The URL can be used to link to this page

Insurance Certificates 2020/22 Clubessential Holdings, LLCACORa°` CERTIFICATE OF LIABILITY INSURANCE F DATE (MMIDD/YYYY) 1 3/23/2021 THIS CERTIFICATE IS ISSUED AS A MATTER OF INFORMATION ONLY AND CONFERS NO RIGHTS UPON THE CERTIFICATE HOLDER. THIS CERTIFICATE DOES NOT AFFIRMATIVELY OR NEGATIVELY AMEND, EXTEND OR ALTER THE COVERAGE AFFORDED BY THE POLICIES BELOW. THIS CERTIFICATE OF INSURANCE DOES NOT CONSTITUTE A CONTRACT BETWEEN THE ISSUING INSURER(S), AUTHORIZED REPRESENTATIVE OR PRODUCER, AND THE CERTIFICATE HOLDER. IMPORTANT: If the certificate holder Is an ADDITIONAL INSURED, the policy(ies) must have ADDITIONAL INSURED provisions or be endorsed. If SUBROGATION IS WAIVED, subject to the terms and conditions of the policy, certain policies may require an endorsement. A statement on this certificate does not confer rights to the certificate holder In lieu of such endorsement(s). PRODUCER ONTACT NAME; Susan D- Masters, CIC Arthur J. Gallagher Risk Management Services, Inc. PHONE FAx 201 E. 4th Street, Ste 625 513 977 3139 Cincinnati OH 45202 E-MAIL susan_masters-ohL5ajg.com INSURER(S) AFFORDING COVERAGE _ NAIC p INSURER A : Continental Insurance Company 35289 INSURED CLUBLLC-01 INSURERB: Continental Casual Company 20443 Clubessential Holdings, LLC 4600 McAuley Place Ste 350 INsuFtEsc:-Vally Forge Insurance Company 20508 Cincinnati OH 42542 INSURERD: Ascot Sp Insurance Company. INSURER jr: Crum & Forster 5paeiaity Insurance Cc T 44520 INSURER F COVERAGES CERTIFICATE NUMRER-7496213nR REVISION NUMRFR- THIS IS TO CERTIFY THAT THE POLICIES OF INSURANCE LISTED BELOW HAVE BEEN ISSUED TO THE INSURED NAMED ABOVE FOR THE POLICY PERIOD INDICATED. NOTWITHSTANDING ANY REQUIREMENT, TERM OR CONDITION OF ANY CONTRACT OR OTHER DOCUMENT WITH RESPECT TO WHICH THIS CERTIFICATE MAY BE ISSUED OR MAY PERTAIN, THE INSURANCE AFFORDED BY THE POLICIES DESCRIBED HEREIN IS SUBJECT TO ALL THE TERMS, EXCLUSIONS AND CONDITIONS OF SUCH POLICIES. LIMITS SHOWN MAY HAVE BEEN REDUCED BY PAID CLAIMS. N-R TYPE OF INSURANCE ODD' WU D l FOL[GY NUMBER 1 b4608SY Yk10 Qp YYYY LIMITS C X COMMERCIAL GENERAL LIABILITY Y N 6079684571 11115/2020 11/15/2021 EACH OCCURRENCE $1,000,000 CLAIMS -MADE OCCUR A tE TO -A ENTED PREIvSISES,.[a_occ�rrertcpj $100,000 $ 5,000 MED EXP (Any one person) PERSONAL & ADV INJURY $1,000,000 GEN'L AGGREGATE LIMIT APPLIES PER: X POLICY PRCOT- LOG GENERAL AGGREGATE $ 2,000,000 PRODUCTS - COMP/OP AGG $ 2.000,000 1 $ OTHER- C AUTOMOBILE LIABILITY N 1 N J 6079684568 11/15/2020 11/15/2021 COMBINED SINGLE LIMIT -CEa Rg i3.__ $1,000.000 X BODILY INJURY (Per person) $ ANY AUTO OWNED SCHEDULED AUTOS ONLY AUTOS HIRED NON -OWNED AUTOS ONLY AUTOS ONLY BODILY INJURY (Per accident) $ $ _ PROPERTY DAMAGE _Ler act ant)_ _ - -__ _-_ X Hired PhyDcm Hired PhyDam I $ 75,000 A X UMBRELLA LIAB X OCCUR 6079684604 1111112120 11111/2021 EACH OCCURRENCE $2,000,000 AGGREGATE $2,000,000 EXCESS LIAB CLAIMS -MADE DEC I X RETENTION $ q a rmn $ A A WORKERS COMPENSATION AND EMPLOYERS' LIABILITY YIN ANYPROPRIETOR/PARTNER/EXECUTIVE ElN OFFICERIMEMBER EXCLUDED? (Mandatory In NH) Y 1 A 6079684599 6079684585 11/15/2020 11/15/2020 11115/2021 11/15/2021 :X PER ERH E.L. EACH ACCIDENT $1,000,000 E.L. DISEASE - EA EMPLOYES -- — $ 1,000,000 II yes, describe under DESCRIPTION OF OPERATIONS below E.L. DISEASE - POLICY LIMIT $1,000,000 E B D ProflCyber-CM Crime-3rdParty Excess ProflCyber-CM TCM101288 652175238 EOXS2110000601-01 312312/21 3121/2022 11/15/2020 11/1512021 3/23/2021 3/23/2022 Ea ClaimlAgg Ea Claim Ea Claim $5,000,000 $1,000,000 $5.0K000 DESCRIPTION OF OPERATIONS / LOCATIONS / VEHICLES (ACORD 101, Additional Remarks Schedule, may be attached 11 more space Is required) Complete Named Insured. Clubessential Holdings LLC; CE Management Holdings, LLC; Clubessenlial, LLC; ClubReady, LLC; LEGP II Blocker(CR), Inc; ClubReady Canada Software ULC; GYM HQ, LLC; FItBPO Solutions, LLC; PrestoSports, LLC; RecTmc, LLC dba Vermont Systems; Immersion Media, Inc, dba ScoreShots; (eff 1/29/21) iKizmet, Inc; Golf Compete, Inc (d/b/a foreUP) OH Employers Defense Liability(Stop Gap): Policy#6079684571 11115/2020-11115/2021$1,000,000/$1,000,000/31,000,000 CGL: CNA74872XX(01/15) CNA Technology Broadening Endorsement provides: See Attached... CERTIFICATE HOLDER CANCELLATION City of La Quinta 78-495 Calle Tampico La Quinta CA 92253 USA SHOULD ANY OF THE ABOVE DESCRIBED POLICIES BE CANCELLED BEFORE THE EXPIRATION DATE THEREOF, NOTICE WILL BE DELIVERED IN ACCORDANCE WITH THE POLICY PROVISIONS. AUTHON[ZED REPRESENTATIVE 01988-2015 ACORD CORPORATION. All rights reserved. ACORD 25 (2016/03) The ACORD name and logo are registered marks of ACORD 2' of 37 4320 AGENCY CUSTOMER ID: CLUBLLC-01 LOC #: ACC)RE) AnniffinNA1 REMARKS Sf_HF1 m F Pace 1 of 1 AGENCY NAMED INSURED Arthur J. Gallagher Risk Management Services, Inc. Glubessential Holdings, LLC 4600 McAuley Place Ste 350 POLICY NUMBER Cincinnati OH 42542 CARRIER ADDITIONAL REMARKS NAIC CODE EFFECTIVE DATE: THIS ADDITIONAL REMARKS FORM IS A SCHEDULE TO ACORD FORM, FORM NUMBER: 25 FORM TITLE: CERTIFICATE OF LIABILITY INSURANCE -Additional Insured by Contract, Agreement or Permit when required in a written contract with you; -Waiver of Subrogation when required in a written contract with you PKG: CNA62665XX(10/15) CNA Paramount Technology Broadening Endorsement provides: -Employee Dishonesty including ERISA $50,000 Ea Occ Limitl$2,500 Dedurrdble BA: CA2048(10/13) Blanket Additional Insured when required in a written contract with you BA: CA0444(10/13) Blanket Waiver of Subrogation when required in a written contract with you WC: WC000313(04184) Blanket Waiver of Subrogation when required in a written contract with you where allowed by State law. WC: WC420304B(06/14) Texas Blanket Waiver of Subrogation when required in a written contract with you. Umbrella is follow form regarding underlying: CGL BA WC ProflCyber Retention: $50,000; Retro Active 3123111 Prof/Cyber TCM-POL-001 (01119) C&F TCM Technology E&O, Cyber and MuNmedia Liability Insurance Policy coverage form: -pg 6 Automatic Additional insured status when required by written contract with you; -pg 15 Automatic Waiver of Subrogation where required by written contract with you. Third Party Crime Deductible: $5,000 Excess Prof/Cyber: Underlying Limit $5,000,000; Underlying Retention $50,000; Retro Active 3/23/2020 The City of La Quinta is additional insured with regard to general liability on a primary and non-contributory basis where required by written contract. A workers' compensation waiver of subrogation applies in favor of the City of La Quinta. I ACORD 101 (2008/01) @ 2008 ACORD CORPORATION. All rights reserved. The ACORD name and logo are registered marks of ACORD 3' of 37 4320 ACORD 101 (2008/01) The ACORD name and logo are registered marks of ACORD © 2008 ACORD CORPORATION. All rights reserved. THIS ADDITIONAL REMARKS FORM IS A SCHEDULE TO ACORD FORM, FORM NUMBER:FORM TITLE: ADDITIONAL REMARKS ADDITIONAL REMARKS SCHEDULE Page of AGENCY CUSTOMER ID: LOC #: AGENCY CARRIER NAIC CODE POLICY NUMBER NAMED INSURED EFFECTIVE DATE: CLUBLLC-01 1 1 Arthur J. Gallagher Risk Management Services, Inc.Clubessential Holdings, LLC 4600 McAuley Place Ste 350 Cincinnati OH 42542 25 CERTIFICATE OF LIABILITY INSURANCE -Additional Insured by Contract, Agreement or Permit when required in a written contract with you; -Waiver of Subrogation when required in a written contract with you PKG: CNA62665XX(10/15) CNA Paramount Technology Broadening Endorsement provides: -Employee Dishonesty including ERISA $50,000 Ea Occ Limit/$2,500 Deductible BA: CA2048(10/13) Blanket Additional Insured when required in a written contract with you BA: CA0444(10/13) Blanket Waiver of Subrogation when required in a written contract with you WC: WC000313(04/84) Blanket Waiver of Subrogation when required in a written contract with you where allowed by State law. WC: WC420304B(06/14) Texas Blanket Waiver of Subrogation when required in a written contract with you. Umbrella is follow form regarding underlying: CGL BA WC Prof/Cyber Retention: $50,000; Retro Active 3/23/11 Prof/Cyber: TCM-POL-001 (01/19) C&F TCM Technology E&O, Cyber and Multimedia Liability Insurance Policy coverage form: -pg 6 Automatic Additional Insured status when required by written contract with you; -pg 15 Automatic Waiver of Subrogation where required by written contract with you. Third Party Crime Deductible: $5,000 Excess Prof/Cyber: Underlying Limit $5,000,000; Underlying Retention $50,000; Retro Active 3/23/2020 The City of La Quinta is additional insured with regard to general liability on a primary and non-contributory basis where required by written contract. A workers' compensation waiver of subrogation applies in favor of the City of La Quinta. INSURANCE REVIEW RE: Please list the Contracting Party / Vendor Name, type of agreement to be executed, including any change orders or amendments, and the type of services to be provided. Make sure to list any related Project No. and Project Name. Insurance certificates required per the Agreement: ACCORD Certificate dated 10-days prior or less _____________________________ enter ACCORD issue date Commercial General Liability Insurance: $1,000,000 per occurrence/$2,000,000 aggregate OR $2,000,000 per occurrence/$4,000,000 aggregate Additional Insured Endorsement naming City of La Quinta Primary and Non-Contributory Endorsement Automobile Liability: $1,000,000 combined single limit for bodily injury and property damage. Workers’ Compensation: Statutory Limits / Employer’s Liability $1,000,000 per accident or disease Workers’ Compensation Endorsement with Waiver of Subrogation Sole Proprietor Professional Liability (Errors and Omissions): Errors and Omissions Liability insurance with a limit of not less than $1,000,000 per claim Cyber Liability/Technology Errors and Omissions Liability Insurance: $1,000,000 per occurrence/loss Other: ________________________________________________________ List other insurance types such as – molestation, harassment, etc. Approved by: ________________________ Date: ________________________ Vermont Systems Incorporated updated Certificate of Liability Insurance, endorsement pages and coverages for FY 20-21. COI (pg 2) Additional Insured (pg 5), Cyber Liability, Umbrella (PG 3), Primary and Non Contributory (pg 8), Auto Liability(pg18), WC Waiver of Sub (pg 3)Workman's Comp(pg21), 11/15/2020 ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ Monika Radeva 12/14/2020 INSURANCE REVIEW RE: Please list the Contracting Party / Vendor Name, type of agreement to be executed, including any change orders or amendments, and the type of services to be provided. Make sure to list any related Project No. and Project Name. Insurance certificates required per the Agreement: ACCORD Certificate dated 10-days prior or less _____________________________ enter ACCORD issue date Commercial General Liability Insurance: $1,000,000 per occurrence/$2,000,000 aggregate OR $2,000,000 per occurrence/$4,000,000 aggregate Additional Insured Endorsement naming City of La Quinta Primary and Non-Contributory Endorsement Automobile Liability: $1,000,000 combined single limit for bodily injury and property damage. Workers’ Compensation: Statutory Limits / Employer’s Liability $1,000,000 per accident or disease Workers’ Compensation Endorsement with Waiver of Subrogation Sole Proprietor Professional Liability (Errors and Omissions): Errors and Omissions Liability insurance with a limit of not less than $1,000,000 per claim Cyber Liability/Technology Errors and Omissions Liability Insurance: $1,000,000 per occurrence/loss Other: ________________________________________________________ List other insurance types such as – molestation, harassment, etc. Approved by: ________________________ Date: ________________________ SHOULD ANY OF THE ABOVE DESCRIBED POLICIES BE CANCELLED BEFORE THE EXPIRATION DATE THEREOF, NOTICE WILL BE DELIVERED IN ACCORDANCE WITH THE POLICY PROVISIONS. INSURER(S) AFFORDING COVERAGE INSURER F : INSURER E : INSURER D : INSURER C : INSURER B : INSURER A : NAIC # NAME:CONTACT (A/C, No):FAX E-MAILADDRESS: PRODUCER (A/C, No, Ext):PHONE INSURED REVISION NUMBER:CERTIFICATE NUMBER:COVERAGES IMPORTANT: If the certificate holder is an ADDITIONAL INSURED, the policy(ies) must have ADDITIONAL INSURED provisions or be endorsed. If SUBROGATION IS WAIVED, subject to the terms and conditions of the policy, certain policies may require an endorsement. A statement on this certificate does not confer rights to the certificate holder in lieu of such endorsement(s). THIS CERTIFICATE IS ISSUED AS A MATTER OF INFORMATION ONLY AND CONFERS NO RIGHTS UPON THE CERTIFICATE HOLDER. THIS CERTIFICATE DOES NOT AFFIRMATIVELY OR NEGATIVELY AMEND, EXTEND OR ALTER THE COVERAGE AFFORDED BY THE POLICIES BELOW. THIS CERTIFICATE OF INSURANCE DOES NOT CONSTITUTE A CONTRACT BETWEEN THE ISSUING INSURER(S), AUTHORIZED REPRESENTATIVE OR PRODUCER, AND THE CERTIFICATE HOLDER. OTHER: (Per accident) (Ea accident) $ $ N / A SUBR WVD ADDL INSD THIS IS TO CERTIFY THAT THE POLICIES OF INSURANCE LISTED BELOW HAVE BEEN ISSUED TO THE INSURED NAMED ABOVE FOR THE POLICY PERIOD INDICATED. NOTWITHSTANDING ANY REQUIREMENT, TERM OR CONDITION OF ANY CONTRACT OR OTHER DOCUMENT WITH RESPECT TO WHICH THIS CERTIFICATE MAY BE ISSUED OR MAY PERTAIN, THE INSURANCE AFFORDED BY THE POLICIES DESCRIBED HEREIN IS SUBJECT TO ALL THE TERMS, EXCLUSIONS AND CONDITIONS OF SUCH POLICIES. LIMITS SHOWN MAY HAVE BEEN REDUCED BY PAID CLAIMS. $ $ $ $PROPERTY DAMAGE BODILY INJURY (Per accident) BODILY INJURY (Per person) COMBINED SINGLE LIMIT AUTOS ONLY AUTOSAUTOS ONLY NON-OWNED SCHEDULEDOWNED ANY AUTO AUTOMOBILE LIABILITY Y / N WORKERS COMPENSATION AND EMPLOYERS' LIABILITY OFFICER/MEMBER EXCLUDED? (Mandatory in NH) DESCRIPTION OF OPERATIONS below If yes, describe under ANY PROPRIETOR/PARTNER/EXECUTIVE $ $ $ E.L. DISEASE - POLICY LIMIT E.L. DISEASE - EA EMPLOYEE E.L. EACH ACCIDENT EROTH-STATUTEPER LIMITS(MM/DD/YYYY)POLICY EXP(MM/DD/YYYY)POLICY EFFPOLICY NUMBERTYPE OF INSURANCELTRINSR DESCRIPTION OF OPERATIONS / LOCATIONS / VEHICLES (ACORD 101, Additional Remarks Schedule, may be attached if more space is required) EXCESS LIAB UMBRELLA LIAB $EACH OCCURRENCE $AGGREGATE $ OCCUR CLAIMS-MADE DED RETENTION $ $PRODUCTS - COMP/OP AGG $GENERAL AGGREGATE $PERSONAL & ADV INJURY $MED EXP (Any one person) $EACH OCCURRENCE DAMAGE TO RENTED $PREMISES (Ea occurrence) COMMERCIAL GENERAL LIABILITY CLAIMS-MADE OCCUR GEN'L AGGREGATE LIMIT APPLIES PER: POLICY PRO-JECT LOC CERTIFICATE OF LIABILITY INSURANCE DATE (MM/DD/YYYY) CANCELLATION AUTHORIZED REPRESENTATIVE ACORD 25 (2016/03) © 1988-2015 ACORD CORPORATION. All rights reserved. CERTIFICATE HOLDER The ACORD name and logo are registered marks of ACORD HIRED AUTOS ONLY $UWKXU - *DOODJKHU 5LVN 0DQDJHPHQW 6HUYLFHV ,QF ( WK 6WUHHW 6WH &LQFLQQDWL 2+ 6XVDQ ' 0DVWHUV &,& VXVDQBPDVWHUVRK#DMJFRP $;,6 ,QVXUDQFH &RPSDQ\ &/8%//&&RQWLQHQWDO ,QVXUDQFH &RPSDQ\&OXEHVVHQWLDO +ROGLQJV //& 0F$XOH\ 3ODFH 6WH &LQFLQQDWL 2+ &RQWLQHQWDO &DVXDOW\ &RPSDQ\ 9DOOH\ )RUJH ,QVXUDQFH &RPSDQ\ 1RUWK 5LYHU ,QVXUDQFH &RPSDQ\ '; ; ;;; <1 ' ; ;+LUHG 3K\'DP 1 1 +LUHG 3K\'DP %;; ; % %;< $ & ( 3URI&\EHU&0 &ULPHUG 3DUW\ ([FHVV 3URI&\EHU&0 3 (D &ODLP$JJ (D &ODLP (D &ODLP &RPSOHWH 1DPHG ,QVXUHG &OXEHVVHQWLDO +ROGLQJV //& &OXEHVVHQWLDO //& &OXE5HDG\ //& /(*3 ,, %ORFNHU &5 ,QF &OXE5HDG\ &DQDGD 6RIWZDUH 8/& *<0 +4 //& )LW%32 6ROXWLRQV //& 3UHVWR6SRUWV //& 9HUPRQW 6\VWHPV ,QF ,PPHUVLRQ 0HGLD ,QF GED 6FRUH6KRWV 2+ (PSOR\HUV 'HIHQVH /LDELOLW\6WRS *DS 3ROLF\ &*/ &1$;; &1$ 7HFKQRORJ\ %URDGHQLQJ (QGRUVHPHQW SURYLGHV $GGLWLRQDO ,QVXUHG E\ &RQWUDFW $JUHHPHQW RU 3HUPLW ZKHQ UHTXLUHG LQ D ZULWWHQ FRQWUDFW ZLWK \RX :DLYHU RI 6XEURJDWLRQ ZKHQ UHTXLUHG LQ D ZULWWHQ FRQWUDFW ZLWK \RX 6HH $WWDFKHG &LW\ RI /D 4XLQWD &DOOH 7DPSLFR /D 4XLQWD &$ 86$ ACORD 101 (2008/01) The ACORD name and logo are registered marks of ACORD © 2008 ACORD CORPORATION. All rights reserved. THIS ADDITIONAL REMARKS FORM IS A SCHEDULE TO ACORD FORM, FORM NUMBER: FORM TITLE: ADDITIONAL REMARKS ADDITIONAL REMARKS SCHEDULE Page of AGENCY CUSTOMER ID: LOC #: AGENCY CARRIER NAIC CODE POLICY NUMBER NAMED INSURED EFFECTIVE DATE: &/8%//& $UWKXU - *DOODJKHU 5LVN 0DQDJHPHQW 6HUYLFHV ,QF &OXEHVVHQWLDO +ROGLQJV //& 0F$XOH\ 3ODFH 6WH &LQFLQQDWL 2+ &(57,),&$7( 2) /,$%,/,7< ,1685$1&( 3.