Terms of Service
PLEASE READ THE FOLLOWING TERMS AND CONDITIONS OF SERVICE (“TERMS”), WHICH ALONG WITH THE ORDER FORM(S) (DEFINED BELOW) THAT REFERENCE THESE TERMS, THE EXHIBITS ATTACHED TO THESE TERMS, AND ANY RIDERS EXECUTED BY THE PARTIES THAT REFERENCE THESE TERMS (COLLECTIVELY, THE “AGREEMENT”) CONSTITUTE THE AGREEMENT BETWEEN THE ENTITY IDENTIFIED AS THE CUSTOMER ON THE ORDER FORM (“CUSTOMER”), AND JETPACK TECHNOLOGIES, INC. (“JETPACK”). BY EXECUTING AN ORDER FORM THAT REFERENCES THESE TERMS, OR BY ACCESSING OR USING ANY JETPACK OFFERINGS (DEFINED BELOW), CUSTOMER IS ACCEPTING AND AGREEING TO BE BOUND BY AND TO COMPLY WITH ALL OF THE TERMS OF THE AGREEMENT. THE AGREEMENT REPRESENTS THE ENTIRE AGREEMENT BETWEEN THE PARTIES CONCERNING THE JETPACK OFFERINGS DESCRIBED IN THE ORDER FORM(S) AND IT SUPERSEDES ANY PRIOR PROPOSAL, REPRESENTATION, OR UNDERSTANDING BETWEEN THE PARTIES, INCLUDING, WITHOUT LIMITATION, THE TERMS OF ANY PURCHASE ORDER OR OTHER ORDERING DOCUMENT SUBMITTED BY CUSTOMER TO JETPACK (OTHER THAN ORDER FORMS), WHICH SHALL BE OF NO FORCE OR EFFECT. IF YOU ARE ENTERING INTO THE AGREEMENT ON BEHALF OF A LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THE AGREEMENT.
1. DEFINITIONS. The following terms have the meanings set forth below, unless otherwise indicated:
- 1.1 “Affiliate” means an entity that controls, is controlled by or is under common control with another entity, where “control” refers to ownership or the right to direct more than 50% of the outstanding shares or securities representing the right to vote for the election of directors or other managing authority of another entity.
- 1.2 “Auxiliary Program” means any software that Jetpack makes available to Customer for purposes of facilitating access to, operation of, and/or use with, the applicable Product.
- 1.3 “Customer Data” means all data submitted or otherwise transmitted by or on behalf of Customer or any User and received and analyzed by the SaaS Services.
- 1.4 “Deliverable” means all works of authorship, formulas, algorithms, databases, scripts, modifications, configurations, designs, and other inventions (whether patentable or not) that Jetpack authors, makes, conceives, reduces to practice, develops or otherwise creates, either alone or jointly with others, while performing Professional Services.
- 1.5 “Documentation” means the then-current technical specifications for a Product contained in the user and system documentation made generally available to Jetpack customers through the Jetpack Community Portal and otherwise.
- 1.6 “Jetpack Materials” all documentation, materials, methodologies, processes, techniques, inventions, ideas, concepts, trade secrets, and know-how embodied in the Products or Deliverables, or that Jetpack may develop or supply in connection with the Products or Deliverables.
- 1.7 “Jetpack Offerings” means the Products and Professional Services.
- 1.8 “Jetpack Properties” means the Products, Documentation, Deliverables, and Jetpack Materials, including all copies, portions, extracts, selections, arrangements, compilations, adaptations, modifications and improvements thereof, and all derivative works of any of the foregoing.
- 1.9 “Intellectual Property Rights” means (i) patents and patent rights, rights of priority, mask work rights, copyrights, moral rights, trade secrets, know-how and any other form of intellectual or industrial property rights; (ii) any other protected rights or assets and any licenses and permissions in connection therewith; (iii) trademarks, trade names, logos, service marks, designs and other designations of source; in each case (i), (ii) or (iii), recognized in any country or jurisdiction of the world, and whether or not registered or able to be registered and for the full period thereof, and all extensions and renewals thereof, and all applications for registration in connection with the foregoing.
