Terms and Conditions for the Sony Research India’s R.I.S.E.

2022 Hackathon (the

“Contest”)

IMPORTANT: PLEASE READ THESE TERMS AND CONDITIONS (THESE “TERMS AND
CONDITIONS”) BEFORE ENTERING THE CONTEST. THIS IS A LEGALLY BINDING
AGREEMENT BETWEEN YOU AND SONY RESEARCH INDIA (“SONY”) ESTABLISHING
THE TERMS AND CONDITIONS UNDER WHICH YOU ARE ENTITLED TO PARTICIPATE
IN THE CONTEST. BY ENTERING THE CONTEST, YOU CONFIRM THAT YOU HAVE
READ AND UNDERSTOOD, AND AGREE TO ABIDE BY, THESE TERMS AND
CONDITIONS.

SUBMISSION GUIDELINES
A. Participation in this Contest can be individual or in a team of two.
B. After you have built your application, you must do the following:
B.1 Submit the solution in .zip format
B.2 At the end of the page, you must complete the following tasks:
▪ Upload the following as a zip, tar, or tar.zip archive:
● Prediction file
● Source file
● Model and Algorithm Code
▪ Submit your solution
C. You will have to upload your submissions on the Problems page in the format specified
in the problem statement.
D. The total number of submissions allowed for a participant throughout the Contest is
600. The maximum number of submissions that a participant can make in a day is 10.
E. You can only use Python for model code in addition to AWS or other Cloud tools.
F. Use of external dataset is prohibited for this Contest. Participants found using
external dataset will be disqualified.

1. ORGANISER
1.1 The Contest is organized by Sony Research India Private Limited with an address at
WeWork Embassy Tech Village, Embassy Tech Village Block-L, Devarabisanahalli, Outer
Ring Road, Bellandur, Bangalore-560 103, Karnataka, India (hereinafter referred to as “Sony”
which expression shall, unless repugnant to the context or meaning thereof be deemed to
include its parent company, affiliates, related corporations, subsidiaries, directors, officers,
employees and agents)
1.2 Sony is inter-alia engaged in the business of technology research and development for
entertainment and electronics industry.

1.3 Sony is conducting an online competition called RISE, a hackathon competition (the
“Contest”) held on by Hackerearth (“Contest Organiser”)

1.4 The Contest aims at inviting solutions for the problem statement laid down by Sony in the
form of submission of proposal (“Proposal”) by you.

1.5 Each Proposal submitted by you, or your team shall be considered as an entry.

2. ELIGIBILITY
2.1 General Eligibility Requirements
• You are at least 18 years of age as of 1st March 2022 and are a student or a researcher
with a college/university (or equivalent) degree or to be graduated from an educational
institution valid in India OR;
• You are below 18 years of age, you have obtained the appropriate permissions and
releases from your parent or legal guardian in order to participate in the Contest AND;
• You are a student / researcher residing in India.

2.2 Not eligible: The following are not eligible to participate in the Contest:
• Employees of Sony and its related corporations and their immediate family members.
• Employees of any party which is directly involved in organizing, promoting or
conducting the Contest.
• Employees of external auditors who are directly involved in the Contest

3. SCOPE OF WORK
3.1 You will submit your Proposal according to the Submission Guidelines mentioned in
these Terms and Conditions.

3.2 Sony will evaluate the submitted Proposal according to the Selection Criteria as set out in
Clause 5 and award a Prize to the selected Proposal as set out in Clause 6 of these Terms
and Conditions.

4. PROPOSAL SPECIFICS
4.1 You may submit your Proposal individually or as a team of up to Two (2) students and/or
researchers
• Team members may come from different academic institutions
• Each student may belong to only one team within the Contest.
• Each team is solely responsible for its own cooperation and teamwork. In no event will
Sony officiate in any dispute regarding the conduct or cooperation of any team or its
members.

In addition to the competition rules and requirements, to be eligible for judging, all entries
must meet the following general standards:
• All entry materials must be presented and/or submitted in the English language unless
otherwise specified.
• If you are required to make an oral presentation or provide supporting materials, these
presentations and materials must be presented and/or submitted in the English
language unless otherwise specified.
• You are responsible for providing your own translator if you need one. Sony will not
serve as translators for your team. It is acceptable for mentors to serve as translators,
but they must only translate the spoken words of team members and not make a
presentation on behalf of the team.
• The content of your entry and any supporting materials must be acceptable for all
viewing audiences. Sony will automatically disqualify any entrant that submits any
entry or supporting materials that contain text, sound or images that we, in our sole
opinion and for any reason, find vulgar, offensive, or inappropriate for public viewing,
or that presents us in a negative light.

4.2 Important note about Copyright: Your submitted Proposal must only contain material
(including but not limited to source code – both open source and third party sourced, user
interface, music, video or images) that you own or that you have permission from the
copyright/trademark owner to use. Your submitted Proposal may not contain copyrighted
materials (including but not limited source code, user interface, background music, images or
video) unless you own or have permission to use the materials. If you do use permissible
copyrighted materials, you must include the permissions information by citing the artist/creator
and license information. Note that even material released under sites such as Creative
Commons, common opensource code licenses, and other similar licensing may need
permission or acknowledgement as per the specific license. Note: your or your team’s entry
will be disqualified if permissions information is not included.
4.3 Important note about Hardware: If your submitted Proposal includes a hardware
component, you are not expected to provide that hardware for judging unless you are making
an in-person presentation or hands-on demo, at which point your solution must be complete
and functional for evaluation by the judges. For any stage of the judging process that does not
include an in-person presentation, you or your team may explain your complete solution
through your submission documentation. Any submitted software, however, should simulate
hardware-related data and functionality so that your software can at least be evaluated for
user experience design, platform compatibility, and so forth. If elements of your solution cannot
reasonably be simulated, describe those omissions in your submission and work around those
areas as best you can to enable the judges to evaluate as much of your submitted Proposal
as is possible.

4.4 Important note about Connectivity/Authentication Requirements: If your submitted

Proposal incorporates some form of remote connectivity requiring authentication that our
judges cannot perform, then attempt to simulate as much of your functionality as is reasonable
to enable the judges in early rounds to evaluate your software. You or your team should also
describe any simulations and omissions in your submission so the judges understand and can
evaluate accordingly. Internet connectivity will be provided at the venue for all teams.

5. SELECTION CRITERION OF THE PROPOSAL

5.1 The submitted Proposals will be judged based on the following criteria:
The submissions are evaluated. The evaluation parameters include the following:
• Accuracy of the output [1st Round Selection]
• Functionality of the code [2nd Round Selection]
• Usability of the application [2nd Round Selection]
• Design aesthetics [2nd Round Selection]
5.2 Sony reserves the right to select different entry / Proposal if the selected Proposal is
subsequently disqualified from the Contest.

6. PRIZES

6.1 You or your team, if selected as winner will receive either of the following prizes. The prize
awarded and quantity will be determined by Sony Research India.
1. Sony PlayStation 5 OR
2. Sony Television OR
 3. Sony Earphones

7. NOTIFICATION OF PRIZE WINNER

7.1 Winners will be announced at the end of event on this website by 10 April 2022.

8. CLAIMING THE PRIZE

8.1 If you are confirmed as a winner:
• You may not exchange non-cash Prizes for cash or any other merchandise or services.
However, if for any reason an advertised Prize is unavailable, we reserve the right to
substitute a Prize of equal or greater value; and
• You may not designate someone else as the winner. If you are unable or unwilling to
accept your Prize, Sony will award it to the next highest evaluated student or a team;
and
• If you accept a Prize, you will be solely responsible for all applicable taxes related to
accepting the Prize; and
• If you are otherwise eligible, but are considered a minor in your place of residence,
then we may award the Prize to your parent/legal guardian on your behalf; and
• Unless otherwise noted, all Prizes are subject to their manufacturer’s warranty and/or
terms and conditions; and

Sony is not responsible for any dispute regarding Prize dispersal.