* &1$;; &1$ 3DUDPRXQW 7HFKQRORJ\ %URDGHQLQJ (QGRUVHPHQW SURYLGHV (PSOR\HH 'LVKRQHVW\ LQFOXGLQJ (5,6$ (D 2FF /LPLW 'HGXFWLEOH %$ &$ %ODQNHW $GGLWLRQDO ,QVXUHG ZKHQ UHTXLUHG LQ D ZULWWHQ FRQWUDFW ZLWK \RX %$ &$ %ODQNHW :DLYHU RI 6XEURJDWLRQ ZKHQ UHTXLUHG LQ D ZULWWHQ FRQWUDFW ZLWK \RX :& :& %ODQNHW :DLYHU RI 6XEURJDWLRQ ZKHQ UHTXLUHG LQ D ZULWWHQ FRQWUDFW ZLWK \RX ZKHUH DOORZHG E\ 6WDWH ODZ :& :&% 7H[DV %ODQNHW :DLYHU RI 6XEURJDWLRQ ZKHQ UHTXLUHG LQ D ZULWWHQ FRQWUDFW ZLWK \RX 8PEUHOOD LV IROORZ IRUP UHJDUGLQJ XQGHUO\LQJ &*/ %$ :& 3URI&\EHU 5HWHQWLRQ 5HWUR $FWLYH 3URI&\EHU $;,6 $;,6 3UR 7HFK1HW 6ROXWLRQV 7HFKQRORJ\ 3URIHVVLRQDO 6HUYLFHV /LDELOLW\ FRYHUDJH IRUP SJ $XWRPDWLF $GGLWLRQDO ,QVXUHG VWDWXV ZKHQ UHTXLUHG E\ ZULWWHQ FRQWUDFW ZLWK \RX 3URI&\EHU $;,6 :DLYHU RI 6XEURJDWLRQ $JDLQVW &OLHQWV :KHUH 5HTXLUHG E\ &RQWUDFW (QGRUVHPHQW 7KLUG 3DUW\ &ULPH 'HGXFWLEOH ([FHVV 3URI&\EHU 8QGHUO\LQJ /LPLW 8QGHUO\LQJ 5HWHQWLRQ 5HWUR $FWLYH 7KH &LW\ RI /D 4XLQWD LV DGGLWLRQDO LQVXUHG ZLWK UHJDUG WR JHQHUDO OLDELOLW\ RQ D SULPDU\ DQG QRQFRQWULEXWRU\ EDVLV ZKHUH UHTXLUHG E\ ZULWWHQ FRQWUDFW $ ZRUNHUV FRPSHQVDWLRQ ZDLYHU RI VXEURJDWLRQ DSSOLHV LQ IDYRU RI WKH &LW\ RI /D 4XLQWD 7KH &LW\RI/D 4XLQWD LV DGGLWLRQDO LQVXUHG ZLWK UHJDUGWRJHQHUDO OLDELOLW\RQDSULPDU\ DQG QRQFRQWULEXWRU\EDVLV ZKHUH UHTXLUHG E\ ZULWWHQ FRQWUDFW $ ZRUNHUV 4XLQWD LV DGGLWLRQDO LQVXUHG ZLWK UHJDUGWRJHQHUDO OLDELOLW\RQD DSSOLHV LQ IDYRU RI WKH &LW\ RI /D 4XLQWD 7KH &LW\RI/D FRPSHQVDWLRQ 4XLQWD LV DGGLWLRQDO LQ ZDLYHU RI VXEURJDWLRQ 3URI&\EHU 5HWHQWLRQ 5HWUR $FWLYH 3URI&\EHU 5HWHQWLRQ 5HWUR $FWLYH 3URI&\EHU $;,6 $;,6 3UR 7HFK1HW 6ROXWLRQV 7HFKQRORJ\ 3URIHVVLRQDO 6HUYLFHV /LDELOLW\ FRYHUDJH IRUP SJ $XWRPDWLF $GGLWLRQDO ,QVXUHG3URI&\EHU $;,6 $;,6 3UR 7HFK1 VWDWXV ZKHQUHTXLUHG E\ ZULWWHQ FRQWUDFW ZLWK \RXVWDWXV ZKHQ UHTXLUHG E\ ZULWWHQ FRQWUDFW ZLWK \RX 3URI&\EHU $;,6:DLYHU RI6XEURJDWLRQ $JDLQVW &OLHQWV :KHUH 5HTXLUHG E\&RQWUDFW (QGRUVHPHQW 8PEUHOOD LV IROORZ IRUP UHJDUGLQJ XQGHUO\LQJ&*/%$:& ([FHVV 3URI&\EHU 8QGHUO\LQJ /LPLW 8QGHUO\LQJ 5HWHQWLRQ 5HWUR $FWLYH ϭϭͬϭϱͬϮϬϮϬ sĂůůĞǇ&ŽƌŐĞ/ŶƐƵƌĂŶĐĞŽŵƉĂŶǇ ϭϭͬϭϱͬϮϬϮϬsĂůůĞǇ&ŽƌŐĞ/ŶƐƵƌĂŶĐĞŽŵƉĂŶǇ ϭϭͬϭϱͬϮϬϮϬsĂůůĞǇ&ŽƌŐĞ/ŶƐƵƌĂŶĐĞŽŵƉĂŶǇ ϭϭͬϭϱͬϮϬϮϬsĂůůĞǇ&ŽƌŐĞ/ŶƐƵƌĂŶĐĞŽŵƉĂŶǇ ϭϭͬϭϱͬϮϬϮϬsĂůůĞǇ&ŽƌŐĞ/ŶƐƵƌĂŶĐĞŽŵƉĂŶǇ ϭϭͬϭϱͬϮϬϮϬsĂůůĞǇ&ŽƌŐĞ/ŶƐƵƌĂŶĐĞŽŵƉĂŶǇ sĂůůĞǇ&ŽƌŐĞ/ŶƐƵƌĂŶĐĞŽŵƉĂŶǇϭϭͬϭϱͬϮϬϮϬ sĂůůĞǇ&ŽƌŐĞ/ŶƐƵƌĂŶĐĞŽŵƉĂŶǇϭϭͬϭϱͬϮϬϮϬ sĂůůĞǇ&ŽƌŐĞ/ŶƐƵƌĂŶĐĞŽŵƉĂŶǇϭϭͬϭϱͬϮϬϮϬ ϭϭͬϭϱͬϮϬϮϬsĂůůĞǇ&ŽƌŐĞ/ŶƐƵƌĂŶĐĞŽŵƉĂŶǇ ϭϭͬϭϱͬϮϬϮϬsĂůůĞǇ&ŽƌŐĞ/ŶƐƵƌĂŶĐĞŽŵƉĂŶǇ ϭϭͬϭϱͬϮϬϮϬsĂůůĞǇ&ŽƌŐĞ/ŶƐƵƌĂŶĐĞŽŵƉĂŶǇ ϭϭͬϭϱͬϮϬϮϬsĂůůĞǇ&ŽƌŐĞ/ŶƐƵƌĂŶĐĞŽŵƉĂŶǇ ϭϭͬϭϱͬϮϬϮϬsĂůůĞǇ&ŽƌŐĞ/ŶƐƵƌĂŶĐĞŽŵƉĂŶǇ ϲϬϳϵϲϴϰϱϲϴ ϭϭͬϭϱͬϮϬϮϬϭϭͬϭϱͬϮϬϮϭ sĂůůĞǇ&ŽƌŐĞ/ŶƐƵƌĂŶĐĞŽŵƉĂŶǇ ϭϭͬϭϱͬϮϬϮϬ ϭϭͬϭϱͬϮϬϮϬ ϭϭͬϭϱͬϮϬϮϬ ϭϭͬϭϱͬϮϬϮϬ ϲϬϳϵϲϴϰϱϲϴ sĂůůĞǇ&ŽƌŐĞ/ŶƐƵƌĂŶĐĞŽŵƉĂŶǇ ϭϭͬϭϱͬϮϬϮϭϭϭͬϭϱͬϮϬϮϬ ϭϭͬϭϱͬϮϬϮϭ ϭϭͬϭϱͬϮϬϮϬϭϭͬϭϱͬϮϬϮϬ ϭϭͬϭϱͬϮϬϮϭ ϭϭͬϭϱͬϮϬϮϬϭϭͬϭϱͬϮϬϮϭ AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 1 of 21 Except for section and paragraph headings, all words in bold have a special meaning as set forth in the section entitled DEFINITIONS. Section and paragraph headings are provided for informational purposes only and do not have special meaning. THIS INSURANCE POLICY PROVIDES COVERAGE ON A CLAIMS-MADE BASIS AND APPLIES ONLY TO CLAIMS FIRST MADE AGAINST THE INSURED DURING THE POLICY PERIOD OR ANY APPLICABLE EXTENDED REPORTING PERIOD. CLAIMS MUST BE REPORTED TO THE INSURER AS SET FORTH IN THE SECTION ENTITLED REPORTING OF CLAIMS AND EVENTS. CLAIM EXPENSES ARE INCLUDED IN THE LIMITS OF INSURANCE, AND PAYMENT THEREOF WILL ERODE, AND MAY EXHAUST, THE POLICY LIMIT OF INSURANCE. In consideration of the payment of the premium and in reliance on the statements in the Application and subject to all other terms and conditions of this policy, the Insurer designated on the Declarations and the Named Insured, on behalf of all Insureds, agree to the following: CLAIMS MADE LIABILITY COVERAGES The following Coverages apply if the Declarations displays a Limit of Insurance for such Coverage: A. Technology Professional Services Errors and Omissions Liability Coverage The Insurer will pay those Damages, in excess of the applicable retention and within the applicable Limit of Insurance, that the Insured becomes legally obligated to pay because of any Professional Services Liability Claim alleging a Wrongful Act, provided that: 1. such Claim is first made against the Insured during the Policy Period or any applicable Extended Reporting Period and is reported to the Insurer in accordance with section entitled REPORTING OF CLAIMS AND EVENTS; 2. such Wrongful Act first occurred on or after the Retroactive Date and prior to the end of the Policy Period; and 3. as of the First Inception Date, no Control Group Insured: a. had given notice to any insurer of any: i.Related Professional Services Liability Claim; ii. act, error, omission, fact or circumstance, including any Related Wrongful Act, reasonably likely to give rise to a Professional Services Liability Claim; or b. knew, or had a basis to believe, that any: i.Related Professional Services Liability Claim had been made; or ii. act, error, omission, fact or circumstance, including any Related Wrongful Act, was reasonably likely to give rise to a Professional Services Liability Claim. B. Enterprise Security Event Liability Coverage The Insurer will pay those Damages, in excess of the applicable retention and within the applicable Limit of Insurance, that the Insured becomes legally obligated to pay because of an Enterprise Security Event Claim, provided that: The following Coverages apply if the Declarations displays a Limit of Insurance for such Coverage: A. Technology Professional Services Errors and Omissions Liability Coverage The Insurer will pay those Damages, in excess of the applicable retention and within the applicable Limit of py g ,pp pp Insurance, that the Insured becomes legally obligated to pay because of any Professional Services Liability,gy Claim alleging a Wrongful Act, provided that: AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 2 of 21 1. such Enterprise Security Event Claim is first made against the Insured during the Policy Period or any applicable Extended Reporting Period and is reported to the Insurer in accordance with section entitled REPORTING OF CLAIMS AND EVENTS; 2. the Enterprise Security Event giving rise to the Enterprise Security Event Claim first occurred on or after the Retroactive Date and prior to the end of the Policy Period and is reported to the Insurer in accordance with section entitled REPORTING OF CLAIMS AND EVENTS; and 3. as of the First Inception Date, no Control Group Insured: a. had given notice to any insurer of any: i.Related Enterprise Security Event Claim; ii. act, error, omission, fact or circumstance, including any Related Enterprise Security Event, reasonably likely to give rise to an Enterprise Security Event Claim; or b. knew, or had a basis to believe, that any: i.Related Enterprise Security Event Claim had been made; or ii. act, error, omission, fact or circumstance, including any Related Enterprise Security Event, was reasonably likely to give rise to an Enterprise Security Event Claim. C. Privacy Regulation Liability Coverage The Insurer will pay Regulatory Loss, in excess of the applicable retention and within the applicable Limit of Insurance, that an Insured becomes legally obligated because of a Privacy Regulation Claim alleging such Insured, or others for whom such Insured is legally liable, violated a Privacy Regulation, provided that: 1. such Privacy Regulation Claim is first made against the Insured during the Policy Period or any applicable Extended Reporting Period and is reported to the Insurer in accordance with section entitled REPORTING OF CLAIMS AND EVENTS; 2. the Enterprise Security Event giving rise to the Privacy Regulation Claim first occurred on or after the Retroactive Date and prior to the end of the Policy Period and is reported to the Insurer in accordance with section entitled REPORTING OF CLAIMS AND EVENTS; and 3. as of the First Inception Date, no Control Group Insured: a.had given notice to any insurer of any Related Privacy Regulation Claim or of any Related Violation reasonably likely to give rise to a Privacy Regulation Claim; b.knew, or had a basis to believe, that any Related Privacy Regulation Claim had been made or that any Related Violation was reasonably likely to give rise to a Privacy Regulation Claim. The Insurer will also pay all Claim Expenses in excess of any applicable retention in connection with such Claim. Claim Expenses are included within and erode the applicable Limits of Insurance. AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 3 of 21 SUPPLEMENTAL BENEFITS Breach Preparedness Information Services The Insurer will provide Breach Preparedness Information Services to the Insured Entities during the Policy Period, even if an Enterprise Security Event has not yet occurred. This supplementary service will be provided to the Insured Entities without premium or fee. LIMITS OF INSURANCE, RETENTION AND REIMBURSEMENT A. Multiple Insureds, Claims, Claimants The Limits of Insurance will not exceed the amounts stated respectively on the Declarations no matter how many Insureds are covered, Claims, claimants, Wrongful Acts, Enterprise Security Events, or violations of Privacy Regulations. B. Limits of Insurance 1.Policy Limit of Insurance The Policy Limit of Insurance stated on the Declarations is the most the Insurer will pay for all amounts covered under this policy. 2.Claims-Made Liability Coverages Limits of Insurance a.Each Professional Services Liability Claim Limit of Insurance Subject to the Policy Limit of Insurance, the Each Professional Services Liability Claim Limit of Insurance stated on the Declarations is the most the Insurer will pay for all covered Damages and Claim Expenses in connection with each Professional Services Liability Claim. b.Each Enterprise Security Event Claim Limit of Insurance Subject to the Policy Limit of Insurance, the Each Enterprise Security Event Claim Limit of Insurance stated on the Declarations is the most the Insurer will pay for all covered Damages and Claim Expenses in connection with each Enterprise Security Event Claim. c.Each Privacy Regulation Claim Limit of Insurance Subject to the Policy Limit of Insurance, the Each Privacy Regulation Claim Limit of Insurance stated on the Declarations is the most the Insurer will pay for all covered Regulatory Loss and Claim Expenses in connection with each such Privacy Regulation Claim. If more than one Claims-Made Liability Coverage applies to the same Claim, the Limit of Insurance that applies to such Claim will not exceed the highest Limit of Insurance available under any one such coverage that applies. C. Retention 1. If a retention is indicated on the Declarations, the Insured is responsible for payment of such retention. All retentions will be borne by the Insureds uninsured and at their own risk. The Insurer’s obligation to pay any amounts under this policy is excess of the applicable retention. The Limits of Insurance will not be reduced by the payment of any retention. AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 4 of 21 2. Each Claim Retention The Each Claim Retentions stated on the Declarations will apply to each Professional Services Claim, each Enterprise Security Event Claim, each Privacy Regulation Claim, as applicable. The Insurer’s obligation to pay Damages, Claim Expense, or defend such Claims shall be excess of the amount stated as the Each Claim Retention. In the event that a Claim is covered under more than one Claims Made Liability Coverage, then the Insured will be responsible for payment of only the highest applicable Each Claim Retention for such Claim. D. Reimbursement If the Insurer has paid any amounts in excess of any applicable Limit of Insurance, or amounts paid in connection with Claims for which this policy does not afford coverage, or if the Insurer has paid part or all of the retention, the Insurer will have the right to seek recovery from the Insured Entity for any such amounts. DEFENSE AND SETTLEMENT OF CLAIMS A.The Insurer will have the right and duty to defend a covered Claim, even if the allegations are groundless, false or fraudulent. B.The Insurer will have the right to appoint a lawyer on the Insured’s behalf and to investigate and settle a covered Claim as is deemed necessary by the Insurer. However, the Insurer will not settle a Claim without the Insured’s consent, such consent not to be unreasonably withheld. If the Insurer recommends a settlement of a Claim which is acceptable to the claimant, and the Insured refuses to consent to such settlement, then the Insurer’s obligation to pay Damages, Regulatory Loss and Claim Expenses on account of such Claim will not exceed the sum of the amount for which the Insurer could have settled such Claim plus Claim Expenses incurred prior to the date of such settlement offer, plus fifty percent (50%) of Damages, Regulatory Loss and Claim Expenses combined that are incurred after the date of the Insured’s refusal to consent to such settlement. However, in no event will the Insurer’s liability exceed the applicable Limits of Insurance. C.The Insureds will not settle any Claim, pay any Damages or Regulatory Loss, incur any Claim Expenses, admit or assume any liability, stipulate to any judgment, or otherwise assume any obligation with respect to a Claim without the Insurer’s prior written consent. Notwithstanding the foregoing, if all applicable Insureds are able to fully and finally dispose with prejudice such Claim for an amount within the applicable retention, including Claim Expenses, then the Insurer's consent will not be required for such disposition. D.The Insurer’s right and duty to defend or pay Insureds ends when the applicable Limit of Insurance has been exhausted. EXCLUSIONS A. Exclusions Applicable to All Coverages This policy does not provide coverage for Claims, or coverage for any amounts: •Bodily Injury or Property Damage based upon or arising out of: 1.Bodily Injury; except that this exclusion does not apply to mental injury or mental anguish if directly resulting from: a. a Wrongful Act that gives rise to a Professional Services Liability Claim; or AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 5 of 21 b. an Enterprise Security Event involving Protected Personal Information that gives rise to an Enterprise Security Event Claim. 2.Property Damage. •Contractual Liability for, based upon or arising out of any knowing violation of contract, representation, warranty or guarantee, except, however, this exclusion does not apply to: 1.Claims based upon the Insured’s liability that would have attached in the absence of such contract or agreement, including any Claim based upon or arising out of allegations of a breach of an agreement to perform within a reasonable standard of care or skill consistent with applicable industry standards 2.Enterprise Security Event Claims based upon an Insured’s breach of an obligation to maintain the security or confidentiality of Protected Data; or 3.Liabilities assumed by the Insured in the form of hold harmless or indemnity agreements for Content executed with any party, but only as respects a Professional Services Liability Claim. However, the above exceptions shall not apply to any guarantees or promises relating to cost estimates, contract prices, cost savings, profits or return on investment, and the Insurer shall not be obligated to pay any Damages or Claim Expense or any other amounts arising out of such guarantees or promises. •Fraudulent or Intentional Misconduct based upon or arising out of any act, error or omission that is dishonest, fraudulent, criminal, malicious or intentionally committed by an Insured while knowing it was wrongful or unauthorized, except that this exclusion does not apply to an otherwise covered Wrongful Act alleging malicious prosecutions, malicious falsehood, outrage or outrageous conduct. Unless the conduct complained of is otherwise excluded by the exclusion entitled Harassment, Misconduct, or Discrimination, the Insurer will provide a defense and pay Claim Expense unless or until such conduct is evidenced by any final adjudication, alternate dispute resolution proceeding ruling, or by admission by the Insured. This exclusion only applies to any Insured who is found to have committed such conduct by any trial verdict, court ruling, or regulatory ruling. For the purpose of applying this exclusion: 1. the acts, errors or omissions of any current or former partner, officer, or director of any Insured Entity will be imputed to the Insured Entity; 2. the acts, errors or omissions of any Individual Insured will not be imputed to any other Individual Insured. •Insured versus Insured 1. made by, on behalf of or for the benefit of any Insured, if such Claim is a Professional Services Liability Claim; and 2. made by, on behalf of or for the benefit of any Insured Entity, if such Claim is an Enterprise Security Event Claim. AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 6 of 21 •Intellectual Property based upon or arising out of any actual or alleged infringement, contributory infringement, misappropriation or theft of any intellectual property rights by the Insured, including, but not limited to patent, infringement of copyright or trademark, service mark, trade dress, trade secret or trade slogan; except, however, this exclusion does not apply to any Wrongful Act as set forth in paragraph 5 of the definition of Wrongful Act. •Owned Entity made by, on behalf of or for the benefit of any entity that is a parent of the Named Insured, joint venturer or co-venturer of any Insured Entity, or other entity in which any Insured is a partner, and including any entity directly or indirectly controlled, operated or managed by such an entity. •Pension and Retirement Fund Related Acts based upon or arising out of acts of the Insured related to any Insured Entity’s pension, healthcare, welfare, profit sharing, mutual or investments plans, funds or trusts; or any violation of any provisions of the Employee Retirement Income Security Act of 1974 or any amendment of or addition to such laws or any violation of any order, rulings or regulation issued pursuant thereto. •Pollution based upon, arising out of, directly or indirectly resulting from, in consequence of, or in any way involving: a.any nuclear reaction, radiation, or contamination; b.the actual, alleged or threatened discharge, release, escape, seepage, migration, dispersal, or disposal of Pollutants anywhere or anytime or the creation of any injurious condition involving Pollutants; or c. any direction, request, demand or order that the Insureds test for, monitor, clean up, remove, contain, treat, detoxify, or neutralize Pollutants; whether or not the events described in a, b, or c above were sudden, accidental, gradual, intended, expected or preventable, and whether or not any Insured caused or contributed to such event. •Securities Law Violations for any actual or alleged violation of the Securities Act of 1933, the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, any United States’ state blue sky or securities law or any similar state or federal law or any amendment of or addition to such laws or any violation of any order, ruling or regulation issued pursuant thereto; except that this exclusion does not apply with respect to a Privacy Regulation Claim. •Unlawful Use of Information based upon or arising out of any unlawful or unauthorized: 1. collection or acquisition of personal information; or 2. use of personal information to send unsolicited communications, faxes or emails, or any failure to comply with legal requirements or obligations relating to a person’s consent to the acquisition, collection, or use of personal information. However, this exclusion does not apply with respect to a Privacy Regulation Claim. AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 7 of 21 •Violation of Statute for any actual or alleged violation of any federal, state, or local statute, ordinance, or regulation, including but not limited to: 1.unfair competition, restraint of trade or any other violation of antitrust laws, including, but not limited to, the Sherman Act, the Clayton Act, the Robinson-Patman Act, or 2. the Telephone Consumer Protection Act, the Can-Spam Act of 2003, and the Fair Credit Reporting Act (United States) all as amended and any rules or regulations promulgated pursuant thereto, as well as any other similar federal, state, local, or foreign law. This exclusion shall not apply with respect to a Privacy Regulation Claim. •War based upon or arising out of war, invasion, hostilities or warlike operations (whether war is declared or not), strike, lock-out, riot, civil war, rebellion, revolution, insurrection, civil commotion assuming the proportions of or amounting to an uprising, military or usurped power, or the confiscation, nationalization or destruction of, or damage to, property under the order of government or other public authority. B. Exclusions Applicable Only to Professional Services Liability Claims This policy does not provide coverage for Professional Services Liability Claims: •Advertising by the Insured; Contests. based upon or arising out of: 1.Advertising by Insured; 2.Contests. •Governmental Actions made by any federal, state, foreign or local governmental entity, or that are based upon actions, decisions, orders, or proceedings by any federal, state or local governmental entity, including the Federal Trade Commission or Federal Communications Commission; however, this exclusion shall not apply to any Professional Services Liability Claim made against an Insured by a governmental entity solely in its capacity as a client of such Insured. •Gain, Profit or Advantage based upon or arising out of gain, profit or advantage to which any Insured is not legally entitled, as evidenced by any judgment, final adjudication, alternate dispute resolution proceeding or written admission by the Insured. •Harassment, Misconduct, or Discrimination based upon or arising out of harassment, misconduct or discrimination because of or relating to: race, creed, color or age; sex, sexual preference, national origin or religion; or handicap, disability or marital status. AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 8 of 21 •Misstatements or Errors in Content based upon or arising out of inaccurate, inadequate or incomplete description of the price of goods, products or services, or the failure of goods, products, or services to conform with any represented quality or performance contained in material which promotes the product, service or business of others. •Specified Professional Services based upon or arising out of any act, error or omission in the performance of legal, accounting, architectural, health care services, actuarial, licensed insurance or real estate agent or broker, certified financial planner, securities or investment advisor or broker / dealer. REPORTING OF CLAIMS AND EVENTS A. When a Claim is Made or Event Occurs 1. A Claim will be deemed to be first made on the earlier of: a. the date of any Control Group Insured’s receipt of notice of such demand, request or investigation if such Claim is a written demand, investigation or request for information, or b. the date of service upon or other receipt by a Control Group Insured of a complaint in any such proceeding, if such Claim is a civil proceeding, arbitration or any alternative dispute resolution proceeding. If Related Claims are subsequently made against the Insured and are reported to the Insurer, all such Related Claims, whenever made, will be considered a single Claim and such Claim will be deemed to have been made on the date the first of those Claims was made against any Insured. 