Legal

• Master Service Agreement (“Agreement”)
• Service Level Agreement
• Privacy Policy
• Security Policy
• Acceptable Use Policy
• Data Localization Policy
• Definition of Service: Netilion Connect
• Definition of Service: Netilion One
• Definition of Service: Process Water

Acceptable Use Policy

Purpose

This Acceptable Use Policy ("Policy") outlines the acceptable and unacceptable use of the Netilion services provided by Endress+Hauser. It is designed to protect the integrity, security, and availability of the Netilion platform and its user’s data.

By accessing or using Netilion, you agree to comply with this Policy, the Master Service Agreement (MSA), the Security Policy, and any applicable Definitions of Service (DoS).

Authorized Use

You may use Netilion solely for lawful purposes and in accordance with the terms of your agreement with Endress+Hauser. Acceptable use includes:

• Accessing and using the platform for internal business operations.
• Managing and analyzing data from connected industrial assets.
• Using authorized features such as remote asset activation, dashboards, and event management tools.

Security Responsibilities

You are responsible for maintaining the security of your access to Netilion. This includes:

• User Access Control: Only authorized users with appropriate training and permissions may access the platform. You must define and manage user roles responsibly.
• Credential management: Although Netilion is securely storing credentials using cryptographic means, you are responsible for the management, including storage and protection of your credentials.
• Authentication: Multi-factor authentication (MFA) shall be enabled for users with access to sensitive features,

Data Classification:

You must not store or process the following types of data on Netilion:

• Medical or financial data
• Cryptographic keys or cryptocurrency
• Legal or judicial information not explicitly permitted

Incident Reporting

You must promptly report any vulnerabilities or data breaches to Endress+Hauser via the designated channels (e.g., PSIRT@endress.com).

Prohibited Activities

You may not use Netilion to:

• Attempt unauthorized access to any part of the platform or its infrastructure.
• Interfere with or disrupt the integrity or performance of the platform.
• Upload or transmit malicious code, including viruses or malware.
• Use the platform for any unlawful, fraudulent, or harmful purpose.
• Circumvent or disable any security or access control mechanisms.
• Share credentials or allow unauthorized third parties to access the platform.

Data Handling and Privacy

• You retain ownership of your data but grant Endress+Hauser a license to use it for service delivery, improvement, and analytics.
• You are responsible for the accuracy, legality, and integrity of your data.
• Endress+Hauser will not access your data unless explicitly authorized for support purposes.

Monitoring and Logging

• All user activity on Netilion is logged anonymously for security and troubleshooting purposes.
• By using the platform, you consent to such monitoring.

Compliance and Enforcement

Violations of this Policy may result in:

• Suspension or termination of access to Netilion.
• Legal action, if applicable.
• Notification to relevant authorities in case of unlawful activity.