cPanel & WebHost Manager End User License Agreement

IMPORTANT: THIS SOFTWARE END-USER LICENSE AGREEMENT (EULA) IS A LEGAL AGREEMENT BETWEEN YOU
(EITHER AN INDIVIDUAL OR, IF PURCHASED OR OTHERWISE ACQUIRED BY OR FOR AN ENTITY, AN ENTITY) AND
CPANEL. READ IT CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AND USING THE SOFTWARE.
AMONG OTHER PROVISIONS, IT PROVIDES A LICENSE TO USE THE SOFTWARE AND CONTAINS TERMINATION AND
WARRANTY INFORMATION AND LIABILITY DISCLAIMERS. BY INSTALLING AND USING THE SOFTWARE, YOU CONFIRM
YOUR ACCEPTANCE OF THE SOFTWARE AND YOU AGREE TO BE BOUND BY THE TERMS OF THIS EULA. IF YOU DO
NOT AGREE TO BE BOUND BY THESE TERMS, THEN DO NOT INSTALL THE SOFTWARE AND RETURN THE SOFTWARE
TO YOUR WEBSITE OR PLACE OF PURCHASE FOR A FULL REFUND.

1. Definitions.

1.1 “360 Monitoring” means the software provided by, or through, cPanel used to monitor server and
website functionality. 360 Monitoring may be provided in whole, or in part, by third party software.

1.2 “Activated” has the meaning given in Section 2.5.2.

1.3 “Agreement” means both the EULA and the Pricing and Term Agreement.

1.4 “Applicable Law” means applicable international, federal, state or local laws, statutes, ordinances,
regulations or court orders.

1.5 “Beta Version” means any version of the Software released by cPanel for testing as determined by
cPanel in its sole discretion, including, without limitation, versions of the Software designated by cPanel as
“BETA” or “EDGE”. This does not create any obligation on cPanel’s part to develop, productize, support,
repair, offer for sale, or in any other way continue to provide or develop the Beta Version either to You, or
to any other entity. Products that are classified as “Beta Version” may have limitations associated with their
use such as disk utilization restrictions or suspended email functionality. You agree to these limitations and
may not bypass or circumvent them. Doing so is a material breach of Your agreements with cPanel.

1.6 “cPanel” means cPanel, L.L.C.

1.7 “cPanel Distributor” means a cPanel Partner who has met the requirements to become a cPanel
Distributor as determined by cPanel.
1.8 “cPanel Partner” means a cPanel partner who has entered into a valid and existing Partner NOC
Agreement with cPanel.

1.9 “cPanel Solo” means the Software that allows management of a single cPanel account from the WHM
interface.

1.10 “cPanel Usage Data” means all data collected by cPanel in connection with the use of the Software by
You or any Third Party Users, including (a) the licensed or unlicensed status of the Software; (b) the source
from which the license for the Software was obtained (i.e., cPanel or a cPanel affiliate); and (c) information
about the server upon which the Software is installed (including the Licensed Server) including (i) the public
IP address, (ii) the operating system, (iii) the use of any virtualization technologies on such server, and (iv)
data utilized to prevent and combat various server attacks by hackers or their hardware, including, but not
limited to, assaults such as spam attacks, brute force attacks, dictionary attacks, phishing, pharming, and
the like. Additionally, “cPanel Usage Data” may also include information collected by cPanel from time to
time concerning which features of the Software are most often used in order to improve and make
adjustments to the Software.

1.11 “Effective Date” shall have the meaning set out in the “Pricing and Term Agreement.” If the Pricing
and Term Agreement does not apply to this EULA, it shall have the meaning set out in the applicable pricing
document. If there is no applicable pricing document, the Effective Date shall be the date that You
download the Software.

1.12 “End User” means the individual or entity who uses the Software.

1.11 “EULA” means this End-User License Agreement.

1.12 “Intellectual Property Rights” means trade secret rights, rights in know-how, moral rights, copyrights,
patents, trademarks (and the goodwill represented thereby), and similar rights of any type under the laws
of any governmental authority, domestic or foreign, including all applications for and registrations of any
of the foregoing.

1.13 “Licensed Server” means the single server operating solely from the IP address identified by You in the
Pricing and Term Agreement to which the terms and conditions of this Agreement shall apply. A Licensed
Server may be a Virtual Private Server. You may update the IP address associated with the Licensed Server
from time to time during the Term (a) by visiting http://www.cpanel.net/store/ or such other URL as cPanel
may designate from time to time; (b) in the case of cPanel Partners, by using the Manage Interface (as
defined in the Partner NOC Agreement); or (c) by such other method as cPanel may elect to provide from
time to time during the Term.

1.14 “Manage Interface” means cPanel’s customer service, license management and Incident tracking
system or such successor system as cPanel may designate from time to time which is presently available
at https://manage2.cpanel.net/ or such other URL as cPanel may designate from time to time. Only cPanel
Partners and cPanel Distributors may access and use the Manage Interface. The term “Incident” shall have
the meaning given to it in the Technical Support Agreement.

1.15 “Pricing and Term Agreement” means, as applicable, the (a) Pricing and Term Agreement entered into
between You and cPanel in connection with the license of the Software which sets forth (among other
things) pricing, term and payment provisions of this Agreement; (b) pricing and payment provisions of the
cPanel Partner NOC Agreement entered into between You and cPanel; or (c) pricing and payment provisions
of any agreement between You and a cPanel Partner (or other third party authorized to grant You the
license) pursuant to which You obtained a license to use the Software. The Pricing and Term Agreement is
hereby incorporated by reference and made a part of this Agreement as though fully set forth herein.

1.16 “Site Builder” means software, graphics and other features, provided by, or through cPanel used to
create websites. Site Builder may be provided in whole, or in part, by third party software.

1.17 “Site Quality Monitoring” means the software provided by, or through, cPanel used to monitor
website functionality. Site Quality Monitoring may be provided in whole, or in part, by third party software.

1.18 “Software” means the software program(s) supplied by cPanel together with this Agreement,
including, but not limited to, cPanel & WebHost Manager (but not including cPanel Server Suite), WP
Toolkit, 360 Monitoring, Site Quality Monitoring and Site Builder and corresponding documentation, source
code, object code, Updates, user interfaces (including, without limitation, any web-based interfaces),
printed materials and online or electronic documentation, excluding any third party components.

1.19 “Term” means the term of this Agreement as set forth by the term of the license obtained by You (a)
in connection with the Pricing and Term Agreement; (b) in connection with the Partner NOC Agreement; or
(c) from a cPanel Partner or other third party authorized to grant You the license.

1.20 “Territory” means the world, except to the extent that use or distribution of the Software in certain
countries or regions would cause either party to violate Section 9.15 (Export Controls).
 1.21 “Third Party Users” means authorized end users of the Software on the Licensed Server.

1.22 “Trademarks” means all domestic and international trademarks, service marks, logos, trade names,
trade dress, including all goodwill represented by each of the foregoing, whether registered or unregistered,
of cPanel including, without limitation, CPANEL (USPTO Registration No. 3058679 and CTM Registration No.
004908299), the cPanel logo (USPTO Registration No. 3290579), WEBHOST MANAGER (USPTO Registration
No. 3246206), WHM (USPTO Registration No. 3282420) and ENKOMPASS (USPTO Trademark Application
Serial No. 77673202). cPanel may add to the foregoing non-exclusive list of cPanel Trademarks by updating
the cPanel Trademark Usage Policy which is located at http://www.cpanel.net/trademarkup.htm (or such
other URL as may be designated by cPanel from time to time) and which may be updated by cPanel in its
sole discretion from time to time (also referred to as “Exhibit 4” herein).

1.23 “Updates” means any bug fixes, patches and other modifications of the Software provided to You by
cPanel.

1.24 “Virtual Private Server” means a virtual server operating on a single physical server upon which
multiple virtual servers may operate.

1.25 “WordPress Toolkit” means the software provided by, or through, cPanel used to manage WordPress
websites.

1.26 “You” or “Your” means or refers to the individual or entity entering into this Agreement with cPanel,
whether or not such terms are capitalized in this Agreement.

2. License.

2.1 License Grant. During the Term, solely within the Territory and subject to the terms and conditions of
this Agreement, cPanel grants You a limited, non-exclusive, license to (a) install and use the Software on
the Licensed Server only, and (b) make a single back-up copy of the Software for archival purposes. Except
as provided in Sections 2.2 (Sublicensing) and 2.3 (Transfer of License), the foregoing license is non-
transferable, non-assignable and non-sublicensable.

2.2 Sublicensing.

2.2.1 Grant of Sublicense. You may sublicense the right to use (but not the right to install or make
a back-up copy) the Software to Third Party Users solely on the Licensed Server, or in the case of
Software other than cPanel & WHM, an End User; provided that (a) each Third Party User or End
User must enter into an agreement with You governing such user’s use of the Software on (i) in
the case of cPanel & WHM, a Licensed Server, or (ii) generally (Third Party Agreement); (b) as part
of such Third Party Agreement, each Third Party User or End User must agree to the Flow-Through
Provisions set forth in Section 2.2.3 as a condition of the Third Party User or End User’s use of the
Software; (c) the term of the Third Party Agreement and the scope of the license granted in the
Third Party Agreement shall be no greater than the Term of this Agreement and the scope of the
limited rights granted in this Section 2.2; and (d) each Third Party User or End User must be
eighteen years of age or older.

2.2.2 Grant of Sublicensing Rights to Third Party Users. You may grant to Third Party Users or End
User the right to sublicense the use of the Software to third party sublicensees (each such third
party sublicensee shall also constitute a “Third Party User” for purpose of this Agreement) (in the
case of cPanel & WHM, solely on the Licensed Server) provided that Your sublicense grant is (a)
subject to and in accordance with all obligations of this Section 2.2; (b) limited to the Term of this
Agreement; and (c) no greater in scope than the limited sublicense right granted in this Section
2.2. For the avoidance of doubt and without limiting the generality of the forgoing, each third party
with access to the Software must enter into a Third Party Agreement governing the use of the
Software and each Third Party Agreement must condition use of the Software on agreement to
the Flow-Through Provisions set forth in Section 2.2.3.