9. PAYMENT OF PRIZE MONEY

9.1 Sony shall disburse the Prize Money, if applicable to you through Immediate Payment
Service (“IMPS”) / National Electronic Funds Transfer (“NEFT”) to the bank account details
provided to you upon selection of your Proposal.

9.2 Taxes and other levies imposed by any relevant applicable government or tax authority,
as well as other costs including insurance and incidental costs, that may be levied or incurred
on the Prize Money shall be fully borne by you.

10. ENTRY FORMS

10.1 Sony is not responsible for printing or typographical errors in any Contest-related
materials or for registrations, entry forms or submissions that are incomplete, lost or
misdirected, fail to enter into the processing system, or are processed, reported, or transmitted
late or incorrectly or are lost for any reason including electronic, computer, telephone, paper
transfer, mail system, human or other error; including inability to access any website
associated with the Contest. Proof of online submission shall not constitute proof of receipt by
Sony.

10.2 If any information provided on an entry form is found to be misleading or inaccurate, that
entry shall be deemed invalid.

11. TERM
11.1 The Terms and Conditions shall come into effect, the date on which you enter the Contest
(the “Effective Date”) and shall remain in force for a period of 1 (one) year from the Effective
Date.

11.2 In the event, you are not able to complete the submitted Proposal after award winning,
for any reason whatsoever then both you and Sony shall mutually decide and extend the Term.

12. TERMINATION
12.1 Sony may terminate these Terms and Conditions without further liability for any reason
whatsoever, without any prior notice to you.

12.2 Termination of these Terms and Conditions (for whatever reason) shall not affect the
respective rights and liabilities of Sony hereto accrued prior to such termination. All clauses of
these Terms and Conditions including this clause which are express, or which by implication
are, intended to survive the termination of these Terms and Conditions shall so survive and
continue in full force and effect notwithstanding the termination of these Terms and Conditions.

13. REPRESENTATION AND WARRANTIES

13.1 You represent and warrant to Sony and its parent company, affiliates, related
corporations, subsidiaries, directors, officers, employees and agents that (i) you are the sole
and exclusive owner of your submitted Proposal, or you have all right and authority to grant
the rights in your submitted Proposal to Sony and its parent company, affiliates, related
corporations, subsidiaries, directors, officers, employees and agents; (ii) if your sumbitted
Proposal contains a photograph or a video, you has obtained any and all releases necessary
from all persons depicted in the photograph or video, including, without limitation, releases in
the context of rights of privacy and rights of publicity; and (iii) if a person depicted in the
photograph or video is under the age of 21 years, you have obtained all appropriate
permissions and releases from the parent or legal guardian of the person in question, to work
on the submitted Proposal, and (iv) you have obtained all authorization(s), consents and
licenses necessary to fully perform these Terms and Conditions,

13.2 In the event the Proposal submitted by you or your team, pursuant to these Terms and
Conditions contain any computer media or files or any other deliverable in an electronic format,
you represent and warrant that such materials shall be free from computer viruses and any
undocumented and unauthorized methods for terminating or disrupting the operation of, or
gaining access to, the deliverable, computer systems or other computing resources or data,
or other code features which result in or cause, in whole or in part, directly or indirectly,
damage, loss or disruption to all or any part of the computer systems or other computing
resources.

14. PROPOSAL’S FITNESS FOR PUBLICATION:

You expressly agree that the Proposal submitted by you does not contain any image or content
that is unlawful, libelous, slanderous, defamatory or invasive of another person's right of
privacy or right of publicity, or that Sony may reasonably deem harmful, vulgar, obscene,
derogatory, pornographic, abusive, harassing, threatening, hateful, objectionable with respect
to race, religion, creed, national origin or gender, or otherwise unfit for publication. Sony and
its parent company, affiliates, related corporations, subsidiaries, directors, officers, employees
and agents shall not be liable in any way for any submitted Proposal. Sony and its parent
company, affiliates, related corporations, subsidiaries, directors, officers, employees and
agents shall have no obligation to monitor your submitted Proposal but may do so at its
discretion. If, Sony, in its sole and absolute discretion, considers your submitted Proposal
inappropriate or unsuitable for publication, Sony may refuse to grant you the Prize for the
same.

15. INTELLECTUAL PROPERTY RIGHTS

15.1 Retained Rights: You and Sony and its parent company, affiliates, related corporations,
subsidiaries, directors, officers, employees and agents will retain all rights, title and interest in
and to its own Pre-Existing Intellectual Property irrespective of any disclosure of such Pre-
Existing Intellectual Property to the other Party, subject to any licenses granted herein.

15.2 Sony will not return any of your submitted Proposals, and your submitted Proposal
becomes the property of Sony.
15.2 Pre-Existing Intellectual Property Rights

15.2.1. You will not use any third-party’s pre-existing intellectual property in connection with
these Terms and Conditions unless you have the right to use it for the Sony’s benefit. If you
are not the owner of such pre-existing intellectual property, you will obtain from the owner any
rights as are necessary to enable you to comply with these Terms and Conditions.

15.2.2. You grant Sony and its parent company, affiliates, related corporations, subsidiaries,
directors, officers, employees and agents an exclusive, royalty-free, worldwide, perpetual and
irrevocable license in the Proposal submitted by you and third-party’s pre-existing intellectual
property, to the extent such pre-existing intellectual property is incorporated in your submitted
Proposal including the right to make, sell, use, reproduce, modify, adapt, display, distribute
and disclose such pre-existing intellectual property.

15.2.3. You will not incorporate any material from a third party in your submitted Proposal
unless: (i) you clearly identify the specific elements of the Proposal to contain third party
materials; (ii) you identify the corresponding third-party licenses and any restrictions on use
thereof; and (ii) an approval is given by Sony in writing for use of third-party material.

15.2.4. You shall indemnify Sony and its parent company, affiliates, related corporations,
subsidiaries, directors, officers, employees and agents against any actual or potential threats,
liabilities, cost, damages, losses incurred Sony that may arise due to failure of you to comply
with confidentiality or any prior consent requirement arising from any third-party agreements
and/or comply with any applicable laws.

15.3. Ownership of Deliverables

15.3.1. Any information provided by Sony and its parent company, affiliates, related
corporations, subsidiaries, directors, officers, employees and agents to you (including, without
limitation, the data, records and reports related to Sony) whether in existence at the Effective
Date or compiled thereafter in the course of completion of your submitted and selected
Proposal (“Sony’s Data”) as well as when selected for an award by Sony, any intellectual
property in your submitted Proposal, all tangible and intangible property, work products,
designs, artwork, creations, inventions and discoveries which are conceived, developed or
created by you for your submitted Proposal (the "Work Product"), including, without limitation,
all technical notes, schematics, software source and object code, prototypes, breadboards,
computer models, artwork, literature, methods, processes and photographs, shall be
considered “work made for hire” and, therefore, all right, title and interest therein, (including,
without limitation, patents and copyrights) will vest exclusively and are assigned to Sony.
15.3.2. You agree and assign all patents, trademarks, copyrights, trade secrets or other
Intellectual Property Rights vested in such Sony’s Data and Work Product to Sony and that
Sony and its parent company, affiliates, related corporations, subsidiaries, directors, officers,
employees and agents’ will have full rights to use Sony’s Data and Work Product without any
claim by you for additional compensation and without any challenge, opposition or interference
by you.

