DATED : DD MMMM 20YY

[CUSTOMER]ENTERTAINMENT NETWORKS (UK) LTD

and

MPP Global Solutions Ltd

__________________________________________

PAYMENT SERVICES AGREEMENT__________________________________________

INDEX1. Definitions................................................................................................................................... 4

2. Term and Termination................................................................................................................. 9

3. Description of Services and Payment Solution.........................................................................10

4. MPP’sMPP’s Obligations..........................................................................................................11

5. Customer’s Obligations.........................................................................................................1412

6. Payment and Fees................................................................................................................1513

7. Bespoke Development......................................................................................................181615

8. Warranty........................................................................................................................... 191716

9. Technical Alterations.........................................................................................................292718

10. Intellectual Property Rights...............................................................................................292718

11. Liability.............................................................................................................................. 302819

12. Confidentiality................................................................................................................... 323019

13. Entire Agrement................................................................................................................333221

14. Termination....................................................................................................................... 343221

15. Customer Third Party Software.........................................................................................343322

16. Amendment....................................................................................................................... 343322

17. Governing Law..................................................................................................................343322

18. Counterparts..................................................................................................................... 353423

19. Conflict Among Schedules................................................................................................403923

20. Assignment.......................................................................................................................404023

SCHEDULE A - BUSINESS REQUIREMENTS DOCUMENT......................................................434225

SCHEDULE B - COST OF SALES...............................................................................................444326

SCHEDULE C - SERVICE LEVEL AGREEMENT........................................................................494832

1. Introduction.......................................................................................................................494832

2. Definitions......................................................................................................................... 494832

document.docx Page 2

3. MPP’sMPP’s Operational Support Responsibilities..........................................................515034

4. Customer Operational Support Responsibilities................................................................545337

5. Performance Standards, Key Peformance Indicators & Support Credits..........................545337

6. Operational Support Procedures.......................................................................................605942

7. End-User Operational Procedures....................................................................................656448

8. Contact Details.................................................................................................................. 666548

SCHEDULE D - TERMINATION ASSISTANCE SERVICES........................................................686750

document.docx Page 3

This PAYMENT SERVICES AGREEMENT (this “Agreement”) is entered into as of [____________ __], 20[__] (the “Effective Date”) by and between Entertainment Networks (UK) Ltd, Registered Company Number [XXXXXXXXXX] whose registered office is at 25 Golden Square, London, W1F 9LU (the “Customer”) and MPP GLOBAL SOLUTIONS LIMITED, Registered Company Number 03951843, whose registered office is at The Centre, Birchwood Park, Warrington, Cheshire, WA3 6YN, United Kingdom ("MPP”, Customer and MPP, each a “Party” and together the “Parties”).

RECITALS

(A) The Customer requires an advanced payments solution in order to facilitate payments for its services that enable the sale of Products (as defined below) to End-Users (as defined below).

(B) MPP will provide an integrated Payment Solution (as defined below) for the Customer’s applications and the Parties have agreed that MPP shall host and support the Payment Solution and provide End-User Support, as further described in this Agreement (together, the “Services”).

(C) This Agreement sets out the specific rights and obligations of the Parties in respect of the Services to be supplied by MPP to the Customer.

NOW, THEREFORE, in consideration of the mutual agreements and covenants herein contained and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties, intending to be legally bound, agree as follows:

1. DEFINITIONS

1.1 The following defined terms are used in this Agreement:

"Affiliate" means a Person that, directly or indirectly, through one or more intermediaries, controls, is controlled by or is under common control with, the Person specified. For purposes of this definition, the term "control" of a Person means the possession, directly or indirectly, of the power to (x) vote fifty percent (50%) or more of the voting securities of such Person or (y) direct or cause the direction of the management and policies of such Person, whether by contract or otherwise, and the terms and phrases “Controlling, "Controlled by" and “under common control with” have correlative meanings.

“Agreement” means this Payment Services Agreement.

"Agreement Term" has the meaning given in Section 2.1 of this Agreement.

"API" means Application Programming Interface.

“Application Request” means any request to MPP’sMPP’s application instances that demands processing power from either the Web Servers and database servers, or application servers and database servers. The majority of these requests are likely to be HTTP/HTTPS web requests and HTTPS API requests, but also include background service operations such as subscription renewals or report generation operations. HTTP web requests for images, HTHL pages and txt files served directly by the Web Server and not sourced from MPP’sMPP’s application instances are not considered and counted as “Application Requests”. Application Requests may or may not result in a payment transaction, but always demand system resource and thus contribute to ultimate capacity availability.

“Availability” means the definition set out in clause 2.1 of Schedule C.

document.docx Page 4

"Bespoke Development" means changes to MPP’sMPP’s standard functionality, as may be requested by Customer and documented by the Parties in a Business Requirements Document which shall be documented by way of a further Statement of Work in the form attached at Schedule [#]. For the avoidance of doubt, Bespoke Development shall not include the development work for initial launch as set out in the Statement of Work attached at Schedule [#].

"Business Day" means any day, other than a Saturday, Sunday or one on which banks are authorized by law to close in New York, New York (where Customer Support team is in the US), or London, UK (where the Customer Support team is in the UK) between the hours of 9.00 am to 5.00 pm in the relevant city. [#To discuss how we address which city triggers which business days (in terms of response time. Contractual issues should be UK but technical response could be either depending on where the issue arises. Distinguish between Customer Support and End User Support]

"Business Requirements Document" means the high level technical and functional specification detailing the Payment Solution developed and implemented by MPP in accordance with the requirements of the Customer, which is set forth at SCHEDULE A to this Agreement as updated by agreement between the parties in writing. [#To be provided.]

"Chargeback" means the reversal of a previously authorized and processed payment transaction at the direction of a Payment Organization (typically as a result of fraud) but which for the avoidance of doubt is separate to a Refund.

"Confidential Information" means all financial, business, operational, supplier, customer and technical information or data including any know-how and all other information (whether written, oral or in electronic form or on magnetic or other media) concerning the business and affairs of a Party (or if that Party is the Customer, the business and affairs of the Customer) that the other Party obtains, receives or has access to, under or in connection with this Agreement (including as a result of the discussions leading up to or the entering into or the performance of this Agreement).

“Cookie(s)”, also known as an HTTP cookie, web cookie, or browser cookie, is a piece of data stored by a website within a browser, and then subsequently sent back to the same website by the browser.

"Cost of Sale(s)" means subject to Part 2 of Schedule B, the original cost of refunds Refunds (or credits issued in respect of refundsRefunds) actually made by MPP to an End-User, Chargebacks actually paid by MPP to Payment Organizations, End-User supportSupport Fees, telecommunication costs and credit card processing fees actually paid by MPP to Payment Organizations on payments made by End-UserTransaction Fees (as defined in clause 6.1.3), as set out in SCHEDULE B to this Agreement.

“Customer” has the meaning given in the introductory paragraph to this Agreement.

"Customer End-User Support" means the provision of eHQ by MPP to the Customer which will enable the Customerof support by MPP (and/or its third party contractors) to deal with End-User queries via a call centerin accordance with the End-User Support SOW and SLA. [#GPC to Add these additional documents.]

"Customer Services" means [DESCRIPTION OF SERVICESan on-demand service as made available by the Customer Websites] operated by Customer and/or its Affiliates into which the Payment Solution shall be integrated and from which End-Users shall be able to purchase Products. [#Have left this generic to cover all kinds of services we may make available]

“Customer Support” means the provision of support and maintenance provided to the Customer in relation to the Payment Solution and Hosting Services (including the provision of Releases and Major Updates) as provided in the SLA set out in Schedule [#].

document.docx Page 5

"Customer Website" means the websites owned and operated by the Customer and/or its Affiliates (including re-branded and/or localised versions).

"Data" means any information entered into the Payment Solution by the End Users. [GPC to check all references for “Data”. Ensure no one has access other than us and End-User Support to ltd extent albeit check security wording to see if covered re latter. Customer must have access for CRM purposes]

"Due Date” has the meaning given in Section 6.13 of this Agreement.

"Discloser” has the meaning given in Section 19.1.1 of this Agreement.

“Effective Date” has the meaning given in the introductory paragraph to this Agreement.

"eHQ" means the administration website operated and hosted by MPP, accessed by username and password, which enables the Customer to carry out Customer End-User Ssupport activities (where escalated from MPP’s End-User Support Supplier in accordance with the SOW[#] and associated SLA attached at Schedule [#], manage pricing, view Data, download Data, apply refund reason codes defined by Customer, view End-User account Data, End-User credits used (including modifications made by a Customer End-User support Support representative), End-User payment details including, name address, type of payment and date of purchase (but excluding credit/debit card and/or other forms of payment details), send End-Users Emails and SMS messages and generally administrate the Services.

"Email" means electronic mail and is the transmission of messages over the Internet.

“Encrypted” means the conversion of interpretable data into meaningless data using a cryptographic key or password. Encryption is reversible (i.e. through decryption) provided authorized individuals have access to the key or password. [#Alan should I keep this and question whether we should make references plural?]

“End-User” is a consumer (member of the public) who is using the Payment Solution via the Customer’s Website.

"Ewallet" is an End-User’s account details that may include Payment Details and Service Credits.

"Exit Fee" has the meaning given in Section 2.5 of this Agreement.]

"Exit Plan" has the meaning given in Section 4 of SCHEDULE D - TERMINATIONASSISTANCE SERVICES of this Agreement. [#Gary – to discuss. Cf. proposal with invdieous.]

“Existing IPRs” has the meaning given in Section 15.1 of this Agreement.

“Expenses” has the meaning given in Section of this Agreement.

"Extended Agreement Term" has the meaning given in Section 2.1 of this Agreement.

"Fees" means the fees payable to MPP under the terms of this Agreement outlined in Section 6.

"FOIA" means the Freedom of Information Act 2000 and any subordinate legislation made under this Act from time to time together with any guidance and/or codes of practice issued by the Information Commissioner in relation to such legislation;

"Force Majeure Event" means acts of God, fire, flood, war, acts of terrorism, riot, civil commotion, governmental actions, labour disputes (save where such disputes involve the personnel of the non-performing Party (including, in the case of the MPP, personnel of any subcontractors of MPP)) and any similar events beyond the control, and which by the exercise of reasonable diligence are unable to be prevented, of the non-performing Party (including in the case of MPP, any subcontractors of MPP).

"Further Recipients” has the meaning given in Section 19.3.1 of this Agreement.

document.docx Page 6

“Governmental Authority” means any governmental or political subdivision or department thereof, any governmental or regulatory body, commission, board, bureau, agency or instrumentality, or any court or tribunal, in each case whether domestic or foreign, federal, state or local.

"GBP" means Great Britain Pound. [#Other currencies?];

"Gross Revenue" means all revenue generated via the Services (less any VAT thereon) for the sale of the Products to End-Users via the Payment Solution. [#GPC to follow through doc how this expression is used + Cost of Sales.]

"Initial Agreement Term" has the meaning given in Section 2.1 of this Agreement.

"Intellectual Property Rights" means patents, design rights, trademarks, copyrights (including any such rights in typographical arrangements, web sites or software), rights subsisting in trading, business or domain names and e-mail addresses, rights in inventions, rights in databases and all other intellectual property rights of a similar or corresponding character which subsist now or in the future in any part of the world whether registered or not and whether or not capable of registration, and any applications to register or rights to apply for registration of any of the foregoing in all parts of the world.

"Internet" means the worldwide network of computers commonly understood to provide some or all of the following features, among others: electronic mail, file transfers through File Transfer Protocol, Telnet access to local and remote computers, UseNet Newsgroups, Gopher access to information on local and remote computers, Wide Area Information Servers and World Wide Web access including all sites written under WAP protocol for access through cellular networks.

"License and Support Fees" means the amount to be paid by Customer to MPP for providing, maintaining and supporting a single Customer-branded instance of the Payment Solution as set out in Section 6.1.2. [#Note we have added wording to the clause to reflect the price change for additional websites.]

"Macropayment" means a completed payment transaction (normally over about GBP 2.504.00) which may be charged directly to the End-User.

"Man Day(s)" is an aggregate period of 7.58 hours.

"Micropayment" means a completed payment transaction in exchange for a Product (normally from £0.01 Service Credit to £45.00 Service Credit) which either: [#Gary to confirm numbers]

(i) deducts Service Credit from an End-User’s eWallet (pre-pay End-User); or

(ii) aggregates payment transactions under GBP 4.00s to the eWallet in the form of a debit (post-pay End-User) before a Macropayment for the collective Micropayments is made to the relevant Payment Organisation on the earlier of (i) the date at which the aggregated Micropayments exceeds GBP4.00, or (ii) the last day of each calendar month. in exchange for a Product. A Micropayment is an internal transaction wholly contained within the Payment Solution. [#MPP to confirm that reference to eWallet in (ii) is not required. Our understanding is the “post pay” transactions don’t relate to a users eWallet but rather a collection of smaller transactions. Please confirm]

“Micropayment (non-bank) Transaction Fees” has the meaning given in Section 6.1.5 of this Agreement.

“MPP” has the meaning given in the introductory paragraph to this Agreement.

“MPP Third-Party Software" means any third party service or software which the MPP may from time to time request Customer to connect or integrate into for the provision of the Payment Solution and/or End-User Support services.

document.docx Page 7

"Net Revenue" means Gross Revenue less the Cost of Sales. [#GPC to follow through use of this definition.]

“New IPRs” has the meaning given in Section 15.3 of this Agreement.

“Party” or “Parties” has the meaning given in the introductory paragraph to this Agreement.

"Payment Details" means the details to obtain payment from the End-User such as credit and debit card information.

“Payment Organization” means the credit card associations, payment processors, payment providers, issuer banks, financial institutions, money transfer services, alternative payment platforms (such as PayPal and mobile payment services) and network organizations involved in authorizing and completing End-User payments within the Payment Solution for the purchase of Products.

“Payment Organization Transaction Fees” has the meaning given in Section 6.1.4 of this Agreement.

"Payment Solution" means the Customer-branded payments and packaging solution together with eHQ provided by MPP pursuant to this Agreement which will facilitate payments by End-Users and which will allow sales of Customer’s Products.

“PCI Data” means any data subject to the security requirements provided by the Payment Card Industry Data Security Standard ("PCI DSS"), including, without limitation, cardholder data, cardholder name, primary account number, expiration date, and/or service code.

"PCI-DSS" means The Payment Card Industry Data Security Standard, which is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council. The standard was created to help organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations which hold, process, or pass cardholder information from any card branded with the logo of one of the card brands.

“Person” means, as applicable, a natural person, firm, partnership, limited liability company, joint venture, corporation, association, business enterprise, joint stock company, unincorporated association, trust, Governmental Authority or any other entity, whether acting in an individual, fiduciary or other capacity.

“Personal Data” means any information relating to an identified or identifiable natural person, Processed by Invideous (including, without limitation, its employees, agents, or subcontractors) in connection with this Agreement, including, without limitation, (i) social security number, driver’s license, passport, taxpayer, military, or government issued identification number; (ii) PCI Data and other credit or debit card information; (iii) financial account information, including routing number, bank account number, or retirement account number; (iv) medical, health or disability information, including insurance policy numbers; (v) passwords; or (vii) other data about an individual, including first and last name; home or other physical address, including street name and name of city or town; telephone number, and email address or other online identifying information, such as an instant messaging user identifier or a screen name.

“Process (or Processed or Processing)” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as access, collection, compilation, use, disclosure, duplication, organization, storage, alteration, transmission, combination, redaction, erasure, or destruction.

"Products" means the items which an End-User can purchase from Customer’s Website.

document.docx Page 8

"Recipient” has the meaning given in Section 19.1.1 of this Agreement.

“Refund” has the meaning given in Section 3 of SCHEDULE B - COST OF SALES of this Agreement.

"Registration Page" means the End-User's entry page via which an End-User logs in and registers for the Payment Solution.

"Release(s)" means any updates, enhancements, error corrections, bug fixes, and/or patches applied by MPP to the Payment Solution.

"Relevant Contact" means the contacts for each Party from time to time as initially identified in the Service Level Agreement.

“Services” has the meaning given in the Recitals to this Agreement as are set out in more detail in the SOW attached at Schedule [#]. [#Note – amend if separate End User support sla]

"Retail Prices Index" means the general purpose domestic measure of inflation in the United Kingdom as compiled by the Office of National Statistics (or any replacement body thereof);

"Service Credit" means a Micropayment pre-pay credit which is stored on an End-User’s eWallet, which is used to pay for Products (which may be displayed as a currency) and which is deducted from the End-User’s account eWallet. Service Credits are non-refundable. [#To discuss – is this separate to the service credits where KPIs not met? All references in document seem to relate to the latter whereas this definition refers to end users.]

"Service Level Agreement" means the document set out in SCHEDULE C to this Agreement.

“Set-up Fees” has the meaning given in Section 6.1.1 of this Agreement.

"Start Date" means the date by which the Payment Solution is ready for use by the Customer in a live, production environment.

"Statement of Account" means a monthly statement to be provided by MPP to Customer which sets forth: (i) Gross Revenue occurring in the previous calendar month; (ii) Cost of Sale deductions made by MPP during the previous calendar month; (iii) the Net Revenues payable by MPP to the Customer for the previous calendar month; and (iv) details of Chargebacks refundsthe information provided in clause 6.3.

Supplier shall mean the merchant service [#How do we describe what PayPoint does?] or other sub-contractor providing for the means to allow the End-User to make payment via the Payment Solution and for the provision of End-User Support services, such Suppliers to be approved in advance in writing by Customer and which shall include PayPoint [#Full company name] and [#insert name of End-User support provider]. [#Confirm no other third party sub-contractor.]

"Customer Third-Party Software" means any third party service or software which the Customer may from time to time request MPP to connect or integrate into the Payment Solution.

“Third Party Interface” means connections to Payment Organizations.

“Transaction Fees” has the meaning given in Section 6.1.3 of this Agreement.

"Transactions Per Minute" or "tpm" means the maximum supported number of Application Requests for payment transactions and End User account management made to MPP servers from End Users to MPP per minute. [#Ltd to payment transactions and ewallet account mgmt – one way requests from users to MPP.]

“Uplift Fees” has the meaning given in Section 6.1.6 of this Agreement.

document.docx Page 9

"URL" means Uniform Resource Locator, which is the method by which Websites are identified and of linking to pages with a Website.

"Warranty" has the meaning given in Section 13.2 of this Agreement.

"Web Server(s)" means the computer or computers hosted by MPP used to make the Website and Services accessible to End-Users and the Customer.

"MPP Website" means the Website developed, managed and hosted by MPP which provides Payment Solution functionality to End-Users and the Customer, the URLs of which will be registered and owned by the Customer. [#SPE to confirm URL structure.] [#GPC Check references to Website to clarify MPP v Customer]

2. TERM AND TERMINATION

[2.1] This Agreement shall come into force on the Effective Date and will continue for a fixed term of one (1) [four (4)] years from the Start Date (the "Initial Agreement Term"). This Agreement will automatically renew for one (1) year periods (each, an “Extended Agreement Term”), unless terminated in accordance with Section 2.2. Together the Initial Agreement Term and the Extended Agreement Terms form the “Agreement Term”.

2.1[2.2] The Customer may terminate this Agreement at any time by providing ninety (90) days written notice to MPP or immediately upon notice in writing in the event the Customer Services cease operating.

2.2 If the Customer terminates this Agreement (other than in accordance with Section 21 of this Agreement for MPP’s breach) at the end of the Initial Agreement Term, or if the Initial Agreement term has expired, the end of an Extended Agreement Term, within four (4) weeks of termination of this Agreement, the Customer will pay to MPP

2.2.1 (x) all due and unpaid Set-up Fees, License and Support Fees, Transaction Fees, Uplift Fees and Professional Service Fees up to and including the date of termination and

2.2.2 (y) any Professional Service Fees for termination assistance services described on SCHEDULE D provided by MPP to the Customer.

2.3 If (i) the Customer terminates this Agreement before the end of the Initial Agreement Term or, if the Initial Agreement Term has expired, before the end of the Extended Agreement Term, or (ii) MPP terminates this Agreement pursuant to Section 21.1.1 as a result of a material breach of this Agreement by the Customer, the Customer agrees to pay to MPP the “Exit Fee” (as defined in Section 2.5 below) within four (4) weeks of termination of the Agreement.

[2.3] The Exit Fee is equal to the sum of

[2.3.1] (x) all due and unpaid Set-up Fees, License and Support Fees, Transaction Fees, Uplift Fees and Professional Service Fees up to and including the date of termination of this Agreement,

[2.3.2] (y) all License and Support Fees, up to and including the expiry of the Initial Agreement Term or, if the Initial Agreement Term has expired, the Extended Agreement Term, that would have been due and payable to MPP had this Agreement not been terminated prior to the end of the Initial Agreement Term or the Extended Agreement Term, as the case may be, and

document.docx Page 10

[2.3.3] (z) any Professional Service Fees for termination assistance services described on SCHEDULE D provided by MPP to the Customer.

[2.4] This Agreement may also be terminated in accordance with the provisions of Section 21 of this Agreement.

