically associated with the Products and Services being sold by the Partner in photographs, graphics, and text, trade secrets and proprietary information (collectively referred to herein as “Intellectual Property”) solely for the purpose of promoting and soliciting sales of the Products and/or Services under this Partner Agreement and only in accordance with guidelines issued by Tektronix from time to time. Tektronix maintains exclusive title to trademarks and retains all rights not explicitly granted by this Agreement. Partner will not challenge or take any action that interferes with Tektronix’s rights in trademarks. Distributor shall not directly or indirectly use any trademarks, any part of trademarks, any trade names or service names confusingly similar to Tektronix trademarks, trade names, and service names, as part of its business names or in any manner except as explicitly authorized by Tektronix. Upon the earlier of expiration of the term or termination of this Agreement, any authorized rights to use Tektronix trademarks, trade names, and service names in a business name shall revert to Tektronix at no cost and Partner shall assist with perfecting, registering, or transferring any such rights. Partner shall not register or attempt to register trademarks, any part of trademarks, trade names, and service names confusingly similar to Tektronix trademarks, trade names, and service names. Any such unauthorized registration will inure to the benefit of Tektronix and not to the benefit of Partner. The provisions of this Subsection 7(c) shall survive the expiration of the term and termination of this Agreement.

Compliance with Laws.
1. Partner shall comply fully with all applicable laws, rules and regulations, including those of the United States, the home jurisdiction of Tektronix, and any and all other jurisdictions globally, which apply to Partner’s business activities under this Partner Agreement. Without limiting any provision in this Partner Agreement, Partner specifically agrees to the following:
2. Partner represents and warrants to Tektronix that Partner shall comply with all local, national, and other laws of all jurisdictions globally relating to anti-corruption, bribery, extortion, kickbacks, or similar matters which are applicable to Partner’s business activities in connection with this Partner Agreement, and that Partner will take no action that will cause Partner or Tektronix to violate any such laws.
3. Partner specifically represents and warrants to Tektronix that Partner is familiar with the U.S. Foreign Corrupt Practices Act of 1977, as amended (“FCPA”), and the U.K. Bribery Act and that Partner shall comply with the FCPA and U.K. Bribery Act and will take no action that will cause Partner or Tektronix to violate these laws. Partner also represents and warrants that it understands and will adhere to the Standards of Conduct of Fortive Corporation (Tektronix’s ultimate parent company or any successor in title thereof), published at https://investors.fortive.com/governance/governance-documents/#codeofconduct, when transacting its business.
4. It is the intent of Partner and Tektronix, and Partner represents and warrants to Tektronix, that no payment of money or provision of anything of value will be offered, promised, paid or transferred, directly or indirectly, by any person or entity, to any government official, government employee, or employee of any company owned in part by a government, political party, political party official, or candidate for any government office or political party office to induce such organizations or persons to use their authority or influence to obtain or retain an improper business advantage for Partner or for Tektronix, or which otherwise constitute or have the purpose or effect of public or commercial bribery, acceptance of or acquiescence in extortion, kickbacks or other unlawful or improper means of obtaining business or any improper advantage, with respect to any of Partner’s activities related in any way to this Partner Agreement, including without limitation any payment of money or provision of anything of value to any employee of any customer in order to secure a sale.
5. Partner agrees that should it learn or have reason to know of any offer, promise, payment or transfer of money or provision of anything of value that would violate the FCPA, the U.K. Bribery Act, Fortive Corporation’s Standards of Conduct or the anti-corruption and anti-bribery laws which apply to Partner’s business activities in connection with this Partner Agreement, Partner shall immediately disclose it to Tektronix.
6. Partner shall provide annual certification of compliance with the FCPA, the U.K. Bribery Act, export control laws and regulations and all other laws applicable to Partner’s activities related to this Partner Agreement in the form provided from time to time by Tektronix. Partner shall participate in anti-corruption/anti-bribery training offered by Tektronix as Tektronix may direct from time to time.
7. Partner shall cooperate fully and promptly with any compliance investigation Tektronix may initiate to review Partner’s performance under this Section.
8. Tektronix may withhold payments under this Partner Agreement, suspend or cancel orders, reduce discounts applicable to Partner or terminate this Partner Agreement immediately if it believes, in its sole but reasonable judgment, that Partner has breached the foregoing Compliance with Laws provisions of this Partner Agreement or caused Tektronix to violate the FCPA, U.K. Bribery Act, Fortive Corporation’s Standards of Conduct or other applicable laws. Tektronix shall not be liable to Partner for any claim, losses, or damages related to Tektronix’s decision to exercise its rights under this provision.
9. Partner shall defend, indemnify and hold harmless Tektronix for any and all costs, fees, fines or damages caused by Partner’s (including any sub-resellers of Partner) acts or omissions, regardless of legal theory, which violate any jurisdiction’s anti-corruption or anti-bribery laws, rules or regulations.
10. Partner acknowledges that one or more jurisdiction may now, or at a later date, require this section or any annual certification to be altered to address the dynamic nature of anti-corruption or anti-bribery compliance. Any changes necessarily required to comply with such developments shall be timely communicated to Partner in writing, whether in a regional/territorial supplement or otherwise, and become a part of this Partner Agreement. The following subsections (k) trough (n) only apply to Partner(s) whose Area of Authorization includes the United States (in addition to the foregoing).
11. (k) Partner shall comply with all applicable laws, regulations, and executive orders concerning nondiscrimination in employment. The following are incorporated herein by reference, as applicable: (i) Executive Order 11246, as amended; (ii) Executive Order 13496 (and its implementing regulations at 29 C.F.R. Part 471); (iii) 41 C.F.R. Part 60-1.4(a); (iv) 29 C.F.R Part 471, Appendix A to Subpart; (v) 41 C.F.R. 60-300.5(a); and (vi) 41 C.F.R. 60-741.5(a).
12. Partner shall abide by the requirements of 41 C.F.R 60-300.5(a). This regulation prohibits discrimination against qualified protected veterans and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified protected veterans.
13. This regulation prohibits discrimination against qualified individuals on the basis of disability and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified individuals with disabilities.
14. Partner represents and warrants that (i) they have not been designated as a "specifically designated national and blocked person" on the most current list published by the Office of Foreign Asset Control of the U.S. Department of the Treasury (“OFAC”) (the "List"); (ii) they are currently in compliance with and will at all times during the term of this Agreement remain in compliance with the regulations of OFAC and any statute, executive order (including Executive Order 13224 - Blocking Property and Prohibiting Transactions with Persons Who Commit, Threaten to Commit, or Support Terrorism), or other governmental action relating thereto; (iii) they will not transfer or permit the transfer of any controlling interest in their business to any person or entity who is, or any of whose beneficial owners are, listed on the List; and (iv) to the best of Tektronix’s knowledge, the preceding representations in (i), (ii), and (iii) are true for all sub-suppliers, vendors, and subcontractors on whose products or services Tektronix will rely for any part of Tektronix’s performance under this Agreement.
15. The Federal Acquisition Regulation (“FAR”) and Defense Federal Acquisition Regulation Supplement (“DFARs”) clauses set forth in Appendix 1 attached hereto are incorporated by reference. Any FAR or DFARs clause, which by its terms is required to be included in a subcontract, is hereby incorporated in this Agreement when applicable. Supplier hereby certifies compliance with the clauses listed in Appendix 1.