15.3.3. Your use of such information as obtained from Sony and its parent company, affiliates,
related corporations, subsidiaries, directors, officers, employees and agents for the completion
of your proposal shall be limited to such use as is necessary to perform the completion of your
submitted Proposal. Upon request by Sony at any time and from time to time under these
Terms and Conditions, you shall promptly deliver the information to Sony in electronic format
and in such hard copy as exists on the date of the request by the Sony.

15.3.4. You hereby irrevocably waive any and all “moral rights” that it may have in the Work
Product, or any part thereof, in connection with any use thereof by Sony and its parent
company, affiliates, related corporations, subsidiaries, directors, officers, employees and
agents. To the extent such waiver may be invalid or unenforceable, you shall, without further
remuneration (except for its out-of-pocket expenses) and whether or not these Terms and
Conditions is in effect, execute and deliver to Sony such waiver of your “moral rights”
concerning the Work Product and Sony’s use thereof as may be requested by Sony. You
acknowledge that the term “moral rights” as used herein includes the right of an author to be
known as the author of a work; to prevent others from being named as the author of the work;
to prevent others from falsify attributing to the author the authorship of a work which he/she
has not in fact created; to prevent others from making deforming changes in the author’s work;
to withdraw a published work from distribution if it no longer represents the views of the author;
and to prevent others from using the work or the author’s name in such a way as to reflect
negatively on his/her professional standing.

15.3.5 You agree and acknowledge, that in case, your proposal is chosen by Sony, you and
Sony shall enter into separate terms for collaboration for working on completion of the
Proposal. In such an event, Sony will acquire all rights to use the Intellectual Property in your
Proposal and such terms for collaboration shall be defined after the selection of your Proposal
by Sony. In the event, the Parties are not able to agree to such terms, you will not receive the
Award Money from Sony.

15.3.6. Sony and its parent company, affiliates, related corporations, subsidiaries, directors,
officers, employees and agents have the right to further assign or license such the Intellectual
Property in such Sony’s Data and Work Product to any third-party for the purpose as defined
in these Terms and Conditions.

15.4. No Rights to Sony’s Intellectual Property: The Parties acknowledge and agree that you
are not entitled to any rights, title or interest in any Propriety or Intellectual Property of Sony
and its parent company, affiliates, related corporations, subsidiaries, directors, officers,
employees and agents.

15.5. Without limiting the generality of the provisions above, Sony and its parent company,
affiliates, related corporations, subsidiaries, directors, officers, employees and agents shall
have an exclusive right to publish and use the details of the Proposal in print and/or electronic
form for advertising and promotion of Sony’s products, for exhibition, and for both commercial
and non-commercial products and publications, including without limitation, using,
downloading, adapting, reformatting, editing and/or resizing the Proposal as may be
necessary and to authorize others to do any of the above without any obligation to notify or
compensate you.

15.6. Entitlement to incomplete work: Should these Terms and Conditions are terminated
during any particular stage of the completion of your Proposal selected by Sony, then Sony
shall attain ownership in the Proposal and data created by you up to such stage.

16. INDEMNIFICATION
16.1 Except to the extent a Claim (as defined below) is caused by Sony’s acts or omissions ,
you shall defend, indemnify and hold Sony, its parent company, affiliates, related corporations,
subsidiaries, directors, officers, employees and agents harmless from and against any and all
loss, cost, expense or liability (including reasonable attorneys’ fees, experts’ fees and court
costs) incurred in connection with any third party demands, assertions, claims, suits, actions
or other proceedings: (i) alleging that the Proposal selected by Sony or Work Product infringes
any third party’s intellectual property rights, or misappropriates third party’s confidential
information (ii) alleging that the Proposal selected by Sony or any Work Product violates any
Applicable Law; (iii) arising from the performance or non-performance of completion of the
Proposal (iv) alleging personal or bodily injury or tangible property damage to the extent such
injury and/or damage results from the gross negligence or willful misconduct by you (in each
case, a “Claim”). Sony will provide you a prompt notice of any Claim. In connection with any
Claim, you will not consent to any judgment, attachment of any lien or any other act adverse
to the interest of Sony, without express written consent from Sony, provided that such consent
shall not be unreasonably withheld.
16.2 To the maximum extent permitted by law, Sony and its parent company, affiliates, related
corporations, subsidiaries, directors, officers, employees and agents accepts no responsibility
whatsoever for any damage, loss, death or personal injury that may occur while the completion
of the Proposal. You undertake to indemnify and keep Sony and its parent company, affiliates,
related corporations, subsidiaries, directors, officers, employees and agents harmless and
indemnified against any loss, damage, claims, costs and expenses which may be incurred or
suffered by any or each of them due to your breach of any of these Terms and Conditions
stated under these Terms and Conditions.

17. SONY’S DECISION FINAL AND BINDING

In the event of any dispute arising from the Contest or relating to the interpretation of the
Terms and Conditions stated under these Terms and Conditions, the decision of Sony on all
matters pertaining to the Contest and these Terms and Conditions, shall be final and binding
on all parties. No correspondence will be entertained.

18. PRIVACY
You understand and agree that Sony uses Contest Organiser to conduct the Contest. The
Contest Organiser may collect information submitted by you during the registration process or
otherwise when participating in the Contest and/or for the fulfillment of the obligations set forth
under these Terms and Conditions may include your email address, ID number, bank account
details and other personal information (“Personal Information”). Except as provided elsewhere
in these Terms and Conditions, your Personal Information will only be collected, used, stored,
disclosed and/or otherwise processed by Sony and its parent company, affiliates, related
corporations, subsidiaries, directors, officers, employees, agents and the Contest Organiser
in accordance with applicable data protection laws and regulations and Sony’s Privacy Policy
which can be found at https://www.sonyresearchindia.com/privacy-policy/ for the purposes of
administering your participation in the Contest. For further details do refer to Exhibit A and
Exhibit B below.

19. FUTURE COMMUNICATION

By registering or participating in this Contest, you provide your consent to receive

communications from Sony for recruitment purposes. Should you wish to unsubscribe, you
could opt out of receiving any such communications from Sony by writing an email to
[email protected]
20. NO WARRANTIES
20.1 Sony and its parent company, affiliates, related corporations, subsidiaries, directors,
officers, employees and agents do not warrant or represent (either directly or indirectly):
20.1.1 that completion of the submitted Proposal and/or access to the whole or any part of
the Proposal, Proposal materials, content, information and/or functions contained in
them will be provided on an uninterrupted, timely, secure and error-free basis; or
20.1.2 that no computer viruses shall be transmitted or that no damage shall occur to your
computer system as a result of any online activity on completion of the Proposal, if
any
20.1.3 Any material downloaded or otherwise obtained through the Internet is done at
discretion and risk by you and you will be solely responsible for any damage to your
computer system or loss of data resulting from such download.
20.1.4 Sony and its parent company, affiliates, related corporations, subsidiaries, directors,
officers, employees and agents’ does not warrant or make any representations
regarding the use, validity, accuracy, or reliability of, or the results of the use of, or
otherwise in respect of the materials on the website.