- 1.10 “On-Premise Software” means the software product(s) provided in machine-readable object code form to Customer as identified on the Order Form, and if applicable, new releases, versions and updates to the foregoing provided as part of Maintenance and Support or otherwise during the Term. On-Premise Software may, in Jetpack’s discretion, be offered on a perpetual basis or on a subscription basis for a limited term.
- 1.11 “Maintenance and Support” means the Product updates and technical support services generally made available to Jetpack customers who have purchased Maintenance and Support, as specified in the Maintenance and Support policy posted in the Jetpack Community Portal.
- 1.12 “Open Source Software” means any open source, community, or other free code or libraries of any type, including, without limitation, any code which is generally made available on the internet without charge, such as, for illustrative purposes only, any code licensed under the GNU Affero General Public License (AGPL), GNU General Public License (GPL), GNU Lesser General Public License (LGPL), Mozilla Public License (MPL), Apache License, BSD licenses, or other licenses approved by the Open Source Initiative at https://opensource.org/licenses.
- 1.13 “Order Form” means each Jetpack order form, product schedule, renewal quote or other order document that references these Terms and that is signed by the duly authorized representatives of both parties, or Jetpack quote which by its terms is accepted by the issuance of a purchase order by Customer or its authorized representative, which identifies the Product, Maintenance and Support, and/or Professional Services ordered by Customer. An Order Form may include an SOW.
- 1.14 “Personal Information” means any information that by itself or in combination with other information does or can identify a specific individual or as defined in the Applicable Privacy Laws.
- 1.15 “Products” means the On-Premise Software and SaaS Subscriptions.
- 1.16 “Professional Services” means any implementation, training, consulting, performance analysis, or other professional services provided by Jetpack as set forth on an Order Form or in a SOW.
- 1.17 “Statement of Work” or “SOW” means a written description of the Professional Services to be provided to Customer pursuant to the terms of the Agreement.
- 1.18 “SaaS Subscriptions” means the hosted services provided by or on behalf of Jetpack to Customer pursuant to an Order Form, including the electronic reports, analyses, and statistical and performance related information generated by the SaaS Subscription.
- 1.19 “Term” means the period for Customer’s access to the SaaS Subscriptions or use of the On-Premise Software (whether perpetual, limited or subscription) set forth in an Order Form.
- 1.20 “Subsidiary” means a subsidiary which is greater than fifty percent (50%) owned by a party.
- 1.21 “Users” means Customer or a Subsidiary’s employees and Third-Party Users (as defined in Section 3), if applicable, for whom use and access has been purchased, or obtained for Evaluation.
2. AGREEMENT; ORDER OF PRECEDENCE. The Agreement governs the use by Customer and its Users of the Jetpack Offerings. Each Order Form that incorporates these Terms will constitute a separate Agreement, and govern its own subject-matter and not any other subject-matter of these Terms. In the event of a conflict between an Order Form and these Terms, these Terms will take precedence, except for (a) any matter that these Terms expressly permit to be established or modified in an Order Form or SOW, or (b) any specific provision in an Order Form that expresses an intent to supersede a specified provision in these Terms. Customer agrees that the terms of this Agreement supersede the terms of any purchase order or other ordering document issued by Customer.
3. THIRD PARTY USERS. Customer may designate its third-party contractor as a “User” as required to facilitate Customer’s use of the Products provided under this Agreement for Customer’s internal business operations, provided that use and access by any third-party User must be under obligation of non-disclosure consistent with Section 15 (Confidentiality), solely for Customer’s or its Subsidiary’s benefit, and otherwise subject to the terms of this Agreement. Customer accepts responsibility for the acts or omissions of such third-party Users as if they were its own, and agrees to enforce (and to enable Jetpack to enforce) the terms of this Agreement against third-party Users.
4. LICENSE GRANT. The license and use rights for the Product granted hereunder are subject to compliance by Customer and its Users with the terms of the Agreement, and may be suspended or terminated as set forth in Sections 8 (Payment) or 17 (Termination).