3. DESCRIPTION OF SERVICES AND PAYMENT SOLUTION

[3.1] The Parties acknowledge that MPP will design, develop and deliver the Payment Solution. In particular, MPP will provide the services set out in the Statements of Work attached as Schedules [#] and [#] to this Agreement (“SOW#1” in the case of the provision of the Payment Solution, Hosting Services and Customer Support, and “SOW2” in the case of the End-User Support services).following in relation to the Payment Solution:[#Moved to SOW#1]

[3.1.1] an API to enable the implementation and integration of the Payment Solution by the Customer; and

[3.1.2] other generic online platform components as defined in the Business Requirements Document.

[3.1.3]

document.docx Page 11

3.1 MPP agrees to perform the Services using all reasonable skill and care to professional standards applicable to the performance of substantially similar services and warrants that the Services shall be provided in accordance with the Business Requirements Documentation.

3.2 The Parties agree that, from the Effective Date, MPP shall provide the Payment Solution, Hosting Services, Customer Support and End-User Support for the Customer’s Services specified in SOW#1 and SOW#2 and for any additional Customer Services, including any Bespoke Development, that the Customer and/or its Affiliates shall notify to MPP during the Agreement Term, subject to the Parties agreeing additional terms and (in the case of Bespoke Development only) fees, including any Bespoke Development. The Parties shall agree the parameters of such additional Customer Services and Bespoke Development by executing a new or revised SOW in the template form set out in Schedule [#] to this Agreement. These additional services shall be considered “Services” under the Agreement and shall be performed in accordance with and subject to the terms and conditions of this Agreement and the SOW specifying the additional services. For the avoidance of doubt, the parameters for any localised and/or rebranded versions of the Payment Solution for Customer Services other than those referred to in SOW#1 shall be agreed between the Parties in writing other than in relation to the Transaction Fees, Localisation/Rebranding Fees and License and Support Fees which are already agreed between the parties under clauses 6.1.2, 6.1.3 and 6.1.7. [#Gary – End-User Support Fees? Anything else already pre-agreed for additional websites?] [#Effectively only deliverables and delivery schedule would need to be agreed for future localised/rebranded sites.]

3.3[3.2] From the Effective Date, MPP shall:

3.3.1[3.2.1] provide the resources to implement and host the Payment Solution for the Agreement Term in accordance with the Service Level Agreement;

[3.2.2] maintain and support the Payment Solution, including the provision of End-User support Support and Customer Support in accordance with the Service Level Agreements set out in Schedules [#] and [#]; and [#SLA for End User Support to be provided. Fees for End User Support to be agreed.]

3.3.2[3.2.3] ensure that the Payment Solution, at a minimum and subject to any Bespoke Development that the Parties agree to, meets the requirements set out in the Business Requirements Document.

3.4[3.3] Customer may, in its sole discretion (including, without limitation, in the event of a Security Incident, as defined below), suspend deployment or use of any or all Services provided by MPP.

[4.] MPP’SMPP’S OBLIGATIONS

3.5[4.1] For the duration of this Agreement, MPP shall:

3.5.1[4.1.1] track End-Users who sign up for the Payment Solution service, for the purpose of identifying any financial transaction of the End-Users;

document.docx Page 12

[4.1.2] provide, where requested by Customerired, instruction documentation to Customer that details how to implement the Payment Solution into the Customer Website and provide all assistance required by the Customer; [#Documentation to be provided to be scheduled to Agmt including transaction flow document.]

[4.1.3] provide a platform for and provide the Payment Solution services together with Hosting Services, Customer Support of the Payment Solution and End-User Support that complies comply with best industry standards and levels of performance that accord with the Service Level Agreements set out in Schedules [#] and [#];

3.5.2[4.1.4] upon reasonable written request by the Customer, provide access to and copies of such information that the Customer may reasonably require to perform its obligations (or to verify that MPP is performing its obligations) under this Agreement including as provided in more detail in clauses 10, 12 and 27.2;

3.5.3[4.1.5] back up all files, software and metadata associated with the Payment Solution and provide disaster recovery procedures in accordance with the Service Level Agreement to avoid the permanent loss of End-User Data;

3.5.4[4.1.6] provide effective measures against viruses and hacking attacks that are at least comparable with industry standards;

3.5.5[4.1.7] provide 24-hour support to reboot level on all hardware and software in accordance with the Service Level Agreement; [#MPP to define what “reboot level” means and specify which parts of the SLA they are referring to.]

3.5.6[4.1.8] provide Payment Solution infrastructure including but not limited to relevant API support, a re-branded Registration Page, End-User account management, eHQ, Customer Support and payment facilities in accordance with the Business Requirements Document; [#Business Requirements Document to be provided that addresses each of these issues.] [#Gary – here is a good list of what the Business Requirements Documents should cover.]

3.5.7[4.1.9] provide secure access via a usernames and passwords to eHQ enabling the Customer to have an overview of data held, segment the data by the fields obtained (including separate breakdown by country and by Customer Website), download segments of the data defined in the Business Requirements Document in a CSV format; [#Ensure Business Requirements Document addresses this.]

[4.1.10] use commercially reasonable efforts to ensure high levels of security are maintained at all times, commensurate with the industry standards and in compliance with the Data Protection Act 1998 (and any applicable local laws and regulations) and to carry out reviews of all security components in accordance with MPP’sMPP’s obligations to adhere to PCI-DSS standards;

[4.1.11] ensure at all times that the Payment Solution complies with all applicable laws, licenses, codes of practice and regulations, including the Data Protection Act 1998, the Consumer Credit Act 1974 and all appropriate applicable advertising standards regulations (together with any other applicable local laws and regulations).

document.docx Page 13

3.5.8[4.1.12] ensure that the Payment Solution is PCI-DSS compliant at all times throughout the duration of the contract.

3.5.9[4.1.13] MPP represents and warrants that it shall obtain PCI compliance certification and shall ensure that such certification remains current.  MPP shall provide SPE with a valid PCI ROC (record of compliance) each year.

3.5.10 MPP represents and warrants that its Suppliers are PCI compliant and shall ensure that such Suppliers’ certification remains current.  MPP shall provide SPE with a valid PCI ROC (record of compliance) each year for each Supplier.

3.5.11[4.1.14] i f a competent authority notifies either party of unlawful use of the Payment Solution, give notice to the Customer and shall take immediate action to remedy such defect(s). Customer may suspend use of Payment Solution until the defect(s) are remedied.

3.5.12[4.1.15] where MPP is given access, whether on-site or through remote facilities, to any Customer computer or electronic data storage system, in order for MPP to accomplish the work called for in the Statement of Work, MPP shall limit such access and use solely to perform work within the scope of such Statement of Work and will not attempt to access any computer system, electronic file, software or other electronic services other than those specifically required to accomplish the work required under such Statement of Work. MPP shall strictly follow all Customer security rules and procedures for use of Customer electronic resources provided that the said rules and procedures are made known to MPP in advance of the provision of the relevant Services and as updated from time to time. [#SPE to provide the Staff Handbook, Code of Business Conduct and Anti-Bribery]

3.5.13 be fully responsible and liable for all activities that occur under the username(s) and password(s) created by End-Users and for any misuse of the End-Users account(s) associated with the relevant End-Users usernames and/or passwords.

3.5.14 provide Customer with notice of:

(A) all known problems, defects, errors, issues affecting or likely to affect Availability or nonconformities in the Payment Solution, eHQ and/or MPP Website, as soon as problems, defects, errors or nonconformities become known (as well as any remedial action, if any); and [#Confirm it is just these three things.]

(B) any loss, theft or unauthorized use of any username and/or password immediately after such loss, theft, or unauthorized use becomes known,

in accordance with the SLA set out in Schedule [#]. [#Consider moving to SLA]

document.docx Page 14

3.5.15 immediately disable and remove the offending code causing the problem, defect, error, issue affecting or likely to affect Availability or nonconformity and shall as soon as reasonably practicable (and in any event within 24 hours) correct any such problems, defects, errors, issues affecting or likely to affect Availability or nonconformities or develop a work-around, patch or other fix for such problems, defects, errors, issues affecting or likely to affect Availability or nonconformities. No such code should be reinstated until it has been fixed and verified.

3.5.16 provide Customer with no less than 30 (thirty) days prior written notice in relation to the implementation of any Release and Major Update and the parties shall discuss in good faith, any concerns Customer has with the proposed Release and Major Update prior to its implementation. [#Ensure consistent with SLA which is currently 10 days to be confimed.]

3.5.17 provide revised and/or updated documentation including Business Requirement Documents (in the same amount and media as originally provided) to correspond to any changes (including Releases and Major Updates) made to the Payment Solution, eHQ and/or MPP Website, within 30 (thirty days) as following the date of such changes. eHQ and/or MPP Website

3.6[4.2] Termination Assistance Period

3.6.1[4.2.1] If this Agreement is terminated by either Party, MPP will act in accordance with SCHEDULE D - TERMINATION ASSISTANCE SERVICES to this Agreement to provide assistance reasonably necessary to assist in the migration of the Payment Solution to enable the Customer to maintain business continuity. For the purposes of this termination assistance, the parties shall agree a project-based fixed rate which in any event shall be no more than the Man-Day Rates set out in clause 6.1.8. [#GPC - Quantify minimum period of time for which they will provide the services.]

4.[5.] CUSTOMER’S OBLIGATIONS

4.1[5.1] For the duration of the Agreement Term, the Customer shall:

[5.1.1] provide access to Products to End-Users that may be paid for via the Payment Solution; and [#We cannot agree to an obligation to continue offering the service to End Users (as this is a business decision for SPE) or use the Payment Solution other than as provided in clause 2.]

[5.1.2] be responsible for unauthorised access to the Payment Solution by an unauthorised user, where such access is gained by using a username or password or customised URL issued to Customer (except if due to MPP disclosing the username and password or customised URL to the unauthorised user). Each Party agrees to notify the other immediately of any unauthorised uses or any other breach of security known to such Party.

[5.2] If a competent authority notifies MPP of unlawful use of the Payment Solution, MPP shall give notice to the Customer to remedy such defect(s). MPP may deny the Customer access to the Payment Solution until the defect(s) are remedied by the Customer.

document.docx Page 15

[5.3] From time to time the Payment Solution may require the use of Cookies. Should regulations, laws or directives relating to the use of Cookies make it necessary for End-Users to accept or opt-in to their use, the Customer shall adopt reasonable measures ensure best practice opt-in or acceptance measures are in place in accordance with such applicable regulations, laws or directives. [#MPP to confirm that Customer is solely in control of consent process. Eg through use of Terms of Service.]

4.2[5.4] The use of the Services provided by MPP are PCI-DSS compliant in accordance with Section 4.1.12 and, in order to maintain compliance, the Customer must ensure its use and deployment of the Services do not contravene PCI-DSS guidelines and ensure their own compliance with the PCI-DSS requirements, including, but not limited to, ensuring that: [#Gary/Infosec – how are we going to ensure ongoing compliance with this? What do we have to do? What are the costs? Consider re-wording based on what we have to do in practise.] [#Alan - The practical approach is to leverage the PCI DSS audit, which is a detailed and comprehensive check of hardware, software, and general practices. Most importantly it is performed by an independent third-party. On this basis, SPE/business owner should (1) have MPP provide its certificate of PCI DSS compliance and Paypoint’s certificate each year; (2) provide the executive summaries of the latest PCI DSS vulnerability & penetration test reports; (3) reserve the right to audit MPP -- just as SPE has done recently.] [#Note this is about our compliance not MPPs.]

4.3

[5.4.1] the Customer’s hardware platform(s) and software (browser) and operating systems are compliant with the PCI-DSS requirements where applicable; [#Gary/Infosec – as above re our compliance not MPPs]

[5.4.2] all third parties who are allowed to integrate with the Services are compliant with the PCI-DSS requirements where applicable; and [#Deleted on basis of MPP comment that only Customer needs to be DCI compliant as part of it obtaining a merchant ID number.]

[5.4.3] all payments by third parties are accepted using a full HTTP redirect to MPP’sMPP’s Services and are not by any other means (for example the use of iFrames). [#Gary/LA – has this been rectified? No more use of iframes?] Confirmed [#Please clarify – conflicting responses.]

[5.5] Subject to clause 5.6, tThe Customer shall allow MPP to write and issue a case study as well as issue press releases in relation to the Services as follows

[5.6] On signature of this Agreement;

[5.7] At the Start Date; and

[5.8] On the first year anniversary from the Start Date.

All case studies and press releases issued will be pre-approved by the Customer prior to distribution.

5.[6.] PAYMENT AND FEES

5.1[6.1] MPP agrees to provide the Payment Solution in consideration for the payment by the Customer of the following fees (together the "Fees").

document.docx Page 16

5.1.1[6.1.1] “Set-up Fees”: The Customer shall pay to MPP a one-off fee (exclusive of VAT) comprised of:

(A) PS3: £24,245

(B) Web: £4,000

(C) Mobile: where Customer elects to roll the Payment Solution out to mobile devices - £6,000

as provided in more detail in SOW#1 attached as Schedule [#] and, in accordance with the following payment schedule:

[(A)] Payment 1 Amount & Date: 1/3 of the PS3 and wWeb fees invoiced on contract signature;

[(B)] Payment 2 – 1/3 of PS3 and wWeb fees invoiced on completion of deliverables per the SOW#1;

[(C)] Payment 32 Amount & Date – 1/3 of PS3 and wWeb fees invoiced when service goes live.

(D) Mobile Fees shall also be payable in three equal installments at commencement of development for mobile access, upon completion of deliverables and when the mobile service goes live.

[6.1.2] “License and Support Fees”: Commencing on the Start Date of [#insert start datethe 1 October 2013 (or such an alternative date as notified to MPP by Customer) [#Gary – wouldn’t we notify them of an alternative date?] and during the Agreement Term, the Customer shall pay to MPP a monthly fee of £2,500 per calendar month (increasing to £3,000 per calendar month when the Customer Service is made available via mobile app) which includes fees for Customer Support, monthly service, Hosting Services (as defined in the Service Level Agreement), license, support and all other services provided pursuant to this Agreement and, in particular, the Service Level Agreement, which fees will be paid monthly in arrears. Such License and Support Fees shall increase by £1,000 per month for each additional territory in which additional Customer Services are made available from the date on which such additional Customer Services go live. [#Gary – per territory or per service?]

5.1.2[6.1.3] “Transaction Fees”: are the aggregation of the Payment Organization Transaction Fees set out in clause 6.1.4 and Micropayment (non-bank) Transaction Fees set out in clause 6.1.5.

5.1.3[6.1.4] “Payment Organization Transaction Fees”: From the Start Date, the Customer shall pay to MPP for each financial authorisation, collection and refund requested to the acquiring Payment Organization for any financial transactions of End-Users a fee (exclusive of VAT) of:

(A) 0 – 100,000 Macropayments - £0.12

(B) 100,001 – 300,000 Macropayments - £0.10

(C) 300,001+ Macropayments - £0.08

document.docx Page 17

5.1.4[6.1.5] “Micropayment (non-bank) Transaction Fees”: From the Start Date, the Customer shall pay to MPP for each Micropayment a fee (exclusive of VAT) of £0.05.

5.1.5[6.1.6] “Uplift Fees”: During the Agreement Term, MPP shall monitor the Transactions per Minute and if the number of Transactions per Minute becomes close to 300 then MPP shall notify the Customer and the Parties shall agree a plan to increase capacity and to agree fees for such increase in capacity.

5.1.6[6.1.7] “ Localisation/Rebranding Fees”: In the event that the Customer requests localising and/or rebranding of the Payment Solution for other Customer Services in other territories, Customer shall pay the following one-off fees (exclusive of VAT):

(A) PS3: £8,000

(B)[(A)] Web: £3,500

(C)[(B)] Mobile: £6,000

5.1.7 “Professional Services Fees”: In the event that the Customer requests any changes (other than localising and/or rebranding the Payment Solution for other Customer Services as provided in clause 6.1.7 above), Bespoke Development or any other professional services (including the termination assistance services described on SCHEDULE D – TERMINATION ASSISTANCE SERVICES), the Customer shall pay MPP for such work in accordance with rates to be agreed between the parties in the relevant SOW setting out details of the additional services which in any event shall be no more than the following rate carda Man-Day rate of [#insert] (excluding VAT). .

[6.1.8] The table below shows the applicable Man-Day rates where the Customer purchases in advance blocks of Man Days, provided that Customer shall lose the rights to claim any such Man Days that remain unused from the date of receipt of an order from the Customer

100 or more Man Days XXXXX/day To be used within 6 months

20 – 99 Man Days XXXXX/day To be used within 4.5 months

19 or less Man Days XXXXX/day To be used within 3 months

5.2[6.2] No Further Expenses: The amounts payable above cover all MPPs fees and expenses arising in connection to the fulfilment of its obligations under the Agreement or otherwise related to the performance of this Agreement and in no event shall Customer be obligated to pay any other fees or expenses incurred or accrued in respect of Services, without the prior written consent of Customer. The Fees set out in this Section 6 are exclusive of Expenses (as defined in Section 6.4 below).

document.docx Page 18

5.3[6.3] Statement of Account: MPP shall provide Customer with access at no additional charge, to usage and revenue reports via eHQ, including details of: [#Timing of reports. Are they in real time? Note that definition suggests monthly. Merge with clauses 6.9.2 and 6.9.3?] ]

5.3.1 Availability calculated in accordance with Schedule [#];

5.3.2 what was supplied by Customer to the End-User;

5.3.3 for “one-off” supplies, the date of supply and time of payment;

5.3.4 for subscription supplies, the period of the subscription;

5.3.5 prepayment for future supplies (as applicable); [#Gary – confirm agmt should not cover prepayment]

5.3.6 Gross Revenue (including in the case of SMS payment a breakdown of actual mobile operator costs incurred);

5.3.7 the calculation of Net Revenue;

5.3.8 details of any Chargebacks and Refunds (including Refund code and details to allow identification of the original supply to which the offset is being applied);

5.3.9 MPP’s Cost of Sales broken down by component parts;

5.3.10 Availability Payment (as applicable); and

5.3.11 SPE’s Revenue Share.

5.4 All such revenue reported in accordance with clause 6.3 above shall be broken down by: 5.4.1 territory; and

5.4.2 Customer Website; and

5.4.3 subject to the implementation of Directive 2008/8/EC, country location of End-User as determined by provision of End-User address on registration or such other method as agreed between the Parties or as determined by law. [#MPP to confirm separate accounts within umbrella SPE account.]

5.5 As at the date of this Agreement, use of the Payment Solution to enable payment via the following methods are approved:5.5.1 Paypal; and

5.5.2 Debit and credit card.

document.docx Page 19

5.6 Customer must approve the use of the Payment Solution for payment via SMS, Pay Safe scratch card payment (and any other method not listed in clause 6.5 above) in advance in writing.

5.7 MPP will be acting as a disclosed agent for VAT purposes and therefore in respect of the services Customer is supplying to End-Users, MPP will be collecting any VAT payable to relevant tax authorities on Customer’s behalf, so Customer can meet its obligation to remit this tax.

5.8[6.4] Payment of Transaction Fees by Customer

5.8.1[6.4.1] Transaction Fees are dependent upon the number of Micropayment and Macropayment transactions made in any month.

5.8.2[6.4.2] MPP shall no later than fifteen (15) days after the end of each month throughout the Agreement Term generate and send to the Customer's Relevant Contact for finance matters a monthly Statement of Account (in a format agreed by the parties reasonably and in good faith) certified as accurate by a duly authorised officer of MPP which details all transactions made by End-Users via the Payment Solution. [#See comment in cl 6.3]

5.8.3[6.4.3] Upon issuance of the Statement of Account, MPP shall calculate the Transaction Fees due to MPP by the Customer for the relevant month.

5.8.4[6.4.4] Subject to Paragraph 2 of SCHEDULE B, MPP shall be entitled to invoice the Customer against the Cost of Sales set out in SCHEDULE B.

[6.4.5] Payment by the Customer to MPP shall be made by electronic transfer to MPP’sMPP’s bank account which will be provided to the Customer’s Relevant Contact.

5.9[6.5] In the event that a Refund becomes repayable to any Customer as a result of the action or inaction of MPP, its Suppliers and/or Personnel, MPP shall refund the relevant End-User in accordance with this Agreement. In such circumstances, Customer shall have a right of set off against the Cost of Sales due to MPP for the Gross Revenue originally paid by End-Users in relation to such transactions.

5.10 Unless otherwise stated all Fees are exclusive of VAT, which will be added to the Fee where applicable.

5.11[6.6] If VAT is chargeable in respect of any amount payable to MPP hereunder, Customer shall, upon receipt of a valid VAT invoice complying with the rules set out in Title XI, Chapter 3 of the European Union VAT Directive 112/2006/EC evidencing such VAT, pay to MPP such VAT at the rate for the time being and from time to time properly chargeable, in respect of that payment.

5.12 Where MPP and Customer are established in different EU countries, Customer agrees to provide MPP with evidence of its business status (including its relevant valid VAT number ) and will fulfill VAT obligations under the reverse charge procedure as set out in Article 196 of the aforementioned Directive.

document.docx Page 20

The Customer shall reimburse MPP for reasonable travel, accommodation, subsistence or other Expenses reasonably and necessarily incurred by MPP or MPP’sMPP’s personnel in the performance of this Agreement (the "Expenses"). Upon the request of the Customer, MPP shall provide the Customer with receipts relating to the Expenses and a summary of expenditure to support any invoice issued by MPP in connection with the Expenses

[6.7] The Customer shall pay each invoiced amount no later than thirty ninety (930) days after the date of the relevant invoice (the "Due Date").