Export Restrictions. Products, Software and technical data supplied by Tektronix are subject to export laws, regulations, controls and restrictions (referred to herein collectively as “export laws”. These export laws apply to all transactions, including domestic sales. Partner will comply with all applicable export laws regarding exports, re-exports and transfers, including obtaining all required country licenses, authorizations, or approvals as required by law. It is Partner’s responsibility to determine which, if any export laws apply and which licenses are needed to transact business. Partner will inform each of its customers and second tier resellers, (where the circumstances suggest the customer may be re-selling or exporting) of applicable export laws at the time Partner resells or otherwise disposes of any Product, Software or technical data supplied by Tektronix. Products, Software and technical data may be subject to import laws, which may require registration, licensing or other authorizations for import into certain countries. Where Partner is the importer of record, it is Partner’s responsibility to determine and comply with local Import requirements. Partner agrees to maintain controls adequate to comply with applicable export laws and to certify its compliance annually. Tektronix will provide Partner with the form of the certification and guidance on any export control/licensing requirements. Partner agrees to complete export control training no less than once every three years. Tektronix will provide training materials and related knowledge review. Tektronix reserves the right to cancel any order if requirements under the Partner Export Control Certification are not met. Partner agrees to maintain complete records of all exports, re-exports, and transfers of Tektronix Products, Software and technical data. Tektronix reserves the right to review Partner’s export control procedures and Point-of-Sale data for compliance with export laws. Non-compliance of export laws may result in cancellation of the violating order or termination of this Partner Agreement. Any Products sold in violation of export controls laws cannot be serviced or supported by Tektronix. Warranty for any such Products is therefore void. Partner shall provide annual certification of compliance with applicable export laws applicable to Partner’s activities related to this Partner Agreement in a form provided by Tektronix.

Data Privacy: The Partner Data Privacy Addendum below is incorporated by reference into this Agreement.

Term, Expiration, Termination. The Effective Date, Expiration Date, termination and term of this Partner Agreement and Partner's appointment as an authorized Tektronix Partner is provided in the Supplement(s). Termination or expiration of this Agreement or any Supplement shall not release either party from any obligation accrued or incurred prior to or in connection with such termination. To the maximum extend allowed by applicable law, Tektronix (i) shall not be liable for losses or damage of any kind, solely by reason of the expiration, termination or non-renewal of this Agreement or any Supplement, and (ii) the Partner shall not make any claim against Tektronix for loss of compensation or profits, or for loss of prospective compensation or prospective profits, in respect of any sales contemplated or on account of any expenditures, investments or commitments made by Tektronix in reliance upon this Agreement or any Supplement.

Electronic Communications. All agreement amendments, agreement renewals, notices, and other related communications under or relating to this Partner Agreement may be created and/or given with equal legal effect either in paper form or electronically. An electronic communication shall include, without limitation, a fax or an e-mail or an attachment to an e-mail. The parties agree that any such notices or other communications, from an authorized representative of the party concerned, shall constitute a “writing” and shall be considered “signed” by the party originating same. Any agreement amendments or agreement renewals requiring the signature of both parties shall be effective, if signed by authorized representatives of both parties, upon receipt of the counterpart or counter-signed document. All electronic communications properly addressed are deemed to be given upon transmission unless the sending party receives notification at the time of transmission that the transmission has been unsuccessful.

Assignment. Partner may not assign this Partner Agreement or any Supplement without the prior written consent of Tektronix, which may be withheld in Tektronix’s sole and absolute discretion. Any assignment made by Partner without a prior written consent of Tektronix shall be void and constitute a material breach, which shall entitle Tektronix to immediate termination of the Partner Agreement or the Supplement, as relevant.

Governing Law. Disputes. The rights and obligations of the parties shall be governed by and construed in accordance with the laws of the jurisdiction where the Tektronix selling entity is incorporated without giving effect to its principles of conflict of laws, and exclusive venue shall be in the courts of said jurisdiction. The United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement.