2.2.3 Flow-Through Provisions. Each Third Party Agreement must contain:

(a) The Third Party User or End User’s acknowledgement and agreement that the Third
Party User or End User may not alter, merge, modify, prepare derivative works based
upon, adapt or translate the Software in any manner whatsoever, decompile, reverse
engineer, disassemble, or otherwise reduce the Software to any human-readable form,
or use the Software to develop any application having the same primary functions as the
Software;

(b) The Third Party User or End User’s acknowledgement and agreement that cPanel owns
all right, title and interest in and to the cPanel IP Rights substantially similar to Section
3.1, unless such IP Rights are limited in this EULA (Ownership);

(c) A notice, substantially similar to the disclaimer set forth in Section 6.3 (Disclaimer),
that cPanel disclaims all warranties and representations with respect to the Software;
(d) A limitation of liability substantially similar to that set forth in Section 7 (Limitation of
Liability) for the benefit of cPanel;(e) For cPanel & WHM, the Third Party User’s
acknowledgement and agreement that it may use the Software only on the Licensed
Server and only within the Territory;

(f) The Third Party User or End User’s acknowledgement and agreement that its right to
use the Software shall automatically expire without notice upon the expiration or
termination of this Agreement for any reason whatsoever;

(g) The Third Party User or End User’s acknowledgement and agreement that cPanel may
in its sole discretion terminate, disable or suspend the use of and access to the Software
by You or any Third Party User or End User in the event of (i) any breach of this Agreement
by You, or (ii) any breach by the Third Party User or End User of any provision concerning
cPanel or the Software in any Third Party Agreement;

(h) The Third Party User or End User’s acknowledgement and agreement that cPanel is a
third party beneficiary of any Third Party Agreement applicable to the Software with the
full right to enforce the provisions of the Third Party Agreement as they pertain to cPanel
and the Software;

(i) The Third Party User or End User’s acknowledgement and agreement that cPanel’s may
in its sole discretion (i) monitor use of the Software; (ii) use the Authentication System;
and (iii) collect and use the cPanel Usage Data as set forth in Section 2.5 (Monitoring of
Software);

(j) The Third Party User or End User’s waiver of any and all claims (whether under law,
equity or any other theory of liability) against cPanel and its affiliates that may arise from
a Third Party User or End User’s inability to use the Software in the event (i) of the
expiration or termination of this Agreement for any reason whatsoever; or (ii) that cPanel
disables or suspends access to the Software as set forth in this Section 2.2;

(k) For cPanel & WHM, a notice that the Third Party User may verify the licensed or
unlicensed status of the Software and obtain other information about the license
applicable to the Licensed Server by using the cPanel License Verification System located
at http://verify.cpanel.net/ or such other URL as cPanel may designate from time to time;
and
 (l) If You grant a Third Party User or End User the right to sublicense the use of the
Software to third party sublicensees pursuant to Section 2.2.2, the Third Party User or End
User’s acknowledgement and agreement that any grant of sublicensing rights (i) shall be
subject to and conditioned upon a Third Party Agreement between the Third Party User
or End User and each third party sublicensee governing the use of the Software; (ii) that
the Third Party Agreement shall include the Flow-Through Provisions set forth in this
Section 2.2.3; (iii) that the sublicensing grant to a third party sublicensee in the Third Party
Agreement shall be no greater in scope and no greater in duration than the rights granted
to the Third Party User or End User; (iv) that each third party sublicensee must be eighteen
years of age or older; and (v) that all sublicensing rights shall be subject to terms and
conditions substantially similar to Section 2.2.4 (Sublicensing Restrictions).

2.2.4 Sublicensing Restrictions. The right to sublicense the use of the Software to a Third Party
User or End User (and such Third Party User or End User’s right to sublicense the use of the
Software to third party sublicensees) is conditioned upon compliance with the terms of this
Section 2.2. Upon request from cPanel, You and any authorized sublicensor shall provide
cPanel with copies of any Third Party Agreements. Use of or access to the Software by Third
Party Users who have not agreed to the terms to or complied with this Section 2.2 exceeds
the scope of the license grant of this Agreement and constitutes a material breach of this
Agreement. cPanel shall also have the right (but not the obligation) to notify any Third Party
Users or an End User that cPanel will or has terminated, suspended or disabled their use of
the Software due to the termination or expiration of this Agreement or a breach of this
Agreement. In the event that cPanel notifies Third Party Users or an End User pursuant to the
preceding sentence, cPanel reserves the right to offer products and services, including,
without limitation, the Software, to any Third Party Users or End Users affected by such
termination or expiration (or to refer such third parties to other cPanel licensees or affiliates).
Except as set forth in this Section 2.2, You may not rent, lease or sublicense the Software.

2.2.5 Moving from cPanel Solo to a Standard license (upgrade) is immediate. If You choose
to move from cPanel Solo license to a standard license, the license fee You paid the month the
move occurs will be prorated for the term of the prior license and prorated for the term of the
new license. At the time of the license conversion, You will be required to pay the difference
 between the lower and higher license fees. If You move to a monthly license, the next full
charge will be on the first day of the month following the license conversion.

2.3 Transfer of License. Subject to Section 9.8 (Assignment), You may transfer or assign this Agreement
in its entirety to a third party upon notice to cPanel solely with respect to Monthly Licenses for the
cPanel & WHM Software. One Year Licenses, Two Year Licenses and Three Year Licenses for the
Software may not be transferred or assigned under this Section 2.3. Other Software licenses may not
be transferable depending on their pricing.

2.4 Restrictions on Use.

2.4.1 Installation of Software Package. The Software is licensed as a single product and none
of the components in the Software may be separated for installation or use other than on the
Licensed Server.

2.4.2 Back-Up Copy. If You make a back-up copy of the Software, such copy must be in
machine-readable form and You must reproduce on such copy all Intellectual Property Right
notices and any other proprietary legends on the original copy of the Software.

2.4.3 Commercial Use; Evaluation. If Your Pricing and Term Agreement provides for an
Educational License, Non-Profit License or Trial Version License, You may not use the Software
for any commercial purposes. Additionally, if Your Pricing and Term Agreement provides for a
Trial Version License, You may only use the Software to review and evaluate the Software.

2.4.4 No Derivative Works; Reverse Engineering. You may not alter, merge, modify, prepare
derivative works based upon, adapt or translate the Software in any manner whatsoever.
Additionally, You may not decompile, reverse engineer, disassemble, or otherwise reduce the
Software to any human-readable form, or use the Software to develop any application having
the same primary functions as the Software.

2.5 Monitoring of Software.

2.5.1 Audit by cPanel. You agree that cPanel may audit Your use of the Software for
compliance with this Agreement at any time, upon reasonable notice. You agree to cooperate
with cPanel and any auditors selected by cPanel to complete the audit, including by providing
access to any facilities in which the Software is used or stored, including, without limitation,
the facilities which house the Licensed Server and any facilities which cPanel reasonably
believes house servers upon which the Software is installed. In the event that such audit
reveals any use of the Software by You other than in compliance with the terms of this
Agreement, You shall reimburse cPanel for all reasonable expenses related to such audit in
addition to any other liabilities You may incur as a result of such noncompliance.

2.5.2 Mandatory Product Activation. If You do not complete the Mandatory Product
Activation process within 15 days after You first install the Software, cPanel may in its sole
discretion terminate this Agreement or suspend or disable access in whole or in part to the
Software. “Mandatory Product Activation” means the process by which You supply to cPanel
certain information during the installation or setup process of the Software. After You have
completed the Mandatory Product Activation process, cPanel will activate the Software
allowing You to use the Software subject to the terms and conditions of this Agreement. After
cPanel activates the Software, such Software shall be deemed to be “Activated” for purposes
of this Agreement. The Mandatory Product Activation process may require the use of the
Internet or a long distance telephone call. You are responsible for any Internet access fees or
telephone charges required for the activation or use of the Software.

2.5.3 Authentication System. The Software contains technological measures that, working in
conjunction with cPanel computer servers, are designed to prevent unlicensed or illegal use
of the Software (collectively, the “Authentication System”). You acknowledge and agree that
such Authentication System allows cPanel to (among other things): (a) monitor use of the
Software by You and Third Party Users as set forth in Section 2.5.4 (cPanel Usage Data); (b)
verify that the Software is only used on the Licensed Server; (c) that You have purchased
sufficient accounts for the Software; (d) suspend or disable access to the Software in whole or
in part in the event of a breach of this Agreement or in the event of a breach by a Third Party
User of cPanel-related provisions of a Third Party Agreement; and (e) terminate use of the
Software upon the expiration or termination of this Agreement. You agree not to thwart,
interfere with, circumvent or block the operation of any aspect of the Authentication System,
including any communications between the Software and cPanel’s computer servers. For the
avoidance of doubt, the Software will not operate unless cPanel from time to time verifies the
Software using the Authentication System which requires the exchange of information
between the Licensed Server and cPanel over the Internet.
 2.5.4 cPanel Usage Data. You agree that, without further notice to You or any Third Party User
or End User, cPanel may use technological means, including the Authentication System, to: (a)
monitor use of the Software as may be necessary to monitor for compliance with the terms
of this Agreement, the Pricing and Term Agreement, or any other agreement applicable to the
Software; and (b) collect cPanel Usage Data. cPanel reserves the right to copy, access, store,
disclose and use cPanel Usage Data indefinitely in its sole discretion; provided, however, that
in the event that cPanel collects information concerning which features of the Software are
most often used by You or Third Party Users or an End User, cPanel will remove personally
identifiable information (if any) from such data and copy, access, store, disclose and use such
data solely for the purpose of improving the Software.

2.6 Additional Licenses. For the avoidance of doubt, You may not install or use the Software on any
other servers or computers other than the Licensed Server. If You wish to install and use the Software
on servers other than the Licensed Server, You will need to obtain a separate license for each additional
server, including, without limitation, a separate license for each additional Virtual Private Server.
Certain Software set out in this Agreement may have restrictions on the number of users as set out in
the Pricing and Term Agreement, any other applicable agreement and/or the relevant pricing page(s).
Software subject to such restrictions will also be subject to the limitations, refund and credit policies
set out in the Pricing and Term Agreement, the relevant pricing page and/or in Your other agreements
with cPanel.

2.7 Updates. The Software may automatically download and install updates from time to time from
cPanel. These updates are designed to improve, enhance and further develop the Software and may
take the form of bug fixes, enhanced functions, new software modules, completely new versions and
additional products and services offered through or from the Software. You agree to receive such
updates (and permit cPanel to deliver these to You) as a condition to Your use of the Software.

2.8 License Exchange. You agree that this Agreement shall supersede any prior End-User License
Agreement between You and cPanel applicable to the Software and that such prior End-User License
Agreement is hereby terminated if (a) You previously purchased a license for the Software and are now
purchasing a new license for the Software so that You may obtain additional technical support or
updates during the Term of this Agreement; or (b) the copy of the Software You licensed with this
Agreement is an upgrade to an earlier version of the Software. You may not continue to use the earlier
version of the Software or transfer it to another person or entity.
 2.9 Automatic Activation. Components of the Software may be automatically activated for You and/or
End Users. Entering into this EULA is Your consent to the installation and operation of automatically
activated Software. You will only incur a Fee if You or an End User use automatically activated Software.
For the purposes of this paragraph, the term “use” means implementing a feature of that Software.

3. Intellectual Property Rights.

3.1 Ownership. cPanel owns all right, title and interest, including all Intellectual Property Rights, in and
to, (a) the Software; (b) the Trademarks; (c) cPanel Usage Data; and (d) any and all Submissions
(collectively, “cPanel IP Rights”). If applicable, the cPanel IP Rights in the Software may be licensed to
cPanel rather than owned. This paragraph does not create any warranties. Warranties, if any, related
to the cPanel IP Rights, are set out in the section of this EULA entitled “Warranties” and may be further
limited in a paragraph specific to individual Software.

3.2 Trademarks; Domain Names. This Agreement does not authorize You to use the Trademarks. If You
wish to use the Trademarks, You must obtain a written license to use the Trademarks from cPanel.
Additionally, You will not (a) assert any Intellectual Property Right in the Trademarks or in any element,
derivation, adaptation, variation or name thereof; (b) contest the validity of any of the Trademarks; (c)
contest cPanel’s ownership of any of the Trademarks; or (d) in any jurisdiction, adopt, use, register, or
apply for registration of, whether as a corporate name, trademark, service mark or other indication of
origin, or as a domain name or sub-domain name, any trademarks, or any word, symbol or device, or
any combination confusingly similar to, or which incorporates in whole or in part, any of the
Trademarks.