[6.8] If the Customer fails to pay an invoice issued by MPP by the Due Date, MPP shall issue a payment reminder notification to the Customer. Following receipt of a payment reminder notification by MPP, MPP shall be entitled to charge interest in respect of any undisputed amounts which are overdue at a rate per annum of two percent (2%) above the REPO rate set by the Monetary Committee of the Bank of England from time to time, such interest to be calculated on a daily basis from the Due Date until the date payment is made in full. The Parties acknowledge that the interest payable as set out in this Section 6.14 is intended to be a substantial remedy for sums due and payable pursuant to this Agreement and are in lieu of any sums due pursuant to the Late Payment of Commercial Debts (Interest) Act 1998 and/or the Late Payment of Commercial Debts Regulations 2002.

5.13[6.9] All invoices issued by MPP in connection with this Agreement shall:

[6.9.1] be sent to the Customer by emailEmail to XXXXXXXXXXX and marked for the attention of Accounts Payable; and

5.13.1[6.9.2] reference the purchase order number if applicable.

[6.10] All payments shall be made and all credits shall be given in USD (United States Dollars).local currency. [#Gary/Sukhi/Martin - Note that as MPP is always paid in £, this exposes us to currency fluctuation risk in terms of those payments.]

5.14[6.11]

[7.] BESPOKE DEVELOPMENT

[7.1] In the event that the Parties agree that MPP shall carry out Bespoke Development to the Payment Solution during the Agreement Term, then the terms set out in this Section 7.16.17 shall apply, unless agreed otherwise in writing. [#Confirm ownership of IP rights in bespoke developments – see cl 10. Need to ensure we can use it. Consider access to source code.]

5.15[7.2] MPP shall:

5.15.1[7.2.1] during periods of Bespoke Development, designate a person as a project manager who shall provide a weekly status report to the Customer and who will be responsible for tracking progress against the agreed project plan and who shall attend, where required to do so by the Customer, weekly project status meetings (or more frequent status reports and status meetings as provided in the relevant SOW); and

5.15.2[7.2.2] provide Bespoke Development of the Payment Solution in accordance with the Customer's requirements as set out in the Business Requirements Document.

document.docx Page 21

5.16[7.3] The Customer shall:

5.16.1[7.3.1] be responsible for defining the requirements of the Bespoke Development in the relevant SOW;

[7.3.2] govern the implementation of the Payment Solution and ensure that the Payment Solution from MPP and third parties meets expectations; and [#We cannot ensure it meets expectations if MPP fails to deliver.]

5.16.2[7.3.3] organise, where necessary, weekly (or more frequent) project status meetings.

[7.4] Bespoke Development requested by the Customer which is not included in the Business Requirements Document, shall be chargeable to the Customer at the rates set out in Section 6.1.7 of this Agreement.

[8.] PERSONNEL:

5.17 Subject to clause 9, the Services hereunder shall be rendered solely by:5.17.1 MPP’S individual employees; and/or

5.17.2 individuals and/or entities that are not employees of MPP but have been engaged by MPP to perform Services hereunder on behalf of MPP (individually and collectively, such individuals and entities are “Third Parties”);

document.docx Page 22

together the “Personnel”.

5.18 MPP represents and warrants that all such Personnel are qualified to perform the Services and that it will staff each project with Personnel with sufficient skill, experience and ability to complete the project as specified in the Statement of Work. MPP shall inform all Personnel that they will be required to comply, and MPP shall ensure that all Personnel comply, with Customer’s security and safety policies, rules and procedures made known to MPP prior to the provision of the Services or as provided from time to time. MPP shall ensure that all Personnel are familiar with and comply in all respects with the provisions of Clause Error: Reference source notfound (Intellectual Property Rights), Clause 10 (Data Privacy and Information Security) and Clause Error: Reference source not found (Confidentiality / Proprietary Rights) hereof, and MPP warrants to Customer that it has and will maintain in effect a written agreement with the Personnel to such effect.

5.19 MPP shall be completely responsible for any employment or other taxes imposed on MPP, its employees or its Third Parties or in respect of the Services by any applicable taxing authority. MPP shall compensate its employees and/or Third Parties, if any, directly and Customer shall have no obligation whatsoever to compensate any such employees and/or Third Parties. As an independent contractor and not an employee, neither MPP nor any of its employees and/or Third Parties shall be entitled to health, disability, welfare, pension, annuity, vacation or holidays or any other fringe benefits of Customer based on or resulting from the performance by MPP of duties hereunder or the compensation paid by Customer to MPP therefor.

5.20 MPP agrees to indemnify Customer for and hold it harmless from any and all liability including taxes, which Customer may have to pay and any and all liabilities (including, but not limited to, judgments, penalties, fines, interest, damages, costs and expenses, including reasonable attorney’s fees) which may be obtained against, imposed upon or suffered by Customer or which Customer may incur in connection with the Personnel arising out of their employment or engagement by MPP and/or the provision of the Services hereunder, including but not limited to any liability incurred by reason of its failure to deduct and withhold from the compensation payable hereunder any amounts required or permitted to be deducted and withheld from the compensation of an individual under the provisions of any statutes heretofore or hereafter enacted or amended requiring the withholding of any amount from the compensation of an individual.

5.21 If requested by Customer, specific individuals (including MPP’S employees, agents and subcontractors (“Key Personnel”)) will be specified in the Statement of Work. Customer reserves the right to approve the appointment of and replacements for all Key Personnel. Key Personnel will not be removed from the project by Contractor without Customer consent.

5.22 MPP warrants that it:

5.22.1 presently employs the Personnel and/or is entitled to the services of the Personnel which are or will be required to be performed hereunder, and MPP exclusively controls all rights in and to the results of the Services which are to be granted to Customer hereunder; and

document.docx Page 23

5.22.2 will cause to be made when due all payments, compensation or otherwise, which may be required to be made to MPP’s employees and contractors (including, without limitation, the Personnel) on account of Services rendered by MPP pursuant hereto.

document.docx Page 24

6. SUB-CONTRACTING TO SUPPLIERS

6.1 In addition to performance of the Services by the Personnel referred to in clause 8 above, MPP shall be entitled to sub-contract aspects of the technical operations required for the delivery of the Services to the Suppliers, provided always that such Suppliers act in accordance with the terms and conditions of this Agreement and that MPP shall be liable for all claims, actions, expenses and liability suffered or incurred by Customer arising out of or in connection with any act or omission of such sub-contractor resulting in breach of this Agreement as if such breach was done or failed to be done by MPP.

7. DATA PRIVACY AND INFORMATION SECURITY

7.1 To the extent that MPP Processes Personal Data in connection with this Agreement, MPP is to act only on the instructions of Customer and MPP represents and warrants that MPP will Process Personal Data only as authorized and as necessary to perform the Services. The Parties agree that Customer will be and remain the owner and controller of the Personal Data for purposes of all applicable privacy laws with rights under such laws to determine the purposes for which the Personal Data is Processed, and nothing in this Agreement will restrict or limit in any way Customer's rights or obligations as owner and/or controller of the Personal Data for such purposes. As such, Customer is directing MPP to process Personal Data in accordance with the terms of this Agreement. The Parties also acknowledge and agree that MPP may have certain responsibilities prescribed as of the Effective Date by applicable privacy laws as a processor of Personal Data, and MPP hereby acknowledges such responsibilities to the extent required thereby for processors of personal data. The Parties agree that Personal Data shall be considered Confidential Information of Customer and MPP must maintain all such Personal Data in strict confidence in accordance with clause 15 (Confidentiality/Proprietary Rights) of this Agreement.

7.2 MPP shall not permit third parties (including, but not limited to, agents and subcontractors) to Process Personal Data unless such Processing is required to perform the Services and has been explicitly authorized in advance by Customer in writing. Whenever MPP is authorized by Customer to use third parties to Process Personal Data under this Agreement, MPP warrants that it will: (i) exercise appropriate due diligence in selecting such third parties, (ii) have contracts with such third parties containing obligations and provisions no less protective of Personal Data than those set forth in this Agreement, and (iii) monitor such third parties to confirm that they have satisfied such obligations. Any rights that Customer may exercise in connection with this Agreement in relation to MPP, MPP will ensure Customer may also exercise in relation to any such third party (including, but not limited to, subcontractors).

7.3 MPP shall as soon as reasonably practicable and in any event within 24 hours of such request, complaint, claim or other communication, inform Customer in writing of any request, complaint, claim, or other communication received by MPP concerning Personal Data (i) from an individual who is (or claims to be) the subject of the data; (ii) from any government official (including any data protection agency or law enforcement agency) or other third party (each a "Data Protection Communication"). MPP shall promptly provide assistance as requested by Customer in connection with any Data Protection Communication and shall obtain Customer’s consent (where permissible by law) before sharing any Personal Data with any government authorities or other third parties. MPP understands that it is not authorized to respond to a Data Protection Communication unless explicitly authorized by Customer or the response is legally required under a subpoena or similar legal document issued by a government agency that compels disclosure by MPP.

document.docx Page 25

7.4 Where the Services involve the collection of Personal Data directly from individuals, MPP will display to the individuals a privacy notice, the form and manner of which shall be specified by Customer and agreed with MPP, such agreement not to be unreasonably withheld, delayed or conditioned.

7.5 MPP shall not transfer Personal Data across any national borders or permit remote access to the Personal Data by any employee, affiliate, contractor, or other third party outside of the country in which the Personal Data is located unless MPP has the prior written consent of Customer for such transfer or access. Such consent is deemed to have been given by Customer in relation to any Personal Data stored on the MPP servers located in [#Where are MPPs servers?]. MPP agrees to enter into (and agrees to cause its agents, subcontractors, or affiliates, as applicable, to enter into) any additional agreements or adhere to any additional contractual terms and conditions related to Personal Data as Customer may instruct in writing that Customer deems necessary to address applicable privacy laws. Without limiting the foregoing, where Personal Data located within the European Union is transferred to or accessed by MPP in a country outside the European Union which does not have a finding of adequacy by the European Commission pursuant to Article 25(6) of EU Directive 95/46/EC, the Parties will protect such Personal Data in accordance with Article 26 of EU Directive, 95/46/EC. In order to achieve this, the Parties will, unless agreed otherwise, rely on the Standard Contractual Clauses for the Transfer of Personal Data to Processors established in Third Countries, dated 5 February 2010 (2010/87/EU) as amended from time to time (the “EU Model Clauses”) for the transfer of such Personal Data from the data controller to a data processor, and MPP will execute such EU Model Clauses, in its capacity as data importer, with Customer or the appropriate data controller, as the data exporter, (“Data Processor Agreement”). It is expressly agreed by the Parties that all EU Model Clauses executed pursuant to this Agreement and/or any relevant Statements of Work are intended to be read and interpreted as part of the Agreement as the commercial agreement between the Parties.

7.6 To the extent that MPP Processes Personal Data in connection with this Agreement, MPP represents and warrants that it has implemented, and will maintain, a comprehensive written information security program (“Information Security Program”) that includes administrative, technical, and physical safeguards (i) to ensure the confidentiality, security, integrity, and availability of Personal Data, (ii) to protect against any reasonably anticipated threats or hazards to the confidentiality, security, integrity, and availability of the Personal Data, (iii) to protect against unauthorized access, use, disclosure, alteration, or destruction of the Personal Data, and (iv) that contains policies and procedures regarding the disposal of Personal Data, and tangible property containing such information, taking into account available technology so that such information cannot be practicably read or reconstructed. MPP’s Information Security Program shall apply to all infrastructure components and related processes, including servers, databases, and network connections, that are necessary for the provision and Processing of the Personal Data or can otherwise be used to access Personal Data (“Infrastructure”). In particular, the MPP’S Information Security Program shall comply with the security obligations set forth in Schedule E.

7.7 MPP shall notify Customer immediately in writing in the event that (i) any Personal Data is Processed or otherwise disclosed by MPP (including its agents or subcontractors), in violation of this Agreement or applicable laws pertaining to privacy or data security, or (ii) MPP (including its agents or subcontractors) discovers, is notified of, or suspects that a breach of the Information Security Program or unauthorized Processing (including, without limitation, access, acquisition, disclosure or use) of Personal Data may have occurred (each a “Security Incident”),

document.docx Page 26

7.8 MPP shall cooperate fully in the investigation of the Security Incident and shall preserve all information and evidence related to the Security Incident. Without limiting the foregoing, upon Customer's request, (i) MPP shall make computers, servers, and networks available for forensic investigation and imaging to determine the scope of any Security Incident, and (ii) shall retain an independent forensic investigator, at MPP’s cost, to image and preserve the affected servers, and to investigate the scope and cause of the Security Incident (including, which data fields were compromised and the individuals affected by such compromise). If MPP retains such forensic investigator, Invidious shall agree to permit such investigator to disclose any information and evidence to Customer related to the Security Incident; provided, however, the forensic investigator is not obligated to disclose any data owned by MPP’s other customers that is subject to a confidentiality or non-disclosure obligation.

7.9 Pursuant to Section 20.1 of this Agreement, MPP shall indemnify Customer for any and all damages, losses, fees or costs (whether direct, indirect, special or consequential) incurred as a result of such incident, and remedy any harm or potential harm caused by such incident. To the extent that a Security Incident gives rise to a need, in Customer’s sole judgment, to provide (A) notification to public authorities, individuals, or other persons, or (B) undertake other remedial measures (including, without limitation, notice, credit monitoring services, identity theft protection insurance, and the establishment of a call center to respond to inquiries (each of the foregoing a "Remedial Action")), at Customer’s request, MPP shall, at MPP’s cost, undertake such Remedial Actions. The timing, content and manner of effectuating any notices shall be determined by Customer in its sole discretion.

7.10 Customer may request upon ten days written notice to MPP (unless shorter notice is required by exigent circumstances such as a Security Incident), and MPP will provide (and will cause its affiliates, agents, or subcontractors to provide) Customer (or its designated representatives) with access to facilities, systems, data backups, records and supporting documentation in order to audit MPP’s (and/or its subcontractors') compliance with its obligations under or related to the Information Security Program. Subject to clause , audits shall be conducted not more than once annually during the term of the Agreement, shall be subject to all applicable confidentiality obligations agreed to by Customer and MPP, and shall be conducted in a manner that minimizes any disruption of MPP’S performance of services and other normal operations. MPP shall take proper and all reasonable steps to address any control weaknesses identified by Customer as a result of such audit.

7.11 In the event an audit conducted in accordance with clause above identifies any control weaknesses and/or deficiencies in MPP’s Information Security Program and/or related Infrastructure or otherwise determines MPP does not meet its obligations in relation to data privacy and information security as provided in this Agreement, Customer shall be entitled to conduct follow up audits within the same year to ensure that all required remedial actions have been undertaken. In the event that more than one audit identifies any control weaknesses and/or deficiencies in MPP’s Information Security Program and/or related Infrastructure or otherwise determines MPP does not meet its obligations in relation to data privacy and information security, the restriction to no more than one audit annually as set out in clause above shall no longer apply under this Agreement.

document.docx Page 27

7.12 MPP shall provide Customer with confirmation that it is compliant with any security audit that Customer has directed MPP to undertake and that Customer has been marked as named client on such audit within a reasonable time after such audit. Upon request, and at such reasonable intervals as Customer or their auditors may specify, but no less than quarterly, an appropriate officer of MPP will certify to Customer that, to the best of his or her knowledge, after reasonable inquiry: (a) MPP has reported all Security Incidents, suspected fraud or other irregularities or reportable incidents that may constitute violations of its Information Security Program; (b) MPP has reported to Customer all apparent material weaknesses and deficiencies in the security measures contemplated under its Information Security Program of which Customer is aware; and (c) MPP has made such other factual certifications concerning its Information Security Program as Customer or their auditors may reasonably request.

8. INSURANCE.

8.1 Prior to the performance of any service hereunder by MPP, MPP shall, at its own cost and expense, procure and maintain the following insurance coverage for the benefit and protection of Customer and MPP, which insurance coverage shall be remain in full force and effect for one (1) year after the expiration or termination of the Agreement unless otherwise specified below:

8.1.1 A Commercial General, or Public Liability Insurance Policy with a limit of not less than $3 million USD per occurrence and $3 million USD in the aggregate, including Contractual Liability, and a Business Automobile or Motor Liability Policy (including owned, non-owned, and hired vehicles) with a combined single limit of not less than $1 million USD, both policies providing coverage for bodily injury, personal injury and property damage liability.

8.1.2 Professional Liability or Professional Indemnity Insurance, or what is known as Errors & Omissions Liability Insurance or Media Liability Insurance that will include but not be limited to Intellectual Property Infringements, (except patent infringement); contractual liability, technology & software errors & omissions; network security and data privacy insurance with limits of not less than $20 million USD for each occurrence and $20 million USD in the aggregate. (If this policy is written on a claims-made basis, the policy will be in full force and effect for three (3) years after the expiration or termination of this Agreement.

(An Umbrella or Following Form Excess Liability Insurance Policy will be acceptable to achieve the liability limits required in clauses 11.1.1 and 11.1.2 above)

8.1.3 Workers’ Compensation Insurance with statutory limits, (or country equivalent) to include Employer’s Liability with a limit of not less than $10 million USD.

document.docx Page 28

8.2 T he policies referenced in the foregoing clauses 11.1.1 and 11.1.2 shall name Entertainment Networks (UK) Ltd, et al, its parent(s), subsidiaries, licensees, successors, related and affiliated companies, and its officers, directors, employees, agents, representatives and assigns (collectively, including Customer, the “Affiliated Companies”) as an additional insured by endorsement and shall contain a Severability of Interest Clause. The policy referenced in the foregoing clause 11.1.3 11.1.3 shall provide a Waiver of Subrogation endorsement in favor of the Affiliated Companies, and all of the above referenced liability policies shall be primary insurance in place and stead of any insurance maintained by Customer. No insurance of MPP shall be co-insurance, contributing insurance or primary insurance with Customer’s insurance. All insurance companies, the form of all policies and the provisions thereof shall be subject to Customer’s prior approval. MPP’S insurance companies shall be licensed to do business in the state(s) and/or country(ies) where services are to be performed for Customer and will have an A.M. Best Guide Rating of at least A:VII or better, or country equivalent. Any insurance company of the MPP with a rating of less than A:VII will not be acceptable to the Customer. MPP is solely responsible for any and all deductibles and/or self insured retentions under their policies.

8.3 MPP agrees to deliver to Customer,

8.3.1 Within five (5) Business Days after the execution of this Agreement Certificates of Insurance and endorsements evidencing the insurance coverage herein required; in the event MPP’S insurers are based outside of the United States, MPP’S insurance policies should include (subject to clause 11.4 below) worldwide coverage, written on a primary basis and provide Customer the right to bring claims against MPP’S insurance policies in the United States. These requirements should be evidenced in the certificates of insurance provided to Customer ; and

8.3.2 renewal certificates and endorsements at least seven (7) days prior to the expiration of MPP’S insurance policies.

Each such Certificate of Insurance and endorsement shall be signed by an authorized agent of the applicable insurance company, shall provide that not less than thirty (30) days prior written notice of cancellation, non-renewal or material change is to be given to Customer; and shall state that such insurance policies are primary and non-contributing to any insurance maintained by Customer. Upon request by Customer, MPP shall provide a copy of each of the above insurance policies to Customer.

8.4 I f MPP’S provision of the Services and implementation of the Payment Solution are exclusive to the UK, MPP’S insurance must cover the UK accordingly.  Prior to such Services and implementation of the Payment Solution outside of the UK, MPP’S insurance policies must be extended to include coverage to such additional territories worldwide.

8.5 Failure of MPP to maintain the Insurances required under this clause 11 or to provide Certificates of Insurance, endorsements or other proof of such Insurances reasonably requested by Customer shall be a breach of this Agreement and, in such event, Customer shall have the right at its option to terminate this Agreement without penalty.

[#MPP to provide details of expanded insurance coverage as a matter of priority.]

9. BOOKS AND RECORDS; AUDITS

document.docx Page 29

9.1 MPP shall maintain complete and accurate accounting records, and shall retain such records for a period of three (3) years following the date of the invoice to which they relate.

9.2 Customer (and its duly authorized representatives) shall be entitled to:9.2.1 Not more than once annually during the term of this Agreement, audit such

books and records as they relate to the Services performed hereunder, upon reasonable notice to MPP and during normal business hours, and

9.2.2 make copies and summaries of such books and records for its use.

9.3 If Customer discovers any underpayment in the amounts paid by MPP to Customer for any period under audit (an “Audit Underpayment”), MPP shall promptly pay such Audit Underpayment to Customer. In the event that any such Audit Underpayment shall be in excess of five percent (5%) of the aggregate payments made to Customer in respect of the applicable period under audit, MPP shall also reimburse Customer for all reasonable costs and expenses incurred by Customer in connection with such audit and the collection of the Audit Underpayment. If any such Audit Underpayment shall be in excess of ten percent (10%) of the aggregate payments made to Customer in respect of the applicable period under audit, Customer shall have the right to re-audit, at MPP’S expense, MPP’S books and records for any and all past years (since the commencement of this Agreement).