- On-Premise Software. Jetpack grants Customer, during the Term, a limited, non-exclusive, non-transferable right and license (without the right to grant or authorize sublicenses) to install and use the On-Premise Software solely by Customer and its Users within the territory, scope and type of use set forth in the applicable Order Form for Customer’s internal business purposes, in accordance with the Documentation and this Agreement. Customer may reproduce the On-Premise Software and Documentation as reasonably necessary to support its authorized use of the On-Premise Software, and for backup and archival purposes, provided such copies include the Jetpack trademarks, trade names, logos, and other proprietary rights notices present on the On-Premise Software and Documentation.
- SaaS Subscription. Jetpack grants Customer, during the Term, a limited, non-exclusive, non-transferable right for its Users to access and use the SaaS Subscription, solely by Customer and its Users within the territory, scope and type of use set forth in the applicable Order Form for Customer’s internal business purposes, in accordance with the Documentation and this Agreement.
- Open Source Software. Notwithstanding the foregoing license grants, this Agreement is not meant to change or supersede the terms of any Open Source Software license applicable to any portion of the Products. To the extent that the terms of any such license applicable to any portion of the Products conflict with the license grants set forth herein, the terms of such Open Source Software license will prevail.
5. MODIFICATIONS AND SUPPORT.
5.1 Modifications. Jetpack reserves the right, in its sole discretion, to make changes to the SaaS Subscription, Acceptable Use Policy, and other published policies, including, without limitation, changes required to comply with applicable law. It is Customer’s responsibility to regularly check the Jetpack Properties for updates. Jetpack may make new applications, tools, features or functions available from time to time through the SaaS Subscription, the use of which may be contingent upon Customer’s agreement to additional terms.
5.2 Maintenance and Support. Jetpack will provide Maintenance and Support for Products as specified in the relevant Order Form and Jetpack’s Maintenance and Support policy posted in the Jetpack Community Portal, subject to the payment of any Maintenance and Support fees set forth in such Order Form, including reinstatement fees (if applicable).
6. EVALUATION OF PRODUCTS. This Section 6 only applies if the Customer has been provided evaluation access to a Product, either through a trial download of On-Premise Software or a free trial to a SaaS Subscription (“Evaluation Access”). Evaluation Access to the Products is subject to all restrictions set forth in this Agreement. In addition, Evaluation Access is provided for the sole and exclusive purpose of enabling Customer to evaluate the Product and will not be put into productive use or included as part of Customer’s business processes in any manner, unless and until a license or subscription is purchased by Customer. Evaluation Access is provided “AS IS”, with no warranties of any kind, express or implied. Certain features may not be available for use during the period of Evaluation Access. Unless otherwise agreed in writing, the period for Evaluation Access will be fifteen (15) days, beginning on the date Jetpack provides such access. Evaluation Access will automatically time-out at the end of the relevant evaluation period without further notice, and may be terminated by Jetpack at any time and for any reason.
7. PROFESSIONAL SERVICES. This Section 7 applies only to an Order Form that includes Professional Services.
7.1 Statements of Work. Jetpack will provide the Professional Services identified on an Order Form, which may be further described in one or more SOWs, subject to these Terms which are incorporated by reference into each SOW. Each SOW may include, without limitation: (i) a description of the scope and type of Professional Services; (ii) the location where the Professional Services will be performed; (iii) any Deliverables; (iv) the schedule for performance and delivery of Deliverables; and (v) additional fees and payment terms applicable to the Professional Services. Jetpack and Customer will cooperate to enable Jetpack to perform the Professional Services according to the performance schedule and delivery terms in the SOW, if any, and Customer will perform any Customer obligations specified in the SOW. Jetpack will not be liable to the extent its performance under a SOW is affected by Customer delay, failure to cooperate or to fulfill Customer obligations under the SOW.