3.3 No Implied License or Ownership. Nothing in this Agreement or the performance thereof, or that
might otherwise be implied by law, will operate to grant You any right, title or interest, implied or
otherwise, in or to the cPanel IP Rights.

3.4 No Contest. You acknowledge and agree that the cPanel IP Rights are and shall remain the sole and
exclusive property of cPanel or its licensors. You agree that You shall never oppose, seek to cancel, or
otherwise contest the ownership of the cPanel IP Rights or act in any manner that would or might
conflict with or compromise the ownership of the cPanel IP Rights, or similarly affect the value of the
cPanel IP Rights. Whenever requested by cPanel, You shall execute such documents as cPanel may
deem necessary or appropriate to confirm, maintain or perfect the ownership of the cPanel IP Rights.
In the event cPanel is unable, after reasonable effort, to secure Your signature on any document or
 documents needed to apply for or to confirm, maintain or perfect the ownership of the cPanel IP Rights
for any other reason whatsoever, You hereby irrevocably designate and appoint cPanel as Your duly
authorized attorney-in-fact, to act for and on Your behalf and stead to execute and sign any document
or documents and to do all other lawfully permitted acts to confirm, maintain or perfect the ownership
of the cPanel IP Rights with the same legal force and effect as if executed by You. In the event You
become aware that any third party is, or may be, infringing the cPanel IP Rights, You agree to notify
cPanel of such fact.

3.5 Proprietary Notices. Third party trademarks, trade names, product names and logos included in
the Software may be the trademarks or registered trademarks of their respective owners. You may not
remove or alter any trademark, trade names, product names, logo, copyright or other proprietary
notices, legends, symbols or labels in the Software.

3.6 Submissions. With respect to any feedback, suggestions or ideas (Submissions) that You submit to
cPanel concerning the Software, or any of cPanel’s products or services, You agree that: (a) Your
Submissions will automatically become the property of cPanel, without any compensation to You; (b)
cPanel may use or redistribute the Submissions for any purpose and in any way; (c) cPanel is not
obligated to review any Submissions; and (d) cPanel is not obligated to keep any Submissions
confidential.

4. Payments. As a condition of the license granted to You pursuant to this Agreement, You shall pay cPanel the
amount(s) set forth in Your Pricing and Term Agreement, or any other fee schedule associated with the
Software, or any aspect of the Software, in accordance with the payment terms contained therein.

5. Term and Termination.

5.1 Term. This Agreement shall be effective on the Effective Date and shall automatically expire at the
end of the Term.

5.2 Termination. cPanel may terminate this Agreement (a) in the event of Your breach of this
Agreement (or a Third Party User or End User’s breach of a provision of a Third Party Agreement
relating to the Software or cPanel) upon 30 days’ notice to You if such breach remains uncured after
the expiration of the 30 day notice period; (b) as set forth in Section 2.2 (Sublicensing); or (c)
immediately without notice in the event of Your material breach of this Agreement (or a Third Party
User or End User’s breach of a material provision of a Third Party Agreement relating to the Software
or cPanel). You acknowledge and agree that any breach by You or any Third Party User or End User of
 the following provisions of the Agreement or any related provisions of a Third Party Agreement shall
each constitute a material breach: (i) use of the Software in excess of the license grant in Section 2.1
(License Grant); (ii) any purported or attempted assignment, transfer, sale or other disposition or
delegation of the Software in violation of Section 2.3 (Transfer of License) or Section 9.8 (Assignment);
(iii) any violation of Section 2.4 (Restrictions of Use) including, without limitation, Section 2.4.4 (No
Derivative Works; Reverse Engineering); (iv) any violation of Section 2.5 (Monitoring of Software)
including, without limitation, any attempt, whether successful or not, to thwart, interfere with,
circumvent or block the operation of any aspect of the Authentication System; (v) any conduct
inconsistent with the cPanel IP Rights as set forth in Section 3 (Intellectual Property Rights); (vi) any
breach of Section 4 (Payments); and (vii) any breach of Your representations and warranties under
Section 6.1 (Mutual Representations). Additionally, a material breach by You of any agreement or
contract between You and cPanel, including, without limitation, a breach of cPanel’s Trademark Usage
Policy, any applicable EULA, the Technical Support Agreement or the PartnerNOC Agreement shall be
deemed a material breach of this Agreement and shall give rise to cPanel’s right to terminate as set
forth in this Section 5.2. The foregoing list of material breaches is a non-exclusive list.

5.3 Effect of Termination. Upon the expiration or termination of this Agreement for any reason, (a)
You must destroy all copies of the Software, including any back-up copy; (b) You must uninstall or
delete the Software from the Licensed Server; and (c) cPanel may, without notice and in its sole
discretion, terminate, suspend or disable access to the Software by You or any Third Party User or End
User.

5.4 Survival. Sections 1 (Definitions), 2.5 (Monitoring of Software), 3 (Intellectual Property Rights), 4
(Payments), 5 (Term and Termination), 6.3 (Disclaimer), 7 (Limitation of Liability), 8 (Indemnification)
and 9 (Miscellaneous) shall survive the termination or expiration of this Agreement for any reason.

6. Representations; Warranties; Disclaimer.

6.1 Mutual Representations. Each party hereto represents and warrants to the other party that: (a)
such party has the full right, power and authority to enter into this Agreement on behalf of itself and
to undertake to perform the acts required of it hereunder; (b) the execution of this Agreement by such
party, and the performance by such party of its obligations and duties to the extent set forth hereunder,
do not and will not violate any agreement to which it is a party or by which it is otherwise bound; (c)
when executed and delivered by such party, this Agreement will constitute the legal, valid and binding
obligation of such party, enforceable against such party in accordance with its representations,
warranties, terms and conditions; and (d) such party will comply with all Applicable Laws related to the
use and installation of the Software and the performance of its obligations under this Agreement.

6.2 Limited Warranty. cPanel represents and warrants that, for a period of 90 days from the date of
delivery of the Software, when used with a hardware and software configuration recommended by
cPanel, the Software will perform in substantial conformance with the documentation supplied with
the Software. The limited warranty in this Section 6.2 shall not apply (a) to any Educational License,
Non-Profit License or Trial Version License; (b) if Your version of the Software is a Beta Version; (c) if
the Software has been altered in any way by a party other than cPanel; (d) the Software’s third party
components; or (e) if any failure or error arises out of use of the Software with anything other than a
cPanel recommended hardware and software configuration. Any misuse, accident, abuse, modification
or misapplication of the Software will void the limited warranty in this Section 6.2.

6.2.1 Beta or Edge Software.

If Software is designated by cPanel as “Beta” or “Edge,” the Software and/or documentation

provided with the Software that is designated by cPanel as “Beta” or “Edge” is believed to
contain defects. For the purposes of this EULA, both Beta and Edge Software are referred to
as a “Beta Version.” It is Your sole and exclusive obligation to secure Your computing
environment to ensure that Your use of the Software and/or documentation does not damage
Your business.

For Software designated by cPanel as “Beta” or “Edge,” on the Effective Date, we grant to You
a no charge, non-exclusive, non-transferable, non-sublicensable, license to use the Software
solely for Your internal testing and evaluation purposes to determine its suitability and the
presence of bugs and other items that may detract from its effectiveness (Beta Test). The
Software shall be used only for the purposes of testing and evaluation.

You may use the Software, and any documentation provided with it, for a period of 90 days
beginning on the Effective Date (Beta Term). At the conclusion of the Beta Term, You will be
required to change Your license type to a different license. cPanel may, but has no obligation
to, extend the Beta Term at its discretion. cPanel may terminate this Agreement at any time
upon written notice to You even prior to the expiration of the Beta Term. If cPanel chooses to
terminate a Beta product, it will provide You with 7 days prior written email notice. Following
the Beta term, cPanel may, at its discretion, move the Software to a production environment.
 Upon the end of a Beta Version, Your ability to use the Software will be suspended. You will
have no access to the data associated with the Beta Version.

As consideration for cPanel granting to You a license to use the Beta Version, You agree to
notify cPanel of all problems and ideas for enhancements which come to Your attention during
Your use. While using the Beta Version and, from time-to-time on cPanel’s request, You will
provide cPanel written evaluations, including, but not limited to, surveys of the Beta Version
by the date cPanel requests (Evaluations). The Evaluations will be provided in the format
cPanele chooses. Your continued use of the Beta Version is expressly contingent on Your
providing the Evaluations to cPanel in a timely and complete manner. As further consideration
for granting You the license to use the Beta Version, You may be required to agree to receive
marketing and other communications from cPanel and/or its partners. If this is the case, You
may choose to refuse to receive such communications by not installing the Beta Version.

You assign all right, title and interest in the Evaluations, including, but not limited to, any and
all ideas, inventions, processes, patents, copyrights, trade secrets, mask works, trademarks,
moral rights, or any other intellectual property rights contained in the Evaluation, or which
may be reasonably extrapolated from the Evaluation. The sole consideration for this
assignment is cPanel’s license of the Beta Version to for Your use, pursuant to this Agreement.

6.3 Disclaimer. THE SOFTWARE LICENSED HEREUNDER IS PROVIDED "AS IS" AND CPANEL HEREBY
DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, RELATING TO THE
SOFTWARE, ITS THIRD PARTY COMPONENTS, AND ANY DATA ACCESSED THEREFROM, OR THE
ACCURACY, TIMELINESS, COMPLETENESS, OR ADEQUACY OF THE SOFTWARE, ITS THIRD PARTY
COMPONENTS, AND ANY DATA ACCESSED THEREFROM, INCLUDING THE IMPLIED WARRANTIES OF
TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-
INFRINGEMENT. CPANEL DOES NOT WARRANT THAT THE SOFTWARE OR ITS THIRD PARTY
COMPONENTS ARE ERROR-FREE OR WILL OPERATE WITHOUT INTERRUPTION. IF THE SOFTWARE, ITS
THIRD PARTY COMPONENTS, OR ANY DATA ACCESSED THEREFROM IS DEFECTIVE, YOU ASSUME THE
SOLE RESPONSIBILITY FOR THE ENTIRE COST OF ALL REPAIR OR INJURY OF ANY KIND, EVEN IF CPANEL
HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DEFECTS OR DAMAGES.

6.3.1 IF APPLICABLE LAW REQUIRES ANY WARRANTIES WITH RESPECT TO THE SOFTWARE, ALL
SUCH WARRANTIES ARE LIMITED IN DURATION TO 90 DAYS FROM THE DATE OF DELIVERY.
 6.3.2 NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY CPANEL, ITS AFFILIATES,
LICENSEES, DEALERS, SUB-LICENSORS, AGENTS OR EMPLOYEES SHALL CREATE A WARRANTY
OR IN ANY WAY INCREASE THE SCOPE OF ANY WARRANTY PROVIDED IN SECTION 6.2.

6.3.3 SOME JURISDICTIONS DO NOT ALLOW RESTRICTIONS ON IMPLIED WARRANTIES SO

SOME OF THESE LIMITATIONS MAY NOT APPLY TO YOU.