10. WARRANTY

[8.1] MPP will commit to a Warranty (as defined in Section 13.2) period of sixty (60) days following the Start Date.

[8.2] MPP warrants and represents to Customer that:

10.1.1 It has the sole right, power and authority to enter into and be bound by this Agreement;

10.1.2 It shall use reasonable care, skill and judgment in rendering the services to be performed hereunder and that the Services provided shall be performed in a commercially reasonable quality, professional manner by qualified and skilled personnel.

10.1.3 either owns fully and outright or otherwise possesses and has obtained all rights (including, without limitation and to the extent applicable, copyright, common-law proprietary, patent, trademark and trade secret), approvals, licenses, consents and permissions as are necessary to provide the Services hereunder, exercise its rights hereunder, to grant the licenses granted by it under this Agreement, and to enable Customer's full exploitation and enjoyment thereof.

10.1.4 performance of the Services hereunder, including in relation to all deliverables, will not violate any proprietary rights of third parties, including, without limitation, Intellectual Property Rights, nor shall such activities violate any contractual obligations or confidential relationships which MPP may have to/with any third party. [#Check definition of Intellectual Property Rights]

10.1.5 there are neither pending nor threatened, nor to the best of MPP’S knowledge, information and belief contemplated, any suits proceedings or actions or claims which would materially affect or limit the rights granted to Customer under this Agreement.

document.docx Page 30

10.1.6 MPP (i) is and shall remain compliant with all PCI DSS requirements, (ii) requires by contract any all affiliates, agents, Suppliers or other subcontractors that Process PCI Data to be, and to remain, compliant with all PCI DSS requirements, and (iii) shall provide, upon Customer's request, current certification from a PCI DSS qualified security assessor verifying such compliance.

10.1.7 All data must be Encrypted when transferred and at rest and that MPP shall maintain segregated databases for multi-customer information.

10.1.8 it uses all commercially reasonable efforts to test and protect the Services against viruses and other harmful elements designed to disrupt the orderly operation of, or impair the integrity of data files resident on, any data processing system and will ensure that the provision of the Services should be free from security vulnerabilities that have a negative impact on the confidentiality, integrity and availability of Customer systems and information. In particular, MPP shall ensure that no Services as delivered to Customer by MPP will contain any “malware”, “virus”, “Trojan horse”, “worm” or “time bomb” (as such terms are commonly understood in the computer software industry), or any other code designed to:

(A) destroy data or files without the knowledge and consent of the user or otherwise disrupt, damage, or interfere with the use of the computer on which such code resides or any software programs which interact with such computer or such code; or

(B) disable the Services or impair in any way its operation based on the elapsing of a period of time, exceeding an authorized number of copies, advancement to a particular date or other numeral (sometimes referred to as “time bombs”, “time locks”, or “drop dead” devices); or

(C) permit unauthorized access to the Services (sometimes referred to as “traps”, “access codes” or “trap door” devices), or

(D) any other similar harmful, malicious or hidden procedures, routines or mechanisms which could cause such programs to cease functioning or to damage or corrupt data, storage media, programs, equipment or communications, or otherwise interfere with MPP’S or Customer’s operations,

and MPP will ensure that no such viruses, malware, Trojan horses, worms, time bombs or other code capable of the above, are introduced within Customer as a result of the provision of the Services.

10.1.9 shall, in accordance with the terms and conditions of this Agreement, provide timely information about technical vulnerabilities related to the Services (as provided in clauses 4.1.18 and 13.2.8) and guidance regarding the Services’ exposure to such technical vulnerabilities.

10.1.10 it will take appropriate measures, including but not limited to testing the Services, to ensure that the risks associated with any technical vulnerabilities are mitigated.

10.1.11 the Services will contain no Errors. For purposes hereof, an “Error” means a failure of any part of the Services to conform to its applicable specifications, to operate in accordance with its associated Documentation, to provide

document.docx Page 31

accurate results, or to conform to generally recognized programming standards.

10.1.12 it shall be responsible for any MPP Third Party Software and shall “pass-through” any software warranties received from the manufacturers or licensors of any MPP Third Party Software that forms a part of the Services and, to the extent granted by such manufacturers or licensors, Customer shall be the beneficiary of such manufacturers’ or licensors’ warranties with respect to the Services.

10.1.13 that Updates provided to Customer hereunder shall not give rise to any additional costs and that the installation of such Update shall not degrade, impair or otherwise adversely affect the performance or operation of the Services provided hereunder.

10.1.14 shall refrain from violating any law or regulation, including but not limited to penal laws, privacy laws, advertisement laws and tort law, inter alia acting in any way detrimental, discriminatory, immoral, obscene, inappropriate or otherwise inadmissible pursuant to applicable law.

10.1.15 shall not mislead the Customer in any way and/or refrain from offering illegal services or distributing unlawful material.

10.1.16 shall comply at all times with the terms set out in the Schedule F.

10.1.17 the Payment Solution will comply in all respects with the specifications set out in SCHEDULE A - BUSINESS REQUIREMENTS DOCUMENT (as updated from time to time in accordance with this Agreement) and any additional specifications agreed in writing by the Parties; and the Services are provided and will perform in accordance with the Documentation and that such Documentation and other materials provided by MPP hereunder shall faithfully and accurately reflect the Services provided by MPP.

10.1.18 without prejudice to, and notwithstanding, any agreed support terms, the Payment Solution will be free from faults or defects, which materially affect the functionality of the Payment Solution, [#Security breach. Bug free.]

(together, the "Warranty").

[8.3] For the purposes of the Warranty, defects in the Payment Solution shall be classified according to the following definitions: [#SLA determines timing within which problems must rectified. Creates confusion to deal with response time in two different ways.]

[8.3.1] P1 defects. These are severe problems which prevent the Payment Solution from loading, functioning or operating in a useable manner, and for which no work-around is available. Examples: application crashes or freezes up; payments cannot be taken.

[8.3.2] P2 defects. These are important problems, which, whilst not preventing the Payment Solution from operating, nevertheless cause significant parts to function incorrectly or to be unavailable. A work-around may be available to enable the Payment Solution to be used, albeit with some loss of functionality. Example: access to subscription and transaction information.

document.docx Page 32

[8.3.3] P3 defects. These are problems which may result in a poor End-User experience, or a minor loss of functionality which may be nevertheless available through another route or with a work-around. Example: information not pre-populated.

[8.3.4] P4 defects. Minor or cosmetic problems. They cause no loss of functionality but may affect the End-User experience. Examples: words incorrectly spelled; End-User interface not laid out correctly; wrong colors used.

[8.4] The Warranty covers the correction of the following categories of defect in the following timescales:

[8.4.1] New P1 and P2 level defects that arise during the Warranty period shall be addressed by MPP forthwith and in any event within twelve (12) hours of notification; and

[8.4.2] P3 and P4 level defects (whether identified (i) prior to the start of the Warranty period, but which were not corrected prior to the Start Date, or (ii) at any time during the Warranty period) shall be addressed in a timeline to be agreed by the Parties.

[8.5] For the avoidance of doubt, the Warranty only includes addressing:

[8.5.1] functional bugs that are found within the Payment Solution which are as a direct result of changes to the Payment Solution arising due to Bespoke Development or other code changes since the previous Release; and

[8.5.2] faults arising due to the incorrect integration of the Payment Solution with the Third-Party Software.

[8.6] The scope of the Warranty shall include the code changes necessary to correct the defects, full component unit testing and system/regression testing limited to the functional area(s) affected. It does not cover a complete run of all the system test scripts.

[8.7] Issues covered under Warranty need to be reproducible on supported PC configurations on the Start Date.

[8.8] Warranty and testing will be restricted to the hosted Payment Solution.

The Warranty will not cover any faults found within the Third-Party Software.

[8.9] EXCEPT FOR THE EXPRESS WARRANTY SPECIFIED IN THIS SECTION 8, MPP MAKES NO WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. MPP does not warrant that the Services will perform without error or that they will run without immaterial interruption. MPP provides no warranty regarding, and will have no responsibility for, any claim arising out of: (i) modification of the Payment Solution made by anyone other than MPP, unless MPP approves such modification in writing; or (ii) use of the Payment Solution in combination with any hardware platform, software or operating system not authorized in or specifically forbidden by the Business Requirements Document.

document.docx Page 33

[9.] TECHNICAL ALTERATIONS

In the event that the Payment Solution is upgraded or technically altered and the Customer is not offered the opportunity to opt out of such upgrades or alterations, then such upgrades or alterations shall be without further cost to the Customer. MPP agrees that any such upgrades or alterations will offer substantially similar functionality in accordance with the Business Requirements Document and shall not affect the Payment Solutions ability to interface with the Customer Third Party Software. [#LA – to discuss – we want to ensure we get the benefit of all releases/upgrades without having to pay each time. Consider changing so that they have to give us an option for all Releases and Major Upgrades with costs borne by MPP if we take option. GPC - Check for notification provisions and timing of such notification. See SLA.]

11.[10.] INTELLECTUAL PROPERTY RIGHTS

11.1[10.1] All Intellectual Property Rights existing prior to the Effective Date shall remain vested in the Party that owned such rights immediately prior to such date ("Existing IPRs"). For the avoidance of doubt in relation to the Customer this shall include without limitation, Products and associated communication media and systems and in relation to MPP shall include, without limitation, the Payments Solution and all associated software, source code, communication media and systems.

11.2[10.2] All legal and beneficial interest in any Intellectual Property Rights relating to the unique “look and feel” within the Payment Solution created specifically for the Customer and/or its Affiliates, the Products and the Data shall be the exclusive property of and vest absolutely in the Customer and/or its Affiliates. [#Gary - Is this all?]

11.3[10.3] Subject to Section 15.2, any and all Intellectual Property Rights developed by or on behalf of MPP in the course of the provision of the Payment Solution and comprised within the Payment Solution and delivered under this Agreement ("New IPRs") shall, subject to Section 15.4, automatically and without further formality vest in MPP on their coming into existence. Accordingly, the Customer hereby assigns to MPP all Intellectual Property Rights (including any New IPRs) arising in the course of providing the Payment Solution by way of present assignment of future Intellectual Property Rights whilst this Agreement is in force. [#GPC Add similar clause for our benefit.]

document.docx Page 34

11.4[10.4] Each Party hereby grants to the other Party (and in the case of the Customer, the right to grant to its Affiliates), for the duration of this Agreement only, a revocable, non-exclusive, worldwide, non-transferable (other than as provided herein), royalty-free license to use the other Party's Intellectual Property Rights for the purposes of this Agreement only. Each Party shall not without the prior written consent of the other Party use any of the other Party's Intellectual Property Rights (including any Existing IPRs and any New IPRs) other than as expressly permitted under this Agreement. [#To enable other SPE company’s to be able to operate under the same agmt – that is the “umbrella agmt” we discussed.]]

11.5[10.5] Unless excepted otherwise, the obligations under this Section 15 shall expressly survive the termination or assignment of this Agreement.

12.[11.] NO PARTNERSHIP:

12.1 MPP is rendering Services hereunder as an independent contractor and nothing in this Agreement shall constitute either party the agent, partner or employee of the other. MPP shall not:

12.1.1 hold itself out contrary to the terms of this Agreement;

12.1.2 enter into any agreement on behalf of Customer or bind Customer (or its Affiliates) in any way, or

12.1.3 make any representation, act or commission contrary to the terms hereof.

13. INDEMNIFICATION:

13.1 General . MPP will defend, indemnify and hold harmless Customer and each of its direct and indirect parents, subsidiaries and Affiliates, and their respective officers, directors, employees, agents, representatives, successors and assigns (collectively, the “Indemnitees”), from and against any and all claims, demands, liabilities, losses, damages, expenses (including without limitation, penalties and interest, reasonable fees and disbursements of counsel, and court costs), proceedings, judgments, settlements, actions or causes of action or government inquiries of any kind (including, without limitation, emotional distress, sickness, personal injury or death to any person (including employees of MPP or its contractors), or damage or destruction to, or loss of use of, tangible property) (“Claims”) arising out of, relating to or in connection with this Agreement, the performance of the Services under this Agreement or any of the representations, warranties, covenants, duties or obligations of MPP (including, without limitation, the Personnel and the Suppliers) under this Agreement; provided, however, that MPP shall not be obligated to indemnify Customer with respect to Claims due to the sole negligence or willful misconduct of Customer.

document.docx Page 35

13.2 Infringement . MPP shall defend, indemnify and hold harmless the Indemnitees from and against any and all any Claims arising out of, relating to or in connection with or attributable to any claim that any or all of the Services, or any information, design, specification, instruction, software, data or material furnished in connection therewith (collectively, the “Material”), infringes any patent, trade secret, copyright, trademark or other proprietary right. Without limiting the foregoing, should any of the Services or Material become (or, in MPP’S or Customer’s opinion, be likely to become) the subject of a claim alleging infringement, MPP shall immediately notify Customer and shall, at its own expense and at Customer’s option, use its best efforts to: (a) procure for Customer the right to continue to use the Services or Materials as contemplated by this Agreement; (b) replace or modify the Services or Materials so as to make them non-infringing, provided that the replacement or modification performs the same functions and matches or exceeds the performance and reliability of those replaced; or (c) if neither (a) or (b) above are, in Customer’s opinion, commercially feasible, Customer may return the infringing Materials and terminate this Agreement in accordance with clause Error: Reference source not found and reimburse Customer for its establishment costs and expenses incurred to obtain substitute services and/or materials (including, but not limited to, the difference (if any) between the amounts paid or payable to Customer and the amounts payable for the establishment of such substitute services and materials, taking into account that such substitute services and materials may have to be obtained on an expedited basis).

13.3 Indemnification Procedures . Customer will notify MPP promptly in writing of any Claim of which Customer becomes aware. Customer may designate its counsel of choice to defend such Claim at the sole expense of MPP and/or its insurer(s). MPP may, at its own expense participate in the defense. In any event, (a) MPP shall keep Customer informed of, and shall consult with Customer in connection with, the progress of any investigation, defense or settlement, and (b) MPP shall not have any right to, and shall not without Customer’s prior written consent (which consent will be in Customer’s sole and absolute discretion), settle or compromise any claim if such settlement or compromise (i) would require any admission or acknowledgment of wrongdoing or culpability by Customer or any Indemnitee, (ii) would, in any manner, interfere with, enjoin, or otherwise restrict any project and/or production of Customer or any Indemnitee or the release or distribution of any motion picture, television program or other project of Customer or any Indemnitee, or (iii) provide for any non-monetary relief to any person or entity to be performed by Customer or any Indemnitee.

13.4 If any part of the Materials, becomes or may become, the subject of any such Claim, MPP may, or in the event of any adjudication that any part of the Materials do infringe a third party’s Intellectual Property Rights, MPP shall, at its expense elect to do either one of the following: (i) procure for Customer the right to use the Materials or the affected part thereof; or (ii) replace the Materials or affected part thereof with another suitable product; (iii) modify the Materials or affected part thereof to make it non-infringing.

13.5 Survival . The foregoing obligations to indemnify shall survive termination of this Agreement for any reason whatsoever.

14. LIABILITY

14.1[11.1] Limits on Liability:

E xcept for MPP’s indemnification obligations set forth in this agreement and subject to clause 18.2, eEach Party will only be liable for direct damages arising in relation to this Agreement and neither Party will be liable whether based on a claim in contract, tort (including negligence), breach of statutory duty, strict liability or otherwise arising out of, or in relation to, this Agreement, for any indirect, incidental, consequential, exemplary, punitive or special damages and/or losses suffered by the other party, whether or not such party has been advised of the possibility of such loss, injury, damages.

document.docx Page 36

14.2[11.2] MPP will accept unlimited liability for:

14.2.1 death or personal injury caused by its proven negligence; and

14.2.2 fraud committed by MPP.

14.2.3 The Customer’s total aggregate liability to MPP and MPP’sMPP’s total aggregate liability to the Customer, whether based on an action or claim in contract, tort (including negligence), breach of statutory duty, strict liability or otherwise arising out of, or in relation to, this Agreement, will be limited to the aggregate amounts paid and/or payable to MPP pursuant to this Agreement.

[12.] CONFIDENTIALITY

14.3[12.1] General Obligations

14.3.1[12.1.1] Each Party (the "Recipient") undertakes to the other Party (the "Discloser") to:

(A) hold all Confidential Information of the Discloser which it obtains in relation to this Agreement in strict confidence, using at least the same degree of care as it employs to prevent unauthorised disclosure of its own Confidential Information but in any event not less than a reasonable degree of care;

(B) not disclose, or authorise the disclosure of, the Discloser’s Confidential Information to any third party other than pursuant to Sections 19.3 and 19.4;

(C) not use, or authorise anyone to use, the Discloser’s Confidential Information for any purpose other than the performance of its obligations or the exercise of its rights or the receipt of any benefits pursuant to this Agreement; and

(D) promptly notify the Discloser of any suspected or actual unauthorised use or disclosure of the Discloser’s Confidential Information of which it becomes aware and promptly take all reasonable steps that the Discloser may require in order to prevent, stop or remedy the unauthorised use or disclosure.

14.4[12.2] In the event of a request for the return or destruction of Confidential Information, the Recipient may retain such Confidential Information as forms part of the permanent records which it is bound by law or regulatory requirements to preserve or which the Recipient may reasonably require for archive purposes and the provisions of this Section 19 shall continue to apply to all such retained Confidential Information.

14.5[12.3] Authorised Disclosure

14.5.1[12.3.1] The Recipient may disclose the Discloser’s Confidential Information to the following persons:

(A) in the case of Customer: to its Affiliates and respective officers, directors, employees, professional advisors, contractors and auditors, Accedo, PSN [#Gary/LA - Full company names. Anyone else?]

document.docx Page 37

and any other third party appointed by Customer for the purposes of the development and operation of the Customer Services; or

(B) in the case of MPP: to MPP’s Affiliates and subcontractors and their (and MPP and MPP Affiliate’s) respective officers, directors, employees, professional advisors, and auditors;

(together the "Further Recipients") but, in each case, only to the extent and provided that such Persons:

(i) need to know the Confidential Information disclosed to them for the purposes of providing, or receiving the benefit of, the Services under or in connection with this Agreement; and

(ii) have been informed in writing of the confidential nature of the Confidential Information and the purpose for which it may be lawfully used.

14.5.2[12.3.2] The Recipient will ensure that its respective Further Recipients comply with the terms of this Section 19 in respect of any Confidential Information of the Discloser disclosed to them by the Recipient.

14.6[12.4] Mandatory Disclosure

14.6.1[12.4.1] The Recipient may disclose the Discloser’s Confidential Information if, and to the extent that, it is required to do so by a regulator, a relevant stock exchange or otherwise by law, including any requirements for disclosure under the FOIA or provided that, to the extent it is permitted to do so, it will:

(A) notify the Discloser as soon as practicable upon becoming aware of the obligation to disclose; and

(B) cooperate with the Discloser in avoiding or limiting the disclosure and obtaining assurances as to confidentiality from the body to whom the Confidential Information is to be disclosed.

14.7[12.5] Exceptions to Obligations of Confidentiality

14.7.1[12.5.1] Section 19.1.1 will not apply to Confidential Information to the extent that:

(A) such Confidential Information has been placed in the public domain other than through the fault of the Recipient;

(B) such Confidential Information has been independently developed by the Recipient without reference to the Confidential Information of the Discloser;

(C) the Discloser has approved in writing the particular use or disclosure of the Confidential Information;

(D) such Confidential Information was already known by the Recipient prior to the disclosure without an obligation of confidentiality; or

document.docx Page 38

(E) such Confidential Information is independently received from a third party without any obligation of confidence and the Recipient has made reasonable enquiries that the third party owed no obligation of confidence to the Discloser.

15.[13.] ENTIRE AGREEMENT

15.1[13.1] This Agreement and the documents referred to in it constitute the entire agreement and understanding of the Parties with respect to the subject matter thereof and supersedes any previous agreement between the Parties, written or oral, relating to the subject matter of this Agreement. [#Updates to documentation?]

Each Party acknowledges that it has not been induced to enter into this Agreement in reliance on, nor has it been given, any warranty, representation, statement, assurance, covenant, agreement, undertaking, indemnity or commitment of any nature whatsoever, other than as expressly set out in this Agreement and, to the extent that either Party has been so induced, it unconditionally and irrevocably waives any claims, rights or remedies which it might otherwise have had in relation to the same.

16.[14.] TERMINATION

16.1[14.1] Termination for Breach

16.1.1[14.1.1] Without prejudice to any other rights or remedies that a Party may have under or in connection with Agreement, either Party may terminate this Agreement (or any or all Services or any SOW) upon written notice to the other Party if the other Party commits a material breach of this Agreement that is capable of being remedied and, following written notice to remedy the breach, that Party does not remedy the breach within thirty (30) days (or any longer period agreed by the Parties in writing).