Waiver. The failure of either party to enforce at any time any provision of these terms and conditions will not be construed as a waiver of such provision or the right to subsequently enforce each and every provision. No waiver by either party, either express or implied, of any other breach of any of these terms and conditions will be construed as a waiver of any other breach of such term or condition.

Severability. If any term or provision herein is invalid, illegal or unenforceable in any jurisdiction, such invalidity, illegality or unenforceability will not affect any other term or provision herein or invalidate or render unenforceable such term or provision in any other jurisdiction.

Survival. The provisions herein that by their nature continue, will survive any expiration, cancelation, or termination.

Entire Agreement, Order of Precedence. The entirety of this Partner Agreement shall include, in order of precedence, the attached and any successor Supplements, these pages titled Tektronix Partner Agreement, the applicable Tektronix Policy and Procedure Manual and the Tektronix Terms and Conditions of Sale published at https://www.tek.com/en/terms_and_conditions, unless other standard terms and conditions of sale are specifically referenced and incorporated into the Supplement. This Partner Agreement may not be modified except in writing signed by both parties.

Appendix 1

Government Contract Provisions

(applicable only for U.S. Government sales)

The following provision of the Federal Acquisitions Regulations (FAR) in effect on the date of this Agreement are incorporated herein by reference:

52.203-6, Restrictions on Subcontractor Sales to the Government (SEPT 2006)
52.203-13, Contractor Code of Business Ethics and Conduct (Apr 2010)
52.203-15, Whistleblower Protections Under the American Recovery and Reinvestment Act of 2009 (Jun 2010)
52.212-5, Contract Terms and Conditions Required to Implement Statutes or Executive Orders – Commercial Items (Nov 2013) (Alternate II – Nov 2013)
52.203-17, Contractor Code of Business Ethics and Conduct (OCT 2015) (Applies if this Purchase Order exceeds $5,500,000 and the period of performance is more than 120 days.)
52.203-19, Prohibition on Requiring Certain Internal Confidentiality Agreements or Statements (JAN 2017)
52.204-10, Reporting Executive Compensation and First-Tier Subcontract Awards (OCT 2016) (Applies only to the extent that ADS is required to provide information on Seller’s executive compensation under 52.204-10(d)(3), and requires only that Seller provide such information to ADS promptly on request))
52.204-18, Commercial and Government Entity Code Maintenance (JUL 2016)
52.204-23, Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab and Other Covered Entities (JUL 2018)
52.204-25, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment (Aug 2020)
52.209-6, Protecting the Government's Interest When Subcontracting with Contractors Debarred, Suspended, or Proposed for Debarment (OCT 2015) (Applies if this Purchase Order exceeds $35,000 and is not for commercial items.)
52.219-8, Utilization of Small Business Concerns (Jul 2013)
52.222-18, Certification Regarding Knowledge of Child Labor for Listed End Products (Feb 2001)
52.222-21, Prohibition of Segregated Facilities (APR 2015)
52.222-26, Equal Opportunity (Mar 2007)
52.222-35, Equal Opportunity for Veterans (Sep 2010)
52.222–36, Affirmative Action for Workers with Disabilities (Oct 2010)
52.222-37, Employment Reports on Veterans (FEB 2016
52.222-40, Notification of Employee Rights Under the National Labor Relations Act (Dec 2010)
52.222-41, Service Contract Act of 1965 (Nov 2007)
52.222-50, Combating Trafficking in Persons (Feb 2009)
52.222–51, Exemption from Application of the Service Contract Act to Contracts for Maintenance, Calibration, or Repair of Certain Equipment-Requirements (Nov 2007)
52.222-53, Exemption from Application of the Service Contract Act to Contracts for Certain Services-Requirements (Feb 2009)
52.222-54, Employment Eligibility Verification (Aug 2013)
52.225-13, Restrictions on Certain Foreign Purchases (JUN 2008)
52.225-26, Contractors Performing Private Security Functions Outside the United States (Jul 2013)
52.226-6, Promoting Excess Food Donation to Nonprofit Organizations (Mar 2009)
52.232-40, Providing Accelerated Payments to Small Business Subcontractors (DEC 2013)
52.242-13, Bankruptcy (JUL 1995)
52.242-15, Stop-Work Order (AUG 1989)
52.247-64, Preference for Privately Owned U.S.-Flag Commercial Vessels (Feb 2006)
252.203-7002, Requirements to Inform Employees of Whistleblower Rights (SEP 2013: 252.203-7003, Agency Office of the Inspector General (DEC 2012); 252.204-7000, Disclosure of Information (DEC 1991); 252.204-7008, Export-Controlled Items (APR 2010).; 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (OCT 2016) (applies to information provided by ADS to Seller that is identified as covered defense information); 252.204-7015, Notice of Authorized Disclosure of Information for Litigation Support (MAY 2016); 252.223-7008, Prohibition of Hexavalent Chromium (JUN 2013); 252.225-7001, Buy American and Balance of Payments Program—Basic (DEC 2017); 252.225-7009, Restriction on Acquisition of Certain Articles Containing Specialty Metals (June 2013); 252.225-7012, Preference for Certain Domestic Commodities (DEC 2016); 252.225-7013, Duty-Free Entry (DEVIATION 2020-O0019) (JUL 2020); 252.225-7015, Restriction on Acquisition of Hand or Measuring Tools (JUN 2005); 252.225-7043, Antiterrorism/Force Protection Policy for Defense Contractors Outside the United States (JUN 2015) (applies if Seller’s performance under the Purchase Order involves any work or travel outside the United States); 252.225-7048, Export Controlled Items (JUNE 2013); 252.227-7015, Technical Data - Commercial Items (FEB 2014); 252.227-7037, Validation of Restrictive Markings on Technical Data (JUN 2013); 252.244-7000, Subcontracts for Commercial Items and Commercial Components (DOD Contracts) (JUN 2013 ); 252.246-7003, Notification of Potential Safety Issues (JUN 2013) (Applies if the Purchase Order is for parts identified as critical safety items; systems and subsystems, assemblies, and subassemblies integral to a system; or repair, maintenance, logistics support, or overhaul services for systems and subsystems, assemblies, subassemblies, and parts integral to a system; change “5 working days” at 252.246-7003(c)(2) to read “3 working days”.); 252.246-7007, Contractor Counterfeit Electronic Part Detection and Avoidance System (May 2014); 252.247-7023, Transportation of Supplies by Sea (FEB 2019)

