What Personal Data We Collect And When And Why We Use It

When we collect information

We collect information about you if you place an order with us (directly or through Amazon)

We will collect your personal data via the following methods:

• By recording details you provide to us – e.g. your communications with us through emails or calls, and/or
• Your Amazon account and order.

Personal data we collect and use if you place an order with us

Category of Personal Data	Further information about the category
Contact information	Names, addresses (including address history)

The legal basis for using your personal data

We will only collect and use your personal data where we are satisfied that we have an appropriate legal basis to do this. This may be because:

• you have consented to us using the personal data for example by placing an order with us;
• our use of your personal data is necessary to perform fulfillment of an order with you; and/or
• our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we have for example fulfilment of a court order.

If you would like to find out more about the legal basis for which we process personal data please contact us at data-protection@paclock.com

Personal Data Processed	Reason for Processing	Legal Justification
Names, addresses (including address history)	To ship your order to you	Consent, or necessity for performance of a contract

Sharing Your Personal Data

We share your information in the manner and for the purposes described below:

1. within Pacific Lock Company, where such disclosure is necessary to provide you with our services or to manage our business;
2. with third parties who help manage our business and deliver services. These third parties have agreed to confidentiality restrictions and use any personal data we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These include shipping services, such as FedEx, USPS, etc;
3. with our regulators, to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies

Transferring Personal Data Globally

We do not share your data globally.

How We Protect And Store Your Information

Security

We have implemented and maintain appropriate technical and organizational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to such information appropriate to the nature of the information concerned.

Storing your personal data

We will store your personal data for as long as is reasonably necessary for the reason, as explained in this notice, for which it was collected. In some circumstances we may store your personal data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements.

Phase I – Preparation Details

The Preparation phase is easily the most important and often overlooked phase. Without proper preparation incident response activities may be disorganized, expensive, and could cause irreparable harm to Pacific Lock Company. Tasks included in the Preparation phase include but are not limited to the following:

• Establishing Cyber Security Incident Response (CSIRT).
• Ensure appropriate parties are aware of incident reporting processes.
• Validate logging, alerting and monitoring policy compliance.
• Ensure CSIRT receives appropriate training based on skill gap analysis, career development efforts, and skill retention needs.
• Define and document standard operating procedures and workflows for CSIRT.
• Review reports and logs and validate remediation efforts.
• Establish disposable and disabled Administrative credentials to be enabled and used for investigations.

The Preparation phase is a continuous process.

Reporting Incidents

Incident reporting is available for both internal and external parties. Each of these are equally critical as sometimes users of Pacific Lock Company’s systems and information may be the first to observe a problem.

Incident Type	Reporting Method	Available To	Anonymous?	Response Time
Many	Email Contact	Customers & Employees	No	Up to 4 hours during office hours. Otherwise, within 2 hours of open.
Physical Access	Alert Office Manager	Employees	No	Immediate
Many	CSIRT Phone Contact	Employees	No	Immediate during office hours. Otherwise, within 1 hour of open.

To report incidents, please send an email to data-protection@paclock.com.

Reporting Information to Amazon

If Amazon information was compromised in the incident, then Amazon must be made aware within 24 hours of detection of the incident. CSIRT must report the incident to Amazon via email to 3p-security@amazon.com. In the case of compromised Amazon information, no report is to be made to an authority or customer on behalf of Amazon unless Amazon specifically requests in writing that the CSIRT do so.

Phase II – Identification and Assessment Identification

When a Pacific Lock Employee or external party notices a suspicious anomaly in data, a system, or the network, or a system alert generates an event then CSIRT must perform an initial investigation and verification of the event.