16.2[14.2] Termination for Insolvency

[14.2.1] Without prejudice to any other rights or remedies that a Party may have under or in connection with Agreement, eEither Party may terminate this Agreement (or any or all Services or any or any SOW), upon written notice to the other Party, if the other Party is unable to pay its debts or becomes insolvent or an order is made or a resolution passed for the administration, winding-up or dissolution of the other Party (otherwise than for the purposes of a solvent amalgamation or reconstruction) or an administrative or other similar law, or a receiver, manager, trustee, liquidator, or similar official shall be appointed for the other Party or for any substantial part of its operations or assets, or the winding-up or liquidation of its affairs shall be ordered and any such decree, order or appointment shall continue undismissed for a period of thirty (30) days, or appoints an assignee for the benefit of creditors or of a receiver without the other party’s consent, or anything analogous to the foregoing occurs in any applicable jurisdiction.

16.3[14.3] Termination for Fraud

16.3.1[14.3.1] Without prejudice to any other rights or remedies that a Party may have under or in connection with Agreement, either Party may terminate this Agreement (or any or all Services or any or any SOW) upon written notice to the other Party if the other Party commits any act of fraud, gross negligence or willful misconduct in connection with the Services rendered hereunder.

document.docx Page 39

16.4[14.4] Termination by Customer: Customer shall also have the right to terminate any or all of the Services, and/or any or all Statement of Works and/or this Agreement, effective immediately upon written notice, if MPP fails to achieve the service levels specified in Schedule [#] for two (2) months in any four month period as provided in Part 6 of Schedule D.

16.5 Upon termination of this Agreement, MPP and Customer shall also be relieved of any further obligations hereunder, except for both Parties obligations which are expressed to continue post-termination, which shall include (other than where termination is made by Customer as a result of MPPs breach) Customer’s obligation to pay any sums payable to MPP hereunder. No such termination of any Services and/or any Statement of Work and/or this Agreement shall affect or interfere with Customer's rights in and to the Customised Deliverables and proceeds therefrom, which rights shall remain in full force and effect and survive any such termination. [#Need to specify which clauses are to continue post termination.]

16.6 Notwithstanding the foregoing Section 21.5, if and to the extent requested in writing by Customer and provided that Customer is not in material breach of the Agreement, MPP shall complete performance under any or all non-terminated Statement of Works outstanding at the time of expiration or any termination of this Agreement by Customer, (each outstanding Statement of Work for which continued performance is requested by Customer being an “Outstanding Statement of Work”) subject to payment of the applicable Cost of Sales (or other other agreed fees as the case may be) to MPP. All such outstanding Statement of Works shall be governed by and subject to the terms and provisions of this Agreement and the applicable Statement of Work until performance thereof has been completed to the same extent as if this Agreement had not earlier expired or been terminated by Customer.

[#GPC – Schedule D re continuity of service cf Invideous]

17.[15.] CUSTOMER THIRD PARTY SOFTWARE

17.1[15.1] Customer shall be responsible for the specification of Customer’s Third Party Software that must be used in the overall architecture of the Payment Solution. The Third Party Software which must be used will be documented in full by Customer and details sent to MPP in a reasonable timeframe for consideration prior to integration into the Payment Solution. [#GPC - MPP for MPP Third Party Software.]

18.[16.] AMENDMENT

18.1[16.1] This Agreement may be amended only by a written instrument signed by a duly authorised representative of each of the Parties.

19.[17.] GOVERNING LAW: ARBITRATION

19.1[17.1] This Agreement shall be governed by and construed in accordance with the laws of England and Wales. This agreement shall be construed and enforced in accordance with the laws of the State of California without regard to the choice of law principles thereof.

[17.2] Each Party irrevocably agrees to submit to the exclusive jurisdiction of the courts of England over any claim or matter arising under or in connection with this Agreement or the legal relationships established by this Agreement.

document.docx Page 40

[17.3] All actions or proceedings arising in connection with, touching upon or relating to this Agreement, the breach thereof and/or the scope of the provisions of this Section 24 (a “Proceeding”) shall be submitted to JAMS (“JAMS”) for binding arbitration under its Comprehensive Arbitration Rules and Procedures if the matter in dispute is over $250,000 or under its Streamlined Arbitration Rules and Procedures if the matter in dispute is $250,000 or less (as applicable, the “Rules”) to be held solely in Los Angeles, California, U.S.A., in the English language in accordance with the provisions below.

19.2 Each arbitration shall be conducted by an arbitral tribunal (the “Arbitral Board”) consisting of a single arbitrator who shall be mutually agreed upon by the parties. If the parties are unable to agree on an arbitrator, the arbitrator shall be appointed by JAMS. The arbitrator shall be a retired judge with at least ten (10) years experience in commercial matters. The Arbitral Board shall assess the cost, fees and expenses of the arbitration against the losing party, and the prevailing party in any arbitration or legal proceeding relating to this Agreement shall be entitled to all reasonable expenses (including, without limitation, reasonable attorney’s fees). Notwithstanding the foregoing, the Arbitral Board may require that such fees be borne in such other manner as the Arbitral Board determines is required in order for this arbitration clause to be enforceable under applicable law. The parties shall be entitled to conduct discovery in accordance with Section 1283.05 of the California Code of Civil Procedure, provided that (a) the Arbitral Board must authorize all such discovery in advance based on findings that the material sought is relevant to the issues in dispute and that the nature and scope of such discovery is reasonable under the circumstances, and (b) discovery shall be limited to depositions and production of documents unless the Arbitral Board finds that another method of discovery (e.g., interrogatories) is the most reasonable and cost efficient method of obtaining the information sought.

document.docx Page 41

19.3 There shall be a record of the proceedings at the arbitration hearing and the Arbitral Board shall issue a Statement of Decision setting forth the factual and legal basis for the Arbitral Board's decision. If neither party gives written notice requesting an appeal within ten (10) Business Days after the issuance of the Statement of Decision (the “Appeal Period”), the Arbitral Board's decision shall be final and binding as to all matters of substance and procedure and in such event, if the decision is not fully complied with within fifteen (15) Business Days after the end of the Appeal Period (or the parties do not mutually agree to a different resolution prior to the expiration of such 15-Business Day period), the Arbitral Board's decision may be enforced by a petition to the Los Angeles County Superior Court or, in the case of MPP, such other court having jurisdiction over MPP, which may be made ex parte, for confirmation and enforcement of the award. If either party gives written notice requesting an appeal within the Appeal Period, the award of the Arbitral Board shall be appealed to three (3) neutral arbitrators (the "Appellate Arbitrators"), each of whom shall have the same qualifications and be selected through the same procedure as the Arbitral Board. The appealing party shall file its appellate brief within thirty (30) days after its written notice requesting the appeal and the other party shall file its brief within thirty (30) days thereafter. The Appellate Arbitrators shall thereupon review the decision of the Arbitral Board applying the same standards of review (and all of the same presumptions) as if the Appellate Arbitrators were a California Court of Appeal reviewing a judgment of the Los Angeles County Superior Court, except that the Appellate Arbitrators shall in all cases issue a final award and shall not remand the matter to the Arbitral Board. The decision of the Appellate Arbitrators shall be final and binding as to all matters of substance and procedure, and if the Appellate Arbitrators’ decision is not fully complied with within fifteen (15) Business Days after such decision (or the parties do not mutually agree to a different resolution prior to the expiration of such 15-Business Day period), then the Appellate Arbitrators' decision may be enforced by a petition to the Los Angeles County Superior Court or, in the case of MPP, such other court having jurisdiction over MPP, which may be made ex parte, for confirmation and enforcement of the award. The party appealing the decision of the Arbitral Board shall pay all costs and expenses of the appeal, including the fees of the Appellate Arbitrators and including the reasonable outside attorneys' fees of the opposing party, unless the decision of the Arbitral Board is reversed, in which event the costs, fees and expenses of the appeal shall be borne as determined by the Appellate Arbitrators.

document.docx Page 42

19.4 Subject to a party's right to appeal pursuant to the above, neither party shall challenge or resist any enforcement action taken by the party in whose favor the Arbitral Board, or if appealed, the Appellate Arbitrators, decided. Each party acknowledges that it is giving up the right to a trial by jury or court. The Arbitral Board shall have the power to enter temporary restraining orders and preliminary and permanent injunctions, subject to the provisions of the Agreement waiving or limiting that remedy. Neither party shall be entitled or permitted to commence or maintain any action in a court of law with respect to any matter in dispute until such matter shall have been submitted to arbitration as herein provided and then only for the enforcement of the Arbitral Board’s award; provided, however, that prior to the appointment of the Arbitral Board or for remedies beyond the jurisdiction of an arbitrator, at any time, either party may seek pendente lite relief (subject to the provisions of the Agreement waiving or limiting that relief) in a court of competent jurisdiction in Los Angeles County, California or, if sought by Customer, such other court that may have jurisdiction over MPP, without thereby waiving its right to arbitration of the dispute or controversy under this section. All arbitration proceedings (including proceedings before the Appellate Arbitrators) shall be closed to the public and confidential and all records relating thereto shall be permanently sealed, except as necessary to obtain court confirmation of the arbitration award. The fact that there is a dispute between the parties that is the subject of an arbitration shall be confidential to the same extent. Notwithstanding anything to the contrary herein, MPP hereby irrevocably waives any right or remedy to seek and/or obtain injunctive or other equitable relief or any order with respect to, and/or to enjoin or restrain or otherwise impair in any manner, the production, distribution, Scheduleion or other exploitation of any motion picture, production or project related to Customer, its parents, subsidiaries and affiliates, or the use, publication or dissemination of any advertising in connection with such motion picture, production or project. The provisions of this Section shall supersede any inconsistent provisions of any prior agreement between the parties.

20. NOTICES:

20.1 All notices, requests, demands or other communications in connection with this Agreement shall be in writing and shall be deemed to have been duly given if delivered in person, by telegram, by fax to the applicable fax number listed below, or by mail, postage prepaid, certified or registered, with return receipt requested, or otherwise actually delivered:

If to MPP, at:

___________________________________________

___________________________________________

___________________________________________

Attention: _______________________

Facsimile: ________________

If to Customer, at:

document.docx Page 43

Sony Pictures Entertainment Inc.

10202 W. Washington Blvd.

Culver City, CA 90232

Attention: Procurement Services

Facsimile: (310) 244-2122

With a copy to:

Sony Pictures Entertainment

10202 W. Washington Blvd

Culver City, CA 90232-3195

Attention: General Counsel

Facsimile: (310) 244-0510

or such other addresses as MPP or Customer shall have designated by written notice to the other party hereto. Any such notice, demand or other communication shall be deemed to have been given on the date actually delivered (or, in the case of telecopier, on the date actually sent by telecopier) or upon the expiration of three (3) days after the date mailed, as the case may be.

21. HEADINGS; EXECUTION OF STATEMENT OF WORK:

21.1 The paragraph headings in this Agreement are solely for convenience of reference and shall not affect the interpretation of this Agreement. No Statement of Work applicable to this Agreement shall be binding on Customer unless executed by the parties hereto.

22. COMPLIANCE WITH LAW:

22.1 MPP will comply with all statutes, ordinances, and regulations of all federal, state, county and municipal or local governments, and of any and all the department and bureaus thereof, applicable to the carrying on of its business and performance of the Services in each of the relevant Territories. In the event of a change in law which materially impacts the terms and conditions of this Agreement and in particular, any matters set out in any SOW, the Parties shall, acting in good faith, agree any amendments reasonably required to this Agreement as a result.

22.2 Compliance with the FCPA:

document.docx Page 44

22.2.1 It is the policy of Customer to comply fully with the U.S. Foreign Corrupt Practices Act, 15 U.S.C. Section 78dd-1 and 78dd-2 (“FCPA”), and any other applicable anti-corruption laws (“Customer’s FCPA Policy”). MPP represents and warrants that it is aware of the FCPA, which prohibits the bribery of public officials of any nation.

22.2.2 MPP agrees strictly to comply with Customer’s FCPA Policy. Any violation of Customer FCPA Policy by MPP will entitle Customer immediately to terminate this Agreement. The determination of whether MPP has violated Customer FCPA Policy will be made by Customer in its sole discretion.

22.2.3 MPP understands that offering or giving a bribe or anything of value to a public official of any nation is a criminal offense. MPP hereby explicitly represents and warrants that neither MPP, nor, to the knowledge of MPP, anyone acting on behalf of MPP (including, but not limited to, the Personnel), has taken any action, directly or indirectly, in violation of the FCPA, Customer’s FCPA Policy, or any other anti-corruption laws. MPP further represents and warrants that it will take no action, and has not in the last 5 years been accused of taking any action, in violation of the FCPA, Customer’s FCPA Policy, or any other anti-corruption law. MPP further represents and warrants that it will not cause any party to be in violation of the FCPA and/or Customer’s FCPA Policy and/or any other anti-corruption law. MPP also agrees to advise all those persons and/or parties supervised by it (including, but not limited to, the Personnel) of the requirements of the FCPA and Customer’s FCPA Policy. This representation includes, without limitation, making an offer, payment, promise to pay, or authorization of the payment of any money, or offer, gift, promise to give, or authorization of the giving of anything of value to any “foreign official” (as that term is defined in the FCPA) or any foreign political party or official thereof or any candidate for foreign political office in contravention of the FCPA.]

22.2.4 MPP further represents and warrants that, should it learn of or have reason to know of any request for payment that is inconsistent with clause 27.2.2 or 27.2.3 herein or Customer’s FCPA Policy, MPP shall immediately notify Customer of the request.

22.2.5 MPP further represents and warrants that MPP is not a foreign official, as defined under the FCPA, does not represent a foreign official, and that MPP will not share any fees or other benefits of this contract with a foreign official.

22.2.6 MPP will indemnify, defend and hold harmless Customer and its affiliates and their respective directors, officers, employees and agents (collectively, the “Indemnified Parties”) for any and all liability arising from any violation of the FCPA caused or facilitated by MPP. Customer and its representatives shall have the right to review and audit, at Customer’s expense, any and all books and financial records of MPP, at any time.

22.2.7 In the event Customer deems that it has reasonable grounds to suspect MPP has violated this Agreement or the provisions of Customer’s FCPA Policy, either in connection with this Agreement or otherwise, Customer shall be entitled partially or totally to suspend the performance hereof, without thereby incurring any liability, whether in contract or tort or otherwise, to MPP or any third party. Such suspension shall become effective forthwith upon notice of suspension by Customer to MPP, and shall remain in full force and effect until an inquiry reveals, to the satisfaction of Customer, that MPP has not violated this Agreement or any of the provisions of Customer’s FCPA Policy. Such termination shall not affect Customer’s indemnification or audit rights,

document.docx Page 45

as described in paragraphs 27.2.6 and 27.2.6herein, and Customer shall own all the results and proceeds of MPP Services performed pursuant to this Agreement.]

23. FORCE MAJEURE:

23.1 In the event of the occurrence of an Event of Force Majeure (as defined below), either Party shall have the right to suspend this Agreement and shall have the right, but not the obligation, to extend this Agreement by the length of any such suspension. If any Event of Force Majeure continues for seven (7) consecutive weeks, either Party shall have the right to terminate this Agreement. For the avoidance of doubt, such termination shall not relieve Customer or MPP of its obligation to pay any charges hereunder pursuant to clause 5. As used herein, an “Event of Force Majeure” in respect of a party shall mean any reasonably unforeseeable act, cause, contingency or circumstance beyond the reasonable control of such party, including, without limitation, any governmental action, war (whether or not declared), public strike, riot or revolution, fire, flood, drought, other natural calamity, damage or destruction to plant and/or equipment, or any other accident, condition, cause, contingency or circumstance (including without limitation, acts of God).

24. SEVERABILITY:

24.1 In case any term of this Agreement shall be held invalid, illegal or unenforceable in whole or in part, neither the validity of the remaining part of such term nor the validity of any other term shall be in any way affected thereby.

25. NON-SOLICITATION

25.1 During the term of this Agreement and for twelve (12) months thereafter Customer shall not solicit for employment whether as an employee, agent, partner or consultant, any employee of MPP with whom Customer has had dealings during the previous twelve (12) month period (“Relevant Employee”). The parties agree that a reasonable forecast of the damages arising from breaching this Clause with respect to a Relevant Employee would be, and the Reseller agrees to pay as liquidated damages if in breach of this Clause, an amount equal to the salary that said Relevant Employee would receive over a period of six (6) months as of the date of the breach of this Clause. MPP may also seek injunctive relief in the event that Customer is in breach of this Clause. The provisions of this Clause shall, for the avoidance of doubt, not apply to the recruitment of a Relevant Employee who responds to a bona fide public advertisement for a vacancy.

26. COUNTERPARTS

26.1[17.4] This Agreement may be executed in one or more counterparts. Each counterpart will be an original, but all such counterparts will constitute a single instrument.

27.[18.] CONFLICT AMONG SCHEDULES

27.1[18.1] In the event of any conflict between the terms of this main body of this Agreement and those of any Schedule, the terms of this main body will govern. [#Where we add our data protection/info sec schedule – schedule will have to prevail]

document.docx Page 46

28.[19.] ASSIGNMENT

[19.1] Neither Party may assign this Agreement or any of the rights or obligations hereunder without the express written consent of the other Party.

[19.2] This Agreement and each and every portion hereof, shall be binding on the successors and assigns of the parties hereto, but the same shall not be assigned by MPP (including by way of Change of Control) without the express written consent of Customer. For the avoidance of doubt, Customer may sublicense and/or assign its rights (or any part of them) under this Agreement to its Affiliates to enable such Affiliates to receive the Services.

28.1 For the purposes of this clause 33.2, a Change of Control, as defined herein, shall be deemed an assignment. “Change of Control” shall occur: (i) with respect to a party that is a Public Company (as defined herein), if as a result of any event (including but not limited to any stock acquisition, acquisition of securities convertible into or exchangeable for voting securities, merger, consolidation or reorganization) any one or more persons or entities who together beneficially own, directly or indirectly, more than 20% of the combined voting power of the then-outstanding securities of such party immediately prior to such event (the “Public Company Controlling Shareholder(s)”) together fail to own, after such event, more than 20% of the combined voting power of the then-outstanding securities of such party (or any successor, resulting or ultimate parent company or entity of such party, as the case may be, as a result of such event); or (ii) with respect to a party which is not a Public Company (as defined herein), if as a result of any event (including but not limited to any stock acquisition, acquisition of securities convertible into or exchangeable for voting securities, merger, consolidation or reorganization) any one or more persons or entities who together beneficially own, directly or indirectly, more than 50% of the combined voting power of the then-outstanding securities of such party immediately prior to such event (the “Non-Public Company Controlling Shareholder(s)”) together fail to own, after such event, more than 50% of the combined voting power of the then-outstanding securities of such party (or any successor, resulting or ultimate parent company or entity of such party, as the case may be, as a result of such event). “Public Company” means any company or entity (i) whose securities are registered pursuant to the Securities Act of 1933, as amended, (ii) whose securities are traded in any national or international stock exchange or over the counter market or (iii) which is subject to the reporting requirements of the Securities Exchange Act of 1934, as amended.

28.2 Any attempt by MPP to assign this Agreement in contravention of clauses 33.2 and 33.3 shall be considered a breach of the Agreement.

28.3 Notwithstanding the restriction in this clause 33, MPP may use the Suppliers to perform Services under this Agreement in accordance with clause 9. MPP shall be responsible to Customer hereunder for the acts and omissions of its subcontractors in accordance with clause 9.

[Remainder of Page Intentionally Left Blank]

document.docx Page 47

IN WITNESS WHEREOF, the Parties have duly executed this Agreement as of the day and year first written above.

MPP GLOBAL SOLUTIONS INCORPORATED

By: ___________________________________Name:Title:

[CUSTOMER]ENTERTAINMENT NETWORKS (UK) LIMITED

By: ___________________________________Name:Title:

document.docx Page 48

SCHEDULE A - BUSINESS REQUIREMENTS DOCUMENT[#TO BE PROVIDED]

document.docx Page 49

SCHEDULE B - COST OF SALES

1. Subject to Paragraph 2 and Paragraph 3 of this SCHEDULE B, the Customer shall pay the Cost of Sales charges set out in this SCHEDULE B as described in Section 6.8.4 of this Agreement which are passed on at cost by MPP to the Customer.

2. MPP shall pay any Cost of Sales charges that are incurred due to a failure to meet the minimum Transactions Per Minute level requested by the Customer and/or as a result of any failure of the Payment Solution due as a result of the action or inaction of MPP its Suppliers and/or Personnel, including any Refund or Chargeback incurred as a result of such failure of the Payment Solution and as a result of End-User Support enquiries caused by loss of the Services or MPP’s systems.

3. The following Cost of Sale charges set out below are provided as a guideline onlyshall apply. The exact running costs will be calculated on a month-by-month basis and itemizeditemised in the monthly Statement of Account prepared by MPP for the Customer.

Email Costs

Each Email sent is charged at USD 0.004.

End-User Support

If applicable (tools are provided to enable the Customer to provide its own front-line End-User supportSupport), there is a per minute fee of USD 1.20GBP 10.80 for this service as provided in more detail in SOW#2 attached as Schedule [#]. For the avoidance of doubt, the charges are only applicable for time spent by MPP’sMPP’s End-User support Support staff who are engaged in the normal running of the Services and not as a result of End-User support Support enquiries caused by loss of the Services or MPP’sMPP’s systems. Chargeable End-User support Support services include answers to general End-User or Customer enquiries, processing of Refunds and Chargebacks where applicable.