7. Limitation of Liability.

7.1 Lost Profits; Consequential Damages. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW,
CPANEL WILL NOT BE LIABLE FOR ANY LOST PROFITS, COSTS OF PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES, DAMAGES FOR THE INABILITY TO USE EQUIPMENT OR ACCESS DATA, BUSINESS
INTERRUPTION, OR FOR ANY OTHER INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL
DAMAGES ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, HOWEVER CAUSED, AND
UNDER WHATEVER CAUSE OF ACTION OR THEORY OF LIABILITY BROUGHT (INCLUDING, WITHOUT
LIMITATION, UNDER ANY CONTRACT, NEGLIGENCE OR OTHER TORT THEORY OF LIABILITY) EVEN IF
CPANEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

7.2 Total Cumulative Liability; Exclusive Remedy. EXCEPT FOR AMOUNTS OWED BY YOU TO CPANEL
UNDER SECTION 4, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, CPANEL’S AGGREGATE
LIABILITY FOR DIRECT DAMAGES, UNDER THIS AGREEMENT (CUMULATIVELY) SHALL BE LIMITED TO THE
TOTAL FEES COLLECTED BY CPANEL UNDER THIS AGREEMENT; PROVIDED, HOWEVER, THAT FOR ANY
BREACH OF THE LIMITED WARRANTY OF SECTION 6.2, YOUR SOLE AND EXCLUSIVE REMEDY AND
CPANEL’S ENTIRE LIABILITY SHALL BE FOR CPANEL, AT CPANEL’S ELECTION AND WITHIN ITS SOLE
DISCRETION, TO USE COMMERCIALLY REASONABLE EFFORTS TO (A) SUPPLY YOU WITH A
REPLACEMENT COPY OF THE SOFTWARE THAT SUBSTANTIALLY CONFORMS TO THE DOCUMENTATION
INCLUDED WITH THE SOFTWARE; OR (B) REFUND TO YOU YOUR LICENSE FEE FOR THE SOFTWARE;
PROVIDED THAT YOU REPORT ANY NON-COMPLIANCE WITH THE LIMITED WARRANTY OF SECTION 6.2
IN WRITING TO CPANEL NO MORE THAN 90 DAYS FOLLOWING DELIVERY OF THE SOFTWARE TO YOU.
SHOULD SOFTWARE BE PROVIDED TO YOU AT NO CHARGE, CPANEL’S AGGREGATE LIABILITY FOR
DAMAGES, AS SET OUT IN THIS PARAGRAPH SHALL BE $1,000. CPANEL SHALL HAVE NO LIABILITY FOR
DIRECT DAMAGES FOR BETA VERSION OR TRIAL VERSION SOFWARE.

8. Indemnification. You shall indemnify, defend and hold harmless cPanel and its directors, officers, staff,
employees and agents and their respective successors, heirs and assigns and cPanel affiliates (and their
directors, officers, staff, employees and agents and their respective successors, heirs and assigns) (collectively,
the “cPanel Parties”) from and against any liability, damage, loss or expense (including reasonable attorneys’
fees and expenses of litigation) incurred by or imposed upon the cPanel Parties or any one of them in connection
with any claims, suits, actions, demands or judgments (Claims) related directly or indirectly to or arising out of
(a) a breach of Your representations, warranties or obligations under this Agreement; (b) in the event that You
sublicense the right to use the Software to any Third Party Users pursuant to Section 2.2 (Sublicensing), (i) a
breach of a Third Party User’s representations, warranties or obligations under any provisions in a Third Party
Agreement relating to cPanel or the Software; and (ii) any Claims based upon or arising from any allegation that
a Third Party User was harmed due to any termination, suspension or disabling of such user’s access to the
Software by cPanel pursuant to the terms and conditions of this Agreement; provided, however, that in any
such case cPanel or its affiliates, as applicable, (x) provide You with prompt notice of any such claim; (y) permit
You to assume and control the defense of such action upon Your written notice to cPanel of Your intention to
indemnify; and (z) upon Your written request, and at no expense to cPanel or its affiliates, provide to You all
available information and assistance reasonably necessary for You to defend such claim. You will not enter into
any settlement or compromise of any such claim, which settlement or compromise would result in any liability
to the cPanel Parties, without cPanel’s prior written consent, which will not unreasonably be withheld. You will
pay any and all costs, damages, and expenses, including, but not limited to, reasonable attorneys’ fees and costs
awarded against or otherwise incurred by cPanel or its affiliates in connection with or arising from any such
claim.

9. Miscellaneous.

9.1 Force Majeure. No party will be liable for any failure or delay in performance of any of its
obligations hereunder if such delay is due to acts of God, pandemic, fires, flood, storm, explosions,
earthquakes, general Internet outages, acts of war or terrorism, riots, insurrection or intervention of
any government or authority; provided, however, that any such delay or failure will be remedied by
such party as soon as reasonably possible. Upon the occurrence of a force majeure event, the party
unable to perform will, if and as soon as possible, provide written notice to the other parties indicating
that a force majeure event occurred and detailing how such force majeure event impacts the
performance of its obligations.

9.2 Independent Contractors. It is the intention of the parties that cPanel and You are, and will be
deemed to be, independent contractors with respect to the subject matter of this Agreement, and
nothing contained in this Agreement will be deemed or construed in any manner whatsoever as
creating any partnership, joint venture, employment, agency, fiduciary or other similar relationship
between cPanel and You.

9.3 Choice of Law; Venue; Jurisdiction. This Agreement will be governed by and interpreted in
accordance with the laws of the State of Texas without regard to the conflicts of laws principles thereof.
Any dispute or claim arising out of or in connection with the Agreement shall be finally settled and
exclusively by the state or federal courts located in Harris County, Texas. For purposes of this
Agreement, You and cPanel hereby irrevocably consent to exclusive personal jurisdiction and venue in
the federal and state courts in Harris County, Texas. However, to the extent the Data Processing
Agreement (DPA) is applicable to a Customer, the jurisdiction and venue provisions of the DPA shall
govern the DPA. Those jurisdiction and venue provisions shall be limited only to the DPA, if applicable
to a Customer. This Section 9.3 shall apply to all other provisions of this Agreement.

9.4 Entire Agreement. This Agreement, together with all Exhibits hereto, represents the entire
agreement between the parties with respect to the subject matter hereof and thereof and will
supersede all prior agreements and communications of the parties, oral or written.

9.5 Basis of Bargain. Section 6.2 (Limited Warranty), Section 7 (Limitations of Liability) and Section 8
(Indemnification) are fundamental elements of the basis of the agreement between cPanel and You
and shall inure to the benefit of cPanel. cPanel would not be able to provide the Software on an
economic basis without such limitations.

9.6 Severability. If any provision of this Agreement is held to be invalid, illegal or unenforceable for any
reason, such invalidity, illegality or unenforceability will not affect any other provisions of this
Agreement, and this Agreement will be construed as if such invalid, illegal or unenforceable provision
had never been contained herein.

9.7 Amendment or Modification. This Agreement is subject to change without prior notice from
cPanel. You shall be deemed to have accepted any changes or modifications by Your continuing use of
the Software. Additionally, this Agreement may not be amended, modified, or supplemented by You in
any manner, except by an instrument in writing signed and agreed to by cPanel.

9.8 Assignment. This Agreement may not be assigned, transferred, delegated, sold or otherwise
disposed of, including, without limitation, by operation of law, other than as expressly set forth in this
Section 9.8. This Agreement may be assigned, transferred, delegated, sold or otherwise disposed of in
its entirety: (a) by cPanel in its sole discretion; (b) by You with the prior written consent of cPanel; and
(c) as set forth in Section 2.3 (Transfer of License). In addition, cPanel may delegate its performance
under this Agreement in whole or in part to one or more affiliates, provided that cPanel will remain
liable and responsible for any performance or obligation so delegated. A party’s permitted successors
or assignees must agree as a condition precedent to any assignment, transfer or delegation to fully
perform all applicable terms and conditions of this Agreement. No party may assign this Agreement to
any entity that lacks sufficient assets and resources to continue to perform, to contractually required
standards, all assigned obligations for the remainder of the Term. This Agreement will be binding upon
and will inure to the benefit of a party’s permitted successors and assigns. Any purported assignment,
transfer, delegation, sale or other disposition in contravention of this Section 9.8, including, without
limitation, by operation of law, is null and void.

9.9 Waiver. Any of the provisions of this Agreement may be waived by the party entitled to the benefit
thereof. No party will be deemed, by any act or omission, to have waived any of its rights or remedies
hereunder unless such waiver is in writing and signed by the waiving party, and then only to the extent
specifically set forth in such writing. A waiver with reference to one event will not be construed as
continuing or as a bar to or waiver of any right or remedy as to a subsequent event.

9.10 Remedies Cumulative. Except as expressly set forth herein, no remedy conferred upon the parties
by this Agreement is intended to be exclusive of any other remedy, and each and every such remedy
will be cumulative and will be in addition to any other remedy given hereunder or now or hereafter
existing at law or in equity.

9.11 No Third Party Beneficiaries. This Agreement is made for the benefit of the parties only, and this
Agreement is not for the benefit of, and was not created for the benefit of, any third parties including,
without limitation, any Third Party Users.

9.12 Notices. All notices or questions relating to this Agreement shall be directed to: cPanel, L.L.C.,
Attn: Legal Department, 2550 North Loop W., Suite 4006, Houston, TX 77092. Any notice required to
be given under this Agreement shall be deemed given by cPanel when sent to You by email, telephone,
fax, or mail to the contact information supplied by You to cPanel in the Pricing and Term Agreement or
other pricing document. You may update such information from time to time upon written notice to
cPanel at the address in this Section 9.12. Any failure by You to provide cPanel with updated contact
information will not invalidate the effectiveness of any notice sent by cPanel to the contact information
previously supplied by You.
9.13 Notice to U.S. Government Users. The Software and any associated documentation are
“Commercial Items,” as that term is defined at 48 C.F.R. 2.101, consisting of “Commercial Computer
Software” and “Commercial Computer Software Documentation,” as such terms are used in 48 C.F.R.
12.212 or 48 C.F.R. 227.7202, as applicable. Consistent with 48 C.F.R. 12.212 or 48 C.F.R. 227.7202-1
through 227.7202-4, as applicable, the Commercial Computer Software and Commercial Computer
Software Documentation are licensed to U.S. Government end users (a) only as Commercial Items and
(b) with only those rights as are granted to all other end users pursuant to the terms and conditions
herein.

9.14 Third Party Software. The Software contains third party software the use of which requires Your
agreement to additional terms and conditions with respect to such third party software. The terms and
conditions for such third party software used in cPanel & WHM are located in their respective source
files at /usr/local/cpanel/src/3rdparty/ arranged by license type.

9.15 Export Controls. The parties agree to comply fully with all Applicable Laws of the United States,
or of any foreign government to or from where a party is shipping, to in connection with the import,
export or re-export, directly or indirectly, of the Software in connection with this Agreement. You
specifically agree that You shall not, directly or indirectly, supply or permit any other party to supply
the Software to an individual or organization in a country or region against which the U.S. government
imposes an embargo (presently, Crimea, Cuba, Iran, North Korea and Syria) or an individual or
organization on the U.S. Treasury Department’s List of Specially Designated Nationals and Blocked
Persons or other individual who or organization that is the subject of a U.S. legal measure that provides
for sanctions blocking of property or that otherwise generally forbids U.S. citizens to transact with the
individual or organization.

9.16 Time-Limited Claims. Regardless of any Applicable Law to the contrary, You agree that any claim
or cause of action arising out of or related to the Software or this Agreement, must be filed within one
year after such claim or cause of action arose or be forever barred.