2. An Enterprise Security Event or violation of a Privacy Regulation, as applicable, will be deemed to occur when such Enterprise Security Event or violation of a Privacy Regulation becomes known to a Control Group Insured. A Wrongful Act will be deemed to occur when such Wrongful Act becomes known to a Control Group Insured. If Related Wrongful Acts, Related Enterprise Security Events, or Related Violations subsequently occur, and are reported to the Insurer, all such Related Wrongful Acts, Related Enterprise Security Events, or Related Violations will respectively be considered a single Wrongful Act, single Enterprise Security Event, or single violation of a Privacy Regulation and will be deemed to have occurred on the date the first of those Wrongful Acts, Enterprise Security Events, or violations of a Privacy Regulation occurred. B. Reporting of Claims and Events It is a condition precedent to coverage under this policy that: 1. as soon as any Control Group Insured becomes aware of any Claim, the Insured must notify the Insurer in writing as soon as practicable, but in no event later than 60 days after the end of the Policy Period; and 2. as soon as any Control Group Insured becomes aware of any Enterprise Security Event, the Insured must immediately notify the Insurer in writing, but in no event later than 60 days after the Enterprise Security Event occurs. The Insured is relieved of its obligation to notify the insurer of an Enterprise Security Event as set forth in paragraph 2 above, if and only for so long as a “legal prohibition” prevents such notification. As used in this paragraph, “legal prohibition” means a statute, law, regulation or court order that would prohibit such notification. Immediately upon cessation of such “legal prohibition” the Insured must provide the required notice. AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 9 of 21 C. Reporting of Circumstances If, during the Policy Period or during the automatic Extended Reporting Period, if applicable, an Insured gives the Insurer written notice of an act, error, omission, fact or circumstance, including a Wrongful Act, Enterprise Security Event, or violation of a Privacy Regulation that occurred during the Policy Period and is reasonably likely to give rise to a Claim with full details of: 1.such an act, error, omission, fact or circumstance including any available information on persons or entities involved such act, error, omission, fact or circumstance; 2.the nature and extent of the potential damages and the names of the potential claimants; 3. the manner in which the Insured first became aware of such an act, error, omission, fact or circumstance, then any such Claim subsequently arising out of such act, error, omission, fact or circumstance will be deemed to have been made during the policy period in which notice was given. In order for coverage to apply to any such Claim, the Insured must provide notice to the Insurer of such Claim as soon as practicable, but no later than 60 days after such Claim is first made against the Insured. No coverage will be provided for any Damages, Regulatory Loss, or Claim Expenses incurred prior to the time such Claim is made unless otherwise authorized in writing by the Insurer. EXTENDED REPORTING PERIODS No Extended Reporting Period will be construed to be a new policy and any Claim submitted during an Extended Reporting Period will be subject to the policy’s terms and conditions, except as specifically set forth below. All Claims made during an Extended Reporting Period must be reported in accordance with section entitled REPORTING OF CLAIMS AND EVENTS. A.Automatic Extended Reporting Period If the Named Insured or the Insurer does not renew this policy, or the Insurer cancels this policy for reasons other than for non-payment of premium, the Insurer will grant an automatic, non-cancelable 60 day Extended Reporting Period. This automatic Extended Reporting Period terminates 60 days after the end of the Policy Period. The Limits of Insurance applicable to Claims made during the automatic Extended Reporting Period is part of and not in addition to the Limits of Insurance set forth on the Declarations. No automatic Extended Reporting Period is available if the Named Insured elects an Optional Extended Reporting Period, or if the Named Insured obtains another insurance policy that applies to such Claim within 60 days immediately following the end of the Policy Period. B.Optional Extended Reporting Period If this policy is canceled or non-renewed, the Named Insured may elect to purchase an Optional Extended Reporting Period unless the Insurer cancels or non-renews the policy because any Insured failed to pay any amounts owed to the Insurer or any Insured failed to comply with policy provisions. 1. The Optional Extended Reporting Periods and their respective percentages of the annual premium that the Named Insured must pay to purchase an Optional Extended Reporting Period are set forth on the Declarations. AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 10 of 21 2. The Insurer must receive the Named Insured’s request for the Optional Extended Reporting Period by written notice together with the applicable premium, within forty-five (45) days after the end of the Policy Period. If the Insurer does not receive payment within forty-five (45) days following the effective date of termination or nonrenewal, the Insurer will not be required to provide any Optional Extended Reporting Period. Premium for the Optional Extended Reporting Period will be fully earned on the effective date thereof. Once in effect, the Optional Extended Reporting Period may not be canceled. 3.A Claim reported in writing to the Insurer during the Optional Extended Reporting Period will be deemed to have been made on the last day of this Policy Period. 4. No Extended Reporting Period reinstates or increases the Limits of Insurance. DEFINITIONS Whether expressed in the singular or plural, whenever appearing in bold in this policy, the following terms have the meanings set forth below. Additional Insured means a person or entity to which an Insured Entity is obligated by virtue of a written contract or agreement to add such person or entity to this policy as an additional insured. Such person or entity, however, is insured only for the vicarious liability of such person or entity because of a Claim based upon or arising from the acts or omissions of the Insured Entity and only to the extent of the Limits of Insurance required by such contract or agreement, subject to the availability of applicable Limits of Insurance. This paragraph does not apply unless the written contract or agreement has been executed prior to the occurrence of the Wrongful Act, Enterprise Security Event, or violation of a Privacy Regulation upon which the Claim is based. No such person or entity is insured under this policy for its liability arising out of its own acts, errors, or omissions. Advertisements means any publicity or promotion of the products or services of others disseminated by the Named Insured or by others on behalf of the Insured Entity in any medium, including the Internet. Advertising by the Insured means the publicity or promotion of an Insured Entity’s products or services to existing or potential consumers, or to establish its market brand or identity in the marketplace, regardless of the mode of dissemination (including, but not limited to, print or electronic media, website, or social media) and regardless of the form of expression (including, but not limited to, advertisements, domain names, logos, trademarks, trade names, trade dress, or slogans). Application means each and every signed application, any attachments or supplements to such applications, other written materials submitted therewith or incorporated therein and any other documents, including any warranty letters or similar documents, submitted in connection with the underwriting of this policy or the underwriting of any other policy issued by the Insurer or any of its affiliates of which this policy is a renewal or replacement, or which it succeeds in time. All such applications, attachments and materials are deemed attached to, incorporated into and made a part of this policy. Bodily Injury means physical injury to the body, or sickness or disease sustained by a person, including death resulting therefrom. Bodily Injury includes mental injury or mental anguish, including emotional distress, shock or fright, whether or not resulting from injury to the body, sickness, disease or death of any person. Breach Preparedness Information Service means data breach risk mitigation information displayed on the AXIS PRO® e-Risk Hub website. Claim means a Professional Services Liability Claim, Enterprise Security Event Claim, or Privacy Regulation Claim, as applicable. Claim Expenses means reasonable and necessary expenses incurred in the investigation, adjustment, negotiation, arbitration, mediation and defense of covered Claims, whether paid by the Insurer or by the Insured with the Insurer’s consent. Claim Expenses includes: AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 11 of 21 1. lawyer fees incurred by the Insurer or by the Insured with the Insurer’s consent; 2. court costs taxed against an Insured. However, this does not include lawyer’s fees or lawyer’s expenses taxed against the Insured; 3.the cost of appeal bonds or bonds to release attachments, but only for bond amounts within the applicable Limit of Insurance. The Insurer does not have to furnish these bonds; and 4. expenses incurred by an Individual Insured at the Insurer’s request, excluding: a. loss of earnings; and b. salaries, benefits, or other compensation paid to any Insured. Computer System means computer hardware, software and all components thereof linked together through a network of devices accessible through the internet or the Insured Entity’s intranet or connected with data storage or other peripheral devices and operated by and either owned by or leased to an Insured Entity or operated for the benefit of an Insured Entity by a third party service provider and used for the purpose of providing hosted application services to an Insured Entity; or for processing, maintaining, or storing electronic data, pursuant to written contract or agreement with an Insured Entity. Consumer Redress Fund means those sums the Insured is legally obligated to deposit in a fund as an equitable remedy for the payment of consumer claims resulting from an adverse judgment, ruling, or settlement of a Privacy Regulation Claim. Content means communicative or informational content, regardless of the nature or form of such content, including software and Advertisements. Content does not mean Advertising by the Insured or Protected Data. Contests means any contests, discounts, coupons, rebates, prizes, games of chance, sweepstakes, awards or other incentives. Control Group Insured means an Insured Entity’s chairperson of the board of directors, president, chief executive officer, chief operating officer, chief financial officer, chief technology officer, chief information officer, chief privacy o fficer, chief security officer, risk manager or in-house counsel, or their functional equivalents, and the non-administrative personnel of the offices thereof. Corporate Information means any information owned by a third party and in an Insured Entity’s care, custody, or control and that an Insured Entity is legally required to maintain in confidence. However, Corporate Information does not include Protected Personal Information and does not mean publicly available information that is lawfully in the public domain or information available to the general public from government records. Damages means monetary judgment, award or settlement, including pre-judgment interest, and amounts that are actual, statutory, punitive, multiplied or exemplary, if permitted by law in an applicable jurisdiction; and lawyer’s fees and lawyer’s expense included as part of a judgment, award or settlement. Damages also includes interest on any part of a judgment not exceeding the applicable Limits of Insurance that accrues after the entry of the judgment and before the Insurer has paid or tendered or deposited the applicable judgment amount in court. Damages does not mean Regulatory Loss. However, Damages does not include: 1. fines or penalties, taxes, loss of tax benefits, or sanctions assessed against any Insured; 2. costs to comply with orders granting non-monetary or injunctive relief; 3.royalties, return or offset of royalties, fees, deposits, commissions or charges or any award, calculation or determination of damages based on royalties, licensing fees or profits; AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 12 of 21 4. any amounts attributable to loss of, theft of or the fluctuation in the value of, monies or securities; 5. disgorgement of unjust enrichment or profits; 6.liquidated damages to the extent such liquidated damages exceed the amount for which the Insured would have been liable in the absence of such liquidated damages agreement; 7. any costs or expenses incurred by or on behalf of any Insured to withdraw or recall material, media, medium, Technology Products or Professional Services from the marketplace, or loss of use arising out of such withdrawal or recall; 8. any amounts for which the Insured is not liable or for which there is no legal recourse against the Insured; 9. any amounts deemed uninsurable under the law pursuant to which this policy is construed. 