Refunds

A “Refund” is the reversal of the original Micropayment or Macropayment to the End-User. The Transaction Fee of a Refund is a Cost of Sale where such Refund is due as a result of the action or inaction of Customer. Where a Refund is as a result of the action or inaction of MPP, its Suppliers and/or Personnel, clause 6.9 of the Agreement and clause 2 of this Schedule B shall apply.

Payment Organization Fees

When MPP connects to a Payment Organization a fee of USD 0.075as per clause 6.1.4 will be applied to each authorisation, collection and, subject clause 2 of this Schedule B, Rrefund requested for credit or debit card transactions and variable fees will be applied for local payment types.

Direct Debit Account Check

document.docx Page 50

In the UK, when processing a Direct Debit for the first time, an optional fee is levied to check the Account Number and Sort Code of the bank account match and which therefore results in a higher percentage of successful direct debit transactions. The fee per direct debit account check is GBP 0.100 each.

Post Code Check

In the UK, an optional post code look up service is provided which enables the End-user to enter a post code and for a list of matching addresses to be returned. The fee per post code lookup is GBP 0.050 each.

(A) Pricing for Pay Ins

Fees will be charged on a per transaction basis when End-Users purchase Products using local payment services. MPP is able to attain preferential rates for the Payment Organizations detailed below if aggregated transaction value is in excess of USD 70,000 per month for any one Payment Organization in any one country.

Pricing – PAY INS

Pay-Ins (USD 15 min value) 1.5% Min. USD 1.00

NB: Spanish and Italian markets have additional repatriation charges of 0.5% and 0.2% respectively. These charges are beyond MPP’s control.

Austria – EPS 2.75% Min EURO 0.50 no cap

Argentina – DineroMail 6% Min GBP 1.00 no cap

Belgium - Mister Cash 1.75% Min EURO 0.50 no cap

Belgium – Neosurf 6%

Bulgaria – ePay 3.00% Min EURO 0.50 no cap

Brazil- Boleto Bancario EUR 2.00

Czech Republic – eKonto 2% Min EURO 0.50 no cap

Denmark – eWire 2.95% Min EURO 0.50 no cap

Denmark – Glupay 1.95% Min EURO 0.50

Estonia - Banklink 2.25% Min EURO 0.50 no cap

Estonia – Glupay 1.95% Min EURO 0.50

Finland - EUTeller 1.75% Min EURO 0.50 max EURO 2.50

Finland - Nordea Nettbank 1.5% Min EURO 0.50 max £5.00

document.docx Page 51

France – Neosurf 5.5%

Germany and Austria – Sofort 2% Min EURO 0.50 no cap

Germany – Giropay 2.5% Min EURO 0.50 no cap

Hungary – Abaqoos 3% Min EURO 0.50 no cap

Italy – Neosurf 6%

Latvia – Banklink 2.25% Min EURO 0.50

Latvia - Nordea Nettbank 1.5% Min EURO 0.50 max £5.00

Lithuania – Glupay 1.95% Min EURO 0.50

Netherlands – iDEAL 1.5% Min EURO 0.50 max £2.50

Norway – eWire 2.95% Min EURO 0.50 no cap

Norway – Glupay 1.95% min EURO 0.50

Poland – Przelewy 24 2.5% Min EURO 0.50 no cap

Portugal – Multibanco 3.65% Min EURO 0.50

Russia – Moneta 4.00%

Russia - Webmoney 0.35% plus webmoney settle fee

Slovakia – Sporopay 1.5% Min EURO 0.35

Spain – Neosurf 6%

Spain – Teleingresso 5.25% Min EURO 0.50 no cap

Spain - La Caixa Linea Abierta* 1.5% Min EURO 0.50 no cap

*Note that over the counter La Caixa deposits are charged at EUR5.00. This is bank policy

Sweden – eWire 2.95% Min EURO 0.50 no cap

Sweden – Gluepay 1.95%

Sweden - Nordea Nettbank 1.5% Min EURO 0.50 max £5.00

UAE – Cashu 7.5%

Worldwide – Moneybookers Available on request

document.docx Page 52

document.docx Page 53

(B) Pricing for Pay Outs

Fees charged for paying out the monies from End-User transaction to Customer from the local payment service only

Pricing – PAY OUTS

Domestic Pay-outs (where Customer has local bank) USD 1.50

[North American] Region payments with IBAN, SWIFT, A/C No (max. value USD 50,000) USD 1.50

Repairs and Reversals USD 2.50 (Bank may charge additional fee for repair and investigations)

(Also third party payment values over USD 50,000 as we route via SWIFT)

Corporate Payments (In/out) USD 20.00

(Merchant settlement or pay-ins over USD 50,000

Abaqoos USD 0.50

eWire USD 0.50

Instadebit USD 2.00

Glupay Ex 1.75% min USD 1.50

Moneta & Russia Realtime 1.5%

Moneybookers payout to wallet USD 2.50

Foreign Exchange MPP FX rates apply+

Bank Fee Adjustment Individually advised-none at present ****

NB MPP generally operates a third party single payment limit of USD 100,000 with higher value items needing to be pre-approved. This limit does not apply to merchant settlement values. Third party Pay-ins are limited to a maximum of USD 15,000 without pre-agreement.

**** In the main MPP covers the banking charges in its fee, however, in some markets, i.e. where banking fees are especially high, MPP will levy a bank fee adjustment. This will be applied on a market-by-market basis. Where such a charge does apply MPP will advise the Customer in advance.

document.docx Page 54

+MPP FX Rates are based on a mid-rate plus a margin to cover MPP FX risk. Corporate deals for larger amounts (i.e. above USD 50,000) can be executed on request and a corporate rate will apply.

document.docx Page 55

SCHEDULE C - SERVICE LEVEL AGREEMENT [#SEPARATE SLA FOR END-USER SUPPORT TO BE AGREED]

1. INTRODUCTION

This Service Level Agreement ("SLA") sets out the operational and support responsibilities, service levels, Key Performance Indicators (“KPIs”), operational and management procedures, reporting, review structure and contact details agreed between the Parties regarding the Payment Solution and Hosting Services made available pursuant to this Agreement between the Parties.

2. DEFINITIONS

All capitalised words in this SLA shall have the same meaning as Section 1 of this Agreement unless such words are defined for the first time in this SLA.

2.1 The following additional defined terms are used in this SLA:

"Availability" means in respect of systems and services provided by MPP to the Customer, the time expressed as a percentage, during which each function of those systems or services, functions to or above the Performance Standards set out in this SLA (or where it does not so function, the effects are not material upon Customer or the End-User) [#Eve – to discuss. Impact of wording in yellow.][#]. Availability is calculated by dividing the time in which the systems or services have actually functioned by the total time in a reported calendar month.

"Emergency Maintenance" means urgent, unplanned maintenance work on MPP’s systems that is deemed as necessary and will have an impact on the Availability of the Payment Solution and Hosting Services.

"Hosting Services" means the systems and networks, supported and managed by MPP, that host the Payment Solution and Services supplied to and used by the Customer.

"Improvement Plan" has the meaning given in Section 5.11 of this SLA.

"Incident" means a:

2.1.1 failure, fault, bug, error, malfunction, threat of virus or Trojan, unauthorised systems access, a function or process degradation of any part of the Payment Solution, Services and/or the Hosting Services or a point issue (conflict) including one that has an adverse impact on the Customer and/or the End-User;

2.1.2 request or other issue concerning the Services,

as set out in more detail in the definitions of Priority 1, Priority 2 and Priority 3 in this clause 2.1 below. and occurs or is sustained during a single or aggregate period of time in any single twenty-four (24) hour period. [#The relevant periods of time are as set out in cl 6.3. 24 hrs would not need to pass before a particular issue would be considered an Incident.]

"KPI(s)" has the meaning given in Section 1 of this SLA.

document.docx Page 56

"Major Update" means a major new release or version of the Payment Solution (and is not a Release) that is made available to all users of the Payment Solution.

"Operational Change Procedure" means the process set out in this SLA to govern a request by either Party for any non-commercial change to any operational, technical or management process, systems or service in relation to the Payment Solution, Hosting Services or this SLA.

"Performance Standards" has the meaning given in Section 5.5 of this SLA.

"Planned Maintenance" is a period of time where MPP performs a routine upgrade, repair, maintenance, replacement, regulatory inspection or other work on any systems or networks used in relation to the Payment Solution and/or Hosting Services that it deems necessary or desirable and that has been properly notified and agreed with the Customer.

"Priority 1" is in respect of an Incident: [#Consider also where problems with 3rd

party software fits in here.]

a) a complete loss of the live Payment Solution and/or Hosting Services;

b) a major degradation of any element or function of the live Payment Solution that has an adverse impact on the Customer and/or End-Users;

c) a security threat to and/or actual breach of the systems used in the provision of the live Payment Solution including any actual or threatened Security Incident;

d) a notified material breach requiring immediate remedy;

e) a fundamental conflict of interests that affects the Availability of the Payment Solution;

f) unplanned work that affects the Availability of the Payment Solution and/or Hosting Services (e.g. Emergency Maintenance); or

g) an overrun of Planned Maintenance affecting the Availability of the Payment Solution and/or Hosting Services.

h) a problem that results in a significant impact on Customer’s systems and/or operations.

i) no acceptable workaround is available.

"Priority 2" means in respect of an Incident:

a) a minor or medium degradation of any element or function of the lLive Payment Solution and/or Hosting Services;

b) a failure of eHQ or multiple End-User information issues;

c) a major degradation of any reference, development or test Payment Solution and/or Hosting Services systems; or

d) a bug, defect or fault with the Payment Solution and/or Hosting Services that does not affect the Customer and/or End-User or the Availability of the Payment Solution and/or Hosting Services.

document.docx Page 57

e) services are operational but End-Users are experiencing blocking issues or delayed processing.

f) temporary workaround is available.

Problem impairs Customer’s ability to use the Services effectively.

"Priority 3" is an Incident that is:

a) a fault of the Payment Solution, Services and/or Hosting Services that does not affect its functionality or affect the Customer and/or End-User; or

b) a single End-User information issue (ie single End-User account issue).

c) acceptable workaround available.

d) Other issues which are not defined as Priority 1 or 2 (including Service Requests, planned maintenance, Major Updates and Releases, queries or requests for account/user modifications)

"Respond" means in respect of an Incident, the taking of a meaningful action and communication of that action by telephone and/or Email during the relevant Support Hours, (such communication to include the action being taken and estimated restoration time). Where MPP is required to Respond to the Customer or a third party provider of support, such obligation will include an obligation to keep the Customer regularly and fully informed of the status of the monitored event.

"Restore", "Restored" means the activity by MPP, which results:

(a) in the Payment Solution and/or Hosting Services working and available to the End-User and the Customer in accordance with the terms and conditions of this Agreement; and/or

(b) The Incident is resolved,

which may include a temporary fix or work around.

"Service Request" means a request for general information or points of clarification on functionality or feature of the Payment Solution and/or Hosting Services.

"Support Hours" means:

a) the live production environment Payment Solution and Hosting Services available, supported and monitored by MPP on a twenty-four (24) hours a day, seven (7) days a week basis including public holidays;

b) MPP supporting Priority 1 Incidents occurring in the live production environment on a twenty-four (24) hours a day, seven (7) days a week including public holidays;

c) MPP supporting Priority 2 and Priority 3 Incidents and handling of all other matters relating to the Payment Solution and/or Hosting Services during a normal Business Day, unless otherwise agreed with the Customer; [#LA - Consider in context of priority 2]

d) MPP implementing any Planned Maintenance or changes to the Payment Solution and/or Hosting Services during a normal Business Day, unless otherwise agreed with the Customer;

document.docx Page 58

e) MPP providing administrative support of eHQ during a normal Business Day, unless otherwise agreed with the Customer;

f) MPP providing problem fixing services relating to the Payment Solution and/or Hosting Services during a normal Working Day, unless otherwise agreed with the Customer; or

g) MPP providing management services and dealing with Service Requests from the Customer during a normal Business Day. [#Need to consider issue of users being outside of the territory – amend definition of Business Day to mean US and UK and that would cover most time zones for most of the day.]

"Support Service Credit" means the reduction in the level of charges payable by the Customer to MPP as a result of the level of support services supplied by MPP falling below the standards defined in Section 5.8 of this SLA.

3. MPP’S OPERATIONAL SUPPORT RESPONSIBILITIES

MPP agrees to provide the following support services to the Customer in respect of the Payment Solution:

3.1 MPP shall support, manage and maintain all relevant versions and functions of the Payment Solution and/or Hosting Services, ensuring that all the systems and services utilised integrate seamlessly with each other and are as defined in the Business Requirements Document agreed between the Parties. This support shall include the provision of Incident management and a contact facility, including Incident co-ordination, calling on third party support providers where applicable, managing third party support providers and acting in accordance with their advice, escalation procedures and resolving any issues that affect the Payment Solution.

[3.2] MPP shall provide appropriate and relevant End-User operational support in accordance with the End-User Support Service Level Agreement attached at Schedule [#].

3.2 MPP shall provideand information to the Customer via the eHQ as required for the administration of the End-User accounts and the handling of any End-User queries that the Customer receives (to the extent not handled by the End-User Support Supplier).

3.3 MPP shall make available an operational and technical single point of contact facility, which shall enable the reporting of any Incidents on a twenty-four (24) hour, seven (7) days a week basis including public holidays.

[3.4] MPP shall provide appropriate monitoringmonitor and provide fault diagnosis to all elements of the Payment Solution and/or Hosting Services.

[3.5] MPP shall ensure that the production environment Payment Solution and/or Hhosting Sservices has have been optimised and performs to the levels agreed between the Parties and that the systems and services used in connection with the Payment Solution and/or Hosting Services operate within the parameters advised by the manufactures and/or third party providers of those systems and services used. [#What manufacturers and third party providers?]

3.4[3.6] MPP shall inform the Customer in writing regarding: [#LA – to provide timing info.]

document.docx Page 59

3.4.1 Planned Maintenance – [#] days in advance;,

3.4.2 Emergency Maintenance - [#] days in advance;

3.4.3 Releases - [#] days in advance;and

3.4.4 Major Updates - [#] days in advance.

[3.7] MPP supports up to three hundred (300) transactions Transactions Per Minute within one (1) minute. Subject to the agreement of the Parties pursuant to Section 6.1.6 of this Agreement,In the event the number of Transactions Per Minute exceeds this threshold, MPP shall as soon as reasonably possible be obliged to modify the Payment Solution such that either up to five hundred (500) Transactions Per Minute or up to one thousand (1000) Transactions Per Minute or up to two thousand (2000) Transactions Per Minute can be conducted within one (1) minute. The Customer agrees to pay Uplift Fees for Transactions Per Minute upgrades and provide at least two (2) months’ notice to MPP of the need for such Transactions Per Minute upgrades.

3.5[3.8] MPP shall ensure that any Major Updates and Releases are fully tested (prior to implementation) with all changes implemented such that the Payment Solution and/or Hosting Services continues to function and perform at least to the same level of performance prior to the implementation of the Major Update and Releases, unless otherwise agreed in writing by the Customer.

3.6[3.9] The Customer and MPP shall jointly provide the appropriate capacity planning services in relation to the Payment Solution in order to meet the agreed performance needs of the Customer. [#LA/Gary – to discuss how we should amend this v open ended obligation or whether we can live with it as is .]

[3.10] MPP shall be responsible for the physical and logical security (including both physical and logical security) of the systems used in relation to the Payment Solution and/or Hosting Services in accordance with clause 10 and Schedule E.

3.7[3.11] MPP shall through version management and impact analysis, manage and maintain full operational status of the Payment Solution and/or Hosting Services.

[3.12] MPP shall use commercially reasonable efforts to communicate to the Customer in writing any event that may potentially and/or abnormally affect the Payment Solution and/or Hosting Services at least ten (10) days in advance of the event taking place and shall provide details of its proposed action plan and timeline developed to circumvent and/or resolve the problem.

[3.13] MPP shall ensure that appropriate End-User messages are used within the Payment Solution in the event of an Incident occurring resulting in the Payment Solution not being available to the End-User or unsuccessful authorisation of a payment card or access to an account. Where such messages refer to the Customer or the Customer Services, then the Customer’s prior written consent shall be required. If downtime reaches twenty (20) minutes, Customer may display a notice advising End-Users that the Services are temporarily unavailable on behalf of MPP (including as a result of Planned Maintenance, Releases and Major Updates). Such notification shall at a minimum include the time and date of the planned outage, duration and scope of impact, including limitations on services and geographic applicability. [#LA – would we add a notice ourselves? If not, will delete wording I have added from Invideous agmt here.]

document.docx Page 60

MPP shall ensure that at all times it keeps an up to date and restorable Encrypted back-up copy of all Payment Solution versions, all Data relating to and used in the Payment Solution systems configurations, so that such back-up copies can be transferred and the Data restored on Customer (or agreed third party) equipment in the event of a prolonged Payment Solution outage. The scope and frequency of the back-ups will be agreed in writing between the Parties[#how frequently? Daily? See Alan’s response below.] with such agreed policy to be reviewed at least once in any six (6) month period if requested by the Customer. In addition, MPP shall upon a reasonable request by the Customer provide evidence within [#set time frame – sufficiently tight to make sure they don’t have time to get their house in order.] that the back-up copies of the Payment Solution can effectively be used to restore the systems and services. All back-ups shall be stored ‘off site’ from the Payment Solution and/or Hosting Services. [#Alan’s response - At least daily; however, daily backups might be acceptable for a business that handle 50 transactions per day, but is far less appropriate for a business handling 5000 transactions per day (or more). Perhaps the more versatile approach here is to stipulate that SPE lose no more than X transactions in the event of a disaster (or from the moment a request for a copy is made), where X represents the accepted risk, and let MPP decide the backup strategy to support that requirement.

Gary, how many lost transactions would you consider acceptable?]

3.8 MPP shall ensure that where the back-ups are required to recover the systems to a working state that they are retrievable from storage such that the Payment Solution and/or Hosting Services is Restored within the Priority 1 service level (as set out in the table in Section 5.6 and Section 6.3.10 of this SLA).

3.9[3.14] MPP shall promptly reply in full to any Service Requests it receives from the Customer and in any event reply in full no later than five (5) Business Days following receipt of the request from the Customer. [#LA – Have added “Service Request” as a priority 3 incident. Is that sufficient? So it will be logged within 4 hours and restored within 5 days. Note also amendment to definition of “Restore”. OK?]

3.10[3.15] MPP shall provide all necessary support and assistance as reasonably requested by the Customer during any Customer approved migration of the Payment Solution to Customer hosted systems including any Data captured, provided the reasonable costs are met by the Customer. [#LA - to discuss - want to avoid them increasing price for such an event where we need to make such a transfer.]

3.11[3.16] MPP shall ensure and keep any End-User Data obtained via the Payment Solution in a safe and secure environment and in a manner that ensures easy access by the Customer to such End-User Data upon a reasonable request.

[3.17] The CustomerMPP shall be responsible for all administration of End-User accounts relating to access to the eHQ, including changes to setting account configurations, changes or the resetting of End-User passwords, setting up new roles with appropriate access rights, and deleting accounts, in accordance with End-User information supplied in writing by the Customer’s support representatives.

[3.18] As well as the Primary Contact, MPP shall nominate appropriate operations and support representatives who will communicate on a regular basis with Customer’s operations and support representatives regarding the Payment Solution. MPP’sMPP’s representatives shall also communicate regularly with third party support providers and/or services used in the provision of the Payment Solution and/or Hosting Services, when appropriate to do so. [#LA - How often?]

document.docx Page 61

4. CUSTOMER OPERATIONAL SUPPORT RESPONSIBILITIES

The Customer agrees to provide the following to MPP in respect of the Payment Solution:

[4.1] Customer shall make available points of contact facilities, which shall enable the reporting of service-affecting Incidents Incidents with the live production Payment Solution and/or Hosting Services on a twenty-four (24) hours, seven (7) days a week basis, including public holidays as per clause 8 of this Schedule C.

4.1[4.2] The Customer shall notify MPP in writing regarding any operational and procedural changes it deems appropriate to the Payment Solution. For the avoidance of doubt, the Customer shall submit to MPP in writing any Major Updates it requires to the Payment Solution.

[4.3] The Customer shall use commercially reasonable efforts to give at least four (4) weeks prior written notice to MPP as soon as reasonably possible of any projected increases in or abnormal use of the Payment Solution that may affect the Payment Solution and/or Hosting Services for the purposes of planning, management or capacity planning work that MPP may be required to do to the Payment Solution and/or Hosting Services.

[4.4] The Customer shall nominate appropriate operations and support representatives who will communicate on a regular basis with MPP’sMPP’s operations and support representatives regarding anything relating to the Payment Solution as per clause 8 of this Schedule C.

5. PERFORMANCE STANDARDS, KEY PEFORMANCE INDICATORS & SUPPORT CREDITS

5.1 The Parties agree that the Performance Standards and KPIs set out in this Agreement represent a means of measuring the performance and quality of the Payment Solution and/or Hosting Services.

5.2 If MPP fails to achieve any one or all of these Performance Standards and KPIs in any calendar month, then MPP shall implement an Improvement Plan in order to ensure that the performance of the Payment Solution and/or Hosting services is back up to the agreed Performance Standards and that the KPIs are adhered to for the remainder of the Agreement Term.