9.17 Data Protection. Where You are a business, company or similar organization, to the extent that
cPanel processes any personal data on Your behalf in connection with the Agreement and (a) the
personal data relates to individuals located in the EEA; or (b) You are located in the EEA, the parties
agree that such personal data will be processed in accordance with the Data Processing Addendum set
forth in Schedule 1. For the purposes of this Section 9.17, the terms “personal data,” “process” and
“EEA” have the meanings given in the Data Processing Addendum.
10. Software Specific Terms.

The following provisions apply only to the Software described in this section.

10.1 Site Quality Monitoring.

10.1.1 Availability. The functions provided by the Software will be available as

set out in the Software’s documentation. From time-to-time aspects of the Software will not
be available due to planned maintenance or updating. There is no service level associated
with the Software.

10.1.2 Deletion of Records. Upon termination, all records associated with the
Software’s functions will be deleted. Following termination, You will not have access to any
historical monitoring information.

10.1.3 Facilitating the Operation of the Site Quality Monitoring Software.

Aspects of the Software require access to Your, or the End User’s, processes, and network
services in order to function properly. It is Your, or Your End User’s, obligation to configure
these processes and network services in accordance with the documentation associated with
the Software. Failure to do so will cause the operation of the Software to degrade or not
function properly. cPanel is not responsible for such a degradation or failure to operate, and
is not obligated to provide support to address this issue.

10.1.4 High Risk Activities. The Software covered by this subsection is not
designed, manufactured or intended for use or resale as on-line control equipment in
hazardous environments requiring fail-safe performance, such as, but not limited to, the
operation of nuclear facilities, aircraft navigation or communications systems, air traffic
control, weapons systems, health care facilities or operations (including, but not limited to,
physician’s offices), or any other software, system or service, in which the failure, or non-
operation of the Software for any period of time, could lead, directly or indirectly, to death,
personal injury, or severe physical or environmental damage. cPanel and any third parties
providing technology incorporated into the Software specifically disclaim any express or
implied warranties of fitness for such activities.

10.2 Site Builder.

10.2.1 Content Ownership.

10.2.1.1 The Software provides You or Your End Users with the ability to upload User Content.
User Content includes, but is not limited to, text, photos, images, music, audio, videos, fonts, logos
and any other material. To the extent the User Content is owned by You, or End Users, You own
the exclusive Intellectual Property Rights in it. When User Content is provided to us, a non-
exclusive, worldwide, perpetual, irrevocable, royalty-free, sublicensable, transferable right and
license to use, host, store reproduce, modify, create derivative works of, communicate, publish,
publicly display, publicly perform and distribute it for the purposes of operating the Software is
granted to cPanel and any third parties who need such a license for the Software to operate. To
the extent You or End Users cannot provide this license to us, or any third party cPanel uses to
provide the Software, You agree to indemnify cPanel as set out in this EULA.

10.2.1.2 It is Your, or the End User’s, sole and exclusive obligation to determine that the User
Content complies with the terms of this EULA. The entity that provides cPanel with the User
Content represents and warrants that it owns all rights to it, of if not owned, a current, and
continuing, license to use, share display, transfer and license the User Content in the manner set
out in this EULA, and in the documentation associated with the Software. It is expressly
understood that the User Content will be made public, and is for the purpose of creating a public
website. Further, You will promptly obtain, and upon cPanel’s request provide to us, confirmation
that You have received all “Required Consents.” “Required Consents” are any consents or
approvals required to give us, and if necessary, cPanel’s subcontractors, the right or license to
access, use and/or modify, User Content. If You fail to provide cPanel with the Required Consents,
and cPanel is unable to perform the Services as a result, You will remain responsible for the Fees
accrued to this point.

10.2.1.3 The entity providing the User Content represents and warrants that the use of the User
Content by the Software, and transmission, if applicable to third parties, does not, and will not,
infringe or violate the rights of any third party. This representation and warranty includes, but is
not limited to, any copyrights, trademarks, privacy rights, publicity rights, contractor rights, trade
secrets, or any other intellectual property or proprietary rights.

10.2.1.4 The user of the Software is solely and exclusively responsible for the products and services
provided using the Software, and complying with any Applicable Laws or regulations associated
with such a use.
10.2.1.5 Claims made against cPanel based on allegations of violations of Intellectual Property
Rights as a result of User Content, or use of the Software, are not subject to the Limitation of
Liability, if any, applicable to You set out in the EULA. In addition, You, or the End User, agree to
indemnify cPanel to the full extent of the law as set out in this EULA.

10.2.2 Integrations. The Software provides integration with various third party services
(Integrations). Integrations may make content, services, products and software available to You.
cPanel may receive a revenue share from Your use of Integrations. Providers of Integrations will
have their own terms of use, and Your use of the Integrations will be governed by them. Providers
of Integrations may also have their own privacy policies and use data differently than the Software.
It’s Your obligation to review these and ensure that You can comply with them, and that their use
of data meets Your expectations and legal obligations. Integrations are provided at cPanel’s
discretion. cPanel has no liability whatsoever for discontinuing to provide them, or a change in
cPanel’s Software that results in diminishing, or discontinuing, their use.

10.2.3 cPanel Templates. The Software includes design elements that facilitate the creation of a
web presence (Templates). Templates include, but are not limited to, layouts, overlays,
photographs, fonts, images, and text. cPanel owns, or has the right to use, the Templates.
Provided that You pay the fees and otherwise comply with the terms of this EULA, cPanel hereby
grants You a limited, non-exclusive, transferable, sub licensable license to use, copy, modify, or
create derivative works based on the Templates generated as a result of Your use of the software,
including generated websites, and designs as long as an active subscription exists. The Templates
may only be used in conjunction with the Services, are not transferrable, may not be used to
compete with cPanel or any company affiliated with cPanel, and will be disabled upon Termination
of this EULA. There can be no claim against cPanel, or any entity affiliated with cPanel, that a
change in the Templates, or the cessation of the ability to use any aspect of them, or the Templates
in their entirety, has damaged Your or an End User’s business. cPanel’s sole and exclusive liability
for a claim that it does not have the right to license the Templates to You or an End User, is to
secure the rights for You to use the Template, or if that is not feasible, in cPanel’s sole and exclusive
discretion, refund the fee attributable to the Template, paid for the period in which such a use was
not feasible.

10.3.4 Compliance with the law. Operating a website requires complying with complex laws and
regulations. It is Your obligation to determine which laws apply to the use of the Software, and
the end results. Compliance includes, but is not limited to, data protection and security laws,
privacy laws that apply both to the use of the Software, and operation of websites and processing
of data both in the jurisdiction in which contracting parties and end users are based, “cookie” laws,
marketing laws and regulations, as well as industry specific regulations such as HIPAA. Under no
circumstances shall the Software be used to create of facilitate the operation of websites that
market to individuals under the age of 18 years old, to disseminate pornographic images or text,
or to market or distribute products or substances that are controlled by U.S. Federal law. A
determination that the use of the Software is in violation of this paragraph shall be committed to
the sole and exclusive discretion of cPanel.

10.3.5 Communication. Use of the Software requires that You maintain with us, and on any
resulting website, a working means of receiving communication about Your website. At a
minimum, this shall include an email address that is monitored daily and a telephone number
capable of receiving phone calls and recording voice mail.

10.3.6 Intellectual Property and Abuse Compliance. You will respect the intellectual property of
others and respond to notices of alleged infringement of intellectual property rights or other
abuse. Your response will be expeditious, comprehensible, and documented. cPanel reserves the
right to terminate the use of the Software if it determines it is being used in violation of recognized
intellectual property rights, or is being used in a way that cPanel, in its sole and exclusive discretion,
determine to be abuse.
 SCHEDULE 1

DATA PROCESSING ADDENDUM (DPA)

1. DEFINITONS

1.1 The following capitalized terms used in this DPA shall be defined as follows:

(a) "Controller" has the meaning given in the GDPR.

(b) "Data Protection Laws " means the EU General Data Protection Regulation 2016/679 of the
European Parliament and of the Council (GDPR), any applicable national implementing legislation
including, and in each case as amended, replaced or superseded from time to time, and all
applicable legislation protecting the fundamental rights and freedoms of persons and their right
to privacy with regard to the Processing of your Personal Data.

(c) "EEA" means the European Economic Area, being the Member States of the European Union
together with Iceland, Norway, and Liechtenstein and including the UK and Switzerland.

(d) “Privacy Policy” shall mean the Privacy Policy implemented by cPanel and incorporated in the
Agreement as amended from time-to-time. The Privacy Policy is currently located
at https://cpanel.com/privacy-policy.html.

(e) "Processing" has the meaning given in the GDPR, and "Process" will be interpreted accordingly.

(f) "Processor" has the meaning given in the GDPR.

(g) "Security Incident" means any accidental or unlawful destruction, loss, alteration, unauthorized
disclosure of, or access to, any of your Personal Data.

(h) “Special Categories of Data,” and “Data Subject” shall have the same meaning as in the GDPR.

(i) "Subprocessor" means any Processor engaged by cPanel who agrees to receive from cPanel
your Personal Data.

(j) "Supervisory Authority" has the meaning given in the GDPR.

(k) “Technical and Organizational Security Measures” means those measures aimed at protecting
Personal Data against accidental or unlawful destruction or accidental loss, alteration,
 unauthorized disclosure or access, in particular where the processing involves the transmission of
data over a network, and against all other unlawful forms of Processing.

(l) "Transparency Report” shall mean cPanel’s transparency report, as amended, currently located
at https://cpanel.com/transparency-report.html.

(m) "Your Personal Data" and "personal data” means the "personal data" (as defined in the GDPR)
described in Schedule 1 and any other personal data that cPanel processes on behalf of you in
connection with the provision of the Software.

2. DATA PROCESSING

2.1 In addition to cPanel’s obligations set out in this DPA, cPanel will comply with the obligations
of a Data Importer as set out in the Standard Contractual Clauses set forth in Schedule 4. Any
reference to Data Importer shall be deemed to be a reference to cPanel and any reference to Data
Exporter or Data Controller shall be deemed to be a reference to Controller and its European Union
affiliated companies. Controller hereby covenants and warrants that it has the right and authority
to enter into this DPA on behalf of itself and its affiliated companies.

2.2 cPanel will only Process your Personal Data in accordance with your written instructions. The
EULA (subject to any changes agreed between the parties) and this DPA shall be your complete
and final instructions to cPanel in relation to the Processing of your Personal Data.

2.3 Processing outside the scope of this DPA or the Agreement will require prior written agreement
between you and cPanel on additional instructions for Processing.

2.4 Where required by applicable Data Protection Laws, you will ensure that you have
obtained/will obtain all necessary consents for the Processing of your Personal Data by cPanel in
accordance with the Agreement.

3. TRANSFER OF PERSONAL DATA

3.1 You agree that cPanel may use Subprocessors to fulfil its contractual obligations under the
Agreement. Upon written request, cPanel shall provide you with a list of Subprocessors. If you
(acting reasonably) object to a new Subprocessor on grounds related to the protection of your
Personal Data only, you may request that cPanel move your Personal Data to another
Subprocessor and cPanel shall, within a reasonable time following receipt of such request, use
 reasonable endeavors to ensure that the original Subprocessor does not Process any of your
Personal Data. If it is not reasonably possible to use another Subprocessor, and you continue to
object for a legitimate reason, either party may terminate the Agreement on thirty days’ written
notice. If you do not object within thirty days of receipt of the notice, you are deemed to have
accepted the new Subprocessor.