7.2 Deliverables. Jetpack retains all Intellectual Property Rights in the Deliverables and other works prepared by Jetpack under this Agreement. Subject to Customer’s compliance with this Agreement, Jetpack hereby grants Customer, during the Term, a limited, non-exclusive, non-transferable, license to use and reproduce the Deliverables, solely for its internal business purposes with Customer’s related use of the applicable Product. Notwithstanding any other provision of this Agreement, (i) nothing herein will be construed to assign or transfer any Intellectual Property Rights in the Jetpack Materials used by Jetpack to develop the Deliverables, and to the extent such Jetpack Materials are delivered with or as part of the Deliverables, they are licensed, not assigned, to Customer, on the same terms as the Deliverables.
8. PRICING, INVOICES, AND PAYMENTS.
8.1 Pricing and Invoicing. Prices and invoice instructions for the Jetpack Offerings and Maintenance and Support are set forth in the applicable Order Form. Fees may be invoiced in advance, as set forth in the applicable Order Form. For SaaS Subscriptions, additional charges will apply in the event Customer’s usage of the SaaS Subscription exceeds the baseline parameters set forth in the Order Form for that SaaS Subscription. Except as provided under Section 17, Orders may not be canceled or reduced during the Term.
8.2 Payments. Unless otherwise specified in an Order Form, Customer will pay Jetpack the amounts set forth on each invoice issued pursuant to this Agreement in the specified currency within thirty (30) days of the date of the invoice. Payment obligations for all Jetpack Offerings are non-cancelable, and fees are non-refundable except as otherwise provided in this Agreement. Unless otherwise provided in an Order Form, Jetpack may impose a late payment charge not to exceed the maximum rate allowed by law. If Customer fails to pay any Product, Maintenance and Support, or Professional Services fee when due under an Order Form or this Agreement, without limitation of any of its other rights or remedies, Jetpack may suspend performance until Jetpack receives all past due amounts from Customer. Customer understands that one or more invoices may be issued under each Order Form, that multiple Order Forms may be executed under these Terms, that Customer shall have no right to set-off, deduct from or reduce payments owed under any Order Form in respect of any claim against or obligation of Jetpack whatsoever, and that Customer’s obligation to pay for products or services ordered under one Order Form is separate from, and not contingent on delivery or performance of other Jetpack products or services ordered under any other Order Form. In the event of a good faith dispute for payment on any invoice, Customer will, within fifteen (15) days of receipt of the invoice, notify Jetpack in writing of the dispute and the parties will use commercially reasonable efforts to resolve such dispute. Undisputed amounts remain payable as provided herein and in the relevant Order Form.
8.3 No Requirement for Purchase Order. Customer may provide a purchase order number or copy of its purchase order to Jetpack for Customer’s administrative convenience. Jetpack has the right to issue an invoice and collect payment without a corresponding purchase order. If Customer issues a purchase order, Jetpack hereby rejects and Customer hereby retracts any additional or conflicting terms appearing in a purchase order or any other ordering materials submitted by Customer and conditions are solely based on the terms and conditions of this Agreement and the applicable Order Form, as offered by Jetpack. On request, Jetpack will reference the purchase order number on its invoices (solely for administrative convenience), provided the purchase order references the Order Form and is received reasonably prior to the date of the invoice.
8.4 Delivery. Products are made available by electronic delivery. Products are deemed to be delivered and accepted when downloaded or when electronic notice is sent that the purchased Products are available.
9. TAXES AND DUTIES. Customer will pay all sales, use, VAT, GST or similar taxes (“Transaction Taxes”) due under this Agreement, except for taxes based on Jetpack net income. Except as specifically identified in an Order Form, all prices are exclusive of all taxes, duties, withholdings and other governmental assessments.