[5.3] In the event that MPP (i) repeatedly fails to achieve any three (3) or all agreed Performance Standards and/or KPIs in a [#month/week] or (ii) a single Performance Standard and/or KPI failure occurs three (3) times or more over a 3-month rolling period, then the matter shall be escalated up to each Parties’ principal representatives, and shall be deemed to be a material breach of this Agreement by MPP as set out in Section 21.1 of this Agreement.

[5.4] Where MPP is affected by or unable to perform to the agreed Performance Standards and/or KPIs as a direct result of an Internet failure beyond MPPs control or an error or fault occurring for which the Customer and/or End-User is responsible for, then MPP shall not be judged to have failed to meet the relevant Performance Standard and/or KPI during the period of that failure, error, fault or on-going problem. [#What if as a result of End Users breach of MPPs security? Should not therefore result in being excluded from MPPs failure..]

5.3[5.5] Performance Standards [#LA – adjust numbers accordingly. Seem low.]

document.docx Page 62

[5.5.1] MPP shall ensure that the live production environment Payment Solution and/or Hosting Services is available on a twenty-four (24) hours, seven (7) days a week basis including public holidays to Customer and the End-User (as appropriate), excluding downtime due to Planned Maintenance.

5.3.1[5.5.2] MPP shall ensure that the Payment Solution and Data stored by MPP is secure at all times.

5.3.2 Payment Solution Availability target is ninety-nine point nine five nine per cent (99.9599%) per calendar month.

[5.5.3] Hosting Services Availability target is ninety-nine point ninety-nine per cent (99.9599%) per calendar month.

5.3.3[5.5.4] MPP shall ensure that the Payment Solution is capable of through-putting and completing at least three hundred (300) Transactions Per Minute unless otherwise agreed by the Parties pursuant to Section 6.1.6 of this Agreement.

5.3.4[5.5.5] MPP shall ensure that the Payment Solution responds to End-User requests in real-time with 98% of requests being responded to within 10 seconds. [#LA – to discuss. MPP want to protect themselves in the sense that they don’t control the duration of the process – payment organisations responsible for some. What level of response time would you expect where they control the process?]]

5.3.5[5.5.6] MPP shall ensure that the Payment Solution and/or Hosting Services operate such that logged transaction errors for End-User responses are less than zero point zero one per cent (0.01%) of all End-User requests received by those systems. [#LA to confirm ok.]

5.3.6[5.5.7] MPP shall ensure that the verification of an End-User payment transaction is accepted or rejected in real-time with 98% of payment transactions being responded to within thirty (30) seconds. [#LA. See comment above]

5.3.7[5.5.8] MPP shall ensure that all End-User Data is backed up at least once a day. [#LA - ok?]

[5.5.9] MPP shall use commercially reasonable efforts to ensure that there is no more than one (1) Priority 1 Incident in any given month relating to the Payment Solution and/or Hosting Services. [#LA – per month/longer? Say 6 mths?.]

[5.5.10] MPP shall use commercially reasonable efforts to ensure that all Incidents classified as Priority 1 are recovered Restored within 1 hour of being logged by MPP.

5.3.8[5.5.11] MPP shall continually support and monitor the Availability and functionality of the Payment Solution and/or Hosting Services.

5.3.9[5.5.12] MPP must ensure that the End-User terms and conditions of use of the Payment Solution are easily accessible and available in the Websites. [#Are these in addition to our TOS? If so, where are these?]

5.4[5.6] Key Performance Indicators Table [#LA – please confirm this is all ok.]

document.docx Page 63

REF KPI KPI FAILURE MATERIAL BREACH OF KPI

1 Payment Solution and Hosting Services Availability target is ninety-nine point nine five nine per cent (99.9599%) per calendar month.

Availability falls below 99.9599% in calendar month, excluding downtime due to Planned Maintenance.

Availability falls below 99.95% in a calendar month excluding downtime due to Planned Maintenance.

2 MPP shall ensure that the Payment Solution is capable of through-putting and completing at least three hundred (300) Transactions Per Minute unless otherwise agreed by the Parties.

Through-put threshold is less than 300 Transactions Per Minute.

Through-put threshold is less than 150 Transactions Per Minute.

3 MPP shall ensure that the Payment Solution responds to End-User requests in real-time with 98% of requests being responded to within 10 seconds.

Less than 98% of End-User requests take longer than 10 seconds to respond to.

Less than 95% of End-User requests take longer than 10 seconds to respond to.

4 MPP shall ensure that the Payment Solution and/or Hosting Services operate such that logged transaction errors for End-User responses are less than zero point zero one per cent (0.01%) of all End-User requests received by those systems.

More than 0.01% transaction errors logged for all End-User response requests, where MPP’sMPP’s systems are the root cause.

More than 10.05% transaction errors logged for all End-User response requests, where MPP’sMPP’s systems are the root cause.

5 MPP shall ensure that the verification of an End-User payment transaction is accepted or rejected in real-time with 98% of payment transactions being responded to within 30 seconds.

Less than 98% of End-User payment transaction requests take longer than 30 seconds to respond to, except where the issue is shown to be caused by a 3rd party such as a Payment Organization.

Less than 95% of End-User requests take longer than 30 seconds to respond to, except where the issue is shown to be caused by Customer Third Party Software or Customer Third Party Interfaces.

document.docx Page 64

REF KPI KPI FAILURE MATERIAL BREACH OF KPI

6 MPP shall use commercially reasonable efforts to ensure that there is no more than one (1) Priority 1 Incident in any given month [#6 mths?] relating to the Payment Solution.

[#How frequently would we expect a priority 1 incident to occur?]

Between 2 and 3 Priority 1 Incidents occur in a calendar month. [#Can’t have 2 ½ incidents]

More than 3 or more Priority 1 Incidents occur in a calendar month.

7 MPP shall use commercially reasonable efforts to ensure that all Incidents classified as Priority 1 are recovered within 1 hour of being logged by MPP.

Between 2 and 3 Priority 1 Incidents take longer than 2 hours [#LA – 2 in more than 2 hours ok?] of a logged Incident to resolve between 06:00 and 18:00.

Between 2 and 3 Priority 1 Incidents take longer than 6 hours of a logged Incident between 18:00 and 06:00. [#Time of logging should not make a difference to response time for Priority 1 incidendents

More than 3 or more Priority 1 Incidents take more than 8 6 hours [#LA – 3 in 6 htrs ok?] of a logged Incident to recover resolve from where the Incident has occurred between 06:00 and 18:00.

More than 3 Priority 1 Incidents take more than 12 hours where Incident occurs between 18:00 and 06:00.

8 MPP shall use ensure that there is no more than [#] Priority 2 Incident in any given month

[#How frequently would we expect a priority 2 incident to occur?]

9 MPP shall use commercially reasonable efforts to ensure that all Incidents classified as Priority 2 are recovered within [#] hour of being logged by MPP.

[#8hrs resolution as per cl 6.3.10 below]

document.docx Page 65

REF KPI KPI FAILURE MATERIAL BREACH OF KPI

10 MPP shall use ensure that there is no more than [#] Priority 3 Incident in any given month.

[#Think we can delete this as these as Priority 3 Incidents can be instigated by us and End-Uers.]

11 MPP shall use commercially reasonable efforts to ensure that all Incidents classified as Priority 3 are recovered within [#] days of being logged by MPP.

[#5 business days resolution as per cl 6.3.10 below]

12 MPP shall ensure that the Payment Solution and Data stored by MPP is secure at all times

Security Incident that does not result in a loss of Data

Security Incident that does result in a loss of Data

5.5[5.7] Material Breach

5.5.1[5.7.1] In the event of a material breach of a KPI as referenced in the KPI table above, then the matter shall in the first instance be escalated to each Party’s principal representative and the Parties shall in good faith attempt to resolve all issues with respect to such breach.

5.5.2[5.7.2] The rights and remedies of each Party relating to a material breach of a KPI (which shall be treated as a non-curable material breach) are set out in Section 21.1 of this Agreement.

5.6[5.8] Support Service Credit Mechanism [#Get Olswang to review]

5.6.1[5.8.1] In the event of a KPI failure and/or material breach of a KPI in a calendar month, MPP shall provide Support Service Credits to the Customer using the following mechanism:

5.6.2[5.8.2] Each KPI failure in a calendar month shall be equal to one (1) point and each point shall be the equivalent to five percent (5%) of the License and Support Fees [#Depending on ultimate fee structure and references included, this may need to change. ] payable by the Customer for the relevant calendar month, except where failure of one KPI results in the failure of other KPIs. For the avoidance of doubt, for a given Incident, only one (1) point is awarded when multiple KPI failures occur where one failure causes failure of other KPIs. [#Invideous]

document.docx Page 66

5.6.3[5.8.3] Each material breach of a KPI in a calendar month shall be equal to two (2) points and shall be equivalent to 10% of the Software Licence and Support Fees payable by the Customer for the relevant calendar month, except where material breach of one KPI results in the material breach of other KPIs. For the avoidance of doubt, for a given incident, a maximum of two (2) points are awarded when multiple material breaches KPI failures occur where one material breach causes material breach of other KPIs. [#invideous]

5.7[5.9] The following will apply in respect of Support Service Credits:

5.7.1[5.9.1] The Parties each acknowledge and agree that the Support Service Credits are a price adjustment to reflect the reduced level of service performed by MPP and are not an estimate of the loss or damage that may be suffered by the Customer as a result of a KPI failure.

5.7.2[5.9.2] The payment of a Support Service Credit by MPP is without prejudice to, and will not limit, any right the Customer may have:

5.7.3[5.9.3] to damages or non-monetary remedies at law or in equity resulting from, or otherwise arising in respect of, such KPI failure;

5.7.4[5.9.4] any claim for damages resulting from such KPI failure, in respect of which a Support Service Credit has already been paid, will be reduced by the amount of that Support Service Credit.

5.7.5[5.9.5] Support Service Credits will be applied against the first monthly invoice following the month when the performance report showing the KPI failures is issued by MPP.

5.8[5.10] Support Service Credit Exceptions

5.8.1[5.10.1] MPP shall have no liability whether by way of Support Service Credits or otherwise in respect of the non-Availability of the Payment Solution to the extent that it is caused by:

5.8.2[5.10.2] the negligent act or omission of the Customer or any of its personnel;

5.8.3[5.10.3] the failure of Customer systems, networks or service and Customer Third Party Software, other than a failure of such equipment, network, service or software caused by any act or omission of MPP or any of its personnel or breach of its maintenance obligations (if any) in respect of such equipment, network, service or software;

[5.10.4] a Force Majeure event.; or

a requested and/or approved change in performance applied to the Payment Solutions as agreed to by the Parties through the Operational Change Procedure.

5.9[5.11] Improvement Plan

5.9.1[5.11.1] In the event of a Performance Standard or KPI failure in any calendar month, MPP shall promptly implement a performance Improvement Plan as follows:

document.docx Page 67

5.9.2[5.11.2] MPP shall promptly carry out an investigation into the performance problem;

5.9.3[5.11.3] upon completion of the investigation, MPP shall promptly report to the Customer the results and actions required to improve performance and if reasonably possible permanently remedy the cause of the performance problem;

5.9.4[5.11.4] MPP shall implement the agreed actions to be taken to improve performance and shall keep the Customer regularly informed of progress to completion of the work; and

5.9.5[5.11.5] the cost of any implemented Improvement Plan remedies including the cost of conducting the Improvement Plan shall be at the cost of MPP unless otherwise agreed by the Customer.

6. OPERATIONAL SUPPORT PROCEDURES

6.1 Maintenance including Releases and Major Updates

6.1.1 MPP shall communicate in writing via the Operational Change Procedure at least ten (10) Business Days in advance of any requirement to conduct Planned Maintenance, Releases and Major Updates. This procedure shall include any Hosting Services infrastructure (environmental) maintenance work. [#LA – timing ok? Add to clause 3.7 when decided.]

6.1.2 Planned Maintenance, Release and Major Update requests shall contain details of the required work, the potential impact of the work to the Payment Solution and/or Hosting Services, the back-out plan, the date and time of the maintenance, Release and/or Update and how long the maintenance, Release and/or Update will take to complete. Unless otherwise agreed, all Planned Maintenance, Releases and Major Updates affecting the continued Availability of the Payment Solution and/or Hosting Services will be carried out during non-peak usage hours (based on historical information on use) for the Payment Solution and Services as agreed in advance between the parties in writing.

6.1.3 MPP shall commercially reasonable efforts to limit Planned Maintenance that will affect the Availability of the Payment Solution to no more than four (4) hours in any calendar month, unless otherwise agreed by the Customer. [4 hrs/ mth seems high. LA?]

6.1.4 When requested by the Customer to do so (for reasonable business reasons i.e. a major or high profile event), MPP shall use commercially reasonable efforts to defer any requested Planned Maintenance, Releases and/or Major Updates to a more convenient time for the Customer.

6.1.5 MPP shall commercially reasonable efforts to inform Customer at least 24-hours in advance that any agreed Planned Maintenance has been cancelled. [#LA? Timing sufficient?]

[6.1.6] MPP shall notify the Customer as soon as reasonably possible of any Emergency Maintenance required to the Payment Solution and/or Hosting Services, providing all appropriate details in order to establish if the maintenance work will have an impact on the Availability of the Payment

document.docx Page 68

Solution. Where Emergency Maintenance does affect the Availability of the Payment Solution, the event will be treated as a Priority 1 Incident and the appropriate service levels, performance levels and KPIs shall apply unless otherwise agreed by the Customer, (excluding any Payment Solution downtime due to the implementation of advised critical security patches scheduled in accordance with clause 6.1.1 above). Such Emergency Maintenance work shall be escalated by both Parties immediately.

6.2 Monitoring & Systems Fault Diagnosis

6.2.1 MPP shall be responsible for ensuring that appropriate monitoring takes place on a twenty-four (24) hours a day, seven (7) days a week including public holidays, for all mission critical elements of the Payment Solution (including eHQ, eManagement user pages and authorisation APIs) and/or Hosting Services including the Internet connection. This shall include automated and manual monitoring to a level where all critical (Priority 1) alarms are escalated immediately upon detection to the appropriate support team as more particularly described in Section 6.4.4 of this SLA. [#LA – can we define the eMgmt user pages and authorisation APIs? I need to better understand what they are. Consider adding them to definition of Payment Solution.]

6.2.2 Any automated monitoring tools used by MPP shall be of best industry standard and capable of providing prior warning of Priority 1 events and accurate diagnosis of problems or faults within the Payment Solution (including eHQ, eManagement user pages and authorisation APIs) and/or Hosting Services.

[6.2.3] MPP shall ensure that any system generated flags for faults regarding the Payment Solution (including eHQ, eManagement user pages and authorisation APIs) and/or Hosting Services are logged with the appropriate support team within five (5) minutes of being triggered (this may include any rack alarms going off). Faults occurring to manually monitored elements of the Payment Solution [#insert eMgmt, etc references if required] and/or Hosting Services shall be logged within ten (10) minutes of being detected by MPP’sMPP’s support team. [#Which parts are automatic and which parts are manually monitored?]

6.2.3[6.2.4] MPP shall ensure that it has adequate fault diagnosis tools to aid with restoring the Payment Solutions (including eHQ, eManagement user pages and authorisation APIs) and/or Hosting Services, as relevant.

6.2.4[6.2.5] MPP shall monitor the availability of the connectivity to the Internet in relation to the Payment Solution (including eHQ, eManagement user pages and authorisation APIs) and/or Hosting Services.

6.3 Incident Management

6.3.1 MPP will be responsible for managing all Incidents with the Payment Solution and/or Hosting Services and applying the appropriate Incident classification to the event. This includes the management of all Incidents with Suppliers, MPP Third Party Software, third party systems and services and the management of such third party support providers to those systems and services used by MPP in the provision of the Payment Solution. The Customer shall promptly inform MPP if in its reasonable opinion and for business reasons, a Priority 2 Incident should be re-classified as a Priority 1.

document.docx Page 69

6.3.2 MPP shall log all Incidents and communicate fully with the Customer during the relevant Support Hours.

6.3.3 The Incident service level clock shall start from the time a detected Incident has been logged by MPP’s support services and shall stop once Restore has been achieved or as may be otherwise agreed between the Parties.

6.3.4 MPP shall immediately commence remedial work or ensure that, if relevant, a third party support provider has immediately commenced with the remedial work during the relevant Support Hours.

6.3.5 MPP shall use commercially reasonable efforts to resolve the Incident within the agreed service levels (as per clause 6.3.10 below) and during the Support Hours.

6.3.6 MPP shall regularly communicate with the Customer until Priority 1’s and Priority 2’s have been Restored during the relevant Support Hours.

6.3.7 The reported Incident details shall in all cases clearly state whether the Incident has been identified as a repeating problem with the Payment Solution and/or Hosting Services or is a known and logged defect and/or bug.

[6.3.8] Any other issues or events or Service Requests relating to the Payment Solution and/or / Hosting Services shall be handled directly by the appropriate respective Primary Contacts on a case-by-case basis during Business Days.

6.3.8[6.3.9] MPP shall supply the Customer with a verbal summary and follow up Email within twenty-four (24) hours (where possible) of a Priority 1 occurring and a fully detailed written summary report within five (5) Business Days of the Restored Priority 1 Incident.

6.3.9[6.3.10] Incident management service level table: [#LA to confirm]

Incident classification Respond Restore Support Hours

Priority 1 Within 30 minutes of a logged Incident.

Within 2 hours of a logged Incident between 06:00 and 18:00 Greenwich Mean Time (GMT)

Within 6 hours of a logged Incident between 18:00 and 06:00 GMT

[#Do we want to make this distinction based on GMT? Alternatively, just make it 2 hrs from

24/7

document.docx Page 70

Incident classification Respond Restore Support Hours

logged Incident.]

Priority 2 Within 1 hour of a logged Incident

Within 8 hours of a logged Incident [#LA – ok?]

During a Business Day

Priority 3 Within 4 hours of a logged Incident

Within 5 Business Days of a logged Incident unless otherwise agreed [#LA – ok?]

During a Business Day

6.4 Incident Escalation

6.4.1 Either Party may instigate escalation of an Incident at any time. A Priority 1 shall be automatically escalated once communicated to the Customer and a Priority 2 or Priority 3 escalation shall commence once the Restore service level has been exceeded.

6.4.2 Escalation shall progress until the Services, including the Hosting Services, have been Restored during the relevant Support Hours (applicable to the Priority level).

6.4.3 At each stage of escalation MPP shall keep the Customer regularly and fully informed of the Incident status.

6.4.4 Incident Escalation table [#To clarify which person aligns with those referred to by MPP and to confirm you are ok with these escalation times]

Customer MPP Priority 1(24/7)

Priority 2(Business

Day)

Priority 3

IT Helpdesk Support Immediate 4 hours 1 Business Day

Service Operations Manager

Support Immediate 12 hours 3 Business Days

Product Manager

Technical Director

4 hours 24 hours 5 Business Days

Principal Director 24 hours 48 hours 10

document.docx Page 71

Customer MPP Priority 1(24/7)

Priority 2(Business

Day)

Priority 3

Commercial Contact

Business Days

6.5 Problem Management

With respect to the management of an Incident, after the Payment Solution and/or Hosting Services has been Restored, MPP shall keep the Customer regularly informed of progress regarding the resolution or permanent fix of the problem that caused the Incident to occur. If reasonably possible, such information shall include details about the cause, effect and the actions taken to achieve final resolution of the problem.

6.6 Systems & Services Management

6.6.1 MPP shall provide the Customer with impact analysis information for any patches or upgrades to the systems or services used in the provision of the Payment Solution and/or Hosting Services that may affect any element of the Payment Solution and/or Hosting Services, at least ten (10) days in advance of any patch or upgrade being implemented via Planned Maintenance (including Releases and Major Updates). [#Is timing ok? LA?]

6.6.2 MPP shall ensure that the Payment Solution and/or Hosting Services is kept up to date and functions in accordance with best practice in the IT industry.

6.6.3 MPP will remedy defects identified during any acceptance, performance or load-testing conducted by MPP.

6.6.4 MPP will operate a mechanism for registering known defects and/or bugs with the Payment Solution and/or Hosting Services which can be made available for review by the Customer upon a reasonable request.

6.6.5 MPP shall have tested any new Releases or Major Update prior to implementing any Release or Major Update and shall ensure that any applied Release or Major Update will not have an adverse impact on the Payment Solution and/or Hosting Services. [#Update documentation as a result. By when? 30 days after implementation?]

6.6.6 MPP shall manage version and configuration controls of the Payment Solution.

6.6.7 MPP shall ensure that any patch or upgrade to Hosting Services will not (unless approved by Customer) result in a decrease in the performance of the Payment Solution below the levels agreed to prior to the changes being made.

6.7 Security: Subject always to clause 10 and Schedule E to this Agreement,

6.7.1 MPP shall be responsible for all administration of system user accounts relating to access to any element of MPP’s systems used for the provision of the Payment Solution and/or Hosting Services, including

document.docx Page 72

changes to setting system user account configurations, changes to or the resetting of system user passwords, setting up new system users with appropriate access rights and deleting system user accounts.