Customer Data Processing

This Appendix is incorporated by reference and is an integral part of the Partner Agreement between Tektronix, or its named affiliate (referred to as “Tektronix” in this Appendix), and the Partner. All definitions used in this Appendix are the same as provided in the Agreement unless explicitly provided herein.

Role of the Parties

1.1. Appointment of Partner as Processor. Tektronix appoints Partner to process Personal Data on its behalf as is necessary for the performance of the terms and objectives of this Agreement, as further detailed in Schedule 1 – Partner Data Processing Obligations to this Appendix. The Parties agree that in relation to such processing, Tektronix shall be the Data Controller and the Partner (and each permitted subcontractor or third party pursuant to this Agreement) shall be the Data Processor. Such processing shall be subject to Schedule 1 – Partner Data Processing Obligations.

1.2 Partner Acting as Independent Controller. If and to the extent that the Partner uses Tektronix Personal Data to make sales directly to customers in the Partner’s own name or otherwise than according to Tektronix’s instructions or the provisions in Schedule 1 to this Appendix, the Partner shall be the Data Controller of any Personal Data Processed in connection with such customers and shall be responsible for its own compliance with Data Protection Laws.

1.3 Lead Generation Activities. If and to the extent that the Partner provides Tektronix with Personal Data it has sourced and collected independently of any instructions from Tektronix or the provisions in Schedule 1 to this Appendix, unless the Parties have agreed otherwise in writing, each Party is an independent Data Controller and shall be responsible for its own compliance with Data Protection Laws. Partner shall adhere to the terms and conditions of Schedule 2 – Partner Lead Generation to this Appendix when providing Lead Data (as defined in Schedule 2) to Tektronix under this Agreement.

Schedule 1

Customer Data Processing Obligations

DEFINITIONS AND INTERPRETATION

1.1 Definitions

“Data Protection Laws” means any law, enactment, regulation, regulatory policy, by law, ordinance or subordinate legislation relating to the processing, privacy, and use of Personal Data, as applicable to Tektronix, the Partner and/or the Services, including:

(a) in EEA countries: the General Data Protection Regulation ((EU) 2016/679) (“EU GDPR”) and the ePrivacy Directive;

(b) in the UK: the Data Protection Act 2018, the “UK GDPR” (as defined by section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018), the Privacy and Electronic Communications Regulations 2003 and the Council Directive 2002/58/EC (“ePrivacy Directive”)(collectively referred to as “UK Data Protection Laws”);

(c) in Korea: the Personal Information Protection Act (PIPA) of 2011, as amended, and any laws or regulations of the Personal Information Protection Commission (PIPC) giving effect to or corresponding with PIPA;

(d) in Switzerland: the Federal Act on Data Protection (“FADP”);

(e) California Consumer Protection Act (“CCPA”); and

(f) all applicable relevant laws or regulations and giving effect or corresponding to the above laws and any judicial or administrative interpretation of any of the above, and any guidance, guidelines, codes of practice, approved codes of conduct or approved certification mechanisms issued by any relevant Supervisory Authority.

Data Processing Losses ” means all liabilities and amounts, including all:

(a) costs (including legal costs), claims, demands, actions, settlements, charges, costs (including legal costs), claims, demands, actions, settlements, charges, procedures, expenses, losses and damages (including relating to material or non-material damage, which includes emotional distress);

(b) to the extent permitted by Applicable Law:

(i) administrative fines, penalties, sanctions, liabilities or other remedies imposed by a Supervisory Authority;

(ii) compensation paid to a Data Subject; and

(iii) the reasonable costs of compliance with investigations by a Supervisory Authority; and

(c) the costs of loading Tektronix data and replacement of Tektronix materials and equipment, to the extent the same are lost, damaged or destroyed, and any loss or corruption of Tektronix data, including the costs of rectification or restoration of Tektronix data;

“Data Subject Request” means a request made by a Data Subject to exercise any rights of Data Subjects under Data Protection Laws;

“Complaint” means a complaint or request relating to either party’s obligations under Data Protection Laws relevant to this agreement, including any compensation claim from a Data Subject or any notice, investigation or other action from a Supervisory Authority;

“DPIA” means a data protection impact assessment or privacy impact assessment (as defined or used in the Data Protection Laws, including relevant guidance from Supervisory Authorities);

“Personal Data Breach” means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Protected Data;

“Protected Data” means Personal Data received from or made available or accessible by or on behalf of Tektronix, or otherwise obtained in connection with the performance of the Partner’s obligations under this agreement;

“Protective Measures” means such legally enforceable mechanism(s) for transfers of Personal Data as may be permitted under Data Protection Laws from time to time;

“Security Measures” means Tektronix’s security policies and measures (including IT policies and measures) for the protection of Personal Data issued to Partner by Tektronix from time to time, which as at the date hereof are as specified in Exhibit 1.

