Optimy SaaS License
Standard Terms and Conditions
This Software as a Service (SaaS) Agreement (this “Agreement”), is by and between you (“Customer”, “you”, or “your”) and Optimy.ai, a division of Kognitive Tech Inc. (“Provider”). Provider and Customer may be referred to herein collectively as the “Parties” or individually as a “Party.” This Agreement governs your access to and use of the Services.
Unless otherwise defined herein, the capitalized terms used herein are defined in Section 11
1. Access and Use.
- Provision of Access. Subject to and conditioned on Customer’s payment of Fees and compliance with all the terms and conditions of this Agreement, Provider hereby grants Customer a non-exclusive, non-transferable (except in compliance with Section 12(k)) right to access and use the Services during the Term, solely for use by Authorized Users in accordance with the terms and conditions herein. Such use is limited to Customer’s internal use. Provider shall provide to Customer the necessary passwords and network links or connections to allow Customer to access the Services.
- Documentation Licence. Subject to the terms and conditions contained in this Agreement, Provider hereby grants to Customer a non-exclusive, non-sublicenseable, non-transferable (except in compliance with Section 12(k)) licence to use the Documentation during the Term solely for Customer’s internal business purposes in connection with its use of the Services.
- Use Restrictions. Customer shall not use the Services for any purposes beyond the scope of the access granted in this Agreement. Customer shall not at any time, directly or indirectly, and shall not permit any Authorized Users to: (i) copy, modify, or create derivative works of the Services or Documentation, in whole or in part; (ii) rent, lease, lend, sell, license, sublicense, assign, distribute, publish, transfer, or otherwise make available the Services or Documentation; (iii) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to any software component of the Services, in whole or in part; (iv) remove any proprietary notices from the Services or Documentation; or (v) use the Services or Documentation in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable law.
- Reservation of Rights. Provider reserves all rights not expressly granted to Customer in this Agreement. Except for the limited rights and licences expressly granted under this Agreement, nothing in this Agreement grants, by implication, waiver, estoppel, or otherwise, to Customer or any third party any intellectual property rights or other right, title, or interest in or to the Provider IP.
- Suspension. Notwithstanding anything to the contrary in this Agreement, Provider may temporarily suspend Customer’s and any Authorized User’s access to any portion or all of the Services if: (i) Provider reasonably determines that (A) there is a threat or attack on any of the Provider IP, (B) Customer’s or any Authorized User’s use of the Provider IP disrupts or poses a security risk to the Provider IP or to any other customer or vendor of Provider, (C) Customer, or any Authorized User, is using the Provider IP for fraudulent or illegal activities or contrary to the terms of this Agreement, (D) subject to applicable Law, Customer has ceased to continue its business in the ordinary course, made an assignment for the benefit of creditors or similar disposition of its assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution, or similar proceeding, or (E) Provider’s provision of the Services to Customer or any Authorized User is prohibited by applicable Law; (ii) any vendor of Provider has suspended or terminated Provider’s access to or use of any third-party services or products required to enable Customer to access the Services; or (iii) in accordance with Section 4(a) (any such suspension described in subclause (i), (ii), or (iii), a “Service Suspension”). Provider shall use commercially reasonable efforts to provide written notice of any Service Suspension to Customer and to provide updates regarding resumption of access to the Services following any Service Suspension. Provider shall use commercially reasonable efforts to resume providing access to the Services as soon as reasonably possible after the event giving rise to the Service Suspension is cured. Provider will have no liability for any damage, liabilities, losses (including any loss of data or profits), or any other consequences that Customer or any Authorized User may incur as a result of a Service Suspension.
- Aggregated Statistics. Notwithstanding anything to the contrary in this Agreement, Provider may monitor Customer’s use of the Services and collect and compile Aggregated Statistics. As between Provider and Customer, all right, title, and interest in Aggregated Statistics, and all intellectual property rights therein, belong to and are retained solely by Provider. Customer acknowledges that Provider may compile Aggregated Statistics based on Customer Data input into the Services. Customer agrees that Provider may (i) make Aggregated Statistics publicly available in compliance with applicable Law, and (ii) use Aggregated Statistics to the extent and in the manner permitted under applicable Law; provided that such Aggregated Statistics do not identify Customer or Customer’s Confidential Information.
2. Customer Responsibilities.
- General. Customer is responsible and liable for all uses of the Services and Documentation resulting from access provided by Customer, directly or indirectly, whether such access or use is permitted by or in violation of this Agreement. Without limiting the generality of the foregoing, Customer is responsible for all acts and omissions of Authorized Users, and any act or omission by an Authorized User that would constitute a breach of this Agreement if taken by Customer will be deemed a breach of this Agreement by Customer. Customer shall use all reasonable efforts to make all Authorized Users aware of this Agreement’s provisions as applicable to such Authorized User’s use of the Services and shall cause Authorized Users to comply with such provisions.
- Third-Party Products. Provider may from time to time make Third-Party Products available to Customer. For purposes of this Agreement, such Third-Party Products are subject to their own terms and conditions which you hereby agree to be bound by and comply with. If Customer does not agree to abide by the applicable terms for any such Third-Party Products, then Customer should not install or use such Third-Party Products.
- Technical Requirements. In accordance with the requirements set forth on EXHIBIT A, Customer must have required equipment, software, and Internet access to be able to use the Services. Acquiring, installing, maintaining and operating equipment, any Customer software, and Internet access is solely Customer’s responsibility, except as otherwise expressly provided in a Schedule. Provider neither represents nor warrants that the Services will be accessible through all web browser releases or all versions of tablets, smartphones, or other computing devices, except as expressly set forth on EXHIBIT A.
- Use of Website and Services. Customer shall not and shall ensure that the Authorized Users do not, and shall not otherwise knowingly permit others in using the Provider website or Services to: (i) defame, abuse, harass, stalk, threaten or otherwise violate or infringe the legal rights (such as rights of privacy, publicity and intellectual property) of others or Provider; (ii) publish, ship, distribute or disseminate any harmful, inappropriate, profane, vulgar, infringing, obscene, false, fraudulent, tortious, indecent, unlawful, immoral or otherwise objectionable material or information (including any unsolicited commercial communications); (iii) publish, ship, distribute or disseminate material or information that encourages conduct that constitutes a criminal offense; (iv) misrepresent or in any other way falsely identify Customer’s identity or affiliation, including through impersonation or altering any technical information in communications using the Services; (v) knowingly transmit or upload any material through the Services containing viruses, trojan horses, worms, time bombs, cancelbots, or any other programs with the intent or effect of damaging, destroying, disrupting or otherwise impairing Provider’s, or any other person’s or entity’s, network, computer system, or other equipment; (vi) interfere with or disrupt the Services, networks or servers connected to the Provider systems or violate the regulations, policies or procedures of such networks or servers, including unlawful or unauthorized altering of any of the information submitted through the Services; (vii) attempt to gain unauthorized access to the Services, other Provider customers’ computer systems or networks using the Services through any means; (viii) copy, modify or create derivative works or improvements of the Services or Provider software; (ix) reverse engineer, disassemble, decompile, decode, adapt or otherwise attempt to derive or gain access to the source code of the Services or Provider software, in whole or in part; (x) bypass or breach any security device or protection used by the Services or Provider software or access or use the Services or Provider software other than through the use of then valid access credentials; (xi) remove, delete, alter or obscure any trademarks, Documentation, warranties or disclaimers, or any copyright, trademark, patent or other intellectual property rights notices from any Services or Provider software; (xii) access or use the Services or Provider software for purposes of competitive analysis of the Services or Provider software, the development, provision or use of a competing software service or product or any other purpose that is to Provider’s detriment or commercial disadvantage; or (xiii) interfere with another party’s use of the Services. Provider has no obligation to monitor Customer’s use of the Provider software and Services; however, Provider reserves the right, at all times, to monitor such use, and to review, retain and disclose any information as necessary to ensure compliance with the terms of this Agreement, and to satisfy or cooperate with any applicable Law, legal process or governmental request.