10. any credits, refunds, discounts, coupons, prizes, awards or other incentives offered by the Insured; 11. any amounts for which an Insured is liable pursuant to any Payment Card Industry Agreement; 12. the costs of completing, correcting, performing or re-performing Professional Services, or completing or correcting Technology Products; 13. any amount incurred to test for, monitor, clean up, remove, contain, treat, detoxify, or neutralize Pollutants. In determining the insurability of punitive or exemplary damages, or the multiplied portion of any multiplied damage award, the law of the jurisdiction most favorable to the insurability of those damages will apply. If the Named Insured reasonably determines that punitive or exemplary damages are insurable, the Insurer will not challenge that determination. Enterprise Security Event means any of the following: 1. accidental release, unauthorized disclosure, loss, theft, or misappropriation of Protected Data in the care, custody or control of an Insured Entity or a Service Contractor; 2. alteration, corruption, destruction, deletion or damage to data stored on the Computer System; 3. transmitting or receiving Malicious Code via the Computer System; 4. unauthorized access to or unauthorized use of the Computer System that directly results in denial or disruption of access of authorized parties; 5. solely with respect to a Claim, the Insured’s failure to: a. timely disclose an incident described in 1. and 2. above in violation of a Privacy Regulation; b. comply with its own written and published privacy policy, but solely with respect to provisions: i. prohibiting any Insured from disclosing, sharing, or selling Protected Personal Information; ii. requiring the Insured to provide access to and correct inaccurate or incomplete Protected Personal Information; and iii. requiring compliance with procedures to prevent the theft or loss of Protected Personal Information. AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 13 of 21 Enterprise Security Event Claim means a written demand for monetary or non-monetary relief, or a civil proceeding, arbitration or any alternative dispute resolution proceeding, including any appeal therefrom, alleging an Enterprise Security Event. Enterprise Security Event Claim does not include a Privacy Regulation Claim or a Professional Services Liability Claim. Extended Reporting Period means the designated period of time after the cancellation or non-renewal of the Policy Period for reporting Claims first made against the Insured during such designated period of time provided that the Claim alleges a Wrongful Act or an Enterprise Security Event, as applicable, that first occurred on or after the Retroactive Date and prior to the end of the Policy Period. First Inception Date is the inception date of the earliest insurance policy the Insurer issued to the Named Insured that provides coverage similar to that afforded under this policy when there has been uninterrupted coverage by the Insurer for the Named Insured from that earliest policy to this policy. Individual Insured means, individually and collectively: 1.an Insured Entity’s stockholders but solely for their liability as stockholders; 2. an Insured Entity’s current or former partners, officers, directors and employees, including seasonal, temporary volunteers, but only with respect to their activities within the scope of their duties in their capacity as such; 3. a natural person performing services or duties within the scope of their written agreement with an Insured Entity and for whom the Insured Entity is legally liable, but only while acting within the scope of such person’s duties performed on behalf of the Insured Entity, and only at the Insured Entity’s election upon notifying the Insurer of a Claim; and 4. any Additional Insured. Insured means, individually and collectively: 1. an Insured Entity; and 2. an Individual Insured. Insured Entity means the Named Insured and any Subsidiary. Internet Media Services means: 1. The electronic publishing or display of Content on an Internet site; 2. Providing or maintaining of: social networking websites, social media websites, instant messaging, web- conferencing, webcasting, Internet-based electronic mail, online forums, bulletin boards, list-serves or chat rooms. Internet Services means services to obtain, maintain, provide or use the internet, including, but not limited to: 1. services as an Application Service Provider (ASP), domain name registrar, or Internet Service Provider (ISP); and 2 webhosting, electronic exchange and auction services, web portal services, search engine services and electronic commerce transaction services; 3. development, design and maintenance of websites and e-mail services, including Content for such websites and services; and 4.Internet Media Services AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 14 of 21 Malicious Code means any computer virus, Trojan horse, worm, or other code, script, or software program that is intentionally designed and released or inserted to access, damage, disable, or harm any part of a computer network or Protected Data on such network. Management Control means that the Named Insured, either directly or indirectly: 1.owns more than 50% of the issued and outstanding voting equity securities; or 2.controls voting rights representing the present right to vote for election or to appoint more than 50% of the directors or trustees. Named Insured means the entity listed as such on the Declarations of this policy. Payment Card Industry Agreement means rules adopted by a credit/debit card company, or credit/debit card processor delineating data security standards, data incident management protocols or data incident indemnity obligations. Personal Injury means: 1. wrongful entry or eviction, trespass, eavesdropping or other invasion of the right of private occupancy; 2. false arrest, detention or imprisonment; or 3. malicious prosecution. Policy Period means the period of time stated on the Declarations or any shorter period resulting from cancellation of this policy. Pollutant means any solid, liquid, gaseous or thermal irritant or contaminant, including but not limited to: 1. smoke, vapor, soot, fumes, acids, alkalis, chemicals, lead, silica, mold or asbestos; 2. hazardous, toxic or radioactive matter or nuclear radiation; 3. waste, which includes material to be recycled, reconditioned or reclaimed; or 4. any other Pollutant as defined by applicable federal, state or local statutes, regulations, rulings, ordinances, or amendments thereto. Privacy Regulation means any of the following statutes and regulations associated with the care, custody, control or use of personally identifiable financial, medical or other sensitive personal information: 1. Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191); 2. Health Information Technology for Economic and Clinical Health Act of 2009, and its related regulations; 3. Gramm-Leach-Bliley Act of 1999; 4. California Database Breach Act (SB1386); 5. Minnesota Plastic Card Security Act; AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 15 of 21 6. General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”); or 7. other state, federal, and foreign identity theft and privacy protection statutes, rules and regulations similar to those stated above that require commercial entities that collect, process, or store personal information (as defined in such statutes, rules and regulations, as applicable) to post privacy policies, adopt specific privacy controls, or to notify natural persons and/or organizations in the event that such personal information has been comprised or potentially compromised. Privacy Regulation Claim means a civil proceeding, civil investigation or request for information brought against any Insured for an actual or alleged violation of any Privacy Regulation resulting from a covered Enterprise Security Event by or on behalf of any federal, state, local or foreign governmental agency including, but not limited to the Federal Trade Commission or Federal Communications Commission. Privacy Regulation Claim also means and includes any request for information, official investigation, formal hearing or other proceeding brought by or on behalf of a governmental agency or other entity with authority to enforce the GDPR. Privacy Regulation Claim does not include an Enterprise Security Event Claim or Professional Services Liability Claim. Professional Services means the following services when provided to others by the Insured for monetary or other forms of compensation: 1.Technology Services; and 2. Any professional services that are defined in a “Professional Services Endorsement” to this policy, if attached. If no Professional Services Endorsement is attached to this policy, Professional Services shall only mean Technology Services. Professional Services Liability Claim means a written demand for monetary or non-monetary relief, or a civil proceeding, arbitration or any alternative dispute resolution proceeding, including any appeal therefrom, alleging the Insured or another party for whom the Insured is legally liable committed a Wrongful Act. Professional Services Liability Claim does not include an Enterprise Security Event Claim or a Privacy Regulation Claim. Property Damage means physical injury to tangible property and any resulting loss or corruption of data or information, including all resulting loss of use of that property, data or information. Property Damage does not mean the loss, corruption or destruction of data or information when the tangible property on which the data or information resides or resided is not physically injured. Protected Data means Protected Personal Information and Corporate Information. However, Protected Data does not mean publicly available information that is lawfully in the public domain or information available to the general public from government records. Protected Personal Information means, with respect to natural persons, any private, non-public information of any kind in an Insured Entity’s care, custody, or control, regardless of the nature or form of such information, including but not limited to the following, but only if such information allows an individual to be uniquely identified: 1. social security or social insurance number; 2. medical service or healthcare data; 3. driver’s license or government-issued identification number; 4. equivalents of any of the information listed in 1. – 3. above; 5. account, credit card, or debit card number, alone or in combination with any information that permits access to an individual’s financial information, including, but not limit to, security or access code or password; and 6. other-non-public information to the extent prescribed under Privacy Regulations. AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 16 of 21 However, Protected Personal Information does not mean Corporate Data and does not mean publicly available information that is lawfully in the public domain or information available to the general public from government records. Regulatory Loss means fines and penalties which the Insured becomes legally obligated to pay as a result of a Privacy Regulation Claim when permitted by applicable law. Regulatory Loss also includes sums paid to a Consumer Redress Fund. Related Claims mean any Related Professional Services Liability Claim, Related Enterprise Security Event Claim or Related Privacy Regulation Claim. Related Enterprise Security Event means all Enterprise Security Events that have as a common nexus any fact, circumstance, situation, event, transaction, cause or series of causally or logically connected facts, circumstances, situations, events, transactions or causes. Related Enterprise Security Event Claim means all Enterprise Security Event Claims arising out of a single Enterprise Security Event or Related Enterprise Security Events. Related Privacy Regulation Claims means all Privacy Regulation Claims arising out of a single Wrongful Act or violation of a Privacy Regulation or Related Wrongful Acts, or Related Violations. Related Professional Services Liability Claims means all Professional Services Liability Claims arising out of a single Wrongful Act or Related Wrongful Acts. Related Violations means all violations of Privacy Regulations that have as a common nexus any fact, circumstance, situation, event, transaction, cause or series of causally or logically connected facts, circumstances, situations, events, transactions or causes. Related Wrongful Act means all Wrongful Acts that have as a common nexus any fact, circumstance, situation, event, transaction, cause or series of causally or logically connected facts, circumstances, situations, events, transactions or causes. Retroactive Date means the date stated as such on the Declarations. If no date is stated, the Retroactive Date will be the First Inception Date of this policy. Service Contractor means any organization to which the Insured Entity has given care, custody or control of, or access to Protected Personal Information pursuant to a written contract or agreement with the Insured Entity, but only while acting within the scope of its duties performed on behalf of the Insured Entity. Subsidiary means any entity in which, and so long as, the Named Insured has Management Control: 1. as of the effective date of this policy, or 2. after the effective date of this policy by reason of being created or acquired by an Insured Entity, after such date, if and to the extent coverage with respect to such entity is afforded pursuant to the paragraph entitled New and Former Entities in the GENERAL CONDITIONS. Technology Products means any computer hardware, firmware, software, or related electronic product, equipment or device, specifically designed or intended for use in connection with any Technology Services, telecommunication systems or Telecommunications Services, that is created, manufactured, developed, distributed, licensed, leased or sold: 1. by the Insured Entity; or 2. for an Insured Entity by others acting under the Insured Entity's trade name. AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 17 of 21 Technology Services means: 1. analysis, design, integration and conversion of computer systems, computer networks and electronic systems; 2.designing, developing, programming, servicing, distributing, licensing, installing, maintaining and repairing computer software, computer code and computer firmware or hardware; 3. education and training in the use of computer hardware or software; 4. information services; 5. computer consulting; 6. data processing in connection with any of the above listed services, including but not limited to storing, collecting, compiling, processing, mining, conversion, encryption, recording or analysis of data; 7. computer and network security services including but not limited to providing content filtering, patch administration and security audits; 8.Internet Services. Wrongful Act means the following conduct by an Insured or by a person or entity for whom an Insured is legally liable, in the performance of Professional Services: 1. any negligent act, error or omission, including any negligent act, error or omission resulting in a breach of contract or in a failure of Technology Products to perform the function or serve the purpose intended; 2. any act, error or omission giving rise to Personal Injury; 3. libel, slander, product disparagement, trade libel, infliction of emotional distress, malicious falsehood, outrage or outrageous conduct; 4. invasion, infringement or interference with rights of privacy or publicity, including false light, public disclosure of private facts, intrusion, breach of confidence and commercial appropriation of name or likeness; 5. development, creation, dissemination or publication of Content that results in: a.infringement of title, slogan, trademark, trade name, trade dress, service mark or service name, including any related misuse of such intellectual property rights in Content; b. infringement of copyright, including any related misuse of such intellectual property rights in Content; c. false attribution of authorship, passing off, plagiarism or misappropriation of ideas under implied contract, including any related misuse of such intellectual property rights in Content. GENERAL CONDITIONS ••Action Against the Insurer No action will lie against the Insurer unless, as a condition precedent thereto, there has been full compliance with all of the terms of this policy by all Insureds, nor until the amount of the Insured's obligation to pay will have been fully determined either by judgment or award against the Insured after trial or arbitration or by written agreement among the Insureds, the claimant and the Insurer. AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 18 of 21 No person or organization will have any right under this policy to join the Insurer as a party to any action against the Insured to determine the Insured's liability, nor will the Insurer be impleaded by the Insured or the Insured’s legal representative. ••Assignment Assignment of any right or interest under this policy will not bind the Insurer unless and until its written consent is endorsed hereon. •Assistance and Cooperation All Insureds will cooperate with the Insurer in the handling of the Claim or covered event and upon the Insurer’s request will: 1. furnish the Insurer with copies of demands, reports, investigations, pleadings and all related papers and such other information, assistance and cooperation as the Insurer may reasonably request. 2. attend hearings, depositions, conferences, and trials, assist in effecting settlements, assist in securing and giving evidence, obtain the attendance of witnesses; and assist in any other aspect of the investigation and defense. An Insured will do nothing that in any way increases the Insurer’s exposure under this policy or in any way prejudices the Insurer’s potential or actual rights of recovery. No Insured will, except at the Insured’s own cost, voluntarily make a payment, admit liability, assume any obligation or incur any expense without the Insurer’s prior written consent unless otherwise specifically permitted. However, the Insured’s compliance with any Privacy Regulation will not be considered an admission of liability. Failure to cooperate with the Insurer in the defense of a Claim or in the investigation of a Claim or covered event, as applicable, is a breach of this policy. •Authorization The Named Insured is responsible for assurance of payment of all premiums and retentions. The Named Insured will have exclusive authority to act on behalf of all other Insureds with respect to providing and receiving notices of cancellation or nonrenewal, receiving any return premium, and purchasing any Optional Extended Reporting Period. In the event of a disagreement between any Insureds, the Named Insured will have exclusive authority to act on behalf of all other Insureds with respect to negotiation of settlements and the decision to appeal or not to appeal any judgment. •Bankruptcy The bankruptcy or insolvency of the Insured will not relieve the Insurer of the Insurer’s obligation under this insurance. •Cancellation and Nonrenewal 1.Cancellation a. The Named Insured may cancel this policy by mailing or delivering written notice of cancellation to the Insurer at the address stated on the Declarations. Such notice of cancellation will state the effective date of cancellation or, if no effective date is stated, the effective date of cancellation will be thirty (30) days after the Insurer’s receipt of notice. The Policy Period will end on that date. b. The Insurer may cancel this policy by mailing or delivering to the Named Insured written notice of cancellation at least: AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 19 of 21 i. ten (10) days before the effective date of cancellation if the Insurer cancels for nonpayment of premium; or ii. thirty (30) days before the effective date of cancellation if the Insurer cancels for any other reason. The Insurer will mail or deliver the notice to the Named Insured at the address stated on the Declarations. If notice of cancellation is mailed, proof of mailing will be sufficient proof of notice. Delivery of the notice will be the same as mailing. c.If this policy is canceled, the Insurer will send the Named Insured any premium refund due. If the Insurer cancels, the refund will be the pro rata unearned amount of the annual premium. If the Named Insured cancels, the refund, if any, will be the pro rata unearned amount of the annual premium calculated at the customary short rate. Return of premium to the Named Insured is not a condition precedent to cancellation. 