21. NO USE OF UNICENSED SOFTWARE

You declare and warrant to Sony and its parent company, affiliates, related corporations,
subsidiaries, directors, officers, employees and agents that while completion of the selected
Proposal you or your team shall not use any unauthorised or unlicensed software. If you are
found doing so, Sony has the right to refuse the Prize.

22. NO CHEATING TOLERATED

You or your team acknowledge and agree that no form of cheating will be tolerated. If you or
your team is found cheating, as determined in the sole and absolute discretion of Sony, you
will immediately be disqualified from the Contest. Cheating includes, but is not limited to, using
multiple identification numbers, tampering with, hacking of the Contest website, participating
in the Contest without meeting the eligibility requirements, using any automated software or
device to gain an advantage during the Contest, use of the Contest beyond the defined rules
of the Contest, attempting to disable or overwhelm any of Sony’s websites or the Contest site
(if any), attempting to disrupt any portion of the Contest, including but not limited to, allowing
somebody else to use your Personal Information, or tampering with the entry process. ANY
ATTEMPT BY A PERSON TO DELIBERATELY DAMAGE ANY OF SONY'S WEBSITES OR
UNDERMINE THE LEGITIMATE OPERATION OF THE CONTEST MAY BE A VIOLATION
OF CRIMINAL AND CIVIL LAWS; AND SHOULD SUCH AN ATTEMPT BE MADE, SONY
RESERVES THE RIGHT TO SEEK DAMAGES FROM ANY SUCH PERSON TO THE
FULLEST EXTENT PERMITTED BY LAW.

23. NO WAIVER
Sony’s failure to enforce any provision of these Terms and Conditions shall not constitute a
waiver of that or of any other provision.

24. MODIFICATION OF THESE TERMS AND CONDITIONS

Sony may modify the Terms and Conditions under these Terms and Conditions and/or
withdraw or terminate these Terms and Conditions at any stage without any liability towards
you.

25. GOVERNING LAW AND JURISDICTION

These Terms and Conditions shall be deemed to have been made and executed in Bangalore,
India and any dispute arising hereunder shall be resolved in accordance with the laws of India,
without reference to its conflict of laws principles. You agree to submit any dispute relating to
these Terms and Conditions to the exclusive jurisdiction of the courts of the Bangalore, India.

26. NO THIRD-PARTY RIGHTS

A person who is not a party to these Terms and Conditions shall not have any rights under the
Indian Contract Act, 1872 to enforce any of its terms. For the purposes of this paragraph,
“person” shall mean a human being or a corporate entity (whether or not having a separate
legal personality), as the case may be.

IN WITNESS WHEREOF, you agree to the above terms and conditions.

Name:

Place:

Date:
 EXHIBIT A

PERSONAL INFORMATION, DATA SECURITY & PERSONNEL CONTROLS

1. General. The provisions of Section 3 of this Exhibit shall apply in the event that Provider
shall receive Personal Information (as defined below) in connection with its performance of
the Services. The provisions of Section 4 of this Exhibit shall apply in the event that Provider
shall provide any hosted solution Services, establish a private connection to the Sony network,
or obtain access to Sony’s network.

2. Personal Information Defined. “Personal Information” shall mean any and all information
that pertains to a specific person, including without limitation, a person’s e-mail address, name,
mailing address, telephone number, social security number, credit card number, or persistent
identifier (such as a customer number held in a cookie) which is associated with a person’s
individually identifiable information or can, together with information supplied by Sony or
collected or to be collected by Provider, identify a specific individual, even if such information
cannot, by itself, identify a specific individual, which is (i) disclosed or furnished, in any form,
by Sony, its affiliates, agents or employees to Provider in connection with Provider’s
performance of the Services or (ii) collected on behalf of Sony by Provider in connection with
Provider’s performance of the Services.

3. Personal Information Obligations.

3.1. In addition to and without limiting the obligations set forth in this Exhibit, Personal
Information shall be considered Sony’s Confidential Information under the Agreement,
provided, however, that Provider’s obligations of confidentiality regarding Personal Information
shall be perpetual.

3.2. Provider shall not, without Sony’s prior written consent (except as may be required
in connection with any judicial or administrative proceeding or inquiry or to such of Provider’s
officers and employees who have a need-to-know), disclose to any person, other than the
Sony employee(s) who are directing the activities of the Provider in connection with the
Agreement, any Personal Information. If Sony consents to the disclosure of Personal
Information, Provider shall require such person to first execute a written agreement with
Provider on terms substantially similar to this Exhibit.

3.3. Provider shall not make any copies of any Personal Information except as is
necessary to perform the Services without Sony’s prior written consent;

3.4. Without limiting any of Provider’s obligations under the Agreement, Provider shall: (i)
use a secure method when transmitting, storing and/or processing Personal Information; and
(ii) ensure that no Personal Information is commingled with any third party’s data. To the
extent commingling of Personal Information is unavoidable, Provider must provide strong
logical separation of the data that strictly limits access to Sony data by authorized parties only.

3.5. If Provider collects, processes, stores, or transmits credit card data in connection
with its performance of the Services, Provider (i) is responsible for the security of cardholder
data that it possesses, stores or transmits, (ii) shall maintain appropriate administrative,
physical and technical safeguards reasonably designed to protect the security of cardholder
data that Provider possesses, stores or transmits, (iii) shall maintain continuing and ongoing
compliance with the PCI Cardholder Data Security Standard as such standard may change
from time to time, and (iv) shall provide proof of compliance with the PCI standard upon Sony’s
request.

3.6. Provider shall keep all logs used in connection with its security procedures for the
protection of Personal Information in a secure location for a period beginning on the Effective
Date and ending two (2) years after the expiration or earlier termination of the Agreement.

3.7. Provider agrees that it will comply with its direct or derivative obligations under all
applicable laws and regulations regarding the collection, use, storage, transfer, processing,
duplication or disclosure of Personal Information, which may include, without limitation, the
Massachusetts’ Standards for the Protection of Personal Information of Residents of the
Commonwealth (2001 CM 17.00: M.G.L. c. 93H), the European Union Data Protection
Directive (Directive 95/46/EC); the EU General Data Protection Regulation (Regulation (EU),
2016/679), and local data protection and privacy laws of countries in the European Union
relating to the use of appropriate technical and organizational measures for the protection of
Personal Information (1) where Services will be provided by the Vendor and (2) where
individuals whose Personal Information is being processed by Provider are residing or where
Sony or its affiliates are established and where Provider processes Personal Information on
their behalf; the Canadian Personal Information Protection and Electronic Documents Act
(PIPEDA); and any other jurisdictional laws regarding cross-border transfers of Personal
Information (e.g., those of Japan, Argentina, Australia, Mexico, and New Zealand). Provider
will execute and adhere to, and will require any of Provider’s affiliates or sub-contractors
approved by Sony that process or access Personal Information to execute and adhere to
additional model contracts; agreements; self-certifications; contractual terms and conditions
with Sony or Sony affiliates as Sony may instruct in writing from time to time that Sony deems
necessary, in its sole discretion, to address applicable data protection, data transfer, privacy,
or information security laws, regulations or other requirements. Provider agrees that it shall
immediately inform Sony if, in its opinion, any of Sony's instructions infringe applicable laws
on the processing of Personal Information.