- Account Activation. Provider will provide Customer with a Provider account in order to use the Services. Customer may then choose an account name for its web space (e.g., Providersaas.com) that is not already in use by another customer. Customer and Authorized Users are fully responsible for all activities performed on or through their account. Customer agrees that Customer and each Authorized User will: (a) provide true, accurate, current and complete information as prompted by the registration form (“Registration Data”), (b) maintain and promptly update the Registration Data to ensure the information is always true, accurate, current and complete, (c) immediately inform Provider of any unauthorized use of an account or any other breach of security, and (d) exit from the account at the end of each work session. Provider undertakes no obligation to verify the data provided by Customer or its Authorized Users. However, if Provider finds or suspects that the provided information is untrue, inaccurate, not current or incomplete, Provider may suspend or terminate Customer’s or and Authorized User’s account and refuse any and all current or future use of the Services (or any part of them).
- Password Confidentiality. Each Authorized User that uses the Services must choose a password when registering. Customer will cause such Authorized Users to maintain the confidentiality of the passwords. Customer will also be assigned a password or passwords for access to and use of the Services. Customer acknowledges that once the initial password provided to the Customer is changed, Provider does not retain the technical ability to retrieve such passwords. Customer is fully responsible for all activities that occur using Customer and Authorized User passwords. Customer acknowledges and agrees that Provider shall not be liable for any loss that Customer or any Authorized User may incur as a result of someone else using a password that has been assigned to or obtained by Customer or its Authorized Users, either with or without the knowledge of Customer or the applicable Authorized User; nor shall Provider be liable or responsible for any unauthorized access or misuse of the Services by Customer or any of its Authorized Users.
- Authorized Users. In relation to the Authorized Users, Customer undertakes that: (i) it will not allow or knowingly suffer any user subscription to be used by more than one individual Authorized User unless it has been reassigned in its entirety to another individual Authorized User, in which case the prior Authorized User shall no longer have any right to access or use the Services and/or Documentation; (ii) it shall maintain an up to date list of current Authorized Users; (iii) it shall permit Provider to audit the Services in order to establish the name and password of each Authorized User, where such audit may be conducted no more than once per quarter, at Provider’s expense, and this right shall be exercised with reasonable prior notice, in such a manner as not to substantially interfere with Customer’s normal conduct of business; and (iv) if any audits reveal that any password has been provided to any individual who is not an Authorized User, then without prejudice to Provider’s other rights, Customer shall promptly disable such passwords and Provider shall not issue any new passwords to any such individual.
- Application Programming Interface Provisions.
- An instance of the Provider Software (“Provider Instance”) may be accessible through an Application Program Interface (API) requiring login and API credentials (“Provider Credentials”). Customer expressly understands and agrees that Provider does not control, track, or monitor the dissemination of any of Provider Credentials, and, therefore, any misappropriation of those Provider Credentials may neither be apparent to nor discoverable by Provider without notice.
- Provider provides documentation disclosing certain aspects of its software functionality (“API Software and Protocols”). The API Software and Protocols may allow customers to pull and insert specific data elements into and out of their Provider Instance (“Code Snippet”). Provider expressly disclaims and shall have no liability with respect to how the API Software and Protocols or Code Snippets are used. Further, unless otherwise specified in an applicable SOW, Provider takes no ownership interest in or rights to any third-party software code that incorporates the API Software and Protocols or Code Snippets, unless otherwise agreed by the parties upon in writing.
- In order to enable the functionality provided by the API Software and Protocols, a requesting party must serve licensed Provider Credentials to the Provider Instance. Customer expressly understands that Provider does not go beyond a verification of proper Provider Credentials to validate whether or not access or use of a customer’s Provider Instance is authorized. Accordingly, an unauthorized party may use misappropriated, although valid, Provider Credentials to gain access to and employ the functionality of an otherwise properly licensed Provider Instance. Once the Provider Credentials are validated by the Provider Instance, any software code that is written in accordance to Provider’s API Protocols will function with the Provider Instance as designed. Thus, any unauthorized dissemination and distribution of the Provider Credentials may lead to an unauthorized use of a Provider Instance. Provider expressly disclaims and shall have no liability to Customer or any third party for how the API Software and Protocols or Code Snippets are used, whether authorized or not authorized by Customer.
- Provider allows Customer to control, track, and monitor end-users with access to the API credentials. Customer expressly understands and acknowledges, therefore, that it is an obligation upon Customer to govern all Authorized Users under its license with policies and procedures that conform to an authorized use of their subscribed Provider Instance.
- Nothing in the foregoing shall be construed as a requirement on Provider to follow the same API Software and Protocols in the future, and the parties expressly understand that Provider may change the API Software and Protocols, with or without notice, at any time. Provider shall have no liability to Customer or any third party with respect to any changes, whether announced or unannounced.
- Provider expressly disclaims and shall have no liability for any loss or damages resulting from the use of the API Software and Protocols, with or without misappropriated API Credentials in a software application, and Customer shall indemnify defend, and hold harmless Provider against all claims, actions or proceedings, arising out of any claim related thereto, to the extent of Customer’s action or inaction with respect thereto.
- Subject to and conditioned on Customer’s compliance with all terms and conditions set forth in this Agreement, Provider hereby grant Customer a limited, revocable, non-exclusive, non-transferable, non-sublicensable licence during the term of the Agreement to use the Provider Instance solely for Customer’s internal business purposes in allowing those applications developed by Customer to interact with the Provider Instance (“Your Applications”) to communicate and interoperate with the Provider Offering. You acknowledge that there are no implied licences granted under this Agreement. We reserve all rights that are not expressly granted. You may not use the Provider Instance for any other purpose without our prior written consent. You must obtain an Provider Instance Key through the registration process available at [URL] to use and access the Provider Instance. You may not share your Provider Instance Key with any third party, must keep your Provider Instance Key and all log-in information secure, and must use the Provider Instance Key as your sole means of accessing the Provider Instance. Your Provider Instance Key may be revoked at any time by us.
