TJPS Software Data Protection Addendum

This Data Protection Addendum forms part of the TJPS Software Inc. License Agreement and Limited Product Warranty ( "EULA" ) entered into by and between TJPS Software Inc. ( "Write-Up" ) and the end-user of the Write-Up application and/or their employer ( "Company" ) and is effective as of the Effective Date defined in the EULA. In case of any conflict between the provisions of this Data Protection Addendum and the EULA, the provisions of this Data Protection Addendum will prevail.

1.       Definitions

Capitalized terms used herein and not otherwise defined in the EULA shall have the meanings set forth in this Section 1.

1.1.    Agreement means the EULA, including this Data Protection Addendum.

1.2.    "Authorized Persons" means employees and Data Sentinel's contractors, agents, and other personnel who have a need to know or otherwise access Personal Information to enable Write-Up to perform its obligations under this Agreement, and who are bound in writing by confidentiality and other obligations sufficient to protect Personal Information in accordance with the terms and conditions of this Agreement.

1.3.    "Data" has the meaning set out in Section 2(a)(i).

1.4.    "Personal Information" means information about an identifiable individual.

1.5.    Privacy Laws has the meaning set out in Section 2.2.

1.6.    Security Breach has the meaning set out in Section 3.3.

2.       Compliance with Laws

2.1.    Write-Up acknowledges that in its performance of its obligations under this Agreement and in providing the Services it may have access to:

(a)     Personal Information;

(b)    Company-licensed third-party data; and

(c)     other data relating to Company or its customers, potential customers, and/or end users (collectively, the "Data").

2.2.    Write-Up agrees that it shall use and maintain the Data on Company's behalf solely for the purposes of and in accordance with the terms of this Agreement and to provide the Services, and in compliance with all applicable laws, legal rules and regulations, including all Canadian federal and provincial laws, rules, regulations, industry standards, codes and practices with which Write-Up is required or has voluntarily agreed to comply as each relate to the protection of Personal Information and the Data, including without limitation, [the Personal Information Protection and Electronic Documents Act (Canada) (S.C. 2000, c.5) and all substantially similar provincial laws (collectively, "Privacy Laws").

3.       Privacy and Data Protection

3.1.     Write-Up shall:

(a)     only use the Data to fulfill the Agreement and to carry out the Services, and for no other purpose of any kind whatsoever, without Company's written authorization;

(b)    not share the Data with any third party except as may be required to carry out the Services, as agreed upon by Company, in writing;

(c)     not disclose or permit any employee, contractor, agent, or other third parties to disclose the Data, or any

part thereof, other than to Authorized Persons who have agreed to abide by the terms of this Data Protection Addendum or as Company may otherwise authorize in writing, and who are bound in writing by privacy, confidentiality, and other obligations sufficient to protect Personal Information in accordance with the terms and conditions of this Agreement;

(d)    enter into a written contract with each subcontractor that will process Data on behalf of Write-Up that contains terms substantially the same as those set out in this Data Protection Agreement. Where the subcontractor fails to fulfill its obligations under such written agreement, Write-Up remains fully liable to the Company for the subcontractor's performance of its agreement obligations;

(e)    maintain the Data only for as long as is necessary for the provision of the Services, or as may be required by law, whichever is longer;

(f)      implement and maintain a written information security program including appropriate policies, procedures, and risk assessments that are reviewed at least annually, and employ administrative, physical, and technological safeguards to protect the Data in an environment secure against loss, theft, unauthorized access, acquisition, disclosure, destruction, alteration, copying, misuse, modification, and accidental loss or damage, that are no less rigorous than accepted industry standards and practices, and shall ensure that all such safeguards, including the manner in which the Services are provided and Data is created, collected, accessed, received, used, stored, processed, disposed of, and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Agreement;

(g)     notify the Company immediately if it receives any complaint, notice, or communication that directly or indirectly relates to the Personal Information processing or to either party's compliance with Privacy Laws;

(h)    notify the Company promptly upon receiving a request from an individual for access to their Personal Information or a request to correct, delete, or withdraw consent from any use of same by Company or Write-Up;

(i)      give the Company its full co-operation and assistance in responding to any complaint, notice, communication, or individual request;

(j)      not disclose the Personal Information to any individual or to a third party unless the disclosure is either at the Company's request or instruction, permitted by this Agreement, or is otherwise required by law;