2.Nonrenewal The Insurer may elect not to renew this policy by mailing or delivering written notice of nonrenewal to the Named Insured at its address stated on the Declarations at least 30 days before the policy expiration date. If notice of nonrenewal is mailed, proof of mailing will be sufficient proof of notice. Delivery of the notice will be the same as mailing. ••Changes to the Policy Notice or knowledge possessed by any person will not effect a waiver or a change in any part of this policy or estop the Insurer from asserting any rights under the terms of this policy, nor will the terms of this policy be waived or changed except by written endorsement issued to form a part of this policy. •Legal Representatives, Spouses and Domestic Partners The legal representatives, estate, heirs, spouse and any domestic partner of any Individual Insured will be considered to be an Insured under this policy, but only for a Claim against such person arising solely out of their status as such and, with respect to a spouse or domestic partner, only where such Claim seeks amounts from marital community, jointly held property or property transferred from such insured to such spouse or domestic partner. No coverage is provided for any act, error or omission committed by any legal representative, estate, heir, spouse or domestic partner. •Merger or Acquisition If during the Policy Period any of the following events occurs: 1. the merger or consolidation of the Named Insured into or with another entity such that the Named Insured is not the surviving entity; 2. the acquisition by any person, entity, or group of persons or entities of: a. majority voting control of the Named Insured; or b. all or substantially all of the assets of the Named Insured; or c. the appointment by any state or federal official, agency or court, of any receiver, conservator, liquidator, trustee, rehabilitator, or similar official to take control of, supervise, manage or liquidate the Named Insured; AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 20 of 21 then coverage will continue under this policy until terminated, but only with respect to acts, errors or omissions or covered events that occurred prior to such merger, consolidation, acquisition, or appointment. Coverage under this policy will cease as of the effective date of such merger, consolidation, acquisition, or appointment with respect to any acts, errors or omissions or covered events first occurring after such event. Upon termination of the policy, the Extended Reporting Period terms and conditions of this policy will apply. ••New and Former Entities 1. If during the Policy Period, the Named Insured obtains Management Control of any entity, then this policy will provide coverage for such newly created or acquired entity and its subsidiaries, directors, officers, or employees who would otherwise become an Insured pursuant to the terms and conditions of this policy. However, if any such newly acquired or created entity’s gross revenues exceed 20% of the Insured Entity combined annual gross revenues at the effective date of this policy, such entity will only be deemed a Subsidiary under this policy for a period of 90 days following such acquisition or creation. If the Named Insured seeks coverage for such entity beyond 90 days, it must give written notice within 90 days of such creation or acquisition and it must provide any necessary underwriting information and pay any additional premium as the Insurer may require. Coverage will continue beyond such 90 day period only if the Insurer, in its sole discretion, agrees to provide coverage to such entity and its subsidiaries, directors, officers or employee as evidenced in an endorsement to this policy. 2. In all events, there is no coverage under this policy: a. for any act, error or omission made by, or covered event in connection with, any Subsidiary, whether such Subsidiary qualified as such prior to the inception date of this policy or after the inception date of this policy by virtue of paragraph a1. above, or for Individual Insureds of any such Subsidiary, where such act, error or omission or covered event occurred in whole or in part before the date such entity became a Subsidiary, or occurred in whole after such time the entity ceases to be a Subsidiary; b. for any act, error or omission or covered event occurring on or after the date such entity became a Subsidiary, which together with any act, error or omission or covered event described in 2a. above would be considered to have a common nexus of fact, circumstance, situation, event, transaction, cause or series of causally or logically connected facts, circumstances, situations, events, transactions or causes. •Notices Except as otherwise provided in this policy, all notices under any provision of this policy must be in writing and delivered as follows: Notices to the Insureds will be delivered by prepaid express courier or certified mail to the Named Insured at its address as stated on the Declarations. Such notices are deemed to be received and effective upon actual receipt by the addressee or one day following the date such notices are sent, whichever is earlier. Notices to the Insurer will be delivered by prepaid express courier or certified mail, facsimile, or electronic mail to the appropriate party at the street address, fax number, or email address, as applicable, set forth on the Declarations. •Other Insurance If there is any other valid and collectible insurance available to the Insured that applies to any Coverage under this policy, this insurance is excess over such other insurance, except when the other insurance is specifically designed to apply in excess of this insurance, and no other insurance applies to provide such Coverage. •Premium The Named Insured will pay to the Insurer the amount of premium stated on the Declarations. The premium may be adjusted at any time during the Policy Period or any extensions of the Policy Period based upon changes in the provisions of this policy, as may be agreed upon by the Named Insured and the Insurer. AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 1010001 0117 Page 21 of 21 ••Representations and Severability The Insurer has relied on the statements made and information in the Application and the accuracy and completeness of such statements and information. Such statements and information are the basis for the Insurer’s issuance of this policy, are incorporated into and constitute a part of this policy, and such statements and information have induced the Insurer to issue this policy. If the Application contains any misrepresentation or any inaccurate or incomplete information or statement, and such misrepresentation or inaccurate or incomplete information or statement either was made with the intent to deceive, or materially affected either the acceptance of the risk or the hazard assumed by the Insurer under this policy, then no coverage will be provided under this policy for any Claims based upon or arising out of the facts that were the subject of such misrepresentation or inaccurate or incomplete information or statement, nor for covered events arising out of or in connection with the facts that were the subject of such misrepresentation or inaccurate or incomplete information or statement, with respect to: 1. any Individual Insured who knew, as of the date the Application was signed, of the facts that were the subject of the misrepresentation or inaccurate or incomplete information or statement, whether or not such Individual Insured knew the Application contained the misrepresentation or inaccurate or incomplete information or statement; or 2. any Insured Entity, if any Control Group Insured of such Insured entity knew, as of the date the Application was signed, of the facts that were the subject of the misrepresentation or inaccurate or incomplete information or statement, whether or not such Control Group Insured knew the Application contained the misrepresentation or inaccurate or incomplete information or statement. For purposes of applying this condition, the knowledge of an Insured Entity or an Individual Insured will not be imputed to any other Individual Insured. •Subrogation and Recovery In the event of any payment under this policy, the Insurer will be subrogated to all the Insured's rights of recovery therefor against any person or organization, and the Insured will execute and deliver instruments and papers and do whatever else is necessary to secure such rights. The Insured will do nothing to prejudice such rights. The Insurer will have no rights of subrogation against any Insured hereunder. •Territory, Valuation and Currency The coverage afforded under this Policy applies anywhere in the world, where legally permissible. All monetary amounts under this Policy are expressed and payable in the currency of the United States. If any amounts covered by this policy are paid in a currency other than the official currency of the country where this policy was issued (“Official Policy Currency”), then the payment will be considered to have been made in the Official Policy Currency at the conversion rate published in the Wall Street Journal at the time of the payment. SIGNATURE PAGE FOLLOWS. AXIS PRO® TECHNET SOLUTIONSTM TECHNOLOGY PROFESSIONAL SERVICES LIABILITY AXIS 115 0815 Page 1 of 1 Endorsement Number Effective Date of Endorsement Policy Number Premium 18 12:01 a.m. on 03/23/2020 P-001-000025456-03 N/A WAIVER OF SUBROGATION AGAINST CLIENTS WHERE REQUIRED BY CONTRACT ENDORSEMENT It is agreed that the Insurer specifically waives its rights of subrogation against any of the Insured entity’s clients, but only to the extent the Insured entity is obligated to secure the Insurer’s waiver of subrogation under written contract with each such client and provided that such contractual requirement was in force prior to the date the act or events giving rise to the applicable Claim first took place. All other provisions of the policy remain unchanged. TCM-POL-001 (01/19) Page 1 of 16 C&F TCM TECHNOLOGY E&O, CYBER AND MULTIMEDIA LIABILITY INSURANCE POLICY In consideration of the premium paid, the Insured’s compliance with the conditions of this Policy and subject to its terms (including all endorsements); and in reliance on the statements made in the Application and the information and documents provided to the Insurer by the Insured, all of which are made a part of this Policy, the Insurer agrees with the Insured as follows: I. INSURING AGREEMENTS Only those Insuring Agreements indicated in Item 3. of the Declarations as PURCHASED shall be applicable to the Insured’s coverage hereunder. If the Declarations do not indicate that a Coverage was purchased, that Coverage of this Policy has not been purchased by the Insured and no coverage shall apply for the corresponding Insuring Agreement(s). Coverage A: Technology E&O and Professional Liability The Insurer will pay on behalf of the Insured such Damages and Claims Expenses in excess of the Deductible that any Insured is legally obligated to pay because of a Claim first made against an Insured during the Policy Period because of a Technology/Professional Error that first takes place on or after the Retroactive Date provided that such Claim is reported to the Insurer in full compliance with the Notice Requirements. Coverage B: Cyber Liability The Insurer will pay on behalf of the Insured such Damages and Claims Expenses in excess of the Deductible that any Insured is legally obligated to pay because of a Claim first made against an Insured during the Policy Period because of a Cyber Event provided that such Claim is reported to the Insurer in full compliance with the Notice Requirements. Coverage C: Multimedia Liability The Insurer will pay on behalf of the Insured such Damages and Claims Expenses in excess of the Deductible that any Insured is legally obligated to pay because of a Claim first made against an Insured during the Policy Period for Multimedia Liability provided that such Claim is reported to the Insurer in full compliance with the Notice Requirements. Coverage D: Breach Costs The Insurer will reimburse the Named Insured for all Breach Costs in excess of the Deductible resulting from an actual or reasonably suspected Cyber Event that the Insured Entity first discovers during the Policy Period and that is reported to the Insurer in full compliance with the Notice Requirements. Provided that when the Named Insured agrees to utilize vendors nominated by the Crum & Forster Cyber Response Team shown in Item 11. of the Declarations, the Insurer shall pay on behalf of the Insured those Breach Costs set forth in the paragraph above applicable to such vendor nominated by the Crum & Forster Cyber Response Team. Coverage E: eCrime Loss The Insurer will indemnify the Named Insured for direct financial loss in excess of the Deductible resulting from an eCrime Event that the Insured Entity first discovers during the Policy Period and that is reported to the Insurer in full compliance with the Notice Requirements. Coverage F: First Party Loss The Insurer will indemnify the Named Insured for First Party Loss in excess of the Deductible resulting from a Cyber Event that the Insured Entity first discovers during the Policy Period and that is reported to the Insurer in full compliance with the Notice Requirements. TCM-POL-001 (01/19) Page 2 of 16 With respect to each Insuring Agreement stated above, the amount that the Insurer is obligated to pay is limited based on the applicable Limit of Liability as described in Section VI., Limits of Liability. In addition, in connection with any Cyber Event that results in Breach Costs or First Party Loss that exceeds the Deductible,the Insurer will also provide Supplemental Payments & Services which shall be part of, and not in addition to, the Aggregate Limit of Liability specified in Item 4. of the Declarations. II. DEFENSE AND SETTLEMENT OF CLAIMS A. Defense of Claims: The Insurer shall have the right and duty to defend, subject to all the provisions, terms and conditions of this Policy, any Claim made against an Insured seeking Damages which are payable under the terms of this Policy, even if any of the allegations of the Claim are groundless, false or fraudulent. Defense counsel shall be mutually agreed between the Named Insured and the Insurer, provided that in the absence of such agreement, the Insurer’s decision will be final. B. Settlement of Claims: The Insurer may not settle any Claim without the written authorization of the Named Insured. If the Named Insured refuses to consent to any settlement or compromise recommended by the Insurer and acceptable to the claimant and elects to contest the Claim , then the Insurer will have the right to withdraw from the further defense of such Claim and the Insurer’s liability for Damages and Claims Expenses shall not exceed: 1. the amount for which the Claim could have been settled, less the remaining Deductible, plus the Claims Expenses incurred up to the time of such refusal; plus 50% of any Claims Expenses incurred after the date such settlement or compromise was recommended to the Insured plus 50% of any Damages above the amount for which the Claim could have been settled. The remaining 50% of such Claims Expenses and Damages must be borne by the Insured at their own risk and uninsured; or 2. the applicable Limit of Liability, whichever is less. The Insured may settle any Claim where the Damages and Claims Expenses do not exceed the Deductible, provided that the entire Claim is resolved and the Insured obtains a full release on behalf of all the Insureds and the Insurer from all claimants. III. DEFINITIONS A.Breach Costs means the following reasonable and necessary expenses incurred by the Insured Entity with respect to a Cyber Event and with the prior written consent of the Insurer, provided that if services are recommended by the Crum & Forster Cyber Response Team shown in Item 11. of the Declarations, and the Named Insured agrees to utilize the applicable vendors nominated by the Crum & Forster Cyber Response Team, then prior consent of the Insurer shall not be required: 1. for an attorney to provide necessary legal advice to the Insured Entity to evaluate the Insured Entity’s legal obligations in connection with an actual or reasonably suspected Cyber Event; 2. for a computer security expert, or experts, to determine the existence, cause and scope of a Cyber Event as well as the costs to contain an ongoing Cyber Event, including the cost to retain a PCI Forensic Investigator if required by a written agreement between the Insured Entity and a financial institution, credit or debit card company, credit or debit card processor, merchant bank or any other entity offering or providing merchant card transaction processing or payment gateway services to the Insured Entity; 3. to notify individuals or entities whose Protected Information was potentially impacted by a Cyber Event. This shall include costs incurred by the Insured Entity to directly notify individuals on behalf of a third party that has the legal obligation to notify such individuals, provided that such third party agrees to allow the Insured Entity to notify such individuals on their behalf; 4. for a call center to respond to inquiries from individuals that the Insured Entity has notified because their Protected Information was potentially impacted by a Cyber Event; 5. to provide a credit monitoring or identity monitoring product to individuals that the Insured Entity has notified because their Protected Information was potentially impacted by a Cyber Event. Such credit monitoring or identity monitoring product will be provided for a period of 12 months unless the Insured Entity is required by law or regulation to provide such a credit monitoring or identity monitoring product for a longer period of time. TCM-POL-001 (01/19) Page 3 of 16 In that case, such credit monitoring or identity monitoring product will be provided for the period of time required by law or regulation; and 6. for public relations and crisis management costs directly related to mitigating harm to the Insured Entity which are approved in advance by the Insurer. B.Claim means a written demand for money, services, non-monetary relief or injunctive relief, including service of suit or arbitration proceedings made against any Insured. Only as respects Coverage B., Cyber Liability, Claim also means a request for information from, or civil proceeding against, the Insured Entity brought by a Regulatory Body directly arising from an Insured’s actual or alleged violation of any Privacy Law. Multiple Claims arising from the same or a series of related or repeated acts, errors or omissions, or from any continuing acts, errors or omissions, or from a series of related or repeated Technology/Professional Errors or Cyber Events, shall be considered a single Claim for the