- Except as expressly authorized under this Agreement, Customer may not: (a) copy, modify, or create derivative works of the Provider Instance, in whole or in part; (b) rent, lease, lend, sell, license, sublicense, assign, distribute, publish, transfer, or otherwise make available the Provider Instance; (c) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to any software component of the Provider Instance, in whole or in part; (d) remove any proprietary notices from the Provider Instance; (e) use the Provider Instance in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable law; (f) combine or integrate the Provider Instance with any software, technology, services, or materials not authorized by Provider; (g) design or permit Your Applications to disable, override, or otherwise interfere with any Provider-implemented communications to end users, consent screens, user settings, alerts, warning, or the like; (h) use the Provider Instance in any of Your Applications to replicate or attempt to replace the user experience of the Provider Offering; or (i) attempt to cloak or conceal your identity or the identity of Your Applications when requesting authorization to use the Provider Instance .
- This Agreement does not entitle you to any support for the Provider Instance. You acknowledge that we may update or modify the Provider Instance from time to time and at our sole discretion (in each instance, an “Update“), and may require you to obtain and use the most recent version of the Provider Instance. Updates may adversely affect how Your Applications communicate with the Provider Offering. You are required to make any changes to the Applications that are required for integration as a result of such Update at your sole cost and expense. Your continued use of the Provider Instance following an Update constitutes binding acceptance of the Update.
3. Service Levels and Support.
Subject to the terms and conditions of this Agreement, Provider shall use commercially reasonable efforts to make the Support Services available in accordance with the service levels set out in EXHIBIT A.
4. Fees and Payment.
- Fees. Customer shall pay Provider the fees (“Fees“) as set forth in the quote agreed to by the Customer without off-set or deduction. Customer shall make all payments hereunder in U.S. dollars on or before the date which is fifteen (15) days from the date of Provider’s invoice. If Customer fails to make any payment when due, without limiting Provider’s other rights and remedies: (i) Provider may charge interest on the past due amount at the rate of eighteen percent (18%) per annum or, if lower, the maximum amount permitted under applicable Law; (ii) Customer shall reimburse Provider for all costs incurred by Provider in collecting any late payments or interest, including legal fees, court costs, and collection agency fees; and (iii) if such failure continues for 30 days or more, Provider may suspend Customer’s and its Authorized Users’ access to any portion or all of the Services until such amounts are paid in full.
- Taxes. All Fees and other amounts payable by Customer under this Agreement are exclusive of taxes and similar assessments. Customer is responsible for all harmonized sales tax (HST), provincial sales tax (PST), goods and services tax (GST), value added tax, sales, use and excise taxes, and any other similar taxes, duties, and charges of any kind imposed by any federal, state, provincial, territorial, or local governmental entity on any amounts payable by Customer hereunder, other than any taxes imposed on Provider’s income.
- Auditing Rights and Required Records. Customer agrees to maintain complete and accurate records in accordance with generally accepted accounting principles during the Term and for a period of two (2) years after the termination or expiration of this Agreement with respect to matters necessary for accurately determining amounts due hereunder. Provider may, at its own expense, on reasonable prior notice, periodically inspect and audit Customer’s records with respect to matters covered by this Agreement, provided that if such inspection and audit reveals that Customer has underpaid Provider with respect to any amounts due and payable during the Term, Customer shall promptly pay the amounts necessary to rectify such underpayment, together with interest in accordance with Section 4(a) . Customer shall pay for the costs of the audit if the audit determines that Customer’s underpayment equals or exceeds five percent (5%) for any quarter. Such inspection and auditing rights will extend throughout the Term of this Agreement and for a period of two (2) years after the termination or expiration of this Agreement.
5. Confidential Information.
From time to time during the Term, either Party may disclose or make available to the other Party information about its business affairs, products, confidential intellectual property, Customer Data, trade secrets, third-party confidential information, and other sensitive or proprietary information, whether orally or in written, electronic, or other form or media/in written or electronic form or media, and whether or not marked, designated, or otherwise identified as “confidential” (collectively, “Confidential Information“). Confidential Information does not include information that, at the time of disclosure is: (a) in the public domain; (b) known to the receiving Party at the time of disclosure; (c) rightfully obtained by the receiving Party on a non-confidential basis from a third party; or (d) independently developed by the receiving Party. The receiving Party shall not disclose the disclosing Party’s Confidential Information to any person or entity, except to the receiving Party’s employees who have a need to know the Confidential Information for the receiving Party to exercise its rights or perform its obligations hereunder. Notwithstanding the foregoing, each Party may disclose Confidential Information to the limited extent required (i) in order to comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable Law, provided that the Party making the disclosure pursuant to the order shall first have given written notice to the other Party and made a reasonable effort to obtain a protective order; or (ii) to establish a Party’s rights under this Agreement, including to make required court filings. On the expiration or termination of the Agreement, the receiving Party shall promptly return to the disclosing Party all copies, whether in written, electronic, or other form or media, of the disclosing Party’s Confidential Information, or destroy all such copies and certify in writing to the disclosing Party that such Confidential Information has been destroyed. Each Party’s obligations of non-disclosure with regard to Confidential Information are effective as of the Effective Date and will survive expiration or termination of the Agreement.
6. Intellectual Property Ownership; Feedback.
- Provider IP. Customer acknowledges that, as between Customer and Provider, Provider owns all right, title, and interest, including all intellectual property rights, in and to the Provider IP and, with respect to Third-Party Products, the applicable third-party providers own all right, title, and interest, including all intellectual property rights, in and to the Third-Party Products.
- Customer Data. Provider acknowledges that, as between Provider and Customer, Customer owns all right, title, and interest, including all intellectual property rights, in and to the Customer Data. Customer hereby grants to Provider a non-exclusive, royalty-free, worldwide licence to reproduce, distribute, and otherwise use and display the Customer Data and perform all acts with respect to the Customer Data as may be necessary for Provider to provide the Services to Customer, and a non-exclusive, perpetual, irrevocable, royalty-free, worldwide licence to reproduce, distribute, modify, and otherwise use and display Customer Data incorporated within the Aggregated Statistics.
- Feedback. If Customer or any of its employees or contractors sends or transmits any communications or materials to Provider by mail, email, telephone, or otherwise, suggesting or recommending changes to the Provider IP, including without limitation, new features or functionality relating thereto, or any comments, questions, suggestions, or the like (“Feedback“), Provider is free to use such Feedback irrespective of any other obligation or limitation between the Parties governing such Feedback. Customer hereby assigns to Provider on Customer’s behalf, and on behalf of its employees, contractors and/or agents, all right, title, and interest in, and Provider is free to use, without any attribution or compensation to any party, any ideas, know-how, concepts, techniques, or other intellectual property rights contained in the Feedback, for any purpose whatsoever, although Provider is not required to use any Feedback.
7. Limited Warranty and Warranty Disclaimer.
- Provider warrants that the Services will conform in all material respects to the service levels set forth in Exhibit A when accessed and used in accordance with the Documentation. Provider does not make any representations or guarantees regarding uptime or availability of the Services unless specifically identified in Exhibit A. The remedies set forth in Exhibit A are Customer’s sole remedies and Provider’s sole liability under the limited warranty set forth in this Section 7(a). THE FOREGOING WARRANTY DOES NOT APPLY, AND PROVIDER STRICTLY DISCLAIMS ALL WARRANTIES, WITH RESPECT TO ANY THIRD-PARTY PRODUCTS.