6.7.2 MPP shall be responsible for the physical and logical security of the Payment Solution and/or Hosting Services continuously on a twenty-four (24) hour, seven (7) days a week basis including public holidays. This shall include guarding against unauthorised access, alteration or destruction of any element of the Payment Solution and/or Hosting Services.

6.7.3 MPP shall ensure that any physical or logical access to the Payment Solution and/or Hosting Services is only possible for authorised employees and Customer representatives to enable them to perform their duties.

6.7.4 MPP shall ensure that any confidential price-related and other Data it receives from Customer and End-Users is kept securely and only available and used by authorised people and shall make such information available to the Customer as necessary and in accordance with the terms of this Agreement.

[6.8] Reporting [#To discuss. What in addition to financial reporting would you like?]

[6.8.1] MPP will provide to the Customer a Performance Standards report no later than five (5) Business Days after the end of the reported calendar month detailing anyWhere Incidents that have taken place and/or where there has been a failure to meet agreed Performance Standards and/or KPIs in a particular calendar month., MPP will provide to the Customer a Performance Standards report no later than five (5) Business Days after the end of the reported calendar month. Such reports shall detail the following: [#Would also report if nothing happens.]

6.7.5[6.8.2] Incident summaries, including date, logged detection, time, closure time and priority classification;

6.7.6[6.8.3] date, time and duration of Planned Maintenance work, Releases and Major Updates; and

6.7.7[6.8.4] Performance Standard and/or KPI failures.

6.8[6.9] A Priority 1 Incident management summary shall be provided by MPP to the Customer no less than three (3) Business Days after the event occurring.

6.9[6.10] Any ad hoc reporting requests by the Customer to MPP shall be chargeable by MPP on a times and materials basis at the rates set out in Section 6.1.8 of this Agreement and dealt with on a case-by-case basis and supplied by MPP as agreed in writing between the Parties. [#Gary, LA and finance to ensure we have all the reporting we need under eHQ. Any other reporting likely?]

6.10[6.11] Reviews

6.10.1[6.11.1] Both Parties agree, at their own expense, to communicate and/or meet on a regular basis to discuss all elements of the Payment Solution, Customer Support and/or Hosting Services including Incidents, problems or related issues and events.

document.docx Page 73

6.10.2[6.11.2] This communication shall also include agreeing changes to this SLA and the End-User Support SLA, with any changes to be agreed in writing and signed by both Parties. [#Delete from here once End-User Support SLA set out.]

[6.11.3] MPP’sMPP’s nominated representative shall be responsible for organising and writing the minutes for these reviews, which, if it has been agreed to meet, shall take place at Customer’s premises, unless otherwise agreed. The minutes of any meeting shall be sent to Customer’s principal representative no later than five (5) Business Days of the meeting taking place.

6.10.3[6.11.4] Each Party shall be responsible for organising any other ad hoc meetings or communications regarding the Payment Solution and/or Hosting Services as it reasonably deems appropriate.

6.10.4[6.11.5] Either Party may call a technical review in the event of the KPIs and/or service level targets not being achieved in any calendar month.

[7.] END-USER OPERATIONAL PROCEDURESEHQ OPERATION

6.11[7.1] eHQ Access Administration

[7.1.1] MPP shall provide the nominated Customer representative with a list of Customer support Support and administrator names and roles who are required to access eHQ. [#And End-User Support?]

6.11.1[7.1.2] MPP will establish a “parent” eHQ with the Customer and “clone” eHQs with separate Customer access (including usernames and passwords) for other Customer Services offered to End Users by Customer or its Affiliates.

6.11.2 It is the Customer’s responsibility to ensure that the list of users who are permitted to access eHQ pursuant to Section 7.1.1 and 7.1.2 above from time-to-time is kept up to date to include any changes made to such users, provided that the Customer's representative has informed MPP in writing of any account changes required.

6.11.3[7.1.3] The Customer will notify MPP in writing (Email) of any changes required to the user accounts including new details of new roles and their access levels.

6.12[7.2] eHQ Operational Support

6.12.1[7.2.1] Any maintenance work required to the systems used providing eHQ shall be managed in line with Section 6.1 above.

6.12.2[7.2.2] For any Incident occurring with eHQ the procedures set out in Sections 6.3, 6.4 and 6.5 above shall apply.

7.[8.] CONTACT DETAILS

These details will change from time-to-time and it shall be the responsibility of the principal representative of each Party to update the other Party of such changes.

document.docx Page 74

Customer MPP

Incident point of contact: IT Service Desk

Telephone: ................................

Email: ................................

Incident point of contact:Customer Support

Telephone: 0844 778 7283

Email: support@mppglobal.com

2nd Level Incident escalation point of contact: Service Operations Manager

Name: ................................

Telephone: ................................

Mobile: ................................

Email: ................................

2nd Level Incident escalation point of contact: Platform Manager

Name: Stephen Holly

Tel: 0844 873 1418

Mobile:

Email: stephen.holly@mppglobal.com

3rd Level Incident escalation point of contact: ................................................................

Name: ................................

Telephone: ................................

Mobile: ................................

Email: ................................

3rd Incident escalation point of contact:CTO

Name: Chris Cheney

Telephone: +44 (0) 844 873 1418

Mobile: +44 (0) 7973 139 763

Email: chris.cheney@mppglobal.com

Final principal point of contact:................................................................

Name: ................................

Telephone: ................................

Mobile: ................................

Email: ................................

Final principal point of contact: CEO

Name: Paul Johnson

Telephone: +44 (0) 844 873 1418

Mobile: +44 (0) 7968 539 342

Email: paul.johnson@mppglobal.com

[#To discuss noting incident levels.]

US Support Contacts

Name Direct Telephone EmailMike Weksler  (310) 244-

9088                      mike_weksler@spe.sony.com

Nancy Motherway          (310) 244-9592                      

nancy_motherway@spe.sony.com

Dawn Boughton (310) 244-3628                      

dawn_boughton@spe.sony.com

Kristen Huntley (310) 244-6372 kristen_huntley@spe.sony.com

UK Support Contacts

Name Direct Telephone EmailJaspal Jandu

Gergo Szabo

document.docx Page 75

document.docx Page 76

SCHEDULE D - TERMINATION ASSISTANCE SERVICES [#WOULD YOU EXPECT TO PAY FOR THAT?ADVANTAGEOUS]

The Parties shall comply with the terms of this SCHEDULE D in order to ensure a smooth migration of the Services and other related materials to the Customer on termination or expiry of this Agreement (whichever is the sooner).

1. MPP shall, from the expiry or termination of this Agreement, provide reasonable assistance to the Customer in order to facilitate the successful exit from the Agreement without undue delay or obstruction.

2. MPP shall continue to provide the Services (in accordance with the terms and conditions of this Agreement and, in the case of termination of the Agreement, as if this Agreement had not been terminated) until the date agreed between the Parties' project managers pursuant to Paragraph 3 for completion of the termination assistance services which in any event shall be no shorter than six (6) months and which may be reduced or extended by Customer in its sole determination.

3. In the event that the Parties have not done so prior to termination or expiry of the Agreement, the Customer and MPP shall each appoint a project manager by the earlier of (i) one (1) Business Day after the termination of this Agreement; and (ii) five Business Days after either Party receives notice of termination from the other Party, in the case of termination of this Agreement.

4. Immediately after appointing the project managers, such project managers shall work together to agree and sign off a termination assistance project plan or in the case of termination an exit plan ("Exit Plan") within five (5) Business Days. Thereafter, the Parties shall implement the Exit Plan and the project managers shall manage it all the way through to completion of the termination assistance services. The Parties shall ensure that the Exit Plan completes on time and that all necessary resource, materials or facilities are put in place before the transferring of responsibilities, records, knowledge or systems that are specified in the Exit Plan.

5. The Exit Plan shall include, without limitation, a plan for the return of the Data and any other Confidential Information belonging to the Customer in a format and in accordance with a delivery schedule to be defined by Customer.

6. The costs for the implementation of the Exit Plan shall be agreed between the Parties in writing and shall be borne by the Customer at the rates set out in Section 6.1.8.

[7.] For the avoidance of doubt, and notwithstanding anything to the contrary contained in this Agreement, nothing contained in this Schedule will require MPP to disclose any of its MPP’s Intellectual Property Rights or Confidential Information to the Customer, its Affiliates or any third party replacement service provider.

document.docx Page 77

Schedule E

Information Security Program Safeguards

MPP shall be responsible for developing, implementing, and maintaining a comprehensive information security plan reasonably acceptable to Customer, which shall satisfy the standards set forth in the Agreement and this Schedule E ("Security Plan").

MPP’S Security Plan shall be approved by its management and shall be designed to:

Comply with the then current PCI DSS prescribed by the PCI Security Standards Council or any successor organization thereto; and

Comply with the security requirements of this Agreement and such additional security requirements as Customer and MPP may from time-to-time agree upon.

At Customer's request, MPP shall provide Customer with an opportunity to review the Security Plan, and shall notify and give no less than 30 (thirty) days written notice to Customer prior to making any substantive changes to such security procedures and protections.

With respect to any matter that may reasonably affect the security of any systems, networks, hardware or software used to deliver the Services, MPP agrees to fully comply with any and all guidelines or policies pertaining to the provision of its obligations under this Agreement as notified to MPP by Customer prior to execution of this Agreement, as may be updated from time to time together with any additional guidelines and policies developed after the date of this Agreement and supplied to MPP.

1) INFORMATION SECURITY

(a) Physical Security

(1) Physical Security and Access Control – Safeguards to (i) maintain all systems hosting Customer Personal Data and/or providing services on behalf of Customer in a physically secure environment that provides an unbroken barrier to unauthorized access, (ii) restrict access to physical locations containing Personal Data, such as buildings, computer facilities, and records storage facilities, only to authorized individuals, and (iii) detect and respond to any unauthorized access that may occur.

(2) Physical Security for Media – Appropriate procedures and measures to prevent the unauthorized viewing, copying, alteration or removal of, all media containing Personal Data, wherever located.

document.docx

78

(3) Media Destruction – Appropriate procedures and measures to destroy (subject to applicable record retention requirements) removable media containing Personal Data when no longer used or, alternatively, to render Personal Data on such removable media unintelligible and not capable of reconstruction by any technical means before re-use of such removable media is allowed.

(4) Environmental Hazards – Measures to protect against destruction, loss, or damage of Personal Data or information relating thereto due to potential environmental hazards, such as fire or water damage or technological failures, as well as uninterruptible power supply (UPS) to ensure constant and steady supply of electricity.

(b) Technical Security

(1) Access Controls on Information Systems – Appropriate procedures and measures to control access to all systems hosting Personal Data and/or providing services on behalf of Customer (“Systems”) through the use of physical and logical access control systems, grant access only to authorized individuals and, based on the principle of least privileges, prevent unauthorized persons from gaining access to Personal Data, appropriately limit and control the scope of access granted to any authorized person, and log all relevant access events, including:

(i) Access Rights Policies – Policies and procedures regarding the granting of access rights to Personal Data to permit only the appropriate personnel to create, modify or cancel the rights of access of MPP’s employees, agents and subcontractors. Such policies and procedures must ensure that only designated information asset owners and their delegates may authorize and grant access to Personal Data. Systems or applications that can be used to access Personal Data must have strong passwords. On a monthly basis, MPP shall conduct reviews to ensure compliance with this Section (b)(1)(i).

(ii) Authorization Procedures for Persons Entitled Access – Appropriate procedures to establish and configure authorization profiles in order to enable personnel to have access to Personal Data to the extent that they need to know the data to perform their duties, and to enable access to more sensitive classifications of Personal Data only within the scope and to the extent covered by their respective access permission.

(iii) Authentication Credentials and Procedures – Appropriate procedures for authentication of authorized personnel, including use of Customer approved authentication to access any Personal Data on Customer’s networks or other systems.

(iv) Remote Access – Appropriate procedures and measures to prevent personnel performing remote system support from accessing Personal Data without end-user permission and presence and/or accountability during remote access sessions and subject to all applicable confidentiality obligations.

(v) Access Control via Internet – Appropriate procedures and measures to prevent the Systems or Personal Data from being used by unauthorized persons by means of data transmission equipment via the Internet or otherwise. No "administration" consoles for web server, application and database software will be accessible from the Internet. Any servers that can be used to transmit Personal Data to the Internet shall be configured with firewalls to only expose port 80 and 443 to the Internet.

(vi) Internet-Based Communications/Transmissions – Appropriate procedures and measures to ensure security and integrity of Internet-based email and other communications, including use of

document.docx

79

Encryption, time stamp and other techniques for transmission of sensitive Personal Data or other communications over the Internet. Only secure protocols such as SSL or SFTP may be used to transfer Personal Data on to the web servers and active monitoring of this shall be done to ensure only legitimate uploads and downloads.

(vii) Access Monitoring – Appropriate procedures and measures to monitor all access to Systems and Personal Data, including protocol analyzers for applications, network and servers, only by authorized MPP personnel, and to track additions, alterations, and deletions of Personal Data.

(viii) Intrusion Detection/Prevention and Malware – Appropriate and up-to-date procedures and safeguards to protect Personal Data against the risk of intrusion and the effects of viruses, Trojan horses, worms, and other forms of malware, where appropriate. MPP must make all reasonable attempts to ensure that basic DOS and DDOS measures are in place. MPP must implement active intrusion monitoring systems and monitor logs on a 24*7*365 basis alerting Customer within 4 hours of any breach detected.

(ix) Program Patching and Vulnerability Remediation – Appropriate procedures and measures to regularly update and patch operating systems, applications and databases to eliminate vulnerabilities and remove flaws that could otherwise facilitate security breaches. Security patches for high-level vulnerabilities (e.g. vulnerabilities that can result in compromise of server, loss of personal information, brand defacement) must be applied within 24 hours; security patches for non high-level vulnerabilities (e.g. invalid server SSL certificate, server or application misconfigurations) must be applied within 48 hours; and all operating system, web server, and application software security patches must be installed within 10 business days of patch release. Contractor must appropriately remediate any known vulnerabilities within a timely manner. If Contractor is unable to remediate vulnerabilities in a timely manner, Contractor must isolate any systems, applications, and databases from the Internet. Websites or systems that have direct or indirect access to the Internet shall not be opened to the Internet until such vulnerabilities have been fixed.

(2) Additional Application and Website Coding, Security, and Testing Requirements – If any application coding will be performed by MPP in connection with any application that processes or stores (or might allow access to) any Personal Data:

(i) MPP must write code that appropriately addresses known security risks. At a minimum, MPP must comply with any applicable published Open Web Application Security project ("OWASP") security guidelines and must address the current OWASP top ten web application security risks.

(ii) When new code is deployed or existing code modified, MPP must take all reasonable steps to ensure that the code is secure, including appropriate testing from a security vulnerability perspective, prior to going live on the Internet. Full regression testing must also be conducted to ensure that security remains strong across the entire site.

(iii) Captcha technology must be used when designing any website registration page to prevent ‘robot scripts’ from registering false users.

(iv) Any website with a login and password must be designed using strong passwords. All website "reset" password and "forgotten" password features must be designed to use an industry standard secure mechanism to reset user passwords.

(v) Any servers that host Personal Data or websites that provide an interface to access Personal Data must be security hardened using industry best practices, and all operating systems and software

document.docx

80

configurations (including applications and databases must conform to best industry security practices for such applications and databases).

(3) Data Management Controls

(i) Data Input Control – Appropriate procedures to enable MPP to check and establish whether, when, and by whom Personal Data may have been input into the Systems, or otherwise modified, or removed.

(ii) Data Processing Control – Appropriate procedures and measures intended to limit the processing of Personal Data to the uses permitted under the Agreement.

(iii) Access to Production Data – Appropriate procedures and measures to limit access to production Personal Data to authorized persons requiring such access to perform contracted services and to prevent other access to such Personal Data, except temporary access to production Personal Data to support specific business need.

(iv) Logs – All web server, application and database logs for systems or applications that process or store Personal Data must log sufficient data and information to recreate unauthorized activity. In the event of a breach, such logs must enable the tracing of unauthorized activity from the intrusion point through to table level access in a database. All such logs must be kept for a minimum of 1 year.

(v) Data Encryption – Appropriate procedures and measures to protect Personal Data so that it cannot be read, copied, changed or deleted by unauthorized persons while in storage and while it is being transferred electronically or transferred or saved on data media, including data encryption in storage on portable devices where appropriate in light of the sensitivity of the Personal Data. Any encryption schemes used shall be consistent with the strongest available industry best practices.

(vi) Backup, Retention, and Recovery – Appropriate backup and recovery procedures and measures to safeguard Personal Data from events resulting in the loss of data or in system unavailability from any cause, including but not limited to implementing and testing at least annually an appropriate business continuity and disaster recovery plan (including a data backup plan).

(vii) Secure Disposal – policies and procedures regarding the disposal of Personal Data, and tangible property containing Personal Data, taking into account available technology so that Personal Data cannot be practicably read and reconstructed.

(c) Organizational Security

(1) Responsibility – Assignment of responsibility for information security management. An information security group shall maintain a list of individuals authorized to access Personal Data, and shall be responsible for approving authorized access privileges to users, and documenting access security procedures. The information security group shall monitor and periodically review access levels, logging reports and access violation reports to detect inappropriate Systems activity and to facilitate the timely investigation of suspicious or unauthorized activity, and periodically conduct access reviews to verify that access assignments are appropriate. The information security group shall ensure that they conduct vulnerability assessments (infrastructure and application layer) at least once a month

document.docx

81

and also allow Customer’s information security staff to scan bi-weekly for vulnerabilities. Upon Customer’s request, MPP will provide the contact information for the information security group so they can be contacted 24*7*365 for support and security enquires. MPP will fully co-operate with Customer’s information security and investigations personnel should a breach occur and ensure that evidence is preserved in a forensically sound manner.

(2) Resources – Commitment of adequate personnel resources to information security.

(3) Confidentiality Agreements – Requirement that MPP’s employees, agents, and subcontractors, and others with access to Personal Data, enter into signed confidentiality agreements and agree to use the systems to perform only authorized transactions in support of their job responsibilities.

(4) Qualification of Employees – Appropriate procedures and measures to ascertain the reliability, technical expertise, and personal integrity of all employees, agents, and subcontractors who have access to the information system or Personal Data.

(5) Obligations of Employees – Appropriate procedures and measures to verify that any employee, agent or contractor accessing the Personal Data knows his obligations and the consequences of any security breach.

(6) Controls on Employees – Employee background checks, where and to the extent permitted under applicable law, for employees with responsibilities for or access to Personal Data.

(7) Compliance with Laws – MPP will fully comply with all local data privacy laws in relation to the storage of personal information.

(8) Enforcement – Appropriate disciplinary procedures against individuals who access Personal Data without authorization, or who otherwise commit security breaches.

(d) Additional Safeguards

(1) Security Incident Procedures – policies and procedures to detect, respond to, and otherwise address security incidents, including procedures to monitor systems and to detect actual and attempted attacks on or intrusions into Personal Data or information systems relating thereto, and procedures to identify and respond to suspected or known security incidents, mitigate harmful effects of security incidents, and document security incidents and their outcomes. MPP shall also designate a security official responsible for the development, implementation and maintenance of all the safeguards in this Schedule.

(2) Testing – MPP shall regularly test the key controls, systems and procedures of its Information Security Program to ensure that they are properly implemented and effective in addressing the threats and risks identified. Tests should be conducted or reviewed by independent third parties or staff independent of those that develop or maintain the security programs.

(3) Security Awareness and Training – a security awareness and training program for all members of MPP’s workforce (including management), which includes training on how to implement and comply with this Schedule.

(4) Adjust the Program – MPP shall monitor, evaluate, and adjust, as appropriate, the Information Security Program in light of any relevant changes in technology or industry security standards, the

document.docx

82

sensitivity of the Personal Data, internal or external threats to MPP or the Personal Data, requirements of applicable Statement of Works, and MPP’s own changing business arrangements, such as mergers and acquisitions, alliances and joint ventures, outsourcing arrangements, and changes to information systems.

2) ADDITIONAL OBLIGATIONS

For the avoidance of doubt, and in addition to the foregoing::

i. MPP shall provide a copy of its Security Plan to individuals who are granted access to the Website and Plugin and any Customer Confidential Information and Personal Data, and require such individuals comply with such Security Plan;

ii. MPP shall ensure that all software provided by MPP in connection with this Agreement (including any upgrades or updates) is tested for security vulnerabilities prior to release, and upon discovery of any such security vulnerabilities, MPP shall take prompt action to fix the same prior to release of such software; and

iii. MPP shall notify Customer immediately after discovery any security vulnerability in any such software; and

iv. MPP shall (a) comply with VISA’s, Mastercard’s and any other credit card issuer rules and regulations, including but not limited to their respective data security program requirements; (b) provide data security reports as required by such issuer, pay to such issuer any fines and/or penalties in the event that MPP or any third party fails to comply with such data security requirements; and (c) provide full cooperation and access to permit such issuer to conduct a security review of MPP’S policies and procedures. Customer reserves the right to immediately terminate this Agreement forthwith in the event that such issuer finds that MPP has failed to comply with its data security requirements or if MPP has failed to obtain a “passing grade” from such issuer.

3) SURVIVAL

All data privacy and security obligations shall survive any termination or expiration of the Agreement with respect to Personal Data.

document.docx

83