4. Security and Data

4.1. Public Clouds. Provider will not utilize cloud storage services or IaaS (Infrastructure
as a Service) public cloud computing services as part of any hosted solution Services or
otherwise allow Sony data (or Sony customer data) or information to be stored or accessed
from such services without first obtaining written consent from the Sony’s Information Security
department.

4.2. Security Questionnaire. Prior to providing any hosted solution Services,

establishing a private connection to the Sony network, or obtaining access to Sony’s network,
Provider must fully and accurately complete Sony’s security assessment questionnaire and
provide all requested documentation. Failure to do the foregoing, to promptly correct security
issues or other vulnerabilities identified by Sony as a result of responses to the questionnaire,
or to promptly notify Sony of any changes to responses previously given, shall be grounds for
Sony to immediately terminate the Agreement without penalty.

4.3. Security Assessments. At least once annually Provider shall, at Provider's

expense, have a qualified independent auditor perform internal and external system and
application vulnerability assessments on all systems that will be used to provide Services to
Sony. These annual assessments shall be equivalent to a penetration testing in accordance
with accepted industry standards. In addition, every three months, Provider or Sony with
Provider's permission or a qualified independent auditor selected mutually by the Provider and
Sony, shall perform external web application vulnerability assessments for internet facing
websites or web services used to provide Services to Sony. Provider shall make available to
Sony all technical reports produced in connection with the quarterly vulnerability scans and
each annual assessment (PEN test) which shall include details on any and all the
vulnerabilities exposed. Provider, at Provider's expense, shall promptly but no later than seven
(7) days from discovery correct or mitigate, to Sony’s reasonable satisfaction, all vulnerabilities
or security issues discovered during the annual and quarterly assessments that are
categorized as Severity “High", “Critical”, or “Urgent” (Severity definitions are per PCI DSS or
any other InfoSec standard accepted as best practice in the industry) , and provide Sony with
ongoing progress reports while completing such corrections.

4.4. Incident Notifications. Provider shall notify Sony via telephone to its Sony business
contact and email to [email protected] , of any unauthorized accesses to or
disclosure of Sony Confidential Data, and any suspected or actual breaches of the software,
systems, and/or data centers used to provide the Services (“Security Incident”) within four (4)
hours of Provider’s knowledge or reasonable suspicion of such Security Incident. Provider will
immediately (or as soon as possible) conduct a forensic investigation of such Security Incident,
and provide Sony with a written formal report of the Security Incident, explanation of its
response procedures, controls implemented to contain the incident and prevent similar
incidents from happening in the future within 72 hours after providing such notice. Upon
Sony’s request, Provider will promptly provide to Sony, at Provider’s cost, all information
pertaining to the incident, including raw logs, necessary for forensic investigation. If Provider
cannot perform the investigation itself, Provider will engage, at Provider’s cost, a mutually
agreeable qualified third party to conduct the investigation.

4.5. Third Party Security Controls.

4.5.1. At Sony’s request, Provider will provide copies of Provider’s internal security
and control policies and procedures for Sony’s review, and, if any such policies or procedures
are found by Sony to be inadequate or insufficient in any manner, Sony shall notify Provider
and Provider shall remedy such issues to Sony’s satisfaction.

4.5.2. Provider shall ensure physical and logical security safeguards, including but
not limited to the following, are maintained and enforced at all Provider facilities at which
Services are performed (“Service Facilities”) to guard against unauthorized access,
destruction, loss, theft, damage, or alteration of any Services, Sony resources, and/or Sony
Confidential Information:

4.5.2.1. All Service Facilities at or from which Sony Confidential Information is

stored, used, accessible, transmitted, processed or otherwise made available, must have
security guards on a 24 hour by 7 day per week basis and access controls that include, at a
minimum, restricting physical, logical, direct or remote access to all portions of each Service
Facility containing Sony Confidential Information, and monitoring and logging access to all
Service Facilities.

4.5.2.2. All Service Facilities, must have access controls which include: (i)
inspecting, authenticating, and verifying identification, and only allowing authorized personnel
to enter; (ii) monitoring and logging access; (iii) utilizing equipment and software that do not
allow for the download or removal of Sony Confidential Information or any physical media
capable of storing or transmitting Sony Confidential Information; (iv) producing physical copies
only as necessary to perform the Services (providing Sony access to print and audit logs on
request) and maintaining and enforcing policies requiring shredding and secure disposal of
materials and media containing Sony Confidential Information; and (v) ensuring no physical
materials or media containing Sony Confidential Information are removed from any Service
Facilities.

4.6. Data Encryption. Provider will encrypt all Sony “data in motion” (i.e., data in transit)
to the extent data is not public in nature. Provider will also encrypt “data at rest” (e.g.,
Databases, data on disk, data on storage media, etc.) when data is deemed sensitive or
confidential by Sony. Encryption protocols and algorithms must meet current industry best
practices.

4.7 Passwords. Passwords must be complex using capital and lower case letters,
numbers, and symbols and be at least 12 characters in length. All passwords must be stored
using strong encryption, based on the minimum encryption requirements set forth in Section
4.6 or using one-way hashing algorithms equivalent to SHA2. In addition, hashed passwords
must be salted with a minimum Salt length of 64 bits. Accounts with privileged access must
use multi-factor authentication (including one time passwords).

4.8. Audit Rights. At least once annually during the term and for a two year period
thereafter, Provider shall permit personnel designated by Sony, or a reputable data security
company selected by Sony, to review the security of Provider’s systems and Provider’s
security procedures for the protection of Personal Information (if applicable) and any other
Sony Confidential Information. Such review may include, without limitation, infrastructure,
system and application vulnerability assessments, observing operations, perusing documents
and other materials, and interviewing relevant Provider personnel. If, upon such review, Sony
determines that Provider is not in compliance with the terms of this Exhibit or the Agreement,
Sony shall so notify Provider in writing of such non-compliance and Provider shall promptly
cure such non-compliance to Sony’s reasonable satisfaction.

4.9. Coding Standards. When Provider will be performing any software (website)
development, in whole or in part, on behalf of Sony as part of the Services, then Provider
hereby represents, warrants and covenants that it does and will meet Sony’s then current
minimum “Coding Standards” (as updated by Sony from time to time). Sony’s coding
standards will be made available to the Provider when applicable.

4.10. Security Awareness and Training. Vendor’s security awareness and training
program must be extended to all members of Vendor’s workforce directly or indirectly
associated with providing Services to Sony (including management and Subcontractors),
which includes training on how to implement and comply with Vendor’s Information Security
Program and best information security practices.

4.11. Acceptable Use Policy (AUP). This policy applies when Provider or Provider’s
employees or contractors (together “Contractors”) will access Sony’s internal infrastructures,
systems and/or applications whether remotely or on premise. Provider and Provider’s
employees and Contractors must comply with Sony’s acceptable use policy (AUP). See
Exhibit Y (AUP)
 All Provider employees and Contractors will be required to complete Sony’s security
training and acknowledge that they will abide by Sony’s security policies, including
the terms of Exhibit Y (AUP) and the then-applicable Sony Global Information
Security Standards, which may be updated by Sony from time to time, and will be
provided to Provider employees and Contractors at the time of training, and/or as
requested by Provider.