- EXCEPT FOR THE LIMITED WARRANTY SET FORTH IN SECTION 7(a), THE PROVIDER IP IS PROVIDED “AS IS” AND PROVIDER HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. PROVIDER SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. EXCEPT FOR THE LIMITED WARRANTY SET FORTH IN SECTION 7(a), PROVIDER MAKES NO WARRANTY OF ANY KIND THAT THE PROVIDER IP, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE.
8. Provider Indemnification.
- Provider shall indemnify Customer from and against any and all losses, damages, liabilities and costs (including reasonable legal fees) (“Losses“) incurred by Customer resulting from any third-party claim, suit, action, or proceeding (“Third-Party Claim“) that the Services, or any use of the Services in accordance with this Agreement, infringes or misappropriates such third party’s intellectual property rights, provided that Customer promptly notifies Provider in writing of the claim, cooperates with Provider, and allows Provider sole authority to control the defense and settlement of such claim.
- If such a claim is made or appears possible, Customer agrees to permit Provider, at Provider’s sole discretion, to (A) modify or replace the Services, or component or part thereof, to make it non-infringing, or (B) obtain the right for Customer to continue use. If Provider determines that neither alternative is reasonably available, Provider may terminate this Agreement, in its entirety or with respect to the affected component or part, effective immediately on written notice to Customer.
- This Section 8(a) will not apply to the extent that the alleged infringement arises from: (A) use of the Services in combination with data, software, hardware, equipment, or technology not provided by Provider or authorized by Provider in writing; (B) modifications to the Services not made by Provider; (C) Customer Data; or (D) Third-Party Products.
- Customer Indemnification. Customer shall indemnify, hold harmless, and, at Provider’s option, defend Provider from and against any Losses resulting from any claim that the Customer Data, or any use of the Customer Data in accordance with this Agreement, infringes or misappropriates such third party’s intellectual property rights and any claims based on Customer’s or any Authorized User’s (i) breach of this Agreement, (ii) negligence or wilful misconduct; (iii) use of the Services in a manner not authorized by this Agreement; (iv) use of the Services in combination with data, software, hardware, equipment or technology not provided by Provider or authorized by Provider in writing; or (v) modifications to the Services not made by Provider, provided that Customer may not settle any claim against Provider unless Provider consents to such settlement, and further provided that Provider will have the right, at its option, to defend itself against any such claim or to participate in the defence thereof by counsel of its own choice.
- Sole Remedy. THIS SECTION 8 SETS FORTH CUSTOMER’S SOLE REMEDIES AND PROVIDER’S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED, OR ALLEGED CLAIMS THAT THE SERVICES INFRINGE, MISAPPROPRIATE, OR OTHERWISE VIOLATE ANY INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY.
9. Limitations of Liability.
IN NO EVENT WILL PROVIDER BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY: (a) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, AGGRAVATED, OR PUNITIVE DAMAGES; (b) INCREASED COSTS, DIMINUTION IN VALUE, OR LOST BUSINESS, PRODUCTION, REVENUES, OR PROFITS; (c) LOSS OF GOODWILL OR REPUTATION; (d) USE, INABILITY TO USE, LOSS, INTERRUPTION, DELAY OR RECOVERY OF ANY DATA, OR BREACH OF DATA OR SYSTEM SECURITY; OR (e) COST OF REPLACEMENT GOODS OR SERVICES, IN EACH CASE REGARDLESS OF WHETHER PROVIDER WAS ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE. IN NO EVENT WILL PROVIDER’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE EXCEED THE TOTAL AMOUNTS PAID TO PROVIDER UNDER THIS AGREEMENT IN THE SIX (6) MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM OR $1000, WHICHEVER IS LESS.
10. Term and Termination.
The initial term of this Agreement begins on the Effective Date, and, unless terminated earlier pursuant to this Agreement’s express provisions, will continue in effect until one (1) year from such date (the “Initial Term“). This Agreement will automatically renew for up to two (2) additional successive one (1) year terms (save and except that Fees charged hereunder by Provider may increase in each such one-year renewal term provided however that if the Fees to be charged by Provider increase by an amount greater than seven percent (7%) over the prior year, Provider will give Customer no less than thirty (30) days notice of such increase in Fees) unless earlier terminated pursuant to this Agreement’s express provisions or either Party gives the other Party written notice of non-renewal at least thirty (30) days prior to the expiration of the then-current term (each a “Renewal Term” and together with the Initial Term, the “Term“).
- Termination. In addition to any other express termination right set forth in this Agreement:
- Either Party may terminate this Agreement upon thirty (30) days prior written notice to the other Party.
- Provider may terminate this Agreement, effective on written notice to Customer, if Customer: (A) fails to pay any amount when due hereunder, and such failure continues more than thirty (30) days after Provider’s delivery of written notice thereof; or (B) breaches any of its obligations under Section 1(c) or Section 5;
- either Party may terminate this Agreement, effective on written notice to the other Party, if the other Party breaches this Agreement, and such breach remains uncured thirty (30) days after the non-breaching Party provides the breaching Party with written notice of such breach; or
- either Party may terminate this Agreement, effective immediately upon written notice to the other Party, if the other Party: (A) becomes insolvent or is generally unable to pay, or fails to pay, its debts as they become due; (B) files or has filed against it, a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law; (C) makes or seeks to make a general assignment for the benefit of its creditors; or (D) applies for or has appointed a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business.
- Effect of Expiration or Termination. Upon expiration or earlier termination of this Agreement, Customer shall immediately discontinue use of the Provider IP and, without limiting Customer’s obligations under Section 5, Customer shall delete, destroy, or return all copies of the Provider IP and certify in writing to the Provider that the Provider IP has been deleted or destroyed. No expiration or termination will affect Customer’s obligation to pay all Fees that may have become due before such expiration or termination, or entitle Customer to any refund.
- Survival. This Section 10 and Section 4, Section 5, Section 6, Section 8(b), Section 9, Section 11 and Section 12 shall survive any termination or expiration of this Agreement. No other provisions of this Agreement survive the expiration or earlier termination of this Agreement.
Unless otherwise defined in the Agreement, capitalized terms shall have the following meanings:
- “Aggregated Statistics” means data and information related to Customer’s use of the Services that is used by Provider in an aggregate and anonymized manner, including to compile statistical and performance information related to the provision and operation of the Services. Aggregated Statistics shall not include any individually-identifiable information of any person or household.
- “Authorized User” means Customer’s employees, consultants, contractors, and agents who are authorized by Customer to access and use the Services under the rights granted to Customer pursuant to this Agreement.
- “Confidential Information” has the meaning set forth in Section 5.
- “Customer Data” means, other than Aggregated Statistics, information, data, and other content, in any form or medium, that is submitted, posted, or otherwise transmitted by or on behalf of Customer or an Authorized User through the Services.
- “Documentation” means Provider’s user manuals, handbooks, and guides relating to the Services provided by Provider to Customer either electronically or in hard copy form/Authorized User documentation relating to the Services available at optimy.ai.
- “Feedback” has the meaning set forth in Section 6(c).
- “Fees” has the meaning set forth in Section 4(a).
- “Law” means any statute, law, ordinance, regulation, rule, code, order, constitution, treaty, common law, judgment, decree, or other requirement of any federal, state, provincial, territorial, municipal, or foreign government or political subdivision thereof, or any arbitrator, court, or tribunal of competent jurisdiction.