3.2 Except as set out in paragraph 3.1, cPanel shall not permit, allow or otherwise facilitate
Subprocessors to Process your Personal Data without your prior written consent and unless
cPanel:

(a) enters into a written agreement with the Subprocessor which imposes substantially
similar obligations on the Subprocessor with regard to their Processing of your Personal
Data, as are imposed on cPanel under this DPA; and

(b) at all times remains responsible for compliance with its obligations under the DPA and
will be liable to you for the acts and omissions of any Subprocessor as if they were cPanel’s
acts and omissions.

3.3 You acknowledge that cPanel or its Subprocessors may access your Personal Data outside the
EEA.

4. DATA SECURITY, AUDITS AND SECURITY NOTIFICATIONS

4.1 Security Obligations. cPanel will implement and maintain the technical and organizational
measures set out in Schedule 3. You acknowledge and agree that these measures ensure a level of
security that is appropriate to the risk.

4.2 Security Incident Notification. If cPanel becomes aware of a Security Incident, cPanel will: (a)
notify you of the Security Incident without undue delay, (b) investigate the Security Incident and
provide you (and any law enforcement or regulatory official) with reasonable assistance as
required to investigate the Security Incident.

4.3 Employees and Personnel. cPanel will treat your Personal Data as confidential, and shall
ensure that any employees are bound by a duty of confidentiality.

4.4 Audits. cPanel will, upon your reasonable request, at your cost, allow for audits, including
inspections, of its compliance with this DPA, conducted by you (or a third party on your behalf and
 mandated by you) provided: (i) such audits or inspections are not conducted more than once per
year (unless requested by a Supervisory Authority); (ii) are conducted only during business hours;
and (iii) are conducted in a manner that causes minimal disruption to cPanel’s operations and
business.

5. ACCESS REQUESTS AND DATA SUBJECT RIGHTS

5.1 Government Disclosure. cPanel will notify you of any request for the disclosure of your
Personal Data by a governmental or regulatory body or law enforcement authority (including any
Supervisory Authority) unless otherwise prohibited by law or a legally binding order of such body
or agency, and subject to the terms of cPanel’s Transparency Report.

5.2 Data Subject Rights. Where applicable, and taking into account the nature of the Processing,
cPanel will use reasonable endeavors to assist you by implementing appropriate technical and
organizational measures, insofar as this is possible, for the fulfilment of your obligation to respond
to requests for exercising Data Subject rights set out in the GDPR.

6. DATA PROTECTION IMPACT ASSESSMENT AND PRIOR CONSULTATION

6.1 To the extent required under applicable Data Protection Laws, cPanel will provide you with
reasonably requested information to enable you to carry out data protection impact assessments
or prior consultations with any Supervisory Authority, to the extent that either is solely in relation
to Processing of your Personal Data and taking into account the nature of the Processing and
information available to cPanel.

7. TERMINATION

7.1 Deletion of data. Unless otherwise required by applicable law, cPanel will, at your election and
within 90 days of the date of termination of the Agreement at cPanel’s election:

(a) return a copy of all of your Personal Data Processed by cPanel by secure file transfer
to you (and securely delete all other copies of your Personal Data Processed by cPanel);
or

(b) securely delete your Personal Data Processed by cPanel.

8. SUPPLEMENTAL MEASURES
 8.1 Governmental requests. If cPanel receives a request from a governmental authority for access
to any Personal Data Processed by cPanel, cPanel will evaluate challenging such request before
transferring such data to the governmental authority.

8.2 Encryption. cPanel encrypts all data at rest and in transit. Data in transit is encrypted using RSA
with 2048 bit key length based certificates generated via a public certificate authority. Data at rest
is encrypted using LUKS.

9. GOVERNING LAW

9.1 This DPA shall be governed by, and construed in accordance with, the laws of Republic of
Ireland.

SCHEDULE 2

DETAILS OF THE PROCESSING OF YOUR PERSONAL DATA

This Schedule 2 includes certain details of the Processing of your Personal Data as required by Article 28(3) of the
GDPR.

1. Data importer

The data importer is: cPanel, a software company licensing and performing technical support.

2. Data subjects

The Personal Data transferred concern the following categories of data subjects:

1) Controller employees who are prospects, customer’s business partners or contract contacts of cPanel.

2) Controller employees and cPanel customers who are authorized by cPanel to contact cPanel, or who contact
cPanel regardless of authorization.

3) cPanel customers who license software from cPanel, or through cPanel or Controller.

4) Customers of the Controller who contact cPanel for customer support.

3. Categories of data

The Personal Data transferred concern the following categories of data:

For category one:

a) First and last name

 b) Title and position

c) Contact information (company, email, phone, physical business address)

d) Professional life data

e) Personal life data

f) Business requirements

For categories two, three and four, Personal Data that is automatically collected:

a) Host name of the server (treated as Personal Data)

b) IP address (treated as Personal Data)

c) Server address/hostname (treated as Personal Data)

d) Demographic information

a. Geographic location

b. Order details

c. Invoice identification

For categories two, three and four, Personal Data that will be collected if selected in the Product:

a) Company ID (treated as Personal Data)

For categories two, three and four, the following Personal Data may be collected depending on the use:

a) For technical support

a. User name, phone number, address, domain name and email address

b. IP address (treated as Personal Data)

b) For purchases of third party products

a. Information necessary to bill for products

c) When a Controller’s customer contacts cPanel directly (by mail posting on a message board or blogs)

a. Comments and opinions and any identifying information provided by cPanel customer

4. Special categories of data (if appropriate)

The Personal Data transferred concern the following special categories of data: none
 5. Processing operations

The Personal Data transferred will be subject to the following basic processing activities:

1. Company ID may be associated with publicly available information generated through Salesforce. As a result,
this information may become Personal Data.

2. For third party products purchased by cPanel customers

(a) Information necessary to process payment

i. Name

ii. Postal code

SCHEDULE 3

Technical and Organization Security Measures

This Schedule describes the technical and organizational security measures and procedures that the Data Importer
shall, as a minimum, maintain to protect the security of personal data created, collected, received, or otherwise
obtained. Data Importer will keep documentation of technical and organizational measures identified below to
facilitate audits and for the conservation of evidence.

1. Access Control to Processing Areas

Data Importer implements suitable measures in order to prevent unauthorized persons from gaining access to the
data processing equipment where the personal data are processed or used. This is accomplished by:

• establishing security areas; 24 hours security service provided by property owner;

• protection and restriction of access paths;

• securing the data processing equipment;

• establishing access authorizations for staff and third parties, including the respective documentation;

• regulations on card-keys;

• all access to the data center where personal data are hosted is logged, monitored, and tracked; and

• the data center where personal data are hosted is secured by a security alarm system, and other
appropriate security measures.

2. Access Control to Data Processing Systems

Data Importer implements suitable measures to prevent its data processing systems from being used by
unauthorized persons. This is accomplished by:

• identification of the terminal and/or the terminal user to the Data Importer systems;

• automatic time-out of user terminal if left idle, identification and password required to reopen;
 • automatic turn-off of the user ID when several erroneous passwords are entered, log file of events
(monitoring of break-in-attempts);

• issuing and safeguarding of identification codes;

• dedication of individual terminals and/or terminal users, identification characteristics exclusive to specific
functions;

• staff policies in respect of each staff access rights to personal data (if any), informing staff about their
obligations and the consequences of any violations of such obligations, to ensure that staff will only access
Personal Data and resources required to perform their job duties and training of staff on applicable privacy
duties and liabilities;

• all access to data content is logged, monitored, and tracked; and

• use of state of the art encryption technologies.

3. Access Control to Use Specific Areas of Data Processing Systems

Data Importer commits that the persons entitled to use its data processing system are only able to access the data
within the scope and to the extent covered by its access permission (authorization) and that Personal Data cannot
be read, copied or modified or removed without authorization. This shall be accomplished by:

• staff policies in respect of each staff member's access rights to the Personal Data;

• allocation of individual terminals and/or terminal user, and identification characteristics exclusive to
specific functions;

• monitoring capability in respect of individuals who delete, add or modify the personal data and at least
yearly monitoring and update of authorization profiles;

• release of Personal Data to only authorized persons;

• policies controlling the retention of backup copies; and

• use of state of the art encryption technologies.

4. Transmission Control

Data Importer implements suitable measures to prevent the personal data from being read, copied, altered or
deleted by unauthorized parties during the transmission thereof or during the transport of the data media. This is
accomplished by:

• use of state-of-the-art firewall and encryption technologies to protect the gateways and pipelines through
which the data travels;

• as far as possible, all data transmissions are logged, monitored and tracked; and

• monitoring of the completeness and correctness of the transfer of data (end-to-end check).

5. Input Control
Data Importer implements suitable measures to ensure that it is possible to check and establish whether and by
whom personal data have been input into data processing systems or removed. This is accomplished by:

• an authorization policy for the input of data into memory, as well as for the reading, alteration and deletion
of stored data;

• authentication of the authorized personnel; individual authentication credentials such as user IDs that, once
assigned, cannot be re-assigned to another person (including subsequently);

• protective measures for the data input into memory, as well as for the reading, alteration and deletion of
stored data;

• utilization of user codes (passwords) of at least eight characters or the system maximum permitted number
and modification at first use and thereafter at least every 90 days in case of processing of sensitive data;

• following a policy according to which all staff of Data Importer who have access to personal data processed
for Data Exporters shall reset their passwords at a minimum once in a 180 day period;

• providing that entries to data processing facilities (the rooms housing the computer hardware and related
equipment) are capable of being locked;

• automatic log-off of user ID's (requirement to re-enter password to use the relevant work station) that have
not been used for a substantial period of time;

• automatic deactivation of user authentication credentials (such as user IDs) in case the person is disqualified
from accessing personal data or in case of non-use for a substantial period of time (at least six months),
except for those authorized solely for technical management;

• proof established within Data Importer's organization of the input authorization; and

• electronic recording of entries.

6. Job Control

Data Importer ensures that personal data may only be processed in accordance with written instructions issued by
exporter. This is accomplished by:

• binding policies and procedures for Data Importer's employees.

Data Importer ensures that if security measures are adopted through external entities, it obtains written description
of the activities performed that guarantees compliance of the measures adopted with this document. Data Importer
further implements suitable measures to monitor its system administrators and to ensure that they act in accordance
with instructions received. This is accomplished by:

• individual appointment of system administrators;

• adoption of suitable measures to register system administrators' access logs and keep them secure,
accurate and unmodified for at least six months;

• yearly audits of system administrators' activity to assess compliance with assigned tasks, the instructions
received by importer and applicable laws; and
 • keeping an updated list with system administrators' identification details (e.g., name, surname, function or
organizational area) and tasks assigned and providing it promptly to Data Exporters upon request.

7. Availability Control

Data Importer implements suitable measures to ensure that personal data are protected from accidental destruction
or loss. This is accomplished by:

• infrastructure redundancy to ensure data access is restored within seven days and backup performed at
least weekly;

• tape backup is stored off-site and available for restore in case of failure of SAN infrastructure for Database
server;

• only the Data Exporters may authorize the recovery of backups (if any) or the movement of data outside of
the location where the physical database is held, and security measures will be adopted to avoid loss or
unauthorized access to data, when moved;

• regular check of all the implemented and herein described security measures at least every six months;

• backup tapes are only re-used if information previously contained is not intelligible and cannot be re-
constructed by any technical means; other removable media is destroyed or made unusable if not used;
and

• any detected security incident is recorded, alongside the followed data recovery procedures, and the
identification of the person who carried them out.

