MARCH 202 2 1 Acceptable Use Policy INTRODUCTION This Acceptable Use Policy (“Policy”) defines the terms and conditions for the acceptable use of information and/or technology resources at Newfold Digital, Inc. Newfold Digital Inc., inclusive of its subsidiaries and affiliates (“Newfold” or “Company”) agrees to allow the individual identified below (“User”) to use Newfold’s technology systems and networks. All technology provided by Newfold, including computer systems, communication networks, Newfold - related records, and other information stored electronically, is the property of Newfold and not the user. SCOPE This Acceptable Use Policy applies to employees, contractors, and other third parties (“Users”) who require access to company resources across either a publicly accessible or a third - party network. Whether accessed on the User’s personal or Company - issued computer or cell phone, this Policy applies to Newfold’s hardware, software, proprietary technology, computer systems, networks, electronic re cords, email and email servers, internal chat and video conferencing systems, and vendor software (collectively referred to as the “technology”). Newfold recognizes that the use of the Internet and e - mail is necessary in the workplace, and users are encour aged to use the Internet and e - mail systems responsibly, as unacceptable use can place Newfold and others at risk. Newfold may alter or amend this Policy from time to time, in its sole discretion and without prior notice. • Note: Using Newfold’s access to the Internet is a privilege, not a right, and is conditioned on the User abiding by this Policy. RESPONSIBLITIES The User listed below understands and acknowledges that in using the Internet through Newfold’s access and/or other technology systems and networks of Newfold, he/she waives any privacy rights the User may have for such use. The User understands and acknowledges that Newfold may monitor the User’s use of Newfold’s Internet access and may also examine all system activiti es the User participates in, including but not limited to e - mail, voice , and video transmissions, to ensure proper system use. MARCH 202 2 2 In general, the use of Newfold’s technology systems and electronic communications should be job - related and not for personal conv enience. POLICY Newfold provides authorized users with the solutions and services necessary to provide the highest quality service to our customers. These solutions and services meet or exceed Newfold’s minimum required technical safeguards for protecting the security of electronic information. Accepting the use of these solutions requires users to understand that: • They must comply with all requirements (e.g., policies, procedures, and standards) published by Newfold; or • When compliance is impra ctical or implausible, gain appropriate approval, in the form of an Exception Request (See the section entitled, “Exceptions”) to use any solutions, not in compliance with Newfold policies, procedures, and standards. • Other policies may apply to the topics covered in this Policy and, as such, the user is required to review applicable policies as necessary. REQUIREMENTS User IDs, Passwords, and Tokens (aka C redentials) • Use only authorized user unique credentials to access Newfold’s technology resources, nev er someone else’s. • Do not share credentials. Authorized users will be accountable for any activity tracked to your credentials, regardless of who used those credentials. • Do not document credentials on paper, in note applications, or with similar means. • Use only approved storage mechanisms when storing credentials electronically. Contact the Information Security Team for options. • Do not send credentials electronically (e.g., email, chat, or text messages) unless you know they are encrypted. Data Handling • Provide only access to information that is required for the job. • Minimize the amount of data authorized users can collect. • Data will be shared only w ith users that require it. • Use only approved encryption when storing or sending sensitive data. Contact the Information Security Team for options at secops@newfold.com MARCH 202 2 3 • When it becomes necessary to store Confid ential or Restricted data (defined below) on paper, secure it in a locked container/area when left unattended. • Computer screens should be locked when away from your desk. • Use only Newfold approved internal storage solutions/drives or Newfold file servers for sharing files. • Storing Newfold data of any kind in public repositories (such as GitHub, Pastebin, etc.) is not permitted. • When sharing confidential or proprietary information or data with non - Newfold employees, make sure a Non - Disclosure Agreement is in place. If unsure , contact Legal at legal@newfold.com. • Backing up data on your laptop or desktop computer is your responsibility. Back up your data to a Newfold drive or one of the Newfold file servers. If unsure, contact IT Support by opening a ServiceNow ticket. • Delete/shred Confidential or Restricted data once you are done with it. This includes erasing whiteboards. Sensitive data may also be placed in Iron Mountain bins for secure destruction. Viruses and Malware • Never d ownload attachments/files from unknown or suspicious sources. • Do not plug in removable media if you don’t know the source of the media. • Don’t tamper with or attempt to disable workstation or server antivirus protection or local system firewalls. Contact secops@newfold.com for support. • Think you got a virus? Contact IT