- “Initial Term” has the meaning set forth in Section 10(a).
- “Losses” has the meaning set forth in Section 8(a)(i).
- “Notice” has the meaning set forth in Section 12(c).
- “Provider IP” means the Services, the Documentation, and all registered and unregistered rights granted, applied for, or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection, or other intellectual property provided to Customer or any Authorized User in connection with the foregoing. For the avoidance of doubt, Provider IP includes Aggregated Statistics and any information, data, or other content derived from Provider’s monitoring of Customer’s access to or use of the Services, but does not include Customer Data.
- “Renewal Term” has the meaning set forth in Section 10(a).
- “Service Suspension” has the meaning set forth in Section 1(e).
- “Services” means the services described in EXHIBIT A.
- “Term” has the meaning set forth in Section 10(a).
- “Third-Party Claim” has the meaning set forth in Section 8(a)).
- “Third-Party Products” means any third-party products described in Section 2(b) provided with or incorporated into the Services.
- During the Term, Customer shall not, directly or indirectly, procure, purchase or otherwise use services, similar to the Services, from any person other than Provider.
- Entire Agreement. This Agreement, together with any other documents incorporated herein by reference and all related Exhibits, constitutes the sole and entire agreement of the Parties with respect to the subject matter of this Agreement and supersedes all prior and contemporaneous understandings, agreements, and representations and warranties, both written and oral, with respect to such subject matter.
- Order of Precedence. In the event of any inconsistency between the statements made in the body of this Agreement, the related Exhibits, and any other documents incorporated herein by reference, the following order of precedence governs: (i) first, this Agreement, excluding its Exhibits; (ii) second, the Exhibits to this Agreement as of the Effective Date; and (iii) third, any other documents incorporated herein by reference.
- Notices. All notices, requests, consents, claims, demands, waivers, and other communications hereunder (each, a “Notice“) must be in writing and addressed to the Parties at the addresses in accordance with this Section (or to such other address that may be designated by the Party giving Notice from time to time in accordance with this Section). Notices sent in accordance with this Section will be deemed effectively given: (a) when received, if delivered by hand, with signed confirmation of receipt; (b) when received, if sent by a nationally recognized overnight courier, signature required; (c) when sent, if by email (with confirmation of transmission) if sent during the addressee’s normal business hours, and on the next business day if sent after the addressee’s normal business hours; or (d) on the FIFTH (5TH) day after the date mailed by certified or registered mail, return receipt requested, postage prepaid. Notices to Provider shall be sent to: 200-60 Atlantic Ave, Toronto, Ontario, Canada, M6K 1X9. Notices to Customer shall be sent to the address of Customer included in the Registration Data.
- Force Majeure. In no event shall Provider be liable to Customer, or be deemed to have breached this Agreement, for any failure or delay in performing its obligations under this Agreement, if and to the extent such failure or delay is caused by any circumstances beyond Provider’s reasonable control, including but not limited to acts of God, epidemics, pandemics, including the 2019 novel coronavirus disease (COVID-19) pandemic, flood, fire, earthquake, explosion, war, terrorism, invasion, riot or other civil unrest, strikes, labour stoppages or slowdowns or other industrial disturbances, or passage of law or any action taken by a governmental or public authority, including imposing an embargo.
- Amendments and Modifications. The terms of this Agreement and any schedule or exhibit hereto may be amended from time to time by Provider, provided that all such amendments shall be provided to Customer and shall take effect 60 days after provision of the notice of such amendments are provided by Provider to Customer and provided further than if Customer does not agree to the amendments, it may terminate this Agreement pursuant to Section 10(b)(i).
- Waiver. No waiver by any Party of any of the provisions hereof will be effective unless explicitly set forth in writing and signed by the Party so waiving. Except as otherwise set forth in this Agreement, (i) no failure to exercise, or delay in exercising, any rights, remedy, power, or privilege arising from this Agreement will operate or be construed as a waiver thereof, and (ii) no single or partial exercise of any right, remedy, power, or privilege hereunder will preclude any other or further exercise thereof or the exercise of any other right, remedy, power, or privilege.
- Severability. If any provision of this Agreement is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability will not affect any other term or provision of this Agreement or invalidate or render unenforceable such term or provision in any other jurisdiction.
- Governing Law. This Agreement and all related documents, and all matters arising out of or relating to this Agreement, whether sounding in contract, tort, or statute, are governed by, and construed in accordance with, the laws of the State of Delaware, without giving effect to any choice or conflict of law provision or rule that would cause the application of the laws of any jurisdiction other than those of the State of Delaware.
- Choice of Forum. Any legal suit, action, litigation, or proceeding of any kind whatsoever in any way arising out of, from or relating to this Agreement, including all statements of work, exhibits, schedules, attachments, and appendices attached to this Agreement, the services provided hereunder, and all contemplated transactions, shall be instituted in the federal or state courts of the State of Delaware, in each case located in the County of New Castle, and each Party irrevocably submits to the exclusive jurisdiction of such courts in any such suit, action, litigation, or proceeding. Service of process, summons, notice, or other document by mail to such Party’s address set forth herein shall be effective service of process for any suit, action, litigation, or other proceeding brought in any such court. Each Party agrees that a final judgment in any such suit, action, litigation, or proceeding is conclusive and may be enforced in other jurisdictions by suit on the judgment or in any other manner provided by law. The Parties irrevocably and unconditionally waive any objection to the venue of any action or proceeding in such courts and irrevocably waive and agree not to plead or claim in any such court that any such action or proceeding brought in any such court has been brought in an inconvenient forum.
- Assignment and Subcontracting. Customer may not assign or subcontract any of its rights or delegate any of its obligations hereunder, in each case whether voluntarily, involuntarily, by operation of law or otherwise, without the prior written consent of Provider, which consent shall not be unreasonably withheld, conditioned, or delayed. Any purported assignment or delegation in violation of this Section will be null and void. No assignment or delegation will relieve the assigning or delegating Party of any of its obligations hereunder. Provider may assign this Agreement and any of its rights and obligations hereunder to a third party. Provider may subcontract any of its rights and obligations hereunder to a third party. This Agreement is binding upon and inures to the benefit of the Parties and their respective permitted successors and assigns.
- Equitable Relief. Each Party acknowledges and agrees that a breach or threatened breach by such Party of any of its obligations under Section 5 or, in the case of Customer, Section 1(c), would cause the other Party irreparable harm for which monetary damages would not be an adequate remedy and agrees that, in the event of such breach or threatened breach, the other Party will be entitled to equitable relief, including a restraining order, an injunction, specific performance, and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity or otherwise.