purposes of this Policy, regardless of the number of claimants or Insureds involved in the Claim. All such Claims shall be deemed to have been made at the time of the first such Claim . C.Claims Expenses means: 1. reasonable and necessary legal fees, costs and expenses directly resulting from the investigation, adjustment, settlement and/or defense of a Claim ; and 2. the premiums for appeal, attachment or similar bonds, but only for bond amounts within the applicable Limits of Liability. The Insurer does not have to furnish these bonds. Claims Expenses do not include: a. salaries, wages, fees, remuneration, overhead, benefits or expenses of an Insured; b.Damages, fines, penalties, fees, or taxes levied or assessed against an Insured; c. fees, costs, or expenses incurred by the Insured prior to the time that a Claim is made or which are paid or incurred without the Insurer’s prior written consent. These unilaterally incurred fees, costs or expenses will not be reimbursed by the Insurer and will not reduce any Deductible under the Policy; or d. the costs and expenses required to comply with any injunctive or other non-monetary, equitable, declaratory, regulatory or administrative relief, including but not limited to specific performance, or any agreement to provide such relief. D.Continuity Date means the date listed in Item 7. of the Declarations. E.Control Group means any principal, partner, corporate officer, director, general counsel (or most senior legal counsel) or risk manager of the Insured Entity and any individual in a substantially similar position. F.Cyber Event means: 1. a Cyber Extortion Threat; 2. an unintentional and unplanned interruption of any computer system; 3. a theft, loss or Unauthorized Disclosure of Protected Information that is in the care, custody or control of an Insured or a third party for whose theft, loss or Unauthorized Disclosure of Protected Information the Insured Entity is legally responsible for; 4. the storage, collection, use or disclosure of Protected Information by or on behalf of the Insured Entity that is in violation of a Privacy Law; 5. the failure to notify a third party of a theft, loss or Unauthorized Disclosure of Protected Information in violation of a Privacy Law; or 6. the access to, or the use of, a computer system by a person or organization that is not authorized to do so. G.Cyber Extortion Threat means a demand made against the Insured Entity for the payment of monies (including a digital currency), marketable goods or services in order to prevent or terminate the: 1. disclosure of Protected Information; 2. introduction of unauthorized, unwanted or harmful program, computer code or script into a computer system. An unwanted or harmful program, computer code or script includes a computer virus, Trojan horses, worms, time or logic bombs, spyware, malware, spiderware, or ransomware; 3. corruption, alerting, deletion or destruction of data or software stored on a computer system; TCM-POL-001 (01/19) Page 4 of 16 4. restriction or hindering of access to a computer system or to data stored on a computer system; 5. interruption or suspension of a computer system; or 6. electronic communication with the Insured Entity’s customers impersonating the Insured Entity in order to obtain Protected Information. H.Cyber Terrorism means any act directed against a computer system by an individual or group(s) of individuals, whether acting alone, on behalf of or in connection with any organization(s) or government(s), to cause unauthorized access to, unauthorized use of, or a targeted denial of service attack or transmission of unauthorized, corrupting or harmful software code to a computer system for the purpose of furthering social, ideological, religious, economic or political objectives, intimidating or coercing a government or the civilian population thereof, or disrupting any segment of the economy that is not accompanied by, directly associated with or coordinated with armed conflict or the use of physical force. I.Damages means a monetary judgment, award or settlement including prejudgment and post-judgment interest, and punitive damages, exemplary damages or any damages which are a multiple of compensatory damages (if insurable under the applicable law most favorable to the insurability of punitive, exemplary or multiple damages), which the Insured becomes legally obligated to pay as the direct result of a covered Claim . Solely with respect to Coverage B., Cyber Liability, Damages also include: 1. civil fines or penalties levied upon an Insured by a Regulatory Body, provided that this does not include amounts for matters uninsurable under the law; 2. any fine, penalty, reimbursement, fraud recovery, or assessment imposed upon or owed by an Insured under the terms of a written agreement between the Insured Entity and a financial institution, credit or debit card company, credit or debit card processor, merchant bank or any other entity offering or providing merchant card transaction processing or payment gateway services to the Insured Entity; provided that this does not include any charge back amounts, interchange fees, discount fees, or other prospective fees owed under such an agreement; and 3. up to $2,500 for the costs and expenses of complying with any injunctive or other non-monetary relief. As respects all coverage parts under this Policy, Damages do not include: a. any amount for which the Insured is not liable or is not legally obligated to pay; b. except as noted in paragraph 1. and 2. above, any fines or monetary penalties or multiples thereof; c. taxes or the loss of tax benefits; d. liquidated damages, but only to the extent that such damages exceed the amount for which the Insured would have been liable in the absence of such liquidated damages agreement; e. matters uninsurable under the laws applicable to this Policy; f. past, present and future earned and unearned royalties, profits, fees, costs, expenses, commissions, and profits unlawfully or unjustly held or obtained including, but not limited to, the return, offset, disgorgement or restitution of such royalties, profits, fees, costs, expenses, commissions, and profits unlawfully or unjustly held or obtained; g. except as noted in paragraph 3. above, the costs and expenses of complying with any injunctive or other non-monetary equitable, declaratory, regulatory or administrative relief including, but not limited to, specific performance, or any agreement to provide such relief; h. costs incurred by an Insured to correct, re-perform or complete any Professional Services or Technology Services;and i. discounts, prizes, awards, coupons or other incentives offered to the Insured’s clients or customers. J. Deductible means the amount listed in Item 5. of the Declarations and described in Section VII. of this Policy. K.Dependent Systems Event means the unintentional and unplanned interruption of computers or associated hardware, software, or firmware, including network devices and backup components owned, leased, operated or controlled by a third party that provides services or products to the Insured Entity pursuant to a written contract. L.eCrime Event means: 1. the loss of the Insured Entity’s money or securities that results solely from a wrongful transfer, payment or delivery of such money or securities by an Insured as a sole result of fraudulent electronic or telephone instructions provided by a third party, that is intended to mislead the Insured through the misrepresentation of TCM-POL-001 (01/19) Page 5 of 16 a material fact which is relied upon in good faith by such Insured, including such loss resulting from business e-mail compromise, social engineering, spear-phishing and e-mail spoofing; 2. the loss of money or securities from an account at a financial institution resulting solely from fraudulent electronic or telephone instructions issued by a third party to a financial institution directing such institution to transfer, pay or deliver money or securities from any account maintained by the Insured Entity at such institution, without the Insured Entity's knowledge or consent; or 3. the act of a third party gaining access to and using the Insured Entity’s telephone system in an unauthorized manner. eCrime Event does not include: a. any loss arising, directly or indirectly from an Insured’s acceptance, deposit or handling of: i. counterfeit currency or bank drafts; ii. a bank draft, check or other financial instrument returned due to insufficient funds; iii. counterfeit securities, bonds or other financial instruments; or iv. counterfeit goods of any kind, including, but not limited to, loss arising from a transfer of money by an Insured to a third party associated with an Insured’s acceptance, deposit or handling of such items; b. any loss arising, directly or indirectly, from loan fraud, mortgage fraud or accounting fraud including, but not limited to, check kiting, money laundering or fraudulent loan schemes. This includes loss arising from a transfer of money by an Insured to a third party associated with any such fraud; c. any actual or alleged use of credit, debit, charge, access, convenience, customer identification or other cards; d. any transfer involving a third party who is not a natural person Insured, but had authorized access to the Insured’s authentication mechanism; e. the processing of, or the failure to process, credit, check, debit, electronic benefit transfers or mobile payments for merchant accounts; f. any accounting or arithmetical errors or omissions, or the failure, malfunction, inadequacy or illegitimacy of any product or service; or g. any fraudulent, dishonest or criminal act committed by any natural person Insured. M.First Party Loss means the value of monies (including money in the form of a digital currency), marketable goods or services paid or delivered under duress by or on behalf of the Insured Entity,with the Insurer’s prior written consent, solely for the purpose of terminating a Cyber Extortion Threat. If the Declarations indicates that the Insured has purchased “Extended” First Party Loss coverage, then First Party Loss also means: 1. the reasonable and necessary costs charged by a vendor designated or approved in writing by the Insurer to restore, replace or recreate software or electronic data to its condition immediately prior to the Cyber Event but only for such costs that are as a direct result of the Cyber Event; 2. the reasonable and necessary expenses incurred by the Insured Entity during the Indemnity Period to continue or maintain normal operations that are over and above those expenses the Insured Entity would have incurred had no Cyber Event occurred; 3. the net profit or loss without interest and before tax that the Insured Entity would have earned or incurred during the Indemnity Period due to the actual interruption or impairment of the Insured Entity’s business operations as a direct result of the Cyber Event, plus the continuing normal operating expenses incurred by the Insured Entity during the Indemnity Period (including payroll), but only to the extent that such operating expenses must necessarily continue during the Indemnity Period; and 4. the cost to repair or replace computer hardware or equipment that is damaged or impaired and must be replaced. First Party Loss does not include, except as described in Section V.,Supplemental Payments & Services,any costs attributed to an upgrade or improvement of electronic data, software or computer systems beyond what existed prior to the Cyber Event unless such upgrade or improvement is reasonable because of improvements in the available technology. N.Indemnity Period means the period of time that begins after the elapse of the Waiting Period indicated in Item 8. of the Declarations and ends 60 days after the time when the Insured Entity could have resumed normal TCM-POL-001 (01/19) Page 6 of 16 operations with the exercise of due diligence and dispatch, not limited by the expiration date of this Policy. Despite any other provisions in this Policy, the maximum Indemnity Period is 180 days. O.Insured means: 1. the Named Insured, each Subsidiary and each Newly Acquired Entity; 2. any past or present employee (including a part time, temporary, leased or season employee), principals, partners, executive officers or directors of an Insured Entity but only while acting within the scope of their duties as such; 3. any past or present natural person independent contractor who performs labor or service for the Insured Entity pursuant to a written contract or agreement, where such labor or service is under the exclusive direction of the Insured Entity, but only while acting in the scope of their duties as such and in the performance of labor or service to the Insured Entity. The status of an individual as an independent contractor shall be determined as of the date of an alleged act, error or omission by any such independent contractor; 4. any spouse or the legally recognized domestic partner (whether by state or federal law) of any person otherwise qualifying as an Insured, but solely with respect to their status as such; 5. in the event of death, incapacity, bankruptcy or insolvency of any Insured, such Insured’s heirs, estate, executors, administrators and legal representative in his or her capacity as such, but only with respect to matters for which the Insured otherwise would have been entitled to coverage under this Policy; and 6. only as respects Coverage A., Technology E&O and Professional Liability, Coverage B., Cyber Liability and Coverage C., Multimedia Liability, any person or entity that the Insured Entity has agreed in writing to add as an additional insured under this Policy prior to the commission of any act for which such person or entity would be provided coverage under this Policy, but only for the vicarious liability of such additional insured for the wrongful acts of an Insured. P.Insured Entity means the Named Insured, each Subsidiary and each Newly Acquired Entity. Q.Insurer means the insurance company listed in the Declarations. R.Loss means Breach Costs,First Party Loss, financial loss from an eCrime Event,Damages and Claims Expenses. S.Multimedia Liability means one or more of the following acts committed by, or on behalf of, the Insured Entity in the course of creating, displaying, broadcasting, publishing, disseminating or releasing Multimedia Material to the public: 1. defamation, libel, slander, product disparagement, trade libel, infliction of emotional distress, outrage, outrageous conduct, or other tort related to disparagement or harm to the reputation or character of any person or organization; 2. a violation of the rights of privacy of an individual, including false light, intrusion upon seclusion and public disclosure of private facts; 3. invasion or interference with an individual’s right of publicity, including commercial appropriation of name, persona, voice or likeness; 4. plagiarism, piracy, or misappropriation of ideas under implied contract; 5. infringement of copyright; 6. infringement of domain name, trademark, trade name, trade dress, logo, title, metatag, or slogan, service mark or service name; 7. improper deep-linking or framing; 8. negligent publication of content; or 9. unfair competition, if alleged in conjunction with any of the acts listed in paragraphs 5. or 6. above. T.Multimedia Material means the content of material published or broadcast by, or on behalf of, the Insured Entity , including any information, words, sounds, numbers, images or graphics included in such content, but will not include computer software or the actual goods, products or services described, illustrated or displayed in such content. U.Named Insured means the entity, individual, partnership or corporation shown in Item 1. of the Declarations. TCM-POL-001 (01/19) Page 7 of 16 V.Newly Acquired Entity means any entity formed or acquired by the Named Insured during the Policy Period and in which the Named Insured has more than 50% of the legal or beneficial interest, provided that if the trailing 12 month revenues for such entity exceed 15% of the Named Insured's annual revenues for the same trailing 12 month period, then only if all of the following conditions are met: 1. within 90 days of the formation of a Newly Acquired Entity, the Named Insured notifies the Insurer in writing of the details of such merger, acquisition, or newly created joint venture or partnership; 2. the Named Insured agrees to any changes in terms and conditions of this Policy related to the Newly Acquired Entity including, but not limited to, the payment of additional premium, if any, charged by the Insurer; and 3. the Insurer has issued a written endorsement specifically noting the addition of the Newly Acquired Entity as a covered Insured under this Policy. W.Notice Requirements means the requirements described in Section VIII. of this Policy. X.Policy Period means the length of time between the effective date shown in Item 2. of the Declarations and the earlier of: 1. the expiration date shown in Item 2. of the Declarations; or 2. the cancellation date of this Policy. Y.Privacy Law means a federal, state or foreign statute or regulation: 1. requiring the Insured Entity to protect the confidentiality or security of Protected Information; 2. requiring notice to a person or organization whose Protected Information was accessed or reasonably may have been accessed by an unauthorized person; or 3. governing the collection, use or storage of Protected Information by the Insured Entity. Z.Professional Services means professional services performed for others by or on behalf of the Insured Entity for a fee or other consideration, but does not include Technology Services, any services involving the creation, development, sale, distribution, installation, licensing or manufacturing of Technology Products, or work or activities performed by or on behalf of the Insured Entity or for the Insured Entity as an accountant, actuary, attorney, architect, surveyor, health care provider, lawyer, insurance or real estate agent or broker, or civil or structural engineer. AA.Protected Information means the following information that an Insured has a legal obligation to safeguard, protect or maintain in confidence: 1. non-public individually identifiable information as defined by any federal, state, local or foreign statute, rule or regulation; 2. an individual’s social security number, taxpayer identification number, unpublished telephone number, driver’s license number, state identification number, passport number, financial account number, credit card number, debit card number or the magnetic