5. SSAE 16 and ISAE 3402 Type II Reports.

5.1. Upon Sony’s sole option and request, once per year during the Term (unless Provider
obtains such reports more frequently), Provider will prepare and deliver to Sony the
appropriate report covering Provider’s controls relevant to Sony’s internal controls over
financial reporting, namely a Statement on Standards for Attestation Engagements 16 (“SSAE
16”) Type II report, or an International Standard on Assurance Engagements 3402 (“ISAE
3402”) Type II report (each, a “Type II Report”). Provider will cover all costs to obtain each
Type II Report. If Provider refuses to provide such Type II Report, Sony may appoint a qualified
audit firm to perform the review and prepare the Type II Report, at Provider’s expense. The
applicable Type II Report will be provided no later than forty-five (45) days following the end
of Provider’s review period. If any Type II Report reveals control issues or other weaknesses,
Provider will (i) prepare and implement a timely remediation action plan to correct any
deficiencies and/or resolve any problems identified in such Type II Report, provided that such
corrective action plan is discussed with and approved in advance by Sony, and (ii) reasonably
assist Sony in meeting its obligations under the United States Sarbanes-Oxley Act of 2002
(“SOX”) or other applicable financial disclosure laws in connection with the Agreement. Costs
of remediation shall be borne by Provider.

5.2. All control reviews performed to produce each SSAE 16 Type II Report shall be
conducted under the standards defined by the American Institute of Certified Public
Accountants (“AICPA”), and all control reviews performed to produce each ISAE 3402 Type II
Report shall be conducted under the standards defined by the International Auditing and
Assurance Standards Board (“ISASB”). All control reviews required hereunder shall be
inclusive of any successor standard to the SSAE 16 and ISAE 3402 Type II reporting
standards.

5.3. Provider will provide an update letter at a frequency specified by Sony (the “Update
Period”), for each Type II Report indicating if there was a material change in the overall control
environment as described in the applicable Type II Report, as well as whether or not Provider
is aware of the existence of any non-achievement of a control objective during the preceding
Update Period. Such letters will be made available to Sony on the first business day following
the end of each Update Period.

6. Checks & Verification. Provider agrees that its personnel will complete and pass the
following checks and verification prior to performing Services, each of which Sony may audit
at its request:

6.1. Criminal Background Checks: If required by Sony, a background check of the 7 prior
years. No felony convictions are allowed. Provider must advise Sony of any misdemeanors
so that Sony can determine in its sole discretion whether the particular personnel is acceptable
to Sony to perform Services. Provider must also immediately inform Sony if it becomes aware
of any changes to the status of any of its personnel performing Services.

6.2. Reference Checking: A reference check including a minimum of 2 work related

professional references as required by the specific job description.

6.3. Education Verification: An education verification if required by the specific job

description.

7. Permitted Subcontractors. If approved by Sony in writing, Provider may use third

party contractors (“Permitted Subcontractors”) to assist with its performance of Services so
long as:

7.1. Provider requires all Permitted Subcontractors who have access to Sony Confidential
Information to implement security practices no less stringent than those required of Provider
under this Exhibit. Such security practices must (i) include administrative, technical, and
physical safeguards that ensure the confidentiality, integrity, and availability of Sony
Confidential Information, which includes Personal Information, (ii) protect against any
reasonably anticipated threats or hazards to the confidentiality, integrity, or availability of Sony
Confidential Information, and (iii) protect against unauthorized access, use, disclosure,
alteration, or destruction of Sony Confidential Information;

7.2. Provider agrees:

(i) to be solely financially responsible for all costs of, and all costs incurred by,
all Permitted Subcontractors;
(ii) that in no event shall the right of Provider to subcontract relieve Provider of
any of its obligations and responsibilities under or in connection with this Exhibit or the
Agreement; and
(iii) that it is as fully responsible to Sony for the acts and omissions of its
subcontractors, including its subcontractors’ employees, as Provider is for the
 acts and omissions of employees directly employed by Provider.

7.3. Provider shall take all reasonable measures including, but not limited to, court
proceedings, at its own expense, to restrain its Permitted Subcontractors from unauthorized
disclosure or use of the Confidential Information, and shall immediately notify Sony if Provider
becomes aware of any use by a Permitted Subcontractor of Sony Confidential Information not
in accordance with this Exhibit or the Agreement.

7.4. Provider shall provide Sony with a written list of all data centers which may host Sony
Confidential Information in connection with Provider’s provision of the Services under this
Agreement, and promptly provide an updated list in the event of any change.

8. Indemnification. Provider acknowledges that Sony is relying on Provider’s

representations, warranties and covenants contained in this Exhibit for purposes, among other
things, of Sony’s commitments and representations made in its privacy policy. Provider shall
defend, indemnify and hold harmless Sony, its parents, subsidiaries and other affiliates, and
the respective officers, directors, employees and agents of each of them, from and against all
claims, suits, liabilities, losses, costs and expenses (including attorneys' and experts' fees and
court and settlement costs) arising from or incident to any breach by Provider of said
representations, warranties and covenants.

9. Term; Survival. This Exhibit shall be coterminous with the Agreement, except that
Sections 2, 3, 4.4, 4.8, 8 and 9 of this Exhibit shall survive the expiration or earlier termination
of this Exhibit and the Agreement.
 EXHIBIT B

ACCEPABLE USE POLICY (AUP)

1 Overview/Purpose

This Policy establishes the rules and guidelines for acceptable use of the “Sony IT platform”
(i.e. all Sony-owned or leased information and communication technology as more fully
defined in Section 5) -- as well as prohibitions against unacceptable use -- in accordance with
Sony’s established culture of ethical and lawful behavior. Inappropriate use of electronic
devices and network resources can expose Sony to unnecessary risks, including virus attacks,
compromise of its IT systems and legal issues. This Policy is designed to help protect Sony,
its employees, customers and business partners from such risks.

Effective security is a team effort involving the participation and support of every employee
and affiliate who uses Sony’s information and/or systems. Please read this Policy carefully.
Please also remember that all communications utilizing the Sony IT platform must comply with
all applicable Sony Group policies. By your continued use of the Sony IT platform, you agree
that you will conduct your activities accordingly.

2 Scope

All Sony Electronics (“SEL”) employees, temporary and contingent workers, interns and
trainees, and all personnel affiliated with third parties (including contractors and consultants)
who access the Sony IT platform (referred to collectively as “Sony personnel”) must adhere to
this Policy.

3 Policy Statement

3.1 Ownership, General Use and Right to Monitor

3.1.1 The Sony IT platform, as more fully defined in Section 5, includes all Sony IT
infrastructure, networks, computers, mobile devices, software, hardware, databases,
applications and systems. Subject to applicable law, Sony reserves the right, without notice:

to monitor and audit (a) the Sony IT platform, and (b) your use of the Sony IT platform,
including your access to and use of the Internet and websites accessed or attempted to be
accessed; and to search for or find, access, download, save, transfer, read, copy, print and
examine any data created, sent, stored, or received over, on or through Sony’s online
connections or the Sony IT platform, including e-mails, attachments to e-mails, e-mails that
remain on company computers in temporary internet folders, and/or other messages.

These rights apply to all applications and electronic communications and files, regardless of
whether you use a third-party service provider to access, create or convey the data. This
includes, for example, any e-mails sent through personal, password-protected web-based e-
mail accounts via the Sony IT platform. These rights may be exercised at any time during
your active use of the Sony IT platform, between uses, and after your access is terminated.
Even information that has been encrypted or deleted may be unencrypted, retrieved, recreated
and reviewed. Consequently, you have no expectation of privacy regarding communications
or data transiting or stored on this information system including when you are engaging in any
personal use or when accessing the Internet for personal use.