13. Data Privacy.
- Customer acknowledges and agrees that the performance of this Agreement and the use of the Services hereunder may, at times, implicate and be subject to certain data privacy and security laws of various jurisdictions, including jurisdictions in which the Customer operates or in which its Authorized Users are located. All such laws are referred to herein as the “Data Privacy Laws” and may include, but are not limited to, and as applicable to a particular arrangement, (a) General Data Protection Regulation 2016/679 (the “GDPR”), (b) United Kingdom Data Protection Act of 2018 and the United Kingdom General Data Protection Act, (c)Switzerland’s Federal Act on Data Protection 1992as revised and implemented to conform to the GDPR, and (d) consumer privacy laws of certain states of the United States of America, including but not limited to California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) (collectively the “CPRA”), the Colorado Privacy Act (SB 21-190), the Connecticut Data Privacy Act (P.A. No. 22-15), the Utah Consumer Privacy Act (S.B. 227), and the Virginia Consumer Data Protection Act (VA Code § 59.1-575), each as may be amended or superseded from time to time.
- Customer hereby enters into the Data Privacy Addendum attached hereto as Exhibit B, and such Data Privacy Addendum is incorporated into and made part of this Agreement.
Services and Service Levels
DESCRIPTION OF SERVICES: website plug-in to enable video chat between consumers on Customer’s website and the Customer’s employees alongside an employee portal that provide sales enablement functionality to the Customer’s sales staff.
The Provider’s software and Services currently supports the following Browser and Operating Systems (which is subject to change without notice in Provider’s sole discretion).
In the event that Company cannot meet the technical requirements listed, then Provider will be under no obligation to provide the support services described in this Exhibit A during the pendency of any such failure.
- HELPDESK SERVICES.
Provider shall provide to Company the Helpdesk Services specified in an Order, if any. The details related to each of the different Helpdesk Services are set forth below:
HELP DESK AND SUPPORT
- “Taking Charge” means registration of the Incident, including assignment of the ticket number to the Customer and saving the request in the Helpdesk system.
- “Incident” means a support request as defined in the Severity Descriptions below.
- “Production Instance” means a instance which is tied to an Active User subscription.
- “First Response” means the first interaction with Customer (via Ticket) aimed at the diagnosis of the problem. The number of business hours to first reply is calculated using the business hours of the agent assigned to the specific ticket/support request.
- “ETA” means the estimated time for resolution of the problem. Customer will be updated if ETA materially changes.
- “Fixed” means the problem has been resolved in Provider’s reasonable discretion and Customer has been informed about the resolution of the problem.
- “Business Hours” are defined as the operating hours for the Provider Support team, currently 9AM – 6PM CET & 9AM-6PM Eastern Daylight Time.
|Table 1 – Severity Descriptions|
|Urgent||Critical production issue affecting all users, including system unavailability, with no workaround available.|
|High||Issue is persistent, affects many users and/or impacts core functionality or results in significant performance degradation with no reasonable workaround available.|
|Normal||Errors in functionality within the application, often accompanied by workarounds or affecting some, but not all, users.|
|Low||General inquiries on the use of the application or; cosmetic errors or incidents which otherwise do not require immediate attention or; rare errors that appear during unusual conditions or are otherwise unlikely in normal use or; errors which have a sustainable workaround.|
|Table 2 – Growth Plan Service Level Targets*|
|Ticket Severity||First Reply||Resolution/Mitigation ETA|
|Urgent||4 Business Hours||6 Business Hours or as soon as feasible or practical.|
|High||12 Business Hours||As soon as feasible or practical.|
|Normal||16 Business Hours||As soon as feasible or practical.|
|Low||24 Business Hours||None.|
- Urgent SLA applies only to issues submitted via JIRA web form and confirmed as Urgent by Provider.
- This table applies only to Production Instances and only to tickets submitted from the Provider Communication Center (JIRA), the Support Web Form. For the avoidance of doubt, in platform chat and tickets generated from in-platform chat do not apply to these target metrics.
Helpdesk standard process description
It is possible to contact the helpdesk 24/7 using the helpdesk tool available within the Provider platform, which is fully integrated with the Provider ticket management system.
- TICKETING REQUIREMENTS.
To receive these support services and for Provider to maintain the Service Level agreed, Customer shall reasonably cooperate with Provider to resolve support incidents. Customer shall have adequate technical expertise and knowledge of their configuration of Provider Services to provide relevant information to enable Provider to reproduce, troubleshoot, and resolve the incident or issue identified by Customer. The following information should be provided at all times as a minimum by Customer, whenever possible, to ensure Provider’s ability to address Support Requests. Tickets lacking this information will not be considered as part of the Service Level reports:
- Detailed description of the issue, with as much detail as can be provided of the problem in a clear step by step format.
- The URL of the platform where the issue is occurring.
- The error message provided, and exact steps to reproduce the error.
- The user(s) that are affected by the issue.
- The applicable screenshot or video capture.
- CUSTOMER’S GENERAL RESPONSIBILITIES.
Customer will be responsible for: (a) reporting errors promptly; (b) providing sufficient information for Provider to duplicate the error, assess the situation, and undertake any needed or appropriate corrective action; (c) otherwise following instructions or suggestions from Provider regarding use, maintenance, upgrades, repairs, workarounds, or other related matters; and (d) designating one (1) members of its staff to serve as Customer’s system administrators to contact Provider with support issues. Provider’s successful response and provision of Helpdesk Services is subject to Customer’s assistance and compliance, including (i) at Provider’s reasonable request, Customer will provide Provider with reasonable access to Customer’s personnel and equipment during normal business hours to discuss and assess any problems or requests for assistance; and (ii) Customer will document and promptly report to Provider all errors or malfunctions of the Services. It is Customer’s responsibility to carry out procedures necessary at Customer’s facilities for the rectification of errors or malfunctions within a reasonable time after such procedures have been received from Provider.
- REPRODUCING ERRORS
Provider must be able to reproduce errors in order to resolve them. Customer agrees to cooperate and work closely with Provider to reproduce errors, including conducting diagnostic or troubleshooting activities as reasonably requested and appropriate. Also, subject to Customer’s approval, on a case-by-case basis, Users may be asked to provide remote access to their Provider account and/or desktop for troubleshooting purposes.
Issues that arise in the following categories are outside of the scope of support offered above, and will have no Service Level Agreement attached: Internet connectivity or performance issues, or system specific computer issues.
- ADDITIONAL CHARGES
If a reported problem (or if Customer otherwise requests assistance) is outside the scope of Helpdesk Services, Provider will notify Customer to that effect and reserves the right, upon Customer’s confirmation to move forward, to charge Customer at $180/hour for all associated work, for which Customer agrees to pay Provider promptly upon receiving an invoice; provided, however, that Provider shall inform Customer in advance of the possible incurrence of such fees and Customer shall have pre-approved the same.
7. UPTIME AVAILABILITY.
If Provider fails to achieve the Availability Percentage for two (2) consecutive calendar months, then, as the Customer’s sole remedy for such failure, the Customer will be granted Service Credits. Service Credits are calculated as a percentage of the total charges paid by the Customer to Provider in the Region affected by Unavailability in accordance with the schedule below. In the event that the Customer elects to terminate this
Agreement for failure to achieve the Availability Percentage for six (6) consecutive calendar months within the notice period given below, then no refunds shall be issued with respect to such affected months.
