Acceptable use policy

1. SCOPE AND APPLICABILITY. This Acceptable Use Policy (“AUP”) is incorporated by reference into agreements with Calastone Limited (“Calastone”) and provides a code of conduct applicable to all persons and entities, including customers and their employees, agents, contractors, affiliates, subsidiaries, and, if applicable, clients (collectively or individually, “Users”) using Calastone’s services, including but not limited to the Calastone Transaction Network, Calastone Data Services, and Calastone Execution Management System, in whatever form or name such services are used (“Services”).

2. ACCEPTABLE USE. Each User shall use the Services in accordance with this AUP and the applicable terms and conditions governing such Services.

3. UNACCEPTABLE USE

3.1. Illegal Use Users are prohibited from using the Services to commit or aid in the commission of any crime, fraud, or act which violates any applicable local, national, or international law or regulation.

3.2 Prohibited Content Users are prohibited from using the Services to transmit, distribute, disseminate, receive, publish, or store (a) any material in violation of any applicable local, national, or international law or regulation (b) material that infringes any patent, trademark, trade secret, copyright, or other intellectual property right of any party (c) material that is defamatory, abusive, or harassing; or that threatens or encourages bodily harm, destruction of property, or infringement of the lawful rights of any party or otherwise constitutes an illegal threat (d) material that constitutes, depicts, fosters, promotes or relates in any manner to child pornography, or any other sex acts (e) material that violates the privacy of any party as protected by applicable local, national, or international law or regulation (f) material containing software viruses, worms, Trojan horses, time bombs, cancelbots, or other harmful or deleterious computer code, or any computer code, files, or programs designed to disrupt; destroy; disable; invade, gain unauthorised access to; or corrupt, observe, or modify without authorisation, any data; network transmissions; software; computing or network devices; or telecommunications equipment (g) unsolicited or unauthorized advertising, promotional materials, commercial or bulk email, or chain letters (h) software that gathers information about a user or covertly transmits information about the user or (i) any text, music, software, art, image or other work protected by copyright law unless expressly authorised by the owner of the copyright or (j) email addresses, screen names or other identifiers without the consent of the person identified (including, without limitation, phishing, scamming, password robbery, spidering, and harvesting).

3.3 Eavesdropping Users are prohibited from the unauthorisedinterception or monitoring of any data or messages transmitted over the Services.

3.4 Unauthorised Access Users are prohibited from employing the Services to access any computer, network, or data without authorisation or in a manner that exceeds authorisation for any purpose, including but not limited to (a) retrieve, alter, or destroy data (b) probe, scan or test the vulnerability of a system or network or (c) breach or defeat system or network security measures such as authentication, authorisation, confidentiality, intrusion detection, or monitoring.

3.5 Impersonation and Forgery Users are prohibited from (a)impersonating any party or entity by adding, removing, or altering header information of network, email, or other messages transmitted via the Services (b) transmitting over the Services messages that have been electronically signed using a fraudulently obtained public key certificate or with a forged electronic signature or (c) using the Services to commit any other form of forgery or illegal or unauthorized impersonation.

3.6 Malicious Disruption Users are prohibited from interfering with or disrupting (i) the business operations, service, or function of Calastone or its subcontractors, the Services, any User, or any computer, network, or telecommunications device or (ii) the legitimate use of Services by any User including by deliberate attempts to overwhelm an application, computer system, network device, or network.

3.7 Security Auditing, Assessments, Penetration Tests. Users are prohibited from conducting security audits, assessments, and penetration tests of the Services other than as may be expressly permitted in the terms and conditions governing the use of the Services.

4. USER OBLIGATIONS TO REPORT SUSPICIOUS ACTIVITY. Users must promptly cooperate with Calastone and its subcontractors in responding to security incidents and report to Calastone any event, condition, or activity that User becomes aware of that indicates a possible or actual a violation of this Acceptable Use Policy.

5. DISCLOSURE 5.1 Calastone reserves the right to disclose information relating to Users’ activities that may be in violation of this AUP (a) to law enforcement, regulatory, or other agencies in response to lawful requests including, without limitation, as required by any securities exchange or regulatory or governmental body to which a User is subject (b) to the extent required by law or for the purposes of judicial process or(c) to other Users to protect the rights, property, and operations of Calastone, the Services, Users of the Services, and the public including, without limitation, the right to notify a User of any event, condition, or activity, of which Calastone is aware, potentially affecting the security or operations of such Users’ computer networks and systems.

6. MONITORING/ENFORCEMENT

6.1 Network Usage Monitoring Calastone reserves the right to monitor all usage of the Services for purposes of network management, performance management, capacity planning, and security monitoring and management. Usage monitoring may include (a) monitoring (i) source and destination addresses, protocol type, size and other attributes of individual network packets other than content, and (ii) network routes traversed by individual packets within the Services as necessary to detect potential, incipient, or actual security breaches, intrusions, attacks, or malicious code (b) using devices and techniques such as network intrusion detection, host intrusion detection, and system integrity auditing to inspect packet contents for the presence of software viruses, worms, Trojan horses, time bombs, cancelbots, or other harmful or deleterious computer code, or any computer code, files, or programs designed to disrupt; destroy; disable; invade; gain unauthorized access to; or corrupt, observe, or modify without authorization, any data; network transmissions; software; computing or network devices; or telecommunications equipment, provided, however, that Calastone shall use such detection devices and techniques solely for the aforesaid purpose and (c) monitoring network traffic for patterns potentially indicating the misuse or abuse of the Services. 6.2 Content Monitoring With the exception of (i) the usage monitoring described in clause

6.1, Calastone does not monitor, review, edit, or censor information transmitted by Users on the Services. Users are solely responsible for the information they transmit on the Services and for complying with all laws and regulations applicable to such information. Users acknowledge that Calastone is not responsible for the truthfulness, accuracy, or legality of any information transmitted, published, or accessed by Users on the Services.

6.3 Investigations Calastone reserves the right to (a) initiate investigations into potential misuse or abuse of the Services by Users and others (b) involve, and cooperate to the fullest extent possible with, law enforcement, regulatory, and other authorised agencies in the investigation and prosecution of crimes alleged or suspected to have been committed using the Services (c) terminate or suspend use of the Services by a User found to have violated this Acceptable Use Policy or other applicable terms and conditions to which Users are legally bound to Calastone and (d) immediately, without notice, and at Calastone’s sole discretion, completely or partially suspend use of, and access to, the Services by any User to the extent, as Calastone determines in its sole discretion, required to maintain and protect the security and operations of the Services where Calastone reasonably believes such security and operations are under potential, threatened, or actual attack or compromise. In each case that Calastone suspends the Services pursuant to this clause, it shall advise the User as promptly as reasonably possible. Such Service may be restored, within Calastone’s sole discretion, after any violation or threat has been remedied or corrected.

7. CHANGES. Calastone reserves the right to amend this Acceptable Use Policy at any time pursuant to agreements in effect between Calastone and its customers.

© Calastone Limited September 2016