8. Separation of processing for different purposes

Data Importer implements suitable measures to ensure that data collected for different purposes can be processed
separately. This is accomplished by:

• access to data is separated through application security for the appropriate users;

• modules within the Data Importer's data base separate which data is used for which purpose, i.e., by
functionality and function;

• at the database level, data is stored in different areas, separated per module or function they support; and

• interfaces, batch processes and reports are designed for only specific purposes and functions, so data
collected for specific purposes is processed separately.

9. Data Importer system administrators (if any)

Data importer implements suitable measures to monitor its system administrators and to ensure that they act in
accordance with instructions received. This is accomplished by:

• individual appointment of system administrators;

• adoption of suitable measures to register system administrators' access logs and keep them secure,
accurate and unmodified for at least six months;
 • continuous audits of system administrators' activity to assess compliance with assigned tasks, the
instructions received by importer and applicable laws; and

• keeping an updated list with system administrators' identification details (e.g., name, surname, function or
organizational area) and tasks assigned and providing it promptly to data exporter upon request.

SCHEDULE 4

Standard Contractual Clauses

SECTION I - STANDARD CONTRACTUAL CLAUSES

1. Purpose and Scope.

(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection
of natural persons with regard to the processing of personal data and on the free movement of such data
(General Data Protection Regulation) for the transfer of personal data to a third country.

(b) The Parties:

(i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter
“entity/ies”) transferring the personal data, as listed in Annex I.A (hereinafter each “data
exporter”), and

(ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or
indirectly via another entity also Party to these Clauses, as listed in Annex I.A (hereinafter each
“data importer”) have agreed to these standard contractual clauses (hereinafter: “Clauses”).

(c) These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.

(d) The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these
Clauses.

2. Effect and invariability of the Clauses.

(a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal
remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to
data transfers from controllers to processors and/or processors to processors, standard contractual clauses
pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the
appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties
from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to
add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these
Clauses or prejudice the fundamental rights or freedoms of data subjects.

(b) These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of
Regulation (EU) 2016/679.

3. Third-party beneficiaries.
 (a) Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter
and/or data importer, with the following exceptions:

(i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;

(ii) Clause 8.1(b), 8.9(a), (c), (d) and (e);

(iii) Clause 9(a), (c), (d) and (e);

(iv) Clause 12(a), (d) and (f);

(v) Clause 13;

(vi) Clause 15.1(c), (d) and (e);

(vii) Clause 16(e);

(viii) Clause 18(a) and (b).

(b) Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.

4. Interpretation.

(a) Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the
same meaning as in that Regulation.

(b) These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.

(c) These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in
Regulation (EU) 2016/679.

5. Hierarchy. In the event of a contradiction between these Clauses and the provisions of related agreements
between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses
shall prevail.

6. Description of the transfer(s). The details of the transfer(s), and in particular the categories of personal
data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.

7. Docking clause.

(a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses
at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex
I.A.

(b) Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these
Clauses and have the rights and obligations of a data exporter or data importer in accordance with its
designation in Annex I.A.

(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to
becoming a Party.
SECTION II – OBLIGATIONS OF THE PARTIES

8. Data protection safeguards. The data exporter warrants that it has used reasonable efforts to determine
that the data importer is able, through the implementation of appropriate technical and organizational
measures, to satisfy its obligations under these Clauses.

8.1 Instructions.

(a) The data importer shall process the personal data only on documented instructions from the data
exporter. The data exporter may give such instructions throughout the duration of the contract.

(b) The data importer shall immediately inform the data exporter if it is unable to follow those
instructions.

8.2 Purpose limitation. The data importer shall process the personal data only for the specific purpose(s)
of the transfer, as set out in Annex I.B, unless on further instructions from the data exporter.

8.3 Transparency. On request, the data exporter shall make a copy of these Clauses, including the
Appendix as completed by the Parties, available to the data subject free of charge. To the extent
necessary to protect business secrets or other confidential information, including the measures
described in Annex II and personal data, the data exporter may redact part of the text of the Appendix
to these Clauses prior to sharing a copy, but shall provide a meaningful summary where the data
subject would otherwise not be able to understand its content or exercise his/her rights. On request,
the Parties shall provide the data subject with the reasons for the redactions, to the extent possible
without revealing the redacted information. This Clause is without prejudice to the obligations of the
data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.

8.4. Accuracy. If the data importer becomes aware that the personal data it has received is inaccurate, or
has become outdated, it shall inform the data exporter without undue delay. In this case, the data
importer shall cooperate with the data exporter to erase or rectify the data.

8.5. Duration of processing and erasure or return of data. Processing by the data importer shall only take
place for the duration specified in Annex I.B. After the end of the provision of the processing services,
the data importer shall, at the choice of the data exporter, delete all personal data processed on behalf
of the data exporter and certify to the data exporter that it has done so, or return to the data exporter
all personal data processed on its behalf and delete existing copies. Until the data is deleted or
returned, the data importer shall continue to ensure compliance with these Clauses. In case of local
laws applicable to the data importer that prohibit return or deletion of the personal data, the data
importer warrants that it will continue to ensure compliance with these Clauses and will only process
it to the extent and for as long as required under that local law. This is without prejudice to Clause 14,
in particular the requirement for the data importer under Clause 14(e) to notify the data exporter
throughout the duration of the contract if it has reason to believe that it is or has become subject to
laws or practices not in line with the requirements under Clause 14(a).

8.6 Security of processing.

(a) The data importer and, during transmission, also the data exporter shall implement appropriate
technical and organizational measures to ensure the security of the data, including protection
against a breach of security leading to accidental or unlawful destruction, loss, alteration,
unauthorized disclosure or access to that data (hereinafter “personal data breach”). In assessing
the appropriate level of security, the Parties shall take due account of the state of the art, the costs
of implementation, the nature, scope, context and purpose(s) of processing and the risks involved
 in the processing for the data subjects. The Parties shall in particular consider having recourse to
encryption or pseudonymisation, including during transmission, where the purpose of processing
can be fulfilled in that manner. In case of pseudonymisation, the additional information for
attributing the personal data to a specific data subject shall, where possible, remain under the
exclusive control of the data exporter. In complying with its obligations under this paragraph, the
data importer shall at least implement the technical and organizational measures specified in
Annex II. The data importer shall carry out regular checks to ensure that these measures continue
to provide an appropriate level of security.

(b) The data importer shall grant access to the personal data to members of its personnel only to the
extent strictly necessary for the implementation, management and monitoring of the contract. It
shall ensure that persons authorized to process the personal data have committed themselves to
confidentiality or are under an appropriate statutory obligation of confidentiality.

(c) In the event of a personal data breach concerning personal data processed by the data importer
under these Clauses, the data importer shall take appropriate measures to address the breach,
including measures to mitigate its adverse effects. The data importer shall also notify the data
exporter without undue delay after having become aware of the breach. Such notification shall
contain the details of a contact point where more information can be obtained, a description of
the nature of the breach (including, where possible, categories and approximate number of data
subjects and personal data records concerned), its likely consequences and the measures taken or
proposed to address the breach including, where appropriate, measures to mitigate its possible
adverse effects. Where, and in so far as, it is not possible to provide all information at the same
time, the initial notification shall contain the information then available and further information
shall, as it becomes available, subsequently be provided without undue delay.

(d) The data importer shall cooperate with and assist the data exporter to enable the data exporter
to comply with its obligations under Regulation (EU) 2016/679, in particular to notify the
competent supervisory authority and the affected data subjects, taking into account the nature of
processing and the information available to the data importer.

8.7 Sensitive data. Where the transfer involves personal data revealing racial or ethnic origin, political opinions,
religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the
purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual
orientation, or data relating to criminal convictions and offences (hereinafter “sensitive data”), the data
importer shall apply the specific restrictions and/or additional safeguards described in Annex I.B.

8.8 Onward transfers. The data importer shall only disclose the personal data to a third party on documented
instructions from the data exporter. In addition, the data may only be disclosed to a third party located
outside the European Union (in the same country as the data importer or in another third country,
hereinafter “onward transfer”) if the third party is or agrees to be bound by these Clauses, under the
appropriate Module, or if:

(i) the onward transfer is to a country benefitting from an adequacy decision pursuant to
Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;

(ii) the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47
Regulation of (EU) 2016/679 with respect to the processing in question;

(iii) the onward transfer is necessary for the establishment, exercise or defense of legal claims
in the context of specific administrative, regulatory or judicial proceedings; or
 (iv) the onward transfer is necessary in order to protect the vital interests of the data subject
or of another natural person.

Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses,
in particular purpose limitation.

8.9 Documentation and Compliance.

(a) The data importer shall promptly and adequately deal with enquiries from the data exporter that
relate to the processing under these Clauses.

(b) The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data
importer shall keep appropriate documentation on the processing activities carried out on behalf
of the data exporter.

(c) The data importer shall make available to the data exporter all information necessary to
demonstrate compliance with the obligations set out in these Clauses and at the data exporter’s
request, allow for and contribute to audits of the processing activities covered by these Clauses,
at reasonable intervals or if there are indications of non-compliance. In deciding on a review or
audit, the data exporter may take into account relevant certifications held by the data importer.

(d) The data exporter may choose to conduct the audit by itself or mandate an independent auditor.
Audits may include inspections at the premises or physical facilities of the data importer and shall,
where appropriate, be carried out with reasonable notice.

(e) The Parties shall make the information referred to in paragraphs (b) and (c), including the results
of any audits, available to the competent supervisory authority on request.

9. Use of sub-processors.

(a) The data importer has the data exporter’s general authorization for the engagement of sub-processor(s)
from an agreed list. The data importer shall specifically inform the data exporter in writing of any intended
changes to that list through the addition or replacement of sub-processors at least thirty days in advance,
thereby giving the data exporter sufficient time to be able to object to such changes prior to the
engagement of the sub-processor(s). The data importer shall provide the data exporter with the
information necessary to enable the data exporter to exercise its right to object.

(b) Where the data importer engages a sub-processor to carry out specific processing activities (on behalf of
the data exporter), it shall do so by way of a written contract that provides for, in substance, the same data
protection obligations as those binding the data importer under these Clauses, including in terms of third-
party beneficiary rights for data subjects. The Parties agree that, by complying with this Clause, the data
importer fulfils its obligations under Clause 8.8. The data importer shall ensure that the sub-processor
complies with the obligations to which the data importer is subject pursuant to these Clauses.

(c) The data importer shall provide, at the data exporter’s request, a copy of such a sub-processor agreement
and any subsequent amendments to the data exporter. To the extent necessary to protect business secrets
or other confidential information, including personal data, the data importer may redact the text of the
agreement prior to sharing a copy.

(d) The data importer shall remain fully responsible to the data exporter for the performance of the sub-
processor’s obligations under its contract with the data importer. The data importer shall notify the data
exporter of any failure by the sub-processor to fulfil its obligations under that contract.
 (e) The data importer shall agree a third-party beneficiary clause with the sub-processor whereby - in the event
the data importer has factually disappeared, ceased to exist in law or has become insolvent - the data
exporter shall have the right to terminate the sub-processor contract and to instruct the sub-processor to
erase or return the personal data.

10. Data subject rights.

(a) The data importer shall promptly notify the data exporter of any request it has received from a data subject.
It shall not respond to that request itself unless it has been authorized to do so by the data exporter.