3.1.2 You are responsible for exercising good judgment regarding appropriate use of the
Sony IT platform in accordance with the Sony Group Code of Conduct, the Global Information
Security Policy & Standards, the Global Basic Principles on Personal Information, the Sony
Social Media Principles, HR’s Technology, Communication & Professionalism policy, and
other internal policies, rules and procedures, including this Policy, as well as applicable local
laws. You should be aware that each of these rules and policies may change without advance
notice at any time. It is your responsibility to remain familiar with the most up to date versions
of these rules and policies and to remain in compliance with them. If you have any uncertainty
regarding acceptable use, please contact your supervisor or SEL Ethics & Compliance.

3.1.3 You may not connect any personal device to the Sony IT platform unless you have
received the prior written approval of SEL Information Security and have executed a SEL
Mobile Device Acceptable Use Policy & Enable Email Request Form. If your personal device
has been approved and is used for business purposes (referred to in this Policy as an
“approved personal device”), any business-related communications and records on such
devices or transmitted by them remain company property in accordance with applicable law
and must be protected in line with the Global Information Security Policy and Standards and
the SEL Mobile Device Acceptable Use Policy & Enable Email Request Form, which will
include password/PIN protection of the device or data, as well as other security controls
prescribed by your IT department. You may also be required to allow the installation of Sony
security software that will remotely wipe or erase the device in the event of loss or theft. As
set out in Section 3.3.1, if your personal device has ever been used for business purposes,
you must immediately notify the SEL Information Security Office if that device is lost, stolen,
or misplaced.
3.1.4 In order to protect Sony business information, Sony reserves the right to confiscate
and search any Sony-issued device or any personal device containing any Sony Information
at any time and without prior notice and you agree to make that device accessible to Sony for
such purpose.

3.1.5 Sony’s IT platform is intended to be used for work-related purposes. Limited personal
use of Sony’s IT resources is permissible as long as it does not interfere with your work
responsibilities or Sony business operations, incur unauthorized costs to the company or
violate the law or any company policy. If you have any uncertainty as to permissible personal
use, please consult your supervisor.

3.1.6 Although your access to some parts of the Sony IT platform requires authentication
(e.g., a password), that does not mean that communications (including personal
communications) sent over or through the Sony IT platform are private. In fact, they are not
private – your communications; online activity; file creation, access, transfer and saving; and
all other uses of the Sony IT platform are subject to routine real-time and/or delayed
monitoring, recording, search and other actions as set forth in Section 3.1.1. Your
communications and other activities and use of the Sony IT platform may be used by Sony or
disclosed by Sony to third parties for any legitimate business purpose, including, but not limited
to, investigating possible violations of any laws or company policy and enforcing Sony policies;
protecting Sony’s IT platform, intellectual property, or confidential information, employee and
customer privacy, other rights and property; responding to government and third party
inquiries; investigating, pursuing, or defending any potential legal claim or potential civil or
criminal offence; and pursuing disciplinary actions up to and including termination of
employment and legal remedies. All of the above conditions apply regardless of whether your
access or use of the Sony IT platform includes the display of a Notice and Consent Banner
("banner"). When a banner is used, the banner functions as an additional consent and to
remind the user of the conditions that are set forth in this Policy, regardless of whether the
banner describes these conditions in full detail or provides a summary of such conditions, and
regardless of whether the banner expressly references this Information and Communications
Technology Acceptable Use Policy.

3.1.7 Sony reserves the right at any time to restrict or deny access to the Sony IT platform
without notice.
3.1.8 Sony has installed or may install software designed to prevent access through Sony's
IT platform to certain categories of websites. This blocking or filtering technology is not a
substitute for each employee's duty to ensure that pornographic or racist content, or other
offensive or inappropriate material that violates Sony policies is not accessed via Sony's IT
platform (except in the very limited circumstances in which there is a demonstrable business
reason for access to this content, in which case, you must obtain your supervisor's pre-
approval.) In addition, subject to applicable law, Sony has installed or may install technology
(such as automated monitoring tools) to search for words or patterns that help to detect
potentially inappropriate activities, such as the unsecured or unauthorized sending of sensitive
personal information (including social security numbers, bank account numbers, and credit
card numbers) or intellectual property, in which case the transmission of that data may be
monitored, recorded, analyzed and/or blocked.

3.1.9 You may not download any software or applications to any Sony-issued device that
would impact the integrity of Sony’s IT platform and/or alter the intended functionality of such
device (e.g. jail breaking, re-formatting, rooting, or otherwise altering a device). If you have
any uncertainty as to whether any software or application is permissible, please consult SEL
Information Security.

3.1.10 Internal investigations into possible violations of Sony policies or the law may be
conducted by appropriate company personnel, including, but not limited to the SEL Corporate
Security Department, Human Resources Department, Legal Department, Ethics &
Compliance Department, or Corporate Audit Department, or Sony may hire and authorize a
third party to conduct investigations. All employees are required to fully cooperate with and
assist any such investigation when requested by the company to do so. This obligation may
include, among other things, the detention and examination of any personal devices that have
connected to the Sony network, as well as any Sony-issued devices. Any failure to cooperate
with such inquiry, or any attempt to hinder, obstruct, destroy evidence or data, or otherwise
impede such an inquiry, is a violation of company policy.

3.1.11 Most states and countries have laws regulating the use of mobile communication
devices by drivers. You agree that you will follow all applicable laws when you are driving for
company business, when you are using a company-issued device, when you are driving a
company car and when you are engaged in company business.
3.1.12 Most smart phones and other mobile devices now have a camera feature. Your use
of a camera in the workplace must not violate any trade secret, confidentiality, or harassment
policies or laws. Your department may have additional guidelines regarding the work-related
use of your mobile device and/or the use of personal phones at work. If you aren't sure about
additional rules, you should ask your supervisor.

3.2 Security of System Accounts

3.2.1 You are responsible for the security of information, data, accounts, and systems under
your control, and you must know and comply with the Global Information Security Policy and
Standards and the Global Basic Principles on Personal Information.

3.2.2 Specifically, you must follow the Sony Global Information Security Policy and
Standards in your selection and use of your password used to access the Sony IT platform
(including when using your own approved personal device) in order to minimize the risks of
unauthorized access. Employees and contractors obtain unique user system identification
and passwords (User ID) from SEL. Access to SEL systems will not be granted until such
User ID is issued. Only SEL designated managers can request User IDs and passwords on
behalf of their employees. Employees and contractors will ensure that User IDs are kept
confidential and secure. You must not share your account or password information with
anyone including other Sony personnel, your family, or your friends. It is a violation of
company policy for you to provide access to the Sony IT platform to any other individual, either
deliberately or through failure to secure access to such platform.

3.2.3 When you connect to the Sony IT platform from a remote location – or in the case of a
business partner connecting from its site -- the session must be secure (e.g., connect securely
through VPN or other approved method). Remote access to company systems requires
separate, specific authorization. Only SEL employees with business needs are eligible for
remotely accessing SEL’s network via remote access. Temporary employees or vendors are
not permitted to access the SEL network from a non-SEL site using remote access without
written approval from a Sony employee Director or above. Individuals who are granted remote
access to the SEL network must adhere to all applicable corporate policies, standards,
guidelines and procedures.