Events vs Incidents

As defined above, Events are observed changes in normal behavior of the system, environment, process, workflow or personnel. Incidents are events that indicate a possible compromise of security or non-compliance with policy that negatively impacts (or may negatively impact) the organization. To facilitate the task of identification of an incident, the following is a list of typical symptoms of security incidents, which may include any or all of the following:

• Email notification from an intrusion detection tool.
• Suspicious entries in system or network accounting or logs.
• Discrepancies between logs.
• Repetitive unsuccessful logon attempts within a short time interval.
• Unexplained new user accounts.
• Unexplained new files or unfamiliar file names.
• Unexplained modifications to file lengths and/or dates, especially in system files.
• Unexplained attempts to write to system files or changes in system files.
• Unexplained modification or deletion of data.
• Denial/disruption of service or inability of one or more users to login to an account.
• System crashes.
• Poor system performance of dedicated servers.
• Operation of a program or sniffer devices used to capture network traffic.
• Unusual time of usage (i.e. users login during unusual times)
• Unusual system resource consumption (High CPU usage)
• Last logon (or usage) for a user account does not correspond to actual last time the user used the account.
• Unusual usage patterns.
• Unauthorized changes to user permission or access.

Assessment

Once a potential incident has been identified, the CSIRT will be activated to investigate the situation. The assessment will determine the category, scope, and potential impact of the incident.

Phase III – Containment and Intelligence

The objective of the containment phase of the incident response is to regain control of the situation and limit the extent of the damage. To achieve this objective, Pacific Lock has defined a number of containment strategies relevant to a variety of incident types. Reference the procedures related to one or more of the Containment Strategies listed below:

Containment Strategies

Use the list of strategies below to choose the procedure(s) most appropriate for the situation.

• Stolen Credentials: Disable account credential, reset all active connections, review user activity, reverse changes, increase alerting, harder from future attacks.
• DOS/DDOS: Control WAN/ISP.
• Virus Outbreak: Contain LAN/system.
• Data Loss: Review user activity, implement data breach response procedures.
• Compromised API: Review changes made, repair API, harden from future attacks.

Investigation

As the CSIRT works to contain, eradicate, and recover from the incident, the investigation will be ongoing. As the investigation proceeds, it may be found that the incident is not fully contained, eradicated, or recovered. If that is the situation, it may be necessary to revisit earlier phases.

The investigation attempts to fully identify all systems, services, and data impacted by the incident, including root cause analysis, which helps to determine the entry point of an attacker or weakness in the system that allowed the event to escalate into an incident.

Initial Cause Investigation

Investigation should be conducted with consideration given to the ongoing impact to critical business operations. Ideally, the Initial Cause Investigation should be concluded before leaving the Eradication phase. At times, however, it may be necessary or appropriate to continue investigation during or after eradication and recovery. Delaying the Investigation should only be considered when the CSIRT is confident that the incident has been fully contained and the full scope of the impact is known. Delays or modifications to the scope of investigation activities must be approved by the Incident Response Commander.

The investigation techniques utilized will vary by the type of incident. The investigation may rely on some (or all) of the following:

• Interview with witnesses and/or affected persons.
• Capturing images, snapshots, or memory dumps of affected systems.
• Obtaining relevant documents.
• Conducting observations.
• Analyzing the logs of the various devices, technologies, and hosts involved.
• Compare the compromised system to a known good copy.

Phase IV – Eradication Details

The eradication consists of full elimination of all components of the incident. Steps to eradicate components of the incident may include:

• Disable breached user accounts.
• Reset any active sessions for breached accounts.
• Identify and mitigate vulnerabilities leveraged by the attacker.
• Close unnecessary open ports.
• Increase authentication security measure (implement MFA, add geolocation restrictions).
• Increase security logging, alerting, and monitoring.
• Clean installation of affected operating systems and applications.

All re-installed operating systems and applications must be installed according to Pacific Lock system build standards, including but not limited to:

• Applying all the latest security patches.
• Disabling all unnecessary services.
• Installing anti-virus software.
• Changing all account passwords (including domain, user, and service accounts).

Key Decisions for Exiting Eradication Phase

• Has the root cause been identified and identified vulnerabilities been remediated?
• Have all the impacted accounts, including CSIRT burner credentials been reset?
• CSIRT is confident that the network and systems are configured to eliminate a repeat occurrence.
• There is no evidence of repeat events or incidents.