immediately via Cloud Desktop or email secops@newfold.com. Email • Use proper business etiquette when sending emails/texts/social media posts for business purposes. • Be suspicious of email attachments and use extreme caution when clicking on links or attachments from unknown sources. • Delete any spam, chain, or other junk mail you receive without forwarding it. • Report phishing attempts (i.e., requests from unknown email addresses to send sensitive data or to submit your login credentials to a website) to the Information Security Team for review at secops@newfold.com MARCH 202 2 4 Physical Security • To protect Newfold technology resources, it is important to protect access to our facilities. • You are responsible for technology resources issued to you by Newfold. You are expected to take proper care of it by: o Never leaving technology resources visible and unattended in cars, hotel s, airports, etc. o Protecting technology resources from environmental damage (e.g., water, dirt, etc.). o Notifying IT Support by submitting a ServiceNow ticket immediately if lost or damaged. This includes personal equipment that has Newfold or customer da ta on it. o You must return any Newfold technology resources and credentials when you leave Newfold employment. o We want all our employees and visitors to be safe in our facilities, so: ▪ Users must wear a Newfold - issued identification badge that is fully visible when in the office. ▪ Visitors to the facilities must wear a visitor badge and be where appropriate, escorted when in the facility unless they have been cleared with Human Resources beforehand. ▪ Do not prop open doors. ▪ Do not permit unknown individuals to follow you into our facilities. o Be careful discussing business matters outside of work in places like airports, pubs, and restaurants. Always be mindful of your surroundings. o If you lose your corporate keys or badge, notify the Fac ilities team immediately. Corporate Issued Equipment • Any equipment issued by Newfold is Newfold’s property and should be used for Newfold business only. • Occasional personal use is acceptable, but Newfold accepts no responsibility for the security and confidentiality of personal data. Personal Equipment • We allow using your personal equipment in our facilities or to do remote work with a few conditions. See our Remote Access Policy for more information. MARCH 202 2 5 Privacy • Any monitoring will be authorized and following applicable policies and local laws. Unless local law provides otherwise, there is no expectation of privacy for users of Newfold’s technology resources. • Newfold reserves the right to access, review and monitor in real - time (i.e., intercept) information or data entering, exiting, and traversing a Newfold technology resource, and any other usage of Newfold technology resources, including Newfold - issued phones, computers, and networks. • Newfold information transmitted via internal and external e - mail, voice mail, text messages, electronic chat messages, and other electronic communications are considered business records and may be subject to discovery in the event of litigation. o Users must be aware of this possibility when communicating electronically within and outside Newfold and should avoid or limit using non - corporate communication channels (such as personal mobile device text messaging) to communicate regarding work - related matters. PROHIBITIONS All authorized users are prohibited from: • Installing applications or taking any actions on Newfold technology resources that can disable, bypass, mask, tamper, or otherwise negatively affect the security of Newfold. • Users are prohibited from using any encryption software that Newfold has not approved for use. • Using the Internet for any illegal activity, including computer hacking and copyright or intellectual property law violations. • Accessing websites or chat areas that contain content that violates Newfold policy, such as content that is pornographic, racist, misogynistic, harassing, or discriminatory based on or any legally protected characteristic or status or portrays the use of illegal drugs or violence. o Note: Necessary access to customer websit es or chat areas is acceptable as part of work duties supporting a customer only. • Providing access to Newfold’s Internet access to unauthorized individuals. • Transmission or intentional receipt of any inappropriate material or material in violation of law or Newfold policy is prohibited. This includes, but is not limited to: o copyrighted material without the legal right to do so, including, but not limited to, software, magazines, books, or music. MARCH 202 2 6 o piracy, cracking, extortion, or blackmail; o threatening or obscene material; o material protected by trade secrets; o introducing malicious programs (e.g., viruses, Trojans, backdoors, etc.) into any technology s ystem or product; o obtaining or sending information that could be used to make destructive devices such as guns, weapons, bombs, explosives, or fireworks; o criminal activity or terrorist acts; o viewing, sharing, or posting any materials deemed lewd, obscene, vulgar, or pornographic as defined by prevailing community standards; o gambling; illegal solicit ation; o defamatory, racist, discriminatory, sexism or sexual harassment, or unlawful harassment or hostile activities of any kind; or o derogatory or inflammatory remarks about an individual’s race, age, disability, religion, national origin, physical abili ties, or sexual preference • Using inappropriate, abusive, or