“Sub-Processor” means another Data Processor engaged by the Partner for carrying out processing activities in respect of the Protected Data on behalf of Tektronix, and authorised by Tektronix in accordance with clause;

“Supervisory Authority” means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering Data Protection Laws;

1.2 Interpretation

In this agreement:

1.2.1 “Data Controller” (or “controller”), “Data Processor” (or “processor”), “Data Subject”, “international organisation”, “Personal Data” and processing” and all have the meanings given to those terms in Data Protection Laws (and related terms such as “process” have corresponding meanings);

1.2.2 references to any Applicable Laws (including to the Data Protection Laws and each of them) and to terms defined in such Applicable Laws shall be replaced with or incorporate (as the case may be) references to any Applicable Laws replacing, amending, extending, re-enacting or consolidating such Applicable Law and the equivalent terms defined in such Applicable Laws, once in force and applicable;

1.2.3 clause 1 (below) (Data Protection) shall survive termination (for any reason) or expiry of this agreement (or of any of the Services).

1. Data protection

1.1 Data Controller and Appointment of Data Processor

The parties agree that, for the Protected Data, Tektronix shall be the Data Controller and the Partner shall be the Data Processor.

1.2 Compliance with Data Protection Laws and obligations

The Partner shall comply with all Data Protection Laws in connection with the processing of Protected Data, the Services, and the exercise and performance of its respective rights and obligations under this agreement.

The Partner shall procure that any Sub-Processor that has access to Protected Data shall comply with the Partner’s obligations under this clause

. Tektronix shall comply with all Data Protection Laws in respect of the performance of its obligations under this agreement.

1.3 Details of processing and instructions

The processing to be carried out by the Partner under this agreement shall comprise the processing set out in Schedule (Data Processing Details), as updated from time to time by Tektronix.

Insofar as the Partner processes Protected Data on behalf of Tektronix, the Partner:

unless required to do otherwise by Applicable Law, shall (and shall ensure each person acting under its authority shall) process the Protected Data only on and in accordance with Tektronix’s documented instructions as set out in this clause and Schedule 1.3.1 (Data Processing Details), and as updated from time to time by the written agreement of the parties (“Processing Instructions”);

if Applicable Law requires it to process Protected Data other than in accordance with the Processing Instructions, shall notify Tektronix of any such requirement before processing the Protected Data (unless Applicable Law prohibits such information on important grounds of public interest); and

shall immediately inform Tektronix in writing if, in the Partner’s reasonable opinion, a Tektronix instruction infringes Data Protection Laws and explain the reasons for such opinion

1.4 Technical and organisational measures

The Partner shall implement and maintain, at its cost and expense, appropriate technical and organisational measures in relation to the processing of Protected Data by the Partner:

such that the processing will meet the requirements of Data Protection Laws and ensure the protection of the rights of Data Subjects;

so as toensure a level of security in respect of Protected Data processed by it appropriate to the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Protected Data transmitted, stored or otherwise processed; and

without prejudice to clause, insofar as is possible, to assist Tektronix in the fulfilment of Tektronix’s obligations to respond to Data Subject Requests relating to Protected Data.

1.5 Security of processing

Without prejudice to clause 1.4.1(b), the Partner shall, in respect of all Protected Data processed by it, comply with the requirements regarding security of processing set out in Data Protection Laws and in this agreement and all relevant Tektronix Policies. The Partner shall ensure that the Security Measures are the minimum security standards governing Partner’s processing of the Protected Data.

1.6 Using other Sub-Processors

The Partner shall not engage any third party to process the Protected Data without Tektronix’s prior written consent.

If Tektronix gives its consent for such third party to act as a Sub-Processor, the Partner shall, prior to any processing of Protected Data by the Sub-Processor, appoint the Sub-Processor under a binding written contract, with enforceable data protection obligations on the same terms, or terms more onerous than those, that apply to the Partner under this clause 1 (“Processor Contract”), including in particular that the Sub-Processor:

provides sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of Data Protection Laws; and

must obtain Tektronix’s prior written consent and comply with the conditions referred to in this clause1.6 for engaging another Data Processor.

The Partner shall:

promptly upon request by Tektronix provide the relevant details of any such Processor Contract to Tektronix;

& where that Sub-Processor fails to fulfil its data protection obligations in accordance with the Processor Contract, remain fully liable to Tektronix for the performance of that Sub-Processor’s obligations;and

immediately cease using a Sub-Processor to process Protected Data upon receiving written notice from Tektronix requesting that the Sub-Processor ceases processing Protected Data for security reasons or concerns about the Sub-Processor’s ability to carry out the relevant processing in compliance with Data Protection Laws or this agreement.

1.7 Personnel requirements

The Partner shall:

ensure that Partner Personnel (and shall procure that Sub-Processor personnel) processing Protected Data have entered into a binding contractual obligation with the Partner to keep the Protected Data confidential (except where disclosure is required by Applicable Law, in which case the Partner shall, where practicable and not prohibited by such Applicable Law, notify Tektronix of any such requirement before such disclosure); and

ensure the reliability of the Partner Personnel processing Protected Data and further ensure that the Partner Personnel processing Protected Data receive adequate training on compliance with this clause 1 and the Data Protection Laws applicable to the processing.

1.8 Data Subject rights

The Partner shall:

at no cost to Tektronix, record and then refer all Data Subject Requests which the Partner receives to Tektronix within three days of receipt of the Data Subject Requests;

at its cost and expense, provide such information and cooperation and other assistance as Tektronix requests in relation to a Data Subject Request within the timescales reasonably required by Tektronix ; and

not respond to any Data Subject Request without Tektronix’s prior written authorisation.