(k)     cause each of its officers, employees, and agents to comply with all Privacy Laws, and all other laws, rules, and regulations applicable to the Data to the same extent that Company is required to comply with such laws, rules and regulations;

(l)      not acquire any express or implied rights, title, or interest in the Data, which shall always remain the exclusive property of Company;

(m)  notify Company immediately of any breach of the representations, warranties, obligations, and agreements set out in this Data Protection Agreement and use its best efforts to cooperate with Company to remedy such breach;

(n)    upon termination or expiration of this Agreement or at Company's immediate request, unless otherwise directed by Company, destroy all Data in its possession within five (5) days of termination or expiration/return the Data to Company within [NUMBER OF DAYS] of termination or expiration] and have an authorized signing officer certify in writing or sign an affidavit and confirm in writing that no copies of the Data have been retained by Data Sentinel, its employees, agents or subcontractors.

3.2.    Cross-border transfers. Write-Up agrees that the Data shall always remain in Canada. Write-Up shall not relocate the equipment, databases, or documents containing any Data (including any redundant or back- up environments) anywhere outside of Canada without Company's prior written consent.

3.3.    Security Breaches. Write-Up will promptly notify the Company if it becomes aware of any act or omission that compromises the security, confidentiality, or integrity of Personal Information or the physical, technical, administrative, or organizational safeguards put in place to protect it, including without limitation the loss of or unauthorized access, disclosure, or acquisition or processing of Personal Information ( Security Breach ).

3.3.1.  Immediately following any Security Breach, the parties will co-ordinate with each other to investigate the

matter. Write-Up will reasonably co-operate with the Company in the Company's handling of the matter, including:

(a)       assisting with any investigation;

(b)       providing the Company with physical access to any Write-Up facilities and operations affected;

(c)       facilitating interviews with Data Sentinel's employees, former employees, and others involved in the matter; and

(d)       making available all relevant records, logs, files, data reporting, and other materials required to comply with all Privacy Laws or as otherwise reasonably required by the Company.

3.3.2.  Write-Up will not inform any third party of any Security Breach without first obtaining the Company's prior written consent, except when Privacy Laws, or other laws or regulations, require it.

3.3.3.  Write-Up agrees that the Company has the sole right to determine:

(a)       whether to provide notice of the Security Breach to any individuals, regulators, law enforcement agencies or others, as required by Privacy Laws or other laws or regulations, or at the Company's discretion, including the contents and delivery method of the notice; and

(b)       whether to offer any type of remedy to affected Individuals, including the nature and extent of such remedy.

3.3.4.  Write-Up will cover all reasonable expenses associated with the performance of the obligations under Section 3.3, unless the matter arose from the Company's specific instructions, negligence, willful default or breach of this Data Processing Addendum, in which case the Company will cover all reasonable expenses.

3.3.5.  Write-Up will also reimburse the Company for actual reasonable expenses the Company incurs when responding to and mitigating damages, to the extent that Write-Up caused a Security Breach, including all costs of notice and any remedy as set out in Section 3.3.3 

3.3.6.  Write-Up will maintain records of any Security Breach in accordance with Privacy Laws.

4.          Indemnity. Write-Upshall indemnify, save, defend, release, and hold harmless Company and its Affiliates and their respective officers, directors, employees, agents, successors, and permitted assigns (collectively, the "Company Indemnitees"), from and against any and all liabilities, losses, damages, expenses, fees, settlements, penalties, and costs (including legal fees, court costs, and expenses related to its defence), resulting from any claim, suit or action brought against the Company Indemnitees, arising out of, resulting from, or related to Data Sentinel's failure to comply with any of the provisions set out in this Data Protection Addendum.

5.          Audit. Company may, at its expense, upon reasonable prior written notice, appoint its own personnel or an independent third party to verify that Data Sentinel's use of Data complies with the terms of this Agreement. Such verification may include an onsite audit conducted at Data Sentinel's relevant places of business, which will occur during regular business hours and shall not unreasonably interfere with Data Sentinel's business activities. If such verification shows that Write-Up is using Data in any way not permitted under or in breach of this Agreement, Company shall be able to terminate the Agreement with immediate effect, and Company will receive a refund of all amounts prepaid by Company for the period from the effective date of termination to the end of the Term.