profane language in private messages or using Newfold technology resources to harass, insult, or verbally attack others. • Taking part in any activity related to Internet use creates a clear and p resent danger of the substantial disruption of the orderly operation of Newfold or any of its affiliates. • Sending unsolicited advertisements for the sale of products or services, pyramid schemes, or unlawfully harassing or threatening content from your Ne wfold email address. • Running any personal business/service from a Newfold facility or using a Newfold technology resource. • Using your Newfold email address or network login and password for personal use. • Making fraudulent offers of products, items, or services. • Representing personal opinions as those of Newfold. • Degrading or disrupting Newfold’s technology resources without authorization by, but not limited to, network sniffing, ping floods, denial of service, or forging routing information. MARCH 202 2 7 • Posting Confidential or Restricted data (defined below) or customer information to outside websites, message boards, blogs, or social media sites without express written permission (e.g., Twitter, LinkedIn, Facebook, GitHub, Pastebin, etc.). • Downloading or installing software that violates the Information Security Policy or that Newfold does not own a valid license to. The use of personally licensed software on Newfold technology resources is forbidden without authorization. • Tampering with, or modifying, Newfold technology resources, without authorization, in any way that duplicates, deletes, or makes inaccessible the data contained on the machine without authorization. • Installing, modifying, or operating electronic monitoring, including cov ert cameras or scanning equipment, without authorization. • Use of personal virtual private network (VPN) or traffic masking software on corporate devices. • Install personal modems, wireless access points, DSL, FIOS, cable modem, satellite, or cellular serv ices within Newfold facilities without authorization. • Backing up corporate information to personal backup/cloud services. If you do this, you will be required to cooperate with Newfold’s efforts to permanently delete that information from your online account. • Violating export control laws. • Causing congestion of the network through lengthy downloads of files or promulgation of spam. • Theft or vandalism of data, equipment, or intellectual property. • Gaining or attempting to gain unauthorized access to resources or files. • Identifying oneself with another person’s name or password or using an account or password of another user without proper authorization or letting another use your password or account without proper authorization • Using the network for financial or commercial gain. • Excessive personal use of Newfold’s computer and Internet access during working hours. • Reverse engineering, decompiling, disassembling, modifying, creating derivative works of the source code underly ing products of Newfold vendors or partners without proper authorization. MARCH 202 2 8 • It is against Newfold policy to disclose personal information, such as a home address, phone numbers, passwords, credit card numbers, or social security numbers; this also applies t o others’ personal information or that of Newfold. EXCEPTIONS Users seeking to obtain an exception to this Policy are required to submit a detailed explanation of the request along with written approval from their Supervisor to the Newfold Information Security Team (secops@newfold.com) for review, documentation, and approval by the Chief Information Security Officer. ENFORCEMENT The Newfold Information Technology and/or the Newfold Information Security teams in cooperation with the Human R esources and Legal departments will be responsible for enforcing this Policy. Violations may result in disciplinary actions, including suspension, restriction of access, or more severe penalties up to and including termination of employment. Users shall be liable for any costs (debts) for copyright violations or any infringement of the intellectual property of Newfold or any third party caused by a User’s use or misuse of any Newfold technology systems. If an activity is suspected to violate jurisd ictional law, (e.g., theft of physical or intellectual property, etc.) Newfold may elect to report the activity to the applicable authorities. DEFINITIONS Term Definition Accountable Required to justify actions or decisions to senior leadership. Confidential Data Data that is available to groups with a business need to know and for which there is controlled access. May cause financial, legal, or reputational damage if unauthorized or inadvertent compromise or disclosure occurs. * Restricted Data Data that is available to a very limited number of individuals and requires very strict access control. May cause serious financial, legal, or reputational damage if subject to unauthorized or inadvertent disclosure. * User An y Newfold badged employee, contractor, consultant, other third party or intern. Technology Resource Any computer, device, phone, or network. Visitor Any person using a Newfold facility or technology resource that is not an employee, contractor, consultant, or intern. * These definitions and this Policy are not intended to restrict in any way employees’ communication with each other and others about wages, hours, working conditions, or any other term or condition of employment. Such information may be disclosed as necessary for employees to exercise their rights.