1.9 Assistance with Tektronix’s compliance

The Partner shall, at its own cost and expense, provide such information, cooperation and other assistance as Tektronix requests ensure Tektronix’s compliance with its obligations under Data Protection Laws, including with respect to:

security of processing;

any remedial action and notifications to be taken in response to any Personal Data Breach or Complaint, including (subject in each case to Tektronix’s prior written authorisation) regarding notification of the Personal Data Breach to Supervisory Authorities and/or communication to affected Data Subjects, including in accordance with clause 1.13;

DPIAs, by promptly providing such information and cooperation as Tektronix may reasonably require for the purpose of assisting Tektronix in carrying out a DPIA, and periodic reviews to assess if the processing of Protected Data is performed in compliance with the outcomes of the DPIA;

prior consultation with a Supervisory Authority regarding high risk processing, by promptly and in consultation with Tektronix :

providing such information and cooperation as Tektronix or a Supervisory Authority requests for the purpose of assisting in any consultation by Tektronix with the Supervisor Authority; and

complying with any advice by a Supervisory Authority concerning the Partner’s processing activities related to this agreement

1.10 International data transfers

The Partner shall not (and shall procure that any Sub Processor or subcontractor shall not) transfer, or allow the onward transfer of, any Protected Data to any country outside of Korea or to any international organisation (individually and collectively, an “International Recipient”) without Tektronix’s prior written consent.

If Tektronix consents to the transfer of Protected Data to an International Recipient, the Partner shall ensure that such transfer (and any subsequent onward transfer):

is pursuant to a written contract including equivalent or more onerous obligations on the Sub-Processor in respect of the Protected Data (in particular relating to security and confidentiality) as apply to the Partner under this clause 1;

is effected by way of Protective Measures, the form of which being subject to Tektronix’s prior written approval which shall not be unreasonably withheld or delayed);

complies with clause 1.2.1 and any requirements specified in Schedule 1.3.1 including the Security Measures; and

otherwise complies with Data Protection Laws

1.11 Records

The Partner shall maintain complete, accurate and up to date written records of all categories of processing activities carried out on behalf of Tektronix, containing such information as Tektronix may reasonably require, including:

the name and contact details of the Data Processor(s) and of each Data Controller on behalf of which the Data Processor is acting, and of the Partner’s representative and data protection officer (if any);

the categories of processing carried out on behalf of each Data Controller;

where applicable, details of transfers of Protected Data to an International Recipient, including the identification of that International Recipient and the relevant countries to which such data is transferred, and details of the Protective Measures used; and

a general description of the technical and organisational security measures referred to in clause 1.4.1(b).

1.12 Compliance, information and audit

The Partner shall (and shall procure that its Sub-Processors) make available to Tektronix on request in a timely manner (and in any event within three days):

copies of the records under clause 1.11; and

such other information as Tektronix reasonably requires to demonstrate the Partner’s compliance with its obligations under Data Protection Laws and this agreement, including sufficiently detailed information about the technical and organisational measures that are implemented and maintained by the Partner.

The Partner shall (and shall procure that its Sub-Processors shall) allow for and contribute to audits, including inspections, conducted by Tektronix or another auditor mandated by Tektronix for the purpose of demonstrating compliance by the Partner with its obligations under Data Protection Laws and under this clause 1 including allowing reasonable access for Tektronix or such other auditor to:

the facilities, equipment, premises and sites on which Protected Data and/or the records referred to in clause 1.11 are held, and to any other equipment or facilities used in the provision of the Services (in each case whether or not owned or controlled by the Partner); and

the Partner Personnel,

provided that Tektronix shall, where practicable, give the Partner reasonable prior notice of such audit and/or inspection and conduct the same during normal business hours.

If any audit or inspection reveals a material noncompliance by the Partner with its obligations under Data Protection Laws or a breach by the Partner of its data protection obligations under this agreement, the Partner shall promptly on request:

pay the reasonable costs of Tektronix or its mandated auditors for the audit or inspection; and

resolve (and shall procure that its Sub-Processors likewise resolve), at its own cost and expense, all instances of data protection or security noncompliance discovered by Tektronix and reported to the Partner that reveal a breach or potential breach by the Partner (or a Sub-Processor) of its obligations under this clause 1.

Tektronix may share any notification, details, records or information provided by or on behalf of the Partner under this clause 1.12 or clause 1.13 with its respective affiliates, professional advisors, and any Supervisory Authority.

If the Partner (or a Sub-Processor) is in breach of its obligations under this clause 1, Tektronix may suspend the transfer of Protected Data to the Partner until the breach is remedied.

1.13 Notification of Personal Data Breaches and Complaints

In respect of any actual or suspected Personal Data Breach involving the Partner or a Sub-Processor, the Partner shall:

notify Tektronix of the Personal Data Breach without undue delay, but in no event later than twelve hours after becoming aware of such Persona Data Breach; and

provide Tektronix without undue delay, wherever possible no later than twenty-four hours after becoming aware of such Personal Data Breach, with such details as Tektronix require regarding:

the nature of such Personal Data Breach, including the categories and approximate numbers of Data Subjects and Persona Data records concerned;

any investigations into such Personal Data Breach;

the likely consequences of such Personal Data Breach; and

any measures taken, or that the Partner recommends to take, to address such Personal Data Breach, including to mitigate its possible adverse effects and prevent the re-occurrence of such Personal Data Breach or a similar breach,

provided that, without prejudice to the above obligations, if the Partner cannot provide all these details within the aforesaid timeframe, it shall in any event before the end of said timeframe provide Tektronix with its reasons for the delay and an expectation for when it reasonably expects to be able to provide Tektronix with such details

The Partner shall promptly and in any event within two days inform Tektronix if it receives a Complaint and provide Tektronix with full details of such Complaint.

1.14 Deletion or return of Protected Data and copies

The Partner shall without delay:

at Tektronix’s written request, either securely delete or securely return all the Protected Data to Tektronix in such form as Tektronix reasonably requests, after the earlier of:

the end of the provision of the relevant Services related to processing; or

once processing by the Partner of any Protected Data is no longer required for the purpose of the Partner’s performance of its relevant obligations under this agreement; and

securely delete all other existing copies of the Protected Data, except only for those copies that are required to be stored by Applicable Law and, in which case, the Partner shall inform Tektronix of any such requirement; and

upon full performance of its obligations unde this clause 1.14, provide Tektronix with a written declaration of such performance.

1.15 Liability and indemnities

The Partner shall indemnify and keep indemnified Tektronix in respect of all Data Processing Losses suffered or incurred by, awarded against or agreed to be paid by, Tektronix or any affiliate thereof, arising from or in connection with:

any breach by the Partner of its obligations under this clause1 or of Data Protection Laws; or

the Partner (or any person acting on its behalf) acting outside or contrary to the lawful Processing Instructions ofTektronix in respect of the processing of Protected Data.

This clause 18 is intended to apply to the allocation of liability for Data Protection Losses as between the parties, including with respect to compensation to Data Subjects, notwithstanding any provisions under Data Protection Laws to the contrary, except:

to the extent not permitted by Applicable Law (including Data Protection Laws);and

that it does not affect the liability of either party to any Data Subject.

Exhibit 1 to Schedule 1
Security Measures

Technical Measures to Ensure Security of Processing
1. Inventory and Control of Hardware Assets	Actively manage all hardware devices on the network so that only authorised devices are given access, and unauthorised and unmanaged devices are found and prevented from gaining access.
2. Inventory and Control of Software Assets	Actively manage all software on the network so that only authorised software is installed and can execute, and that unauthorised and unmanaged software is found and prevented from installation or execution.
3. Continuous Vulnerability Management	Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers.
4. Controlled Use of Administrative Privileges	Maintain processes and tools to track, control, prevent, and correct the use, assignment, and configuration of administrative privileges on computers, networks, applications, and data.
5. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers	Implement and actively manage (track, report on, correct) the security configuration of mobile devices, laptops, servers, and workstations using a configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.
6. Maintenance, Monitoring, and Analysis of Audit Logs	Collect, manage, and analyse audit and security logs of events that could help detect, understand, or recover from a possible attack.
7. Email and Web Browser Protections	Deploy automated controls to minimise the attack surface and the opportunities for attackers to manipulate human behaviour through their interaction with web browsers and email systems or content.
8. Malware Defences	Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimising the use of automation to enable rapid updating of defence, data gathering, and corrective action.
9. Limitation and Control of Network Ports, Protocols, and Services	Manage (track, control, correct) the ongoing operational use of ports, protocols, services, and applications on networked devices in order to minimise windows of vulnerability and exposure available to attackers.
10. Data Recovery Capabilities	Maintain processes and tools to properly back up personal data with a proven methodology to ensure the confidentiality, integrity, availability, and recoverability of that data.
11. Secure Configuration for Network Devices, such as Firewalls, Routers, and Switches	Implement, and actively manage (track, report on, correct) the security configuration of network infrastructure devices using a configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.
12. Boundary Defences	Detect, prevent, and correct the flow of information transferring networks of different trust levels with a focus on personal data.
13. Data Protection	Maintain processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the confidentiality and integrity of personal data.
14. Controlled Access Based on the Need to Know	Maintain processes and tools to track, control, prevent, and correct secure access to critical or controlled assets (e.g. information, resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access these critical or controlled assets based on an approved classification.
15. Wireless Access Control	Maintain processes and tools to track, control, prevent, and correct the secure use of wireless local area networks (WLANs), access points, and wireless client systems.
16. Account Monitoring and Control	Actively manage the life cycle of system and application accounts, their creation, use, dormancy, and deletion in order to minimise opportunities for unauthorised, inappropriate, or nefarious use.

Organizational Measures

Organisational Measures to Ensure Security of Processing
1. Implement a Comprehensive Information Security Programme	Through the implementation of a Comprehensive Information Security Programme (CISP), maintain various administrative safeguards to protect personal data. These measures are designed to ensure: · security, confidentiality and integrity of personal data · protection against unauthorized access to or use of (stored) personal data in a manner that creates a substantial risk of identity theft or fraud · that employees, contractors, consultants, temporaries, and other workers who have access to personal data only process such data on instructions from the data controller.
2. Implement a Security Awareness and Training Programme	For all functional roles (prioritizing those mission critical to the business, its security, and the protection of personal data), identify the specific knowledge, skills and abilities needed to support the protection and defence of personal data; develop and execute an integrated plan to assess, identify gaps, and remediate through policy, organisational planning, training, and awareness programmes.
3. Application Software Security	Manage the security life cycle of all in-house developed and acquired software in order to prevent, detect, and correct security weaknesses.
4. Incident Response and Management	Protect the organisation's information, including personal data, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight, retainers, and insurance) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker's presence, and restoring the integrity of the organisation’s network and systems.
5. Security and Privacy Assessments, Penetration Tests, and Red Team Exercises	Test the overall strength of the organisation’s defence (the technology, processes, and people) by simulating the objectives and actions of an attacker; as well as, assess and validate the controls, policies, and procedures of the organisation’s privacy and personal data protections.
6. Physical Security and Entry Control	Require that all facilities meet the highest level of data protection standards possible, and reasonable, under the circumstances relevant to the facility and the data it contains, process, or transmits.

Exhibit 2 to Schedule 1
Data Processing Details

1. Subject Matter of Processing

The Partner will be processing personal data in the course of providing the Services.

2. Duration of the processing

The processing will be carried out for the term of this Agreement.

3. Nature and Purpose of the Processing

The data is processed in order to perform the terms and objectives of this Agreement, including but not limited to following-up on and qualifying sales leads on behalf of Tektronix, lead generation activity on behalf of Tektronix.

4. Type of Personal Data

The data processed includes, but is not limited to, name, address, telephone number, email address, application, industry, job function and Products or possible products of affiliated companies purchased.

5. Special categories of personal data and description of applied restrictions or safeguards

N/a

6. Categories of Data Subjects

Data subjects include individuals being or representing existing customers using Tektronix products, past customers of Tektronix products and prospects that are potential customers for Tektronix products.

7. Approved Sub-processors

n/a.

8. Additional Instructions

See Exhibit 1, which shall form a part of this Exhibit 2.

Schedule 2 – Partner Lead Generation

1. Lead Data. In connection with the Agreement, the Partner may provide Tektronix with lead generation data (collectively, “Lead Data”) as described in and for the limited and specified purposes identified in Exhibit 1 (“Data Processing Details”) to this Schedule.

2. Lead Data requirements. Partner represents and warrants that the Lead Data provided to Tektronix will be accurate, up-to-date, free of errors and will not include:

i. Special categories of personal data or sensitive data as defined under Applicable Privacy Laws (as defined below); or

ii.information about data subjects who are under the age of majority, are located outside of the Geographical scope indicated in Exhibit 1 to this Appendix or who have requested deletion of their data, or have otherwise opted-out from the sale, sharing, or disclosure of their data.

Lead Data shall only be collected from leads who have expressly opted-in to receive marketing communications regarding Tektronix products and services.

3. Compliance with applicable law; privacy policy

Each Party represents and warrants that, with respect to the Lead Data, such party shall comply with and provide the same level of protection required by all applicable international, foreign, federal, state, provincial, and local laws, executive orders, rules, regulations, ordinances, codes, orders, and decrees of all governments or agencies of any U.S. or applicable foreign jurisdictions, including but not limited to (where applicable) anti-spam regulation, data brokerage regulation, marketing and advertising regulations, the U.S. Telephone Consumer Protection Act, the California Consumer Privacy Act, the General Data Protection Regulation, and anti-corruption laws such as the US Foreign Corrupt Practices Act and UK Bribery Act 2010 (collectively, “Applicable Privacy Laws”).

Partner further represents and warrants that (i) its processing (including collection and disclosure) of Lead Data shall comply with all applicable industry best practices; (ii) Partner will maintain and at all times act in accordance with a publicly-accessible privacy policy on its mobile applications and websites that is available via a prominent link in compliance with the requirements of Applicable Privacy Laws; and (iii) Partner’s provision of the Lead Data to Tektronix does not violate any agreement or obligation between Partner and a third party. Partner (i) shall notify Tektronix in the event that it makes a determination that it is no longer able to meet the requirements under this Section; and (ii) shall have the right, solely where and to the extent afforded by Applicable Privacy Law, to take reasonable and appropriate steps to ensure the other party meets its obligations under this Appendix and to discontinue and remediate any unauthorized processing of Lead Data hereunder.

4. Data collection; data handling. Partner represents and warrants that:

i. Requisite rights. Partner has all requisite rights and has provided and/or obtained all data subject notices and/or consents required under Applicable Privacy Laws sufficient to allow Tektronix to (i) receive and use the Lead Data pursuant to the Agreement with no further action required on Tektronix’s part and (ii) transfer Lead Data internationally, including to the United States or other regions as may be required.

ii. Records of consent and notice. Partner will create, retain, and make available to Tektronix, upon request, full records of all consents obtained, and notices provided in connection with the Lead Data processed pursuant to the Agreement. Such records shall be sufficient to prove the validity of the consents and notices under applicable law and shall include, without limitation: (i) the specific source of the consent (e.g., website), (ii) the form of request of consent, (iii) the date and time consent was obtained, and (iv) any and all unsubscribe or opt out requests and actions. This obligation shall survive the termination of the Agreement for a period of three years.

iii. Notice and cooperation. To the extent applicable, Partner will provide Tektronix with immediate notice of and provide Tektronix with reasonable cooperation in responding to:

i. any notice, inquiry, complaint, or claim made by any individual or third Parties (including any government or regulatory authority) in connection with the Lead Data;

ii. any opt-out, withdrawal of consent, request for deletion, or related request in connection with Lead Data; or

iii. any breach by Partner of its obligations hereunder.

iv. Security of data. Partner will implement and maintain commercially reasonable administrative, technical and physical safeguards which at a minimum: (i) are reasonable and appropriate, given the nature of the data, to protect such data from unauthorized or illegal access, destruction, use, modification, or disclosure; and (ii) comply with requirements under Applicable Privacy Laws to safeguard the Lead Data.

v. Roles of the Parties. With respect to the Lead Data, the Parties will act as independent controllers or Business (as defined under California Consumer Privacy Act (CCPA)) (collectively “controller”) under Applicable Privacy Laws.

5. Tektronix Personal Data, data enrichment and related services. For the avoidance of doubt, the rights and obligations set forth under this Schedule 2 do not apply to personal data which Partner processes on behalf of Tektronix in the role of a data processor (or substantially similar term under Applicable Privacy Laws) including, without limitation, any data provided to Partner (directly or indirectly) for the purposes of data enrichment or related services (collectively, “Tektronix Personal Data”).