Monthly Uptime Percentage Service Credit Percentage
Less than 99.7% but equal to or greater than 99.0% 10%
Less than 99.0% 30%
Provider will apply Service Credits only against future payments due from the Customer. Service Credits will not entitle Customer to a refund or other payment from Provider. Service Credits may not be transferred or applied to any other account. Unless otherwise provided in the Provider Agreement, the Customer’s sole remedy for any unavailability, non-performance, or other failure by Provider to provide Uptime is the receipt of a Service Credit (if eligible) in accordance with the terms of this SLA. To receive a Service Credit, the Customer must submit a claim by within 30 days after the reported issue via a support claim ticket and email to designated Customer Success team reporting ticket number. If the Monthly Uptime Percentage of such request is confirmed by Provider and is less than the Service Commitment, then Provider will issue the Service Credit to Customer within one billing cycle following the month in which your request is confirmed by Provider. Customer’s failure to provide the request and other information as required above will disqualify Customer from receiving a Service Credit.
8. GROWTH ONBOARDING SERVICES
Provider shall provide Customer with its Growth package of Onboarding services, which includes the following features (remotely delivered):
Provider shall provide Customer with its Growth package of Onboarding services, which includes the following features (remotely delivered):
- A customer success team to support up to 3 hours of website installation, onboarding support and training of the Customer’s staff how to use the tool’
- Basic customization of the tool through the configuration document completed during the Onboarding services;
- Access to Provider’s tool sandbox to practice using the tool in a secure learning environment; and
- Access to a directory of pre-recorded, on-demand demos and training sessions.
During the Delivery Period, Customer shall be responsible for the following:
- Customer shall support Provider personnel, to the best of its ability, in all tasks related to Onboarding.
- Customer shall appoint a project lead representative (the “Customer Representative”) who shall function as the first point of contact with Customer regarding all Onboarding matters and who shall be primarily responsible for Customer’s obligations with respect thereto. Customer shall notify Provider promptly upon any change in such Customer Representative.
- Customer shall make critical personnel available for scheduled meetings as the parties shall agree, and reasonably available for all other tasks or meetings determined to be necessary for successful Onboarding.
In the event that Customer fails to meet the foregoing obligations during the Delivery Period, through no fault of Provider’s, then Provider shall be under no obligation to extend such Delivery Period, even if Onboarding has not yet been fully completed.
Data Privacy Addendum
“Affiliate” means any entity that directly, or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with the Party. For purposes of this definition, the term “control” means the power (or, as applicable, the possession or exercise of the power) to direct, or cause the direction of, the management, governance, or policies of a given entity, directly or indirectly, through any applicable means (whether through the legal, beneficial, or equitable ownership, of more than fifty percent (50%) of the aggregate of all voting or equity interests or securities of such entity, through partnership, or through some other form of ownership interest, by contract, or other applicable legal document, or otherwise).
“Applicable Law” means any international, foreign, national, federal, state, or local statutes, ordinances, regulations, rules, executive orders, supervisory requirements, directives, circulars, opinions, judgments, interpretive letters, official releases, and other pronouncements having the effect of law and requirements or standards issued by a self-regulatory organization which apply from time to time to the person or activity in the circumstances in question. Applicable Law includes any of the foregoing as amended from time to time and any successor legislation thereto and any regulations promulgated thereunder.
“Controller” means either: (a) the meaning set forth in the relevant Data Privacy Laws; or (b) absent such a definition, the Party that, alone or jointly with others, determines the means and purpose of the Processing of Personal Data. Without limiting the foregoing, the term “Controller” includes a “business” under the CPRA.
“Data Subject” means either: (a) the meaning set forth in the relevant Data Privacy Laws; or (b) absent such a definition, the individual who is the subject of Personal Data that Provider Processes for Customer. Without limiting the foregoing, the term “Data Subject” includes a “consumer” as defined under the CPRA.
“Personal Data” means any information Provider Processes for Customer that: (a) the relevant Data Privacy Laws otherwise define as “personal information” or “personal data.”; or (b) in absence of such a definition in the relevant Data Privacy Laws, such information that identifies or relates to an individual who can be identified directly or indirectly from that data alone or in combination with other information in Provider’s possession or control or that Provider is likely to have access to. Without limiting the foregoing, the term “Personal Data” includes any “personal data” as defined under the GDPR and any “personal information” as defined under the CPRA.
“Process” means either: (a) the meaning set forth in the relevant Data Privacy Laws; or (b) absent such a definition, any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction. Processing also includes transferring Personal Data to third-parties. The terms “Processing” and “Processed” have a correlative meaning.
“Processor” means either: (a) the meaning set forth in the relevant Data Privacy Laws; or (b) absent such a definition, the Party that Processes the Personal Data on behalf of the Controller. Without limiting the foregoing, the term “Processor” includes a “service provider” under the CPRA.
“Security Incident” means any act or omission that materially compromises or is reasonably likely to materially compromise either the security, confidentiality, or integrity of Personal Data or the physical, technical, administrative, or organizational safeguards put in place by Provider, that relate to the protection of the security, confidentiality, or integrity of Personal Data. Without limiting the foregoing, a material compromise includes any accidental, unlawful, or unauthorized use, modification, loss, compromise, destruction, or disclosure of, or access to, Personal Data. Notwithstanding the foregoing, the term “Security Incident” does not include any event that does not result in any unauthorized access to Personal Data or to Provider’s equipment or facilities storing Personal Data, including, without limitation, pings and other broadcast attacks on firewalls or other network equipment, port scans, unsuccessful logon attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access beyond communication headers) or similar incidents.
“Subprocessor” means a third-party engaged by Provider to assist with the provision of the Services which involve the Processing of Personal Data.
3. Relationship of the Parties
4. Customer Obligations
- Compliance with Laws. Customer shall, in its use of the Services, Process the Personal Data in accordance with the requirements of applicable Data Privacy Laws.
- Customer Instructions. Customer’s instructions to Provider for the Processing of Personal Data will comply with Data Privacy Laws and Customer will have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data.
- Data Protection Officers and Representatives. To the extent required by applicable Data Privacy Laws, Customer shall appoint data protection representatives and/or data protection officers in all applicable jurisdictions.
5. Provider Obligations
- Scope of Processing. The nature, scope, and purpose of the Processing of Personal Data is set forth in Annex 1.
- Compliance with Data Privacy Laws. Provider will comply in all material respects with applicable Data Privacy Laws with respect to its Processing of Personal Data and provision of the Services.
- Data Protection Officers and Representatives. To the extent required by applicable Data Privacy Laws, Provider shall appoint one or more data protection representatives and/or data protection officers in the applicable jurisdictions.
- Excess Processing Requirements. In the event Provider is required under any applicable Data Protection Law to Process the Personal Data in excess of Customer’s documented instructions, Provider shall immediately notify Customer of such a requirement, unless such applicable Data Protection Law prohibits such notification, in which case Provider shall notify Customer of this required Processing as soon as the applicable Data Protection Law permits it to do so.
- Assistance in Compliance with Obligations under Data Privacy Laws. Taking into account the nature of Provider’s Processing and the information available to Provider, Provider shall reasonably assist Customer in meeting Customer’s compliance obligations under the Data Privacy Laws (including, without limitation, Customer’s security requirements, notifications or other communications related to any Security Incidents, responding to Data Subject Requests, and any data privacy impact assessments and/or prior consultations with supervisory authorities or other competent data privacy authorities provided for under applicable Data Privacy Laws) through appropriate technical and organizational measures. Provider reserves the right to invoice, and Customer shall pay, for any additional costs arising from Provider’s provision of such assistance.