Phase V – Recovery Details

Prior to restoring systems to normal operation, it is critical that the CSIRT validate the system(s) to determine that eradication was successful, and the network is secure. Once the organization has been attacked successfully, the same attackers will often attack again using the same tools and techniques leveraged in the initial attack. Having gained access to the compromised system(s) or network once, the attacker has more information at their disposal to leverage in future attacks.

If feasible, the system should be installed in a test environment to determine functionality prior to re-introduction into a production environment.

Furthermore, network monitoring should be implemented for as long as necessary to detect any unauthorized access attempts.

Recovery steps may include:

• Restoring systems from a clean backup.
• Replacing corrupted data from a clean backup.
• Restoring network connections and access rules.
• Communicating with interested parties about changes related to increased security.
• Increasing network and system monitoring activities (short or long-term).
• Increasing internal communication/reporting related to monitoring.
• Engaging a third party for support in detecting or preventing future attacks.

Key Decisions for Exiting Recovery Phase

• Have business operations been restored?

Phase VI – Lessons Learned

The follow-up phase includes reporting and post-incident analysis on the system(s) that were the target of the incident and other potentially vulnerable systems. The objective of this phase is continued improvement to applicable security operations, response capabilities, and procedures.

Documentation

All details related to the incident response process must be formally documented and filed for easy reference. The following items must be maintained whenever possible:

• All system events (audit records, logs).
• All actions taken (including the date and time that an action is performed).
• All external conversations.
• Investigator notes compiled.
• Any deviations from SOP and justifications.

Lessons Learned and Remediation

The CSIRT will meet with relevant parties (technical staff, management, vendors, security team, etc.) to discuss and incorporate lessons learned from the incident to mitigate the risk of future incidents. Based on understanding of the root cause, steps will be taken to strengthen and improve Pacific Lock’s information systems, policies, procedures, safeguards, and /or training as necessary. Where mitigations or proposed changes are rejected, a Risk Acceptance Process must be followed. Incidents should be analyzed to look for trends and corrective action should be considered where appropriate.

The following are the terms and conditions (“Terms and Conditions”)
for the sale of products (“Products”) by Pacific Lock Company (“PACLOCK”) to PACLOCK’s customers (“Customers”).
1. ACCEPTANCE AND CANCELLATION OF ORDERS  All orders are subject to acceptance in writing by PACLOCK or a duly authorized agent of PACLOCK. Any written acknowledgment of receipt of an order shall not, in and of itself, constitute such acceptance. Orders accepted by PACLOCK may be canceled by Customer upon written consent of PACLOCK provided such order is not “NC/NR” or “Non-Cancelable/Non-Returnable”, “Non-Standard Products” or governed by a contract or Purchase Agreement Letter. Non-Standard Products are defined as Products that are special orders, custom orders, and orders for non-standard products, products not customarily in stock or orders for value-added products. Non-standard products are non-cancelable and non-refundable. In the event of cancellation or other withdrawal of an order for any reason, and without limiting any other remedy which PACLOCK may have as a result of such cancellation or other withdrawal, reasonable cancellation or restocking charges shall include all expenses incurred and commitments made by PACLOCK, and shall be paid by Customer to PACLOCK. Customer requests to reschedule are subject to acceptance by PACLOCK in its sole discretion. Orders may not be canceled or rescheduled after the order has been submitted by PACLOCK to the shipment carrier. PACLOCK reserves the right to allocate sales and limit quantities of selected Products among its customers in its sole discretion. Product specifications and availability are subject to change without prior notice.

1a. Returns Customer must notify PACLOCK within 30 days from date of shipment of any defective product. (See PACLOCK’S LIMITED WARRANTY for further information.) Returns are normally accepted when completed within 30 days of the ship date. If PACLOCK agrees to accept a return, return freight charges must be prepaid by customer. PACLOCK will not accept COD shipments. Should the work be covered under warranty, PACLOCK will ship the repaired or replaced product to its original shipped address at PACLOCK’s cost. In addition, PACLOCK will credit the Customer’s account for that same shipping cost to cover the Customer’s cost to initially return the product. Should the return not qualify for warranty repair or replacement, then the Customer will be quoted on a price to repair or refurbish the product. Failure by the customer to properly service a product during its lifetime will void this warranty. All shipped costs for non-warranty work is the sole responsibility of the customer. Returns without RMA numbers will be refused. PACLOCK® is not responsible for returns lost or damaged during shipping. The RMA number must be written on the outside of the shipping box. The foregoing statements concerning Returns do not apply to NON-CANCELABLE/NON-RETURNABLE PRODUCTS. (See the NON-CANCELABLE/NON-RETURNABLE PRODUCTS section in these terms.)

1b. Counterfeit Product Prevention Clause Only products originally shipped from PACLOCK or from a supplier at PACLOCKs’ direction (drop-ship) will be returned to PACLOCK. All others will be promptly quarantined and disposed of or returned to the customer. By a Customer returning products to PACLOCK, the Customer certifies that the products were purchased from PACLOCK and there has been no substitution in whole or part of same product from another supplier, distributor or other such source of the product. The return should be in the original packaging (manufacturer or PACLOCK), in unused condition (except defective). ESD sensitive products should not be opened except under controlled conditions.

2. PRICES Orders are billed at the prices in effect at the time of order placement. Prices will be as specified by PACLOCK and will be applicable for the period specified in PACLOCK’s quote. If no period is specified, quoted prices will be applicable for thirty (30) days. If Customer does not purchase the quantity upon which quantity prices are based, Customer will pay the non-discounted price for the quantity actually purchased and/or a cancellation or restocking fee. Prices are exclusive of taxes, impositions and other charges, including sales, use, excise, value-added and similar taxes or charges imposed by any government authority, international shipping charges, forwarding agent’s and broker’s fees, bank fees, consular fees, and document fees.

3. TERMS OF PAYMENT All payments must be made in the currency billed on the original invoice.
Credit cards accepted include MasterCard, VISA, and American Express. Credit Card billing information must be verified on new customers prior to shipment of order. Payment via net thirty (30) days is available to businesses and agencies with strong D&B rating, references or as otherwise specified by PACLOCK.
Prepaid Wire Transfer/EFT/Proforma: Customers can wire the funds to our bank. After your order is placed we will e-mail a Proforma invoice which includes our bank information, the merchandise total, shipping charges and a $35 (USD) wire transfer/ EFT fee. Customer is responsible for duties and taxes.

3.1 TERMS OF PAYMENT
For All Orders
Customer agrees to pay the entire net amount of each invoice from PACLOCK pursuant to the terms of each such invoice, without offset or deduction. Orders are subject to credit approval by PACLOCK, which may in its sole discretion at any time change the terms of Customer’s credit, require payment in cash, bank wire transfer/EFT or by official bank check, and/or require payment of any or all amounts due or to become due for Customer’s order before shipment of any or all of the Products. If PACLOCK reasonably believes that the Customer’s ability to make payments may be impaired or if Customer fails to pay any invoice when due, PACLOCK may suspend delivery of any order or any remaining balance thereof, until such payment is made or cancel any order or any remaining balance thereof. Customer will remain liable to pay for any Products already shipped and all Non-Standard Products ordered by Customer. Customer agrees to submit such financial information as PACLOCK may reasonably require for determination of credit terms and/or continuation of credit terms. Checks are accepted subject to collection and the date of collection will be deemed the date of payment. Any check received from Customer may be applied by PACLOCK against any obligation owing by Customer to PACLOCK under this or any other contract, regardless of any statement appearing on or referring to such check, without discharging Customer’s liability for any additional amounts owing by Customer to PACLOCK. The acceptance by PACLOCK of such check will not constitute a waiver of PACLOCK’s right to pursue the collection of any remaining balance. Invoices not paid when due will bear interest to date of payment at the annual rate of eighteen (18%) percent or such lower rate as may be the maximum permitted by law. If Customer fails to make payment when due, PACLOCK may pursue any legal or equitable remedies, in which event PACLOCK will be entitled to reimbursement of costs for collection and reasonable attorneys’ fees. There is a $25 (USD) service charge on all returned checks. ACH/EFT payments are preferred by PACLOCK.

4. SALES TAX
US Shipments When required by law PACLOCK will collect Federal, State and/or Local sale, use, excise, and other taxes that apply to a Customer’s shipment. These taxes are in addition to the purchase price of the Products subject to an order. Customer will remit the correct tax unless customer is tax exempt and PACLOCK has a valid signed tax exemption certificate on file, which must be updated annually or PACLOCK has the right to charge applicable taxes.
INTERNATIONAL Shipments All applicable VAT, PST, HST, and/or GST charges along with brokerage fees will be the responsibility of the Customer and due at the time of delivery.

5. DELIVERY AND TITLE All shipments by PACLOCK are F.O.B. point of shipment from PACLOCKs’ facilities or suppliers’ facilities, and the amount of all transportation charges will be paid to PACLOCK by the Customer in addition to the purchase price of the Products unless otherwise stipulated by PACLOCK. Subject to PACLOCK’s right of stoppage in transit, delivery of the Products to the carrier will constitute delivery to Customer and title and risk of loss will pass to Customer. PACLOCK will make reasonable efforts to initiate shipment and schedule delivery as close as possible to Customer’s requested delivery date(s). Customer acknowledges that delivery dates provided by PACLOCK are estimates only and that PACLOCK will not be liable for failure to deliver on such dates. Selection of the carrier and delivery route will be made by PACLOCK unless specifically designated by Customer. PACLOCK reserves the right to make deliveries in installments. Delay in delivery of one installment will not entitle Customer to cancel any other installment(s). Delivery of any installment of Products within thirty (30) days after the date requested will constitute a timely delivery. Delivery of a quantity that varies from the quantity specified shall not relieve Customer of the obligation to accept delivery and pay for the Products delivered.

6. PACLOCK’s LIMITED LIFETIME WARRANTY PACLOCK warrants to the original end user customer of its Products that its products are free from defects in material and workmanship. PACLOCK warrants to the original end user of its Products that Products that are damaged during use will be replaced. PACLOCK will, at its option, either repair or replace any part of its products that prove defective by reason of improper workmanship or materials. Repaired parts or replacement products will be provided by PACLOCK on an exchange basis, and will be either new or refurbished to be functionally equivalent to new. If PACLOCK is unable to repair or replace the product, it will refund the current value of the product at the time the warranty claim is made. This limited lifetime warranty does not cover any damage to any Product that results from improper installation, abuse, misuse, natural disaster, abnormal mechanical or environmental conditions, repair, or modification. This limited lifetime warranty does not apply to improper installations of Products that result in peeling or bubbling of Products. This limited lifetime warranty does not apply to any Products on which the original identification information has been altered, obliterated or removed, has not been handled or packaged correctly, has been sold as second-hand or has been resold contrary to applicable law. This limited lifetime warranty covers only repair, replacement or refund for defective Products or for Products that are damaged during use. PACLOCK is not liable for, and does not cover under warranty, any costs associated with removing or installing PACLOCK’s Products. PACLOCK reserves the right to change the terms of the limited lifetime warranty at any time and without prior notice.
PACLOCK makes no other warranty, express or implied, with respect to the Products. IN PARTICULAR, PACLOCK MAKES NO WARRANTY RESPECTING THE MERCHANTABILITY OF THE PRODUCTS OR THEIR SUITABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR USE OR RESPECTING INFRINGEMENT. PACLOCK’s liability arising out of any sale of products to Customer is expressly limited to either (1) Refund of the purchase price paid by Customer for such Products (without interest), or (2) Repair and/or replacement of such Products, at PACLOCK’s election, with such remedies exclusive and in lieu of all others. Customer must notify PACLOCK within 30 days from date of shipment of any defective product. This warranty is in lieu of any and all other warranties, whether oral, written, expressed, implied or statutory. Implied warranties of fitness for a particular purpose and merchantability are specifically excluded and shall not apply. Customer’s obligations and PACLOCK’s remedies with respect to defective or nonconforming products, are solely and exclusively as stated herein. Furthermore, no warranty will apply if the Product has been subject to misuse, static discharge, neglect, accident, modification, or has been soldered or altered in any way.

7. PRODUCT COUNTRY OF ORIGIN PACLOCK maintains Country of Origin information on all products in its inventory. This information is available to customers upon request. This information is based on information according to US Treasury, US Customs Regulations.

8. LIMITATION OF LIABILITIES IN NO EVENT SHALL PACLOCK BE LIABLE FOR ANY SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY NATURE including, but not limited to, damages resulting from loss of profit or revenue, recall costs, claims for service interruptions or failure to supply downtime, testing, installation or removal costs, costs of substitute products, property damage, personal injury, death or legal expenses. Customer’s recovery from PACLOCK for any claim shall not exceed the purchase price paid by Customer for the goods, irrespective of the nature of the claim, whether in warrant, contract or otherwise. CUSTOMER SHALL INDEMNIFY, DEFEND AND HOLD PACLOCK HARMLESS FROM ANY CLAIMS BROUGHT BY ANY PARTY REGARDING PRODUCTS SUPPLIED BY PACLOCK AND INCORPORATED INTO THE CUSTOMER’S PRODUCT.

9. PRODUCT SAFETY NOTICE AND RESTRICTIONS Products are intended for commercial use only. There is no lot level traceability. PACLOCK is not a Qualified Manufacturers List (QML) supplier or a supplier of Qualified Product Listing (QPL) components. Customer agrees that all purchases are for commercial or other applications that do not require QPL components. PACLOCK does not participate in any product safety engineering, product safety review or product safety testing. PACLOCK cannot provide any safety testing, safety evaluation or safety engineering services. Products sold by PACLOCK are not designed, intended or authorized for use in life support, life sustaining, human implantable, nuclear facilities, flight control systems, or other applications in which the failure of such Products could result in personal injury, loss of life or catastrophic property damage. This includes, but is not limited to, Class III medical devices as defined by the US Food and Drug Administration (FDA) and Federal Aviation Administration (FAA) or other airworthiness applications. If Customer uses or sells the Products for use in any such applications: (1) Customer acknowledges that such use or sale is at Customer’s sole risk; (2) Customer agrees that PACLOCK and the manufacturer of the Products are not liable, in whole or in part, for any claim or damage arising from such use; and (3) CUSTOMER AGREES TO INDEMNIFY, DEFEND AND HOLD PACLOCK AND THE MANUFACTURER OF THE PRODUCTS HARMLESS FROM AND AGAINST ANY AND ALL CLAIMS, DAMAGES, LOSSES, COSTS, EXPENSES AND LIABILITIES ARISING OUT OF OR IN CONNECTION WITH SUCH USE OR SALE.

10. STATEMENTS AND ADVICE If statements or advice, technical or otherwise, are offered or given to Customer, such statements or advice will be deemed to be given as an accommodation to Customer and without charge. PACLOCK shall have no responsibility or liability for the content or use of such statements or advice. PACLOCK Technical support is provided by telephone and in person therefore, extremely limited in scope which prevents us from the direct participation in the design of any customer products. We do not conduct product suitability studies or engineering reviews of products that we sell, nor for the final product that a Customer produces.

11. INTELLECTUAL PROPERTY If an order includes software or other intellectual property, such software or other intellectual property is provided by PACLOCK to Customer subject to the copyright and user license, the terms and conditions of which are set forth in the license agreement accompanying such software or other intellectual property. Nothing herein shall be construed to grant any rights or license to use any software or other intellectual property in any manner or for any purpose not expressly permitted by such license agreement. Unopened software may be returned for credit. Opened software may not be returned unless defective.

12. FORCE MAJEURE PACLOCK will not be liable for delays in delivery or for failure to perform its obligations due to causes beyond its reasonable control including, but not limited to, product allocations, material shortages, labor disputes, transportation delays, unforeseen circumstances, acts of God, acts or omissions of other parties, acts or omissions of civil or military authorities, Government priorities, fires, strikes, floods, severe weather conditions, computer interruptions, terrorism, epidemics, quarantine restrictions, riots or war. PACLOCK’s time for delivery or performance will be extended by the period of such delay or PACLOCK may, at its option, cancel any order or remaining part thereof, without liability by giving notice to Customer.

13. EXPORT CONTROL PACLOCK is committed to compliance with all U.S. Export Regulations and Laws. PACLOCK will not sell or ship to countries embargoed by the U.S. Treasury Office of Foreign Asset Control (OFAC). PACLOCK will not sell or ship to individuals or organizations identified by the U.S. Treasury as Specially Designated Nationals and Blocked Persons. PACLOCK will not sell or ship products prohibited under Export Administration Regulations to individuals or organizations identified by the U.S. Department of Commerce, Bureau of Industry and Security (BIS). PACLOCK will not seek export licenses pursuant to Export Administration Regulations. Furthermore, PACLOCK prohibits the re-export, brokering or transshipment of its products to any individual, organization or country prohibited by the OFAC or BIS. The sale, resale or other disposition of Products, and any related technology or documentation, are subject to the export control laws, regulations and orders of the United States and may be subject to the export and/or import control laws and regulations of other countries. Customer agrees to comply with all such laws, regulations and orders. Customer further acknowledges that it shall not directly or indirectly export any Products to any country to which such export or transmission is restricted or prohibited. Customer acknowledges its responsibility to obtain any license to export, re-export or import as may be required.

14. GENERAL The Terms and Conditions may not be modified or canceled without PACLOCK’s written agreement. Accordingly, goods furnished and services rendered by PACLOCK are sold only on the terms and conditions stated herein. The sale of Products hereunder will be governed by the Terms and Conditions, notwithstanding contrary or additional terms and conditions in any order purchase order, planning schedule, acknowledgment, confirmation or any other form or document issued by either party affecting the purchase and/or sale of Products. Notwithstanding any terms and conditions on Customer’s order, the information and conditions on the Credit Application are controlling over Customer and PACLOCK. Any conflicting statements or terms listed on the Customer purchase orders, invoices, confirmations or other Customer generated documents (“Customer Documents”), whether heretofore or hereafter submitted, are negated by submission of the Credit Application and the issuance of credit by PACLOCK, and all different or additional terms and conditions contained in any Customer Documents are hereby objected to by PACLOCK. PACLOCK’s performance of any contract is expressly made conditional on Customer’s agreement to PACLOCK’s Terms and Conditions of Sale, unless otherwise specifically agreed upon in writing by PACLOCK. In the absence of such agreement, commencement of performance and/or delivery shall be for Customer’s convenience only and shall not be deemed or construed to be acceptance of Customer’s terms and conditions or any of them. If a contract is not earlier formed by mutual agreement in writing, acceptance by Customer of any goods or services shall be deemed acceptance by Customer of the terms and conditions stated herein. No rights, duties, agreements or obligations hereunder, may be assigned or transferred by operation of law, merger or otherwise, without the prior written consent of PACLOCK. The obligations, rights, terms and conditions hereof will be binding on the parties hereto and their respective successors and assigns. The waiver or breach of any term, condition or covenant hereof, or default under any provision hereof, will not be deemed to constitute a waiver of any other term, condition, or covenant contained herein, or of any subsequent breach or default of any kind or nature. Any provision hereof which is prohibited or unenforceable in any jurisdiction shall, as to such jurisdiction, be ineffective to the extent of such prohibition or unenforceability without invalidating the remaining provisions hereof in that jurisdiction, or affecting the validity or enforceability of such provision in any other jurisdiction. The Terms and Conditions will be governed by and construed in accordance with the laws of the state of California and the applicable laws of the United States. Customer waives trial by jury in any action or proceeding to which PACLOCK and Customer may be parties arising out of or in any way pertaining to an order and any other documents including (without limitation) invoices and subsequent agreements.