strip information from a credit or debit card; and 3. any trade secret, data, design, interpretation, forecast, formula, method, record, report or other item of information of a third party that is not available to the general public. BB.Regulatory Body means any federal, state, local or foreign governmental entity in such entity’s regulatory or official capacity. CC.Retroactive Date means the date listed in Item 6. of the Declarations. DD.Subsidiary means any entity in which the Named Insured as of the effective date of the Policy, either: 1. directly or indirectly owns more than 50% of the issued and outstanding voting equity securities; or 2. controls voting rights representing the present right to vote for election or to appoint more than 50% of the directors or trustees. EE.Supplemental Payments & Services means the amounts described in Section V. of this Policy. TCM-POL-001 (01/19) Page 8 of 16 FF.Technology/Professional Error means: 1. a negligent act, error, omission, misstatement, misleading statement or misrepresentation in rendering or failure to render Professional Services or Technology Services; 2. a negligent act, error, omission, misstatement, misleading statement or misrepresentation that results in a failure of Technology Products to perform the function or serve the purpose intended; 3. an unintentional breach of a contractual obligation to perform Professional Services or Technology Services, or to deliver Technology Products; or 4. an unintentional infringement of copyright committed by the Insured Entity with respect to software Technology Products. GG.Technology Products means any computer or telecommunications hardware or software product, or related electronic product, including software updates, service packs and other maintenance releases provided for such products, that is: 1. created, manufactured or developed by the Insured Entity for others in exchange for a fee or other consideration; or 2. distributed, licensed, leased or sold by the Insured Entity to others in exchange for a fee or other consideration. HH.Technology Services means any of the following services performed by or on behalf of the Insured Entity for others for a fee or other consideration: 1. computer information technology, Internet, network or website analysis, development, programming, installation, integration, networking, hosting, processing, management, operations, data security, maintenance, repair, optimization, support, or training; 2. providing, collecting, recording, caching, compiling, mining, analyzing, storing, hosting, processing, securing, backup, wiping, or destroying software or data; 3. telecommunications services, including Internet, voice, video, web, email, text, data, or broadband services, any call center or customer service support related to such telecommunications services; 4. any services similar to those services described in paragraphs 1-3 above; or 5. any other information technology-related services provided in conjunction with Technology Products. II.Unauthorized Disclosure means the disclosure (including disclosure resulting from phishing) of or access to information in a manner that is not authorized by the Insured Entity and is without knowledge, consent or acquiescence of any member of the Control Group. JJ. Waiting Period means the period starting upon the actual interruption or impairment of the Insured Entity’s business operations caused by a Cyber Event and ending after the number of hours specified in Item 8. of the Declarations. IV. EXCLUSIONS The Insurer shall not be liable to defend, pay, indemnify or reimburse the Insured with respect to any Claim or Loss based upon, resulting from, arising out of, in consequence of, or in any way connected with or involving, directly or indirectly: A. the actual or alleged distribution of unsolicited email, text messages, direct mail, facsimiles or other communications (including, but not limited to, any actual or alleged violation of the Telephone Consumer Protection Act of 1991 or the CAN-SPAM Act of 2003), wire tapping, audio or video recording, or telemarketing, if such distribution, wire tapping, recording or telemarketing is done by or on behalf of an Insured;however this exclusion will not apply to Claims Expenses incurred in defending the Insured against allegations of unlawful audio or video recording; B. any act, error, omission, incident or event committed or occurring prior to the effective date of this Policy if any member of the Control Group on or before the Continuity Date knew or could have reasonably foreseen that such act, error or omission, incident or event might be expected to be the basis of a Claim or Loss; C. any Claim ,Loss, incident or circumstance for which notice has been provided under any prior policy of which this Policy is a renewal or replacement; TCM-POL-001 (01/19) Page 9 of 16 D. any criminal, dishonest, fraudulent, or malicious act or omission, or intentional or knowing violation of the law, if committed by an Insured, or committed by others if an Insured colluded or participated in any such conduct or activity; but this exclusion will not apply to: 1.Claims Expenses incurred in defending any Claim alleging the foregoing until there is a final non-appealable adjudication establishing such conduct, at which time the Named Insured shall reimburse the Insurer for all Claims Expenses incurred defending such Claim ; 2. any natural person Insured, if such Insured did not personally commit, participate in or know about any act, error, omission, incident or event giving rise to such Claim or Loss; and 3. the Insured Entity, provided that no member of the Control Group personally committed, participated in or knew about any act, error, omission, incident or event giving rise to such Claim or Loss; E. any actual or alleged infringement, misuse or abuse of patent or patent rights; F. solely with respect to Coverage B., Cyber Liability, any actual or alleged infringement, use, misappropriation or disclosure of any intellectual property, including but not limited to trade secret misappropriation, copyright infringement, trademark infringement, trademark dilution or trade dress infringement; but this exclusion will not apply to any Claim or Loss resulting from a theft, use or disclosure of Protected Information by a person who is not a past, present or future employee, director, officer, partner or independent contractor of an Insured and without the knowledge, consent or acquiescence of any member of the Control Group; G. any actual or alleged use or misappropriation of any ideas or trade secrets by, or on behalf of, an Insured, or by any other person or entity if such use or misappropriation is done with the knowledge, consent or acquiescence of any member of the Control Group; H. a Claim made by or on behalf of: 1. any Insured; but this exclusion will not apply to a Claim made by an individual that is not a member of the Control Group under Coverage B., Cyber Liability, or a Claim made by any person or entity that the Insured Entity has agreed in writing to add as an additional insured under this Policy; or 2. any business enterprise in which an Insured has greater than 15% ownership interest or made by any parent company or other entity which owns more than 15% of an Insured Entity; I. any loss, transfer or theft of monies, securities or tangible property of the Insured or others in the care, custody or control of an Insured, but this exclusion will not apply to coverage under Coverage E., eCrime Loss; J. nuclear reaction, nuclear radiation, radioactive contamination, radioactive substance, electromagnetic field, electromagnetic radiation, or electromagnetism; K. war, invasion, acts of foreign enemies, hostilities (whether or not war is declared), rebellion, revolution, insurrection, war-like action, coup, usurped powers or military power; but this exclusion will not apply to Cyber Terrorism; L. any economic or trade sanction imposed by the United States including, but not limited to, sanctions administered and enforced by The United States Treasury Department’s Office of Foreign Assets Control (“OFAC”); M. any presence, discharge, dispersal, release or escape of smoke, vapors, soot, fumes, acids, alkalis, toxic chemicals, liquids or gases, oil or other petroleum substances or derivatives, waste materials or other irritants, contaminants, pollutants or any other substances including, but not limited to, asbestos, fungus, mold and lead, which are or may be injurious to public health, property or the environment (“hazardous substances”) or the cost to: 1. clean up or removal of hazardous substances; 2. monitor, assess or evaluate, the presence, discharge, dispersal, escape, release, or threat of same, of hazardous substances; 3. dispose of hazardous substances or take such other action as may be necessary to temporarily or permanently prevent, minimize, or mitigate damage to the public health or welfare or to property or the environment, which may otherwise result; or TCM-POL-001 (01/19) Page 10 of 16 4. directly or indirectly respond to or address any government direction or request that the Insured test for, monitor, clean up, remove, contain, treat, detoxify or neutralize hazardous substances; N. any actual or alleged violation of the federal Fair Debt Collection Practices Act (FDCPA); O. any employment or labor relations policies, practices, acts or omissions, or any actual or alleged refusal to employ any person, or misconduct with respect to employees, whether such Claim is brought by an employee, former employee, applicant for employment, or relative or domestic partner of such person; provided, that this exclusion shall not apply to Coverage B., Cyber Liability, as respects an otherwise covered Claim by a current or former employee of the Insured Entity for Damages arising strictly from a Cyber Event; P. solely with respect to Coverage A., Technology E&O and Professional Liability: 1. any Technology/Professional Error committed or occurring prior to the Retroactive Date; 2. any liability assumed in any hold harmless or indemnity agreement other than a hold harmless or indemnity agreement with respect to intellectual property rights or breaches of the confidentiality of information of any third party; 3. the actual or alleged inaccurate, inadequate or incomplete description of the price of goods, products or services, cost guarantees, cost representations, contract price estimates, or the failure of any goods or services to conform with any represented quality or performance; 4. any gambling, contest, lottery, promotional game or other game of chance; 5. any breach of any express warranty or representation, except for an agreement to perform within a reasonable standard of care or skill consistent with applicable industry standards, or breach of any other contractual obligation which goes beyond an express or implied duty to exercise a degree of care or skill consistent with applicable industry standards; 6. any breach of guarantee, promises of cost savings, profits or return on investment; 7. delay in delivery or performance, or failure to deliver or perform at or within an agreed upon period of time, but this exclusion shall not apply if such delay or failure to deliver or perform is a consequence of a negligent act, error or omission committed during the course of providing Professional Services or Technology Services if the Insured has made diligent efforts to deliver or perform such Professional Services or Technology Services; 8. any costs or expenses incurred or to be incurred by an Insured or others for the withdrawal, recall, inspection, repair, replacement, reproduction, removal or disposal of: (a) Technology Products including, but not limited to, any products or other property of others that incorporate Technology Products; (b) work product resulting from or incorporating the results of Professional Services or Technology Services; or (c) any products or other property on which Professional Services or Technology Services have been performed; 9. any Claim covered under the terms of a commercial general liability insurance policy maintained by the Insured Entity, provided that this shall not apply to Damages or Claims Expenses in excess of the limits of liability of any such insurance policy; or 10. any actual or alleged deceptive trade practices, unfair trade practices, violation of consumer protection laws, antitrust violation, restraint of trade, unfair competition, false advertising, deceptive advertising, misleading advertising or violation of the Sherman Antitrust Act, the Clayton Act or the Robinson-Patman Act, as amended; Q. solely with respect to Coverages B., Cyber Liability, and C., Multimedia Liability: 1. any actual or alleged violation from the failure to properly truncate credit, debit or payment card information on receipts or statements as required by the Fair and Accurate Credit Transactions Act of 2003 (FACTA); 2. any Claim covered under the terms of a commercial general liability insurance policy, or an employment practices liability insurance policy maintained by the Insured Entity, provided that this shall not apply to Damages or Claims Expenses in excess of the limits of liability of any such insurance policy; and 3. the ownership, sale or purchase of, or the offer to sell or purchase stock or other securities, or an actual or alleged violation of a securities law or regulation; R. solely with respect to Coverage C., Multimedia Liability, any: 1. contractual liability or obligation; but this exclusion will not apply to a Claim for misappropriation of ideas under implied contract; 2. actual or alleged obligation to make licensing fee or royalty payments; TCM-POL-001 (01/19) Page 11 of 16 3. costs or expenses incurred or to be incurred by the Insured or others for the reprinting, reposting, recall, removal or disposal of any Multimedia Material or any other information, content or media including, but not limited to, any media or products containing such Multimedia Material, information, content or media; 4.Claim brought by or on behalf of any intellectual property licensing bodies or organizations; 5. actual or alleged inaccurate, inadequate or incomplete description of the price of goods, products or services, cost guarantees, cost representations, contract price estimates, false advertising or the failure of any goods or services to conform with any represented quality or performance; 6. gambling, contest, lottery, promotional game or other game of chance; or 7.Claim made by or on behalf of any independent contractor, joint venturer or venture partner arising out of or resulting from disputes over ownership of rights in Multimedia Material or services provided by such independent contractor, joint venturer or venture partner; S. solely with respect to Coverage E., eCrime Loss: any loss covered under the terms of a commercial crime insurance policy maintained by the Insured Entity, provided that this shall not apply to direct financial loss in excess of the limits of liability of any such insurance policy. T. solely with respect to Coverage F., First Party Loss, any First Party Loss: 1. arising from the seizure, nationalization, confiscation, or destruction of property or data by order of any governmental or public authority; 2. arising from fire, flood, earthquake, volcanic eruption, explosion, lighting, wind, hail, damage by water, landslide, act of God or any other physical event; 3. for additional costs to update, replace, restore, assemble, reproduce, recollect or enhance data or computer systems to a level beyond that which existed prior to a Cyber Event, except as covered under Section V., Supplemental Payments & Services; 4. arising from any failure or malfunction of satellites or of power, utility, mechanical or telecommunications (including, but not limited to, the internet) infrastructure or services that are not under the Insured Entity’s direct operational control; or 5. covered under the terms of a property insurance policy providing coverage for risks of direct physical loss to property maintained by the Insured Entity, provided that this shall not apply to First Party Loss in excess of the limits of liability of any such insurance policy; V. SUPPLEMENTAL PAYMENTS & SERVICES In addition to the amounts described in Section I., Insuring Agreements, of this Policy, in the event of an actual Cyber Event that results in Breach Costs or First Party Loss that exceeds the Deductible,the Insurer shall also pay the following costs but only to reasonably and significantly reduce the possibility of a similar Cyber Event from occurring in the future: A. up to $10,000 for a third party consultant recommended by the Insurer to provide ongoing assistance to the Insured Entity to improve and upgrade computer security; and B. up to $5,000 for the purchase of computer equipment or computer software recommended by such third party consultant recommended by the Insurer. Such payments shall be part of, and not in addition to, the Aggregate Limit of Liability specified in Item 4. of the Declarations. VI. LIMITS OF LIABILITY A. The Aggregate Limit of Liability specified in Item 4. of the Declarations is the most the Insurer will pay for all Loss under this Policy. Once the Aggregate Limit of Liability has been exhausted, the Insurer shall have no further duty to defend the Insured for any Claim which may otherwise be covered by this Policy. B. The eCrime Loss Sublimit of Liability specified in Item 4. of the Declarations is the maximum amount the Insurer is obligated to pay in the aggregate for direct financial loss arising from an eCrime Event. The eCrime Loss Sublimit of Liability shall be part of, and not in addition to the Aggregate Limit of Liability. C. The Dependent Business Sublimit of Liability specified in Item 4. of the Declarations is the maximum amount the Insurer is obligated to pay in the aggregate for First Party Loss arising from a Dependent Systems Event.The TCM-POL-001 (01/19) Page 12 of 16 Dependent Business Sublimit of Liability shall be part of, and not in addition to the Aggregate Limit of Liability. D. The Aggregate Limit of Liability specified in Item 4. of the Declarations is the maximum the Insurer will pay regardless of the number of Insureds, individuals or organizations that make a Claim, the number of Claims made, the number of incidents, or the number of Dependent System Events,Cyber Events,eCrime Events, Supplemental Payments & Services or actual or alleged wrongful acts VII. DEDUCTIBLE The Deductible, as shown in Item 5. of the Declarations, applies separately to each act, incident or event giving rise to Breach