- Cooperation with Regulators. At Customer’s sole cost and expense, Provider and its representatives shall cooperate, upon request from Customer, with any and all requests from data protection authorities and regulators having jurisdiction over Customer, including those with jurisdiction to monitor and ensure compliance with applicable Data Privacy Laws.
- Requests from Customer. Provider shall promptly comply with any Customer request or instruction requiring Provider to amend, transfer, delete, or perform any other lawful Processing of Personal Data, and to stop, mitigate, or remedy any unauthorized Processing.
- Data Analytics; Anonymized Personal Data. Any data collected pursuant to data analytics or monitoring carried out by Provider in connection with the provision of the Services or otherwise connected with Customer’s use of the Services may include Personal Data. Provider may aggregate, de-identify, or anonymize Personal Data and use such aggregated, de-identified, or anonymized data, which shall no longer be considered Personal Data, for its own reasonable purposes. Customer hereby authorizes Provider to Process the Personal Data for the purposes described in this paragraph.
6. Complaints; Data Subject Requests; and Third Party Rights
- Complaints and Other Communication. Provider shall notify Customer in the event it receives any request, complaint, or communication relating to Customer’s obligations under Data Privacy Laws (including from data protection authorities and/or supervisory authorities). To the extent permitted by applicable Data Privacy Laws, Provider shall obtain specific written consent and instructions from Customer prior to responding to such request, complaint, or communication.
- Data Subject Requests Received by Provider. Provider shall, to the extent permitted under Applicable Law, promptly notify Customer if Provider receives a request from a Data Subject or their representative to exercise any rights provided to Data Subject with respect to their Personal Data under applicable Data Privacy Laws, including, but not limited to, any rights of access, rectification, erasure, data portability, or restriction of Processing, right to object to Processing, right to not have their Personal Data shared or sold, or not to be subject to automated decision making (“Data Subject Request”).
- Assistance with Data Subject Requests. Taking into account the nature of the Processing, Provider shall provide all reasonable assistance to Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Customer’s obligation to respond to a Data Subject Request under applicable Data Privacy Laws. The parties agree and acknowledge that Provider may, but is not required to, fulfill its obligations described in the foregoing sentence by providing Customer with access to features and functions of the Services such that Customer can fulfill the Data Subject Request without assistance from Provider. To the extent Customer, in its use of the Services, does not have the ability to address a Data Subject Request, Provider shall, upon Customer’s request, provide commercially reasonable efforts to assist Customer in responding to such Data Subject Request, to the extent Provider is legally permitted to do so and the response to such Data Subject Request is required under applicable Data Privacy Laws. To the extent legally permitted, Customer shall be responsible for any reasonable costs arising from Provider’s provision of such assistance.
8. Security Measures
9. Security Incidents
Customer authorizes Provider to engage Subprocessors to Process the Personal Data. A list of Provider’s current Subprocessors is set out in Annex 2. Provider shall notify Customer in advance of any changes to the Subprocessors set out in Annex 2. Provider shall impose data protection obligations substantially similar to those set out in this DPA on any approved Subprocessor prior to the Subprocessor Processing any of the Personal Data.
11. Compelled Disclosures
Any disclosure by Provider or its representatives of any of the Personal Data pursuant to applicable federal, state, or local law, regulation, or valid order issued by a court or governmental agency of competent jurisdiction (a “Legal Order”) will be subject to the terms of this Section 12. Prior to making such a disclosure, Provider shall, to the extent permitted under the Legal Order, make commercially reasonable efforts to provide Customer with: (a) prompt written notice of the disclosure requirements set forth in the Legal Order so that Customer may seek, at its sole cost and expense, a protective order or other remedy; and (b) reasonable assistance, at Customer’s sole cost and expense, in opposing such disclosure or seeking a protective order or other limitations on disclosure. If, after providing such notice and assistance as required herein, Provider remains subject to a Legal Order to disclose any Personal Data, Provider shall, upon Customer’s request, use commercially reasonable efforts to obtain assurances from the applicable court or agency that such Personal Data will be Processed solely to the extent necessary and otherwise remain confidential.
12. Cross-Border Transfers of Personal Data
Neither Customer nor Provider shall transfer any Personal Data to another country unless the transfer complies with the Data Privacy Laws. Provider may transfer and process Personal Data anywhere in the world where Provider, its Affiliates or its Subprocessors maintain data processing operations. To the extent that Provider processes (or causes to be processed) any Personal Data originating from the European Economic Union in a country that has not been recognized by the European Commission as providing an adequate level of protection for Personal Data, Provider shall put in place such measures as are necessary to ensure the transfer is in compliance with EU Data Privacy Laws, which may include the execution of standard contractual clauses approved by the European Commission or the putting in place of any other valid transfer mechanism under Data Privacy Laws.
13. Term and Termination
- Survival. In the event Provider retains Personal Data after the Term for any reason, Provider shall continue to comply with the confidentiality and privacy obligations hereunder until it is no longer in possession of Personal Data, and such obligations shall survive past the Term of this Data Privacy Addendum until such time that Processor and all of its Subprocessors no longer Process such Personal Data. In addition, any provision of this DPA that expressly or by implication should come into or continue in force on or after such period described in the foregoing sentence in order to protect Personal Data will remain in full force and effect.
14. Personal Data Return and Destruction
- Retention of Data on Backup; Retention Required by Law. Notwithstanding the foregoing, to the extent it is not commercially reasonable for Provider or its Subprocessors to remove Personal Data from archive or other backup media, Provider may retain Personal Data on such media in accordance with its backup or other disaster recovery procedures. If any Applicable Law or Legal Order requires Provider to retain any Personal Data that Provider would otherwise be required to return or destroy, it shall notify Customer in writing of that retention requirement, giving details of the Personal Data that it must retain, the legal basis for retention, and establishing a specific timeline for destruction once the retention requirement ends.
15. Records; Audits
- Records. Provider shall keep, and shall require its Subprocessors to keep, reasonably detailed, accurate, and up-to-date books, records, and other documents (including computer files) regarding any Processing of Personal Data it carries out for Customer, including but not limited to, the access, control, and security of the Personal Data, approved Subprocessors and Affiliates, the Processing purposes, and any other records required by the applicable Data Protection Law (collectively, the “Records”). Such Records shall be maintained during the Term and, unless Data Protection Law requires a longer retention period, for a period of at least ninety (90) days after the Term.
- Demonstrating Compliance. Upon Customer’s request, Provider shall make available to Customer Records and other information as necessary to demonstrate Provider’s (and its Subprocessors’) material compliance with this DPA and any applicable Data Privacy Laws.
- Customer Audits. Customer shall have the right to request or mandate an audit by instructing Provider to carry out an audit or permit Customer or its designated representative to carry out an audit of Provider, provided that no such audit has been requested by Customer or performed by Provider in the past twelve (12) month period.
- Amendment. This Data Privacy Addendum may not be amended or modified except in writing signed by authorized representatives of both Parties.
- Headings. The headings in this Data Privacy Addendum are for reference only and shall not affect the interpretation of this Data Privacy Addendum.