(b) The data importer shall assist the data exporter in fulfilling its obligations to respond to data subjects’
requests for the exercise of their rights under Regulation (EU) 2016/679. In this regard, the Parties shall set
out in Annex II the appropriate technical and organizational measures, taking into account the nature of
the processing, by which the assistance shall be provided, as well as the scope and the extent of the
assistance required.

(c) In fulfilling its obligations under paragraphs (a) and (b), the data importer shall comply with the instructions
from the data exporter.

11. Redress.

(a) The data importer shall inform data subjects in a transparent and easily accessible format, through
individual notice or on its website, of a contact point authorized to handle complaints. It shall deal promptly
with any complaints it receives from a data subject.

The data importer agrees that data subjects may also lodge a complaint with an independent dispute
resolution body at no cost to the data subject. It shall inform the data subjects, in the manner set out in
paragraph (a), of such redress mechanism and that they are not required to use it, or follow a particular
sequence in seeking redress.

(b) In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses,
that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep
each other informed about such disputes and, where appropriate, cooperate in resolving them.

(c) Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall
accept the decision of the data subject to:

(i) lodge a complaint with the supervisory authority in the Member State of his/her habitual residence
or place of work, or the competent supervisory authority pursuant to Clause 13;

(ii) refer the dispute to the competent courts within the meaning of Clause 18.

(d) The Parties accept that the data subject may be represented by a not-for-profit body, organization or
association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.

(e) The data importer shall abide by a decision that is binding under the applicable EU or Member State law.

(f) The data importer agrees that the choice made by the data subject will not prejudice his/her substantive
and procedural rights to seek remedies in accordance with applicable laws.

12. Liability.
 (a) Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach
of these Clauses.

(b) The data importer shall be liable to the data subject, and the data subject shall be entitled to receive
compensation, for any material or non-material damages the data importer or its sub-processor causes the
data subject by breaching the third-party beneficiary rights under these Clauses.

(c) Notwithstanding paragraph (b), the data exporter shall be liable to the data subject, and the data subject
shall be entitled to receive compensation, for any material or non-material damages the data exporter or
the data importer (or its subprocessor) causes the data subject by breaching the third-party beneficiary
rights under these Clauses. This is without prejudice to the liability of the data exporter and, where the data
exporter is a processor acting on behalf of a controller, to the liability of the controller under Regulation
(EU) 2016/679 or Regulation (EU) 2018/1725, as applicable.

(d) The Parties agree that if the data exporter is held liable under paragraph (c) for damages caused by the data
importer (or its sub-processor), it shall be entitled to claim back from the data importer that part of the
compensation corresponding to the data importer’s responsibility for the damage.

(e) Where more than one Party is responsible for any damage caused to the data subject as a result of a breach
of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled
to bring an action in court against any of these Parties.

(f) The Parties agree that if one Party is held liable under paragraph (e), it shall be entitled to claim back from
the other Party/ies that part of the compensation corresponding to its / their responsibility for the damage.

(g) The data importer may not invoke the conduct of a sub-processor to avoid its own liability.

13. Supervision.

(a) The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation
(EU) 2016/679 as regards the data transfer, as indicated in Annex I.C, shall act as competent supervisory
authority.

(b) The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent
supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the
data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by
the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory
authority with written confirmation that the necessary actions have been taken.

SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES

14. Local laws and practices affecting compliance with the Clauses.

(a) The Parties warrant that they have no reason to believe that the laws and practices in the third country of
destination applicable to the processing of the personal data by the data importer, including any
requirements to disclose personal data or measures authorizing access by public authorities, prevent the
data importer from fulfilling its obligations under these Clauses. This is based on the understanding that
laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed
what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in
Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.

(b) The Parties declare that in providing the warranty in paragraph (a), they have taken due account in
particular of the following elements:
 (i) the specific circumstances of the transfer, including the length of the processing chain, the number of
actors involved and the transmission channels used; intended onward transfers; the type of recipient;
the purpose of processing; the categories and format of the transferred personal data; the economic
sector in which the transfer occurs; the storage location of the data transferred;

(ii) the laws and practices of the third country of destination - including those requiring the disclosure of
data to public authorities or authorizing access by such authorities - relevant in light of the specific
circumstances of the transfer, and the applicable limitations and safeguards;

(iii) any relevant contractual, technical or organizational safeguards put in place to supplement the
safeguards under these Clauses, including measures applied during transmission and to the processing
of the personal data in the country of destination.

(c) The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best
efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate
with the data exporter in ensuring compliance with these Clauses.

(d) The Parties agree to document the assessment under paragraph (b) and make it available to the competent
supervisory authority on request. The data importer agrees to notify the data exporter promptly if, after
having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has
become subject to laws or practices not in line with the requirements under paragraph (a), including
following a change in the laws of the third country or a measure (such as a disclosure request) indicating an
application of such laws in practice that is not in line with the requirements in paragraph (a).

(e) Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe
that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall
promptly identify appropriate measures (e.g., technical or organizational measures to ensure security and
confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data
exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can
be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter
shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under
these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to
termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the
contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.

15. Obligations of the data importer in case of access by public authorities.

15.1 Notification.

(a) The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if
necessary, with the help of the data exporter) if it:

(i) receives a legally binding request from a public authority, including judicial authorities, under the
laws of the country of destination for the disclosure of personal data transferred pursuant to these
Clauses; such notification shall include information about the personal data requested, the
requesting authority, the legal basis for the request and the response provided; or

(ii) becomes aware of any direct access by public authorities to personal data transferred pursuant to
these Clauses in accordance with the laws of the country of destination; such notification shall
include all information available to the importer.
 (b) If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws
of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the
prohibition, with a view to communicating as much information as possible, as soon as possible. The data
importer agrees to document its best efforts in order to be able to demonstrate them on request of the
data exporter.

(c) Where permissible under the laws of the country of destination, the data importer agrees to provide the
data exporter, at regular intervals for the duration of the contract, with as much relevant information as
possible on the requests received (in particular, number of requests, type of data requested, requesting
authority/ies, whether requests have been challenged and the outcome of such challenges, etc.).

(d) The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of
the contract and make it available to the competent supervisory authority on request.

(e) Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e)
and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.

15.2 Review of legality and data minimization.

(a) The data importer agrees to review the legality of the request for disclosure, in particular whether it remains
within the powers granted to the requesting public authority, and to challenge the request if, after careful
assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under
the laws of the country of destination, applicable obligations under international law and principles of
international comity. The data importer shall, under the same conditions, pursue possibilities of appeal.
When challenging a request, the data importer shall seek interim measures with a view to suspending the
effects of the request until the competent judicial authority has decided on its merits. It shall not disclose
the personal data requested until required to do so under the applicable procedural rules. These
requirements are without prejudice to the obligations of the data importer under Clause 14(e).

(b) The data importer agrees to document its legal assessment and any challenge to the request for disclosure
and, to the extent permissible under the laws of the country of destination, make the documentation
available to the data exporter. It shall also make it available to the competent supervisory authority on
request.

(c) The data importer agrees to provide the minimum amount of information permissible when responding to
a request for disclosure, based on a reasonable interpretation of the request.

SECTION IV – FINAL PROVISIONS

16. Non-compliance with the Clauses and termination.

(a) The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for
whatever reason.

(b) In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses,
the data exporter shall suspend the transfer of personal data to the data importer until compliance is again
ensured or the contract is terminated. This is without prejudice to Clause 14(f).

(c) The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of
personal data under these Clauses, where:
 (i) the data exporter has suspended the transfer of personal data to the data importer pursuant to
paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any
event within one month of suspension;

(ii) the data importer is in substantial or persistent breach of these Clauses; or

(iii) the data importer fails to comply with a binding decision of a competent court or supervisory authority
regarding its obligations under these Clauses.

In these cases, it shall inform the competent supervisory authority of such non-compliance. Where the
contract involves more than two Parties, the data exporter may exercise this right to termination only with
respect to the relevant Party, unless the Parties have agreed otherwise.

(d) Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c)
shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its
entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the
data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure
compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return
or deletion of the transferred personal data, the data importer warrants that it will continue to ensure
compliance with these Clauses and will only process the data to the extent and for as long as required under
that local law.

(e) Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission
adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal
data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of
the country to which the personal data is transferred. This is without prejudice to other obligations applying
to the processing in question under Regulation (EU) 2016/679.

17. Governing law. These Clauses shall be governed by the law of one of the EU Member States, provided such
law allows for third-party beneficiary rights. The Parties agree that this shall be the law of Republic of
Ireland.

18. Choice of forum and jurisdiction.

(a) Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.

(b) The Parties agree that those shall be the courts of Republic of Ireland.

(c) A data subject may also bring legal proceedings against the data exporter and/or data importer before the
courts of the Member State in which he/she has his/her habitual residence.

(d) The Parties agree to submit themselves to the jurisdiction of such courts.
 APPENDIX

ANNEX I

A. LIST OF PARTIES

Data exporter(s): cPanel Distributor; cPanel Partner; or an authorized licensee of software authored by cPanel, LLC
(cPanel). The data exporter acts as the controller of Personal Information as the term “Personal Information” is
defined in cPanel’s Privacy Policy. The Personal Information is provided to cPanel for the purposes set out in the
Privacy Policy. cPanel’s Privacy Policy is located here.

Data importer(s): cPanel is located at the address set out on the “contact us” page at cpanel.net. cPanel is the
processor of Personal Information identified in the Privacy Policy. The Personal Information is processed by cPanel
as set out in the Privacy Policy. cPanel’s Privacy Policy is located here.

B. DESCRIPTION OF TRANSFER

1. The categories of data subjects whose personal data is transferred to cPanel is set out in paragraph 3
of the Privacy Policy.

2. The categories of personal data transferred by cPanel is set out in Schedules 1 and 2 of the Privacy
Policy.

3. No sensitive data is transferred to cPanel.

4. Data is transferred to cPanel on a continuous basis.

5. cPanel processes Personal Information as set out in the second columns of Schedules 1 and 2 of the
Privacy Policy.

6. The purposes for which the data is transferred to cPanel are set out in Schedules 1 and 2 of the Privacy
Policy

7. Data transferred to cPanel and shared with third parties, including Subprocessors, is set out in the sixth
column of Schedules 1 and 2 of the Privacy Policy.

8. The period for which the Personal Information will be retained is set out in the fifth column of Schedules
1 and 2 of the Privacy Policy.

C. COMPETENT SUPERVISORY AUTHORITY

The supervisory authority shall be the competent supervisory authority that has supervision over the cPanel
Distributor, cPanel Partner, or the authorized licensee of software authored by cPanel, LLC.

ANNEX II - TECHNICAL AND ORGANIZATIONAL MEASURES INCLUDING TECHNICAL AND ORGANIZATIONAL

MEASURES TO ENSURE THE SECURITY OF THE DATA

The technical and organizational measures used by cPanel to protect the Personal Information are set out in
Paragraph 6 of the Privacy Policy. cPanel’s Privacy Policy is located here.

ANNEX III – LIST OF SUB-PROCESSORS

The controller has authorized the use of the sub-processors set out in column 6 of Schedules 1 and 2 of the Privacy
Policy. The Privacy Policy is located here.

Appendix 1

See Schedule 2

Appendix 2

See Schedule 3

Version: 10-05-2023