Costs,Claims Expenses,Damages, direct financial loss or First Party Loss under Coverages A., B., C., D., E. and F., provided however, that multiple incidents or events arising from the same or a series of related or repeated acts or from any continuing acts, shall be considered a single incident or event for the purposes of this Policy and only one Deductible shall apply to all resulting Loss. The Insurer shall only be obligated to pay any Loss under this Policy in excess of the Deductible , provided that if services are recommended by the Crum & Forster Cyber Response Team shown in Item 11. of the Declarations, and the Insured Entity agrees to utilize only those vendors nominated by the Crum & Forster Cyber Response Team, then the Deductible shall not apply to the following Breach Costs: A. for an attorney to provide necessary legal advice to the Insured Entity to evaluate the Insured Entity’s legal obligations in connection with an actual or reasonable suspected Cyber Event; and B. for a computer security expert, or experts, to determine the existence, cause and scope of a Cyber Event as well as the costs to contain an ongoing Cyber Event, including the cost to retain a PCI Forensic Investigator if required by a written agreement between the Insured Entity and a financial institution, credit or debit card company, credit or debit card processor, merchant bank or any other entity offering or providing merchant card transaction processing or payment gateway services to the Insured Entity. The Deductible shall be borne by the Named Insured. In the event that this Policy provides coverage for Loss in excess of the limits available under other insurance, then the Insurer shall recognize payment by the Insured Entity of any retention or deductible applicable to such other insurance against the Deductible. VIII. NOTICE REQUIREMENTS A. The Named Insured must give the Insurer written notice of any Claim as soon as practicable, but in no event later than: (i) 60 days after the end of the Policy Period; or (ii) the expiration of any applicable Extended Reporting Period. Notice must be provided through the contacts listed in Item 10. of the Declarations. All notices of Claims must provide the following information: the potential claimant(s) by name or description, the names of the Insureds involved, the time, date, location and the description of the specific incident which forms the basis of the Claim including the nature of the potential Damages arising from such specific Claim or incident, the circumstances by which the Insured first became aware of the specific Claim, and the reason the Insured reasonably believes the subject Claim is likely to trigger coverage under this Policy. B. With respect to Breach Costs, the Named Insured must notify the Insurer of any actual or reasonably suspected Cyber Event as soon as practicable after discovery by the Insured but in no event later than 60 days after the end of the Policy Period. Notice may be provided to the Crum & Forster Cyber Response Team shown in Item 11. of the Declarations. Otherwise notice must be provided through the contacts listed in Item 10. of the Declarations. Notice of an actual or reasonably suspected Cyber Event in conformance with this paragraph will also constitute notice of a circumstance that could reasonably be the basis for a Claim . C. With respect a Cyber Extortion Threat, the Named Insured must notify the Insurer via the email address listed in Item 10. of the Declarations as soon as practicable after discovery of a Cyber Extortion Threat but in no event later than 60 days after the end of the Policy Period. The Named Insured must obtain the Insurer’s consent prior to paying any ransom or demand related to a Cyber Extortion Threat. D. With respect to any other First Party Loss or a loss from an eCrime Event, the Named Insured must notify the Insurer through the contacts listed in Item 10. of the Declarations as soon as practicable after discovery of the Cyber Event or eCrime Event.The Named Insured will provide the Insurer a proof of First Party Loss or TCM-POL-001 (01/19) Page 13 of 16 financial loss under the eCrime Loss Coverage. All loss described in this paragraph must be reported, and all proofs of loss must be provided, to the Insurer no later than six months after the end of the Policy Period unless the Insurer has agreed in writing to extend this deadline. E. Any Claim arising out of a Loss that is covered under Coverages D., Breach Costs, E., eCrime Loss or F., First Party Loss, and that is reported to the Insurer in conformance with paragraphs B., C. or D. above will be considered to have been made during the Policy Period. F. With respect to any circumstance that could reasonably be the basis for a Claim ,the Named Insured may give written notice of such circumstance to the Insurer through the contacts listed in Item 10. of the Declarations. Such notice must include: 1. the specific details of the act, error, omission or event that could reasonably be the basis for a Claim ; 2. the injury or damage which may result or has resulted from the circumstance; and 3. the facts by which the Insured first became aware of the act, error, omission or event. If such notice that meets the requirements outlined above is made during the Policy Period, then any subsequent Claim made against the Insured arising out of any circumstance reported to the Insurer will be considered to have been made at the time written notice complying with the above requirements was first given to the Insurer. IX. EXTENDED REPORTING PERIOD As a condition precedent to obtaining an Automatic Extended Reporting Period (AERP) or an Optional Extended Reporting Period (OERP), the full premium of this Policy, premium for any endorsements, and payment of Deductibles must have been paid in full. Neither the AERP nor the OERP reinstate or increase the Limits of Liability. Neither the AERP nor the OERP extend the Policy Period or change the scope of coverage afforded by this Policy. A. Automatic Extended Reporting Period If the Insurer or Named Insured cancel or non-renew this Policy for any reason other than non-payment of premium, non-payment of Deductible, non-compliance with any terms and conditions of this Policy or fraud or material misrepresentation, then the Named Insured shall be entitled to an AERP of 60 days from the date of Policy expiration or cancellation to report Claims in writing to the Insurer which are first made against the Insured during the AERP and which arise from a Technology/Professional Error or a Cyber Event that first occurs before the end of the Policy Period or from Multimedia Material first disseminated before the end of the Policy Period. If the OERP in subsection B. below is purchased, then this AERP shall be included within such OERP and will not further extend such OERP. B. Optional Extended Reporting Period If the Insurer or Named Insured cancel or non-renew this Policy for any reason other than non-payment of premium, non-payment of Deductible, non-compliance with any terms and conditions of this Policy or fraud or material misrepresentation, then the Named Insured shall be entitled to purchase an OERP from the options below. If elected, the OERP will begin on the date the Policy expires or is cancelled and would entitle the Insured to notify the Insurer in writing of Claims which are first made against the Insured during the OERP and which arise from a Technology/Professional Error or a Cyber Event that first occurs before the end of the Policy Period or from Multimedia Material first disseminated before the end of the Policy Period. C. OERP Options 1. 12 months for a premium not to exceed 100% of the annual premium; 2. 24 months for a premium not to exceed 150% of the annual premium; or 3. 36 months for a premium not to exceed 175% of the annual premium. D. In order to purchase the OERP, the Named Insured must provide the Insurer with written notice of its intention to do so no later than 30 days after the expiration or cancellation date of this Policy and must include full payment of premium for the OERP at that time. The entire OERP premium is fully earned and non-refundable as of the date the Named Insured notifies the Insurer of its intent to purchase the OERP and full payment must be made at that time for the OERP to apply. TCM-POL-001 (01/19) Page 14 of 16 X. OTHER CONDITIONS A. Cooperation The Named Insured shall immediately send the Insurer copies of all demands, notices, summonses or legal papers received in connection with a Claim or Loss.The Insured must do whatever is necessary to secure and affect any rights of indemnity, contribution or apportionment that the Insured may have. The Insured shall cooperate with counsel and the Insured shall refrain from discussing any Claim or Cyber Event with anyone other than counsel retained to represent the Insured or the Insurer’s representatives. All Insureds must fully assist and cooperate with the Insurer in the conduct, defense, investigation, negotiation and settlement of any Claim or Loss. At the Insurer’s request, the Insured must submit to an examination under oath, provide the Insurer with written statements as requested by the Insurer, attend meetings and negotiations; and produce and make available all information, records, documents and other materials which the Insurer deems relevant to the Claim or Loss. As respects any Claim,theInsured must attend hearings, depositions, proceedings, trials and appeals; and assist the Insurer in affecting settlements, securing and giving evidence and obtaining the attendance of witnesses, and pursuing or enforcing any right of contribution or indemnity against a person or entity who may be liable to any Insured. Except as otherwise provided in Section II., Defense and Settlement of Claims, Part A., no Insured will, except at its own cost, admit liability, settle a Claim , incur any expense to investigate a Claim, retain attorneys, incur Claims Expenses, assume any other obligation or incur any other expense with respect to a Claim without the Insurer’s prior written consent. Compliance with a statute or regulation that requires notice to government authorities, regulatory authorities or to persons whose personal information may have been accessed by an unauthorized individual, will not be considered an admission of liability for purposes of this clause. B. Due Dispatch The Insured Entity shall make every reasonable effort to restore operations as quickly as possible after a Cyber Event. If the Insured Entity does not resume operations, or does not resume operations as quickly as possible, the Insurer may reduce the payment of First Party Loss to the amount of First Party Loss based on the length of time it would have taken to resume operations as quickly as possible. C. Action Against the Insurer and Bankruptcy 1. No action shall be taken against the Insurer unless, as a condition precedent thereto, the Insureds shall have fully complied with all the terms and conditions of this Policy, nor until the amount of the Insured’s obligation to pay Damages for any Claim shall have been fully and finally determined either by judgment against the Insured or by written agreement between the Insureds, the claimant, and the Insurer. 2. Nothing contained herein shall give any person or entity any right to join the Insurer as a party to any Claim against the Insureds to determine their liability. Nor shall the Insurer be impleaded by the Insureds or their legal representative in any Claim. 3. Bankruptcy or insolvency of the Insured or of the estate of the Insured shall not relieve the Insurer of its obligations nor deprive the Insurer of its rights or defenses under this Policy. D. Cancellation and Nonrenewal 1. This Policy may be canceled by the Named Insured by returning the Policy to the Insurer or its authorized representatives, or the Named Insured can cancel this Policy by written notice to the Insurer, stating at what future date cancellation is to be effective. If the Named Insured cancels, earned premium shall be computed using the customary short rate table. Provided, however, the premium shall be deemed fully earned if any Claim or Loss or other circumstance that could reasonably be the basis for a Claim or Loss is reported to the Insurer on or before the date of cancellation. 2. The Insurer can cancel the Policy by written notice to the Named Insured, at the address listed in Item 1. of the Declarations. The Insurer will provide written notice at least 30 days before cancellation is to be effective TCM-POL-001 (01/19) Page 15 of 16 and the earned premium will be computed pro-rata. However, if the Insurer cancels because the Named Insured has failed to pay a premium or Deductible when due, only 10 days written notice of cancellation will be required. 3. This Policy will terminate on the effective date of the cancellation. Return of unearned premium is not a condition of cancellation. Unearned premium will be returned as soon as practicable. 4. The Insurer will not be required to renew this Policy upon its expiration. If the Insurer elects not to renew this Policy, the Insurer will mail to the Named Insured, at the address listed in Item 1. of the Declarations, written notice of nonrenewal at least 30 days prior to the expiration date of this Policy. Any offer of renewal on terms involving a change of Deductible, premium, Limit of Liability, or other terms and conditions shall not constitute, nor be construed as, a failure or refusal by the Insurer to renew this Policy. 5. Proof of mailing of any notice of cancellation or nonrenewal shall be sufficient proof of notice. E. Assignment of the Insured’s Interest The interest of the Insured under this Policy is not assignable to any other person or organization, except with the Insurer’s prior written consent. F. Subrogation If any payment is made under this Policy and there is available to the Insurer any of the Insured’s rights of recovery against any other party, then the Insurer will maintain all such rights of recovery. The Insured will do whatever is reasonably necessary to secure such rights and will not do anything after an incident or event giving rise to a Claim or Loss to prejudice such rights. If the Insured has waived its right to subrogate against a third party through written agreement made before an act, incident or event giving rise to a Claim or Loss has occurred, then the Insurer will waive its rights to subrogation against such third party. Any recoveries will be applied first to subrogation expenses, second to Loss paid by the Insurer, and lastly to the Deductible.Any additional amounts recovered will be paid to the Named Insured. G. Changes Made to this Policy The terms and conditions of this Policy cannot be waived or changed except by specific written endorsement issued by Insurer and made part of the Policy. H. Application The statements contained in the Application, and any and all attachments, constitute the representations of all Insureds and are material. This Policy is issued and continued in force by the Insurer in reliance upon the truth, accuracy and completeness of such representations, which are the basis of this Policy and current as of the date of binding. Upon the binding of coverage, the Application and any and all attachments are incorporated in and form a part of the Policy. No knowledge or information possessed by any Insured shall be imputed to any other Insured, except for material facts or information known to the person or persons who signed the Application. In the event of any material untruth, misrepresentation or omission in connection with any of the particulars or statements in the Application, this Policy shall be void with respect to any Insured who knew of such untruth, misrepresentation or omission or to whom such knowledge is imputed. I. False or Fraudulent Claims If an Insured reports any Claim or Loss knowing such to be false or fraudulent, this Policy shall become void and all insurance coverage hereunder shall be forfeited as to the inception date of this Policy. J. Terms and Conditions of Policy Conformed to Statute Where necessary, the terms and conditions of this Policy will be amended to conform to applicable law. TCM-POL-001 (01/19) Page 16 of 16 K. Change in Risk If, during the Policy Period, an Insured is dissolved, sold, acquired by, merged into, or consolidated with another entity such that the Insured is not the surviving entity; or a third party receiver, conservator, trustee, liquidator, rehabilitator or any similar official is appointed for or with respect to the Insured, then coverage under this Policy shall continue in full force and effect until the expiration date or any earlier cancellation or termination date, but only with respect to events, acts or incidents that occur prior to such consolidation, merger or acquisition. L.Named Insured as Agent The Named Insured will be considered the agent of all Insureds, and will act on behalf of all Insureds with respect to the giving of or receipt of all notices pertaining to this Policy, and the acceptance of any endorsements to this Policy. The Named Insured is responsible for the payment of all premiums and Deductibles and for receiving any return premiums. M. Other Insurance 1. With respect to Coverage D., this Policy shall be primary of any other insurance policy. 2. With respect to Coverages A., B., C., E. and F.: all Loss payable under this Policy shall be in excess of and shall not contribute with other existing insurance including, but not limited to, any insurance under which there is a duty to defend regardless of whether any Loss is collectible or recoverable under such other insurance, unless such other insurance is written specifically excess of this Policy. This Policy shall not be subject to the terms or conditions of any other insurance. N. Policy Territory This insurance applies to Claims made and acts, errors or omissions committed, or Loss occurring anywhere in the world except countries or states against which the United States has implemented trade or diplomatic sanctions. O. Economic and Trade Sanctions or Violations of Law Any Loss, Claim , covered event or other transaction or matter which is uninsurable under any act, statute, rule, regulation, ordinance, common law, or other law of the United States of America concerning trade or economic sanctions or export control laws are not covered under this Policy. P. Entire Agreement The Insureds agree that this Policy, including the Application, Declarations and any endorsements, constitutes the entire agreement between them and the Insurer or any of its agents relating to this insurance.