3.2.4 In order to ensure that Sony Information remains under Sony’s control at all times, you
may not store Sony Information on external platforms, such as web-based (or “cloud
computing”) services maintained by a third party, or devices maintained by a third party -- in
either case unless Sony has a contractual agreement in place specifically allowing for such
storage -- or on unapproved personal devices. This rule specifically prohibits the use for
company business of an e-mail account that is not provided by Sony and prohibits storing,
sharing or processing Sony Information with a web-based service that does not have a legally
binding agreement with Sony to protect and manage Sony data according to standards and
procedures that are acceptable to Sony. Use of un-affiliated third-party services to transmit
or store Sony Information is also a violation of company policy.

3.2.5 As a general rule, do not open e-mail attachments or web-links contained within e-mail
messages received from unknown senders, as they might include viruses or other malicious
code. You should also use extreme caution if you receive a suspicious e-mail attachment or
web-link from someone you know. When in doubt, check with SEL Information Security before
opening.

3.3 Computing Assets

3.3.1 You are responsible for ensuring the security of Sony assets assigned to you. Any
devices containing Sony Information that are left at Sony overnight must be properly secured
or placed in a locked drawer or cabinet. Laptops and mobile devices carried and used outside
of Sony premises must be secured from loss or theft, and should not be left unattended in
vehicles or public places such as airports, hotel lobbies, and restaurants. You must promptly
report any loss or theft of any laptop, mobile device or other device containing Sony
Information to the SEL Information Security Office.

3.3.2 All workstations, laptops, and mobile devices must be secured with a password-
protected screensaver with the automatic activation feature set to 10 minutes or less. You
must lock the screen or log off when the device is unattended. Care should be used when
reading or viewing Sony Information in public places, or where unauthorized personnel could
view such Sony Information.

3.3.3 You may not interfere with corporate device management or security software installed
by authorized Sony personnel on any Sony-issued device or on any approved personal device.

3.4 Unacceptable Uses

The following activities are prohibited1. This list is by no means exhaustive, but it attempts to
provide a framework for identifying activities that fall into the category of unacceptable uses of
the Sony IT platform and that are prohibited.

3.4.1 Use of the Sony IT platform in any manner that violates the Sony Group Code of
Conduct, other Sony policies or applicable law.

3.4.2 Any attempted bypass or manipulation of Sony security controls or filters, including,
but not limited to, accessing Sony data, Sony servers, or Sony accounts to which you are not
authorized; circumventing user authentication to access the Sony IT Platform; or sniffing
network traffic.

3.4.3 Causing a disruption of service to Sony network resources including, but not limited to,
ICMP floods, packet spoofing, denial of service, heap or buffer overflows, and forged routing
Sony Information for malicious purposes.

3.4.4 Violating copyright law including, but not limited to, illegally duplicating or transmitting
copyrighted videos, photos, music, and software.

3.4.5 Exporting or importing software, technical information, encryption software, or

technology in violation of international, regional, or local export control laws.

3.4.6 Introducing malicious code to the Sony IT platform including, but not limited to, viruses,
worms, Trojan horses, e-mail bombs, spyware, adware, and keyloggers.

3.4.7 Port scanning or security scanning on a production network that is part of the Sony IT
platform unless authorized in advance by SEL Information Security.

3.4.8 Sending spam via e-mail, text messages, pages, instant messages, voice mail, or other
forms of electronic communication through the Sony IT platform.

3.4.9 Forging, misrepresenting, obscuring, suppressing, or replacing a user identity on any

electronic communication that is part of the Sony IT platform in order to mislead the recipient
about the sender.

1Sony personnel authorized by the SEL Information Security Office may be exempted from these restrictions during the
course of their legitimate job responsibilities (e.g., systems administration staff may have a need to disable the network
access of a host if that host is disrupting production services).
3.4.10 Using the Sony IT platform to post the same or similar non-Sony business-related
messages to large numbers of message boards, newsgroups, or other communication forums.

3.4.11 Transmitting confidential information over a network without appropriate protection.

Appropriate encryption technology must be applied through prior coordination with SEL IT
support or other person designated by SEL IT. Furthermore, communication sent via SEL’s
IT systems must not disclose any confidential information of SEL or any third party confidential
information that has been entrusted to SEL unless an SEL Legal Department approved non-
disclosure agreement covering such information has been executed by the parties. All SEL-
developed software, procedures, and business practices are considered confidential and
protected and shall not be shared outside the company without proper authorization.

3.4.12 Copying protected information from a secure source to an unsecured location on the
network. Before any protected information may be transferred from one computer to another,
the person making the transfer must ensure that access controls on the destination computer
are commensurate with the necessary access controls applicable to the information. If
comparable security cannot be provided with the destination system’s access controls, then
the information must not be transferred.

4 Enforcement

An employee found to have violated any provision of this Policy may be subject to disciplinary
action, up to and including termination of employment. A violation of this Policy by a temporary
or contingent worker, contractor or vendor may result in the termination of their applicable
contract or assignment with Sony. Misuse of Sony's IT platform may also be considered
criminal activity under local laws including the Computer Misuse and Cybersecurity Act, which
protects private businesses' confidential and proprietary electronic business information
against misappropriation, unauthorized access, exceeding authorized access, and/or access
that impairs the integrity or availability of data, a program, a system, or information.

If you learn of any misuse of Sony's IT platform or any other related violations of company
policy, you must immediately notify a member of management, the Legal Department, the
Ethics & Compliance Department, the Information Security Office or the Human Resources
Department, or call the Sony Ethics Hotline.
5 Definitions

Term Definition

Cloud and Cloud Cloud and cloud computing refers to the array of internet-
Computing based services, often available to the public, for gathering,
storing, processing and sharing information. Examples
include:
• External e-mail services - (e.g., Hotmail, Gmail, Yahoo
Mail, etc.)

• Chat and instant messaging services - (e.g., Yahoo,

AIM, MSN, IRC)

• Social networking services - (e.g., MySpace,

Facebook, YouTube, Twitter, Google talk, etc.)

• Peer to peer file sharing - (e.g., Kazaa, Gnutella, Bit

Torrent, LimeWire, Morpheus, etc.)

• Online storage providers - (iCloud, Google Docs,

Box.net, Dropbox, etc.)

Sony or Sony Electronics (Singapore) Pte. Ltd. and its parent (Sony
Sony Electronics Corporation) and any of their respective affiliates or
subsidiaries.

All of Sony’s non-public information, which includes Secret,

Confidential and Internal Use Only information as defined in
Sony Information
the Sony Global Information Security Standard - Information
Classification.

All the Sony-owned or leased information and communication

technology assets utilized by Sony personnel, and any
devices (including approved personal devices) that connect to
a Sony network or reside at a Sony site, including for
Sony IT platform
example, and not by limitation, computer systems and
applications; servers and related equipment; desktop and
notebook computers; internet, extranet systems and intranet
access; e-mail, instant messaging, social media applications
 (information exchange technologies, social networking
services and other media such as blogs, discussion boards,
podcasts, vlogs, wikis, photos, etc.); telephones, mobile
devices including cellular phones, smart phones, tablets and
similar devices; text messaging, audio conferencing, video
conferencing Web meetings, fax machines and services,
postal services, and any other information exchange
technology, communication device, network, or business
application or device provided for business needs to you by
Sony as well as the information and data transmitted,
received, downloaded, stored, uploaded, posted or shared on
Sony’s technology platforms.

Electronic junk mail or junk newsgroup postings. Messages

Spam
that are unsolicited, unwanted, and irrelevant.