10. RESTRICTIONS. Customer will not directly or indirectly, and will not permit any person or entity, to: (i) use the Jetpack Properties in contravention of any applicable laws or government regulations, including, without limitation, applicable privacy laws or in violation of this Agreement; (ii) except and to the extent specifically permitted by applicable law, reverse engineer, decompile, disassemble or otherwise attempt to derive or gain access to the object code, source code or underlying ideas, methodologies or algorithms of the Jetpack Properties; (iii) modify, adapt, translate, or create derivative works based on any element of the Jetpack Properties; (iv) sublicense, rent, lease, distribute, publish, sell, resell, assign, or otherwise transfer its rights to use any Jetpack Properties, including on or in connection with the internet or any time-sharing, service bureau, software as a service, cloud or other technology or service; (v) commercially exploit the Jetpack Properties; (vi) use the Jetpack Properties for any purpose other than their intended purposes, including but not limited to the purchase or mining of cryptocurrencies whether or not blockchain technologies are in use; (vii) introduce any Open Source Software into any Jetpack Properties; (viii) disclose passwords, usernames, or other account information to any third-party, except an authorized third-party User; (ix) access or use any Jetpack Properties for competitive analysis or to design, create, offer or build a product or service that is competitive with any Jetpack Properties, or that uses ideas, features, or functions similar to any Jetpack Properties; (x) remove any notice of proprietary rights from any of the Jetpack Properties; (xi) use any of the Jetpack Properties in a manner that interferes with the proper working of any of the Jetpack Properties, or any activities conducted in connection with any of the Jetpack Properties, including bypassing or attempting to bypass any privacy settings or measures used to prevent or restrict access to any of the Jetpack Properties; or (xii) use any of the Jetpack Properties to share or store inappropriate materials, including (x) materials containing viruses or other harmful or malicious code, (y) materials to which Customer does not have sufficient rights, or (z) other materials prohibited by applicable international, federal, state, or local laws and regulations. Customer will not (a) make the SaaS Subscription or any portion thereof available for use, access, display, searching or retrieval by, or on behalf of, any third-party, (b) make the SaaS Subscription available in any “public” or “free” area or area accessible on the worldwide web or (c) violate any applicable privacy laws.
11. PROPRIETARY RIGHTS.
11.1 General. Customer acknowledges and agrees that this is not an agreement for custom development or “work for hire,” and as such, Customer will not acquire any ownership rights in the Jetpack Properties.
11.2 Jetpack Properties; Feedback. As between Jetpack and Customer, all right, title and interest in the Jetpack Properties, and all suggestions, ideas and feedback proposed by Customer regarding the Jetpack Properties (collectively, “Feedback”), including all Intellectual Property Rights in each of the foregoing, belong to and are retained solely by Jetpack or its licensors, as applicable. Customer hereby does and will irrevocably assign to Jetpack all Feedback made by Customer to Jetpack and all Intellectual Property Rights in the Feedback.
11.3 Customer Data. As between Jetpack and Customer, all right, title and interest in the Customer Data and all Intellectual Property Rights therein, belong to and are retained solely by Customer. Customer hereby grants to Jetpack a limited, non-exclusive, royalty-free, worldwide license to use the Customer Data and perform all acts with respect to the Customer Data as may be necessary for Jetpack to provide any Jetpack Offerings to Customer.
11.4 Use of Aggregate or Anonymized Data. Notwithstanding anything else in this Agreement or otherwise, Jetpack may, in accordance with applicable privacy laws, monitor use of the SaaS Subscription by its customers and use the resulting data in the aggregate in the pursuit of its legitimate commercial interests, including for industry analysis, benchmarking, analytics, and marketing. Customer agrees that Jetpack may collect, use and disclose such information that does not incorporate Customer Data or Personal Information, or otherwise identify Customer or its Users.
12.1 Mutual Warranty. Each party represents, warrants and covenants that: (i) it has the full power and authority to enter into this Agreement and to perform its obligations hereunder, without the need for any consents, approvals or immunities not yet obtained; and (ii) its acceptance of and performance under this Agreement will not breach any oral or written agreement with any third party or any obligation owed by it to any third party.
12.2 Limited Warranties and Remedies. The following limited warranties apply only to the extent that Customer has purchased the applicable Jetpack Offering:
- 12.2.1 Jetpack Products. Jetpack warrants that the Products will operate substantially in compliance with the applicable Documentation for a period of (90) days after notice of availability for download in the case of On-Premise Software, or during the subscription term in the case of SaaS Subscriptions, provided that the Products have been properly installed and used as described in the applicable Documentation, and have not been modified or added to other than by Jetpack. If the Product does not perform as warranted during the warranty period, Jetpack will undertake, at its sole option and as Customer’s exclusive remedy for breach of this warranty, to (i) correct the non-conformance, or (ii) to replace the non-conforming functionality. If Jetpack determines that it is not commercially reasonable or possible to correct a material non-conformity within a reasonable time from receipt of written notice from Customer detailing the warranty claim, Customer may terminate the Order Form as to the affected Product and Jetpack will refund any unused, prepaid fees corresponding to the affected Product.
- 12.2.2 Professional Services. Jetpack will use commercially reasonable efforts to perform the Professional Services and deliver the Deliverables according to the specifications, if any, set forth in the relevant Order Form and SOW. If Jetpack fails to do so and Customer notifies Jetpack within 30 days of the date the Professional Services were performed, Jetpack will re-perform the non-conforming Professional Services. If Jetpack determines that re-performance is not commercially reasonable or possible within a reasonable time from receipt of written notice from Customer detailing the warranty claim, Customer may terminate the Order Form as to the affected Professional Services and Jetpack will refund to Customer any pre-paid fees corresponding to the affected Professional Services.
- 12.2.3 SaaS Subscription. Customer acknowledges that factors such as changes by Customer to its monitoring profile, and corrupted, incomplete and/or interrupted data received by Jetpack from Customer’s site(s), may have a material impact on the accuracy, reliability and/or timeliness of results, and Jetpack shall not be responsible for any such factors beyond its reasonable control. Customer shall be responsible for all content or materials originating or transmitting from its site(s) (its “Content”). Customer shall comply with any instructions and/or specifications provided to Customer by Jetpack for the relevant SaaS Subscription. Customer shall not alter the source code or the SaaS Subscription to collect and/or transmit Personal Information.
Customer acknowledges that the foregoing are Customer’s sole and exclusive remedies for breach of the warranties set forth in this Section.
12.3 WARRANTY DISCLAIMER. EXCEPT FOR THE EXPRESS WARRANTIES SPECIFIED ABOVE IN SECTION 12.1 AND 13.2, JETPACK DISCLAIMS ALL OTHER WARRANTIES, WHETHER WRITTEN, ORAL, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. JETPACK DOES NOT WARRANT THAT: (A) THE USE OF ANY PRODUCT OR DELIVERABLES WILL OPERATE IN COMBINATION WITH ANY OTHER HARDWARE, SOFTWARE, SYSTEM OR DATA; (B) THE PRODUCTS OR DELIVERABLES OR ANY INFORMATION OBTAINED THROUGH THE PRODUCTS OR DELIVERABLES WILL MEET CUSTOMER’S REQUIREMENTS OR EXPECTATIONS; (C) ANY DATA PROVIDED THROUGH THE PRODUCTS OR DELIVERABLES WILL BE ACCURATE OR RELIABLE; OR (D) THE PRODUCTS OR DELIVERABLES WILL BE UNINTERRUPTED, ERROR-FREE OR VIRUS-FREE, OR THAT ERRORS OR DEFECTS THEREIN WILL BE CORRECTED. JETPACK OFFERINGS MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS. JETPACK IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGES RESULTING FROM SUCH PROBLEMS.
13. INFRINGEMENT OF THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS.
13.1 IP Claims. Jetpack, at its expense, will defend Customer and its Subsidiaries and their respective officers, directors and employees (the “Customer Indemnified Parties”) from and against all actions, proceedings, claims and demands by a third party (a “Third-Party Claim”) alleging that the Products received by Customer under the applicable Order Form, as of the delivery date, infringe any copyright or misappropriate any trade secret and will pay all damages, costs and expenses, including reasonable attorneys’ fees and costs (whether by settlement or final award) incurred by the Customer Indemnified Parties directly from any such Third-Party Claim. Notwithstanding anything to the contrary in this Agreement, the foregoing obligations will not apply with respect to a claim of infringement that arises out of (i) infringing or illegal Customer Data; (ii) use of the Product in combination with any software, hardware, network, technology or system not supplied by Jetpack where the alleged infringement relates to such combination; (iii) any modification or alteration of the Product other than by Jetpack; (iv) Customer’s continued use of the Product after Jetpack notifies Customer to discontinue use because of an infringement claim; (v) Customer’s violation of applicable law; (vi) use of the Product other than as authorized under this Agreement; or (vii) failure to implement an update, upgrade or bug fix that Jetpack has provided at no charge where such implementation may avoid infringement.
13.2 Mitigation. If any Third-Party Claim which Jetpack is obligated to defend has occurred, or in Jetpack’s determination, is likely to occur, Jetpack may, at its option (i) obtain for Customer the right to continue using the Product; (ii) replace or modify the Product so that it avoids such claim; or if such remedies are not reasonably available, (iii) terminate Customer’s license for the infringing Product or Deliverable and provide Customer with a refund of any unused fees Customer prepaid to Jetpack for the infringing Product or Deliverable, provided however that with respect to infringing Products which were licensed to Customer for a perpetual term, such refund is pro-rated equally over a sixty (60) month period from the date of delivery of such Product. If such termination materially affects Jetpack’s ability to meet its remaining obligations under the relevant Order Form then Jetpack may, at its option and upon written notice, terminate the Order Form, in whole or in part.
13.3 Procedures. Jetpack’s obligations under this Section 13 are conditioned upon (i) being promptly notified in writing of any Third-Party Claim, (ii) having the sole and exclusive right to control the defense and settlement of the Third-Party Claim, and (iii) the Customer Indemnified Parties providing all reasonable assistance (at Jetpack’s expense and reasonable request) in the defense of such Third-Party Claim. In no event will a Customer Indemnified Party settle any claim without Jetpack’s prior written approval. The Customer Indemnified Party may, at its own expense, engage separate counsel to advise it regarding a Third-Party Claim and to participate in the defense of the Third-Party Claim, subject to Jetpack’s right to control the defense and settlement.
13.4 Sole Remedy. THE TERMS OF THIS SECTION 13 STATE JETPACK’S ENTIRE LIABILITY, AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO THE INFRINGEMENT OR MISAPPROPRIATION OF ANY INTELLECTUAL PROPERTY OR PROPRIETARY RIGHTS BY ANY JETPACK PRODUCT, DELIVERABLE, OR OTHERWISE, AND CUSTOMER HEREBY EXPRESSLY WAIVES ANY OTHER LIABILITIES OR OBLIGATIONS OF JETPACK WITH RESPECT THERETO.
14. CUSTOMER INDEMNITY.
14.1 Use Claims. Customer will, at its expense, defend Jetpack, its Affiliates, licensors and their respective officers, directors and employees (the “Jetpack Indemnified Parties”) from and against any and all Third-Party Claims which arise out of or relate to: (i) a claim or threat that the Customer Data infringes, misappropriates or violates any third party’s privacy or Intellectual Property Rights; (ii) Customer’s use or alleged use of the Product or Deliverables other than as permitted under this Agreement; (iii) legal proceedings for the purpose of obtaining Customer Data from Jetpack; or (iv) the occurrence of any of the exclusions set forth above in Sections 13.1(i) through (vii). Customer will pay all damages, costs and expenses, including reasonable attorneys’ fees and costs (whether by settlement or award of by a final judicial judgment) incurred by the Jetpack Indemnified Parties from any such Third-Party Claim.
14.2 Procedures. Customer’s obligations under this Section 14 are conditioned upon (i) being promptly notified in writing of any Third-Party Claim under this Section, (ii) having the sole and exclusive right to control the defense and settlement of the Third-Party Claim, and (iii) the Jetpack Indemnified Parties providing all reasonable assistance (at Customer’s expense and reasonable request) in the defense of such Third-Party Claim. In no event will a Jetpack Indemnified Party settle any claim without Customer’s prior written approval. The Jetpack Indemnified Party may, at its own expense, engage separate counsel to advise it regarding a Third-Party Claim and to participate in the defense of the Third-Party Claim, subject to the Customer’s right to control the defense and settlement.
15.1 Definition of Confidential Information. “Confidential Information” means any and all non-public information disclosed by one party or its Affiliates (the “Disclosing Party”) to the other party or its Affiliates (the “Receiving Party”) in any form or medium, whether oