1. Contentsquare designates a fully qualified employee to coordinate with Customer and provide to Customer, as needed, all information reasonably requested in writing by Customer concerning the processing, storage and protection of Customer Data.
  2. Contentsquare has implemented and maintains a written data information security program for the protection of Customer Data that included appropriate organizational, administrative, technical and physical safeguards and other security measures that are industry standard and commensurate with the nature of the Customer Data processed by Contentsquare (the “Information Security Program”). Contentsquare’s Information Security Program includes regular training of its personnel on those policies, hiring and exit procedures including regular risk assessment of the risks to the security of Customer Data, and shall be updated as necessary with changes in any applicable law. Contentsquare reserves the right to and may update or modify such measures from time to time provided that such updates or modifications do not result in any material degradation to the security of Customer Data.
  3. Contentsquare implements appropriate physical, technical and organizational measures to ensure a level of security appropriate to the risk presented by processing Customer Data, in particular from unlawful and unauthorized destruction, loss, disclosure, or access to Customer Data, stored or otherwise processed by Contentsquare (“Security Breach”), including, inter alia, as appropriate: (i) implementation of reasonable and sufficient physical barriers and controls to prevent unauthorized physical access to, or compromise of Customer Data by human or environmental causes; (ii) ensuring that only those authorized Contentsquare representatives gain access to the Customer Data, and taking commercially reasonable steps to prevent unauthorized access to or destruction or loss of any Customer Data; and, (iii) maintaining a secure processing environment for Customer Data, which includes: (a) timely application of anti-virus updates, system patches, fixes and updates to all operating systems and applications, the implementation of firewalls and other similar measures designed to ensure the confidentiality, integrity, and availability of Customer Data; (b) encryption of all Customer Data at all times in transit and at rest, using and deploying a commercially acceptable encryption solution; and, (c) secure email for all Contentsquare domains.
  4. Contentsquare maintains a business continuity plan so that Customer Data is protected and in the event of a disruption to, or loss of data or CS Solution, delivery of CS Solution and access to Customer Data are restored and continue at the applicable service levels. The plan is being reviewed and approved by management level and tested periodically.
  5. If at any time Contentsquare determines that any individual or entity has attempted to circumvent or has circumvented the security of any computer, system, or device containing Customer Data, or that there has been a Security Breach (each, an “Incident”), Contentsquare shall: (a) immediately terminate any unauthorized access and within forty-eight (48) hours notify Customer in writing of such Incident; (b) promptly investigate and take reasonable steps to remediate the Incident; and (c) cooperate with Customer investigation and provide documentation and assistance as may reasonably be requested by Customer. Contentsquare shall notify Customer of any Incidents at the email address detailed in the Order Form, or such other address as either Party has notified the other.
  6. Each calendar year, Contentsquare shall engage an appropriately recognized accreditor to conduct an audit in accordance with ISO 27001, or other similarly recognized standards (“Data Protection Controls Audit”). Contentsquare shall cooperate with Customer and, upon reasonable prior notice to Contentsquare (no less than thirty (30) days), provided that Customer agrees to our Penetration Testing Protocol, Customer may conduct periodic technical security tests (manual penetration tests) and audits of Contentsquare’s systems holding or containing any Customer Data, using a third party provider (under confidentiality obligations no less strict than the obligations of Customer under this Agreement), to verify that all necessary security measures have been implemented and are functioning properly, and in any event no more than once per each calendar year (a “Technology Security Audit”). Arising deficiencies and their associated criticality shall be reviewed and mutually agreed on by both Parties. Contentsquare shall promptly address all validated critical deficiencies, concerns or recommendations arising out of any Security Questionnaire, Data Protection Controls Audit, or Technology Security Audit (each a “Security Audit”). If, as a result of any Security Audit, Customer reasonably deem Contentsquare’s security measures insufficient, then promptly following Customer’s written request, a senior Contentsquare executive shall meet with a representative of Customer to discuss the matter in good faith until its conclusion.
  7. Notwithstanding the foregoing, all assessments and audits conducted under Section 6 above shall conform to the following requirements:

- Customer shall provide thirty (30) days prior written notice.

- Limited to once every twelve (12) month-period.

- At the sole cost and expense of the Customer.

- Scope of assessments and audits shall be limited to matters not already covered by the SOC 2 or ISO 27001 certifications in effect; and

- Any internal expenses incurred by Contentsquare as part of assessments and audits requested by the Customer within the scope already covered by the SOC 2 or ISO 27001 certifications in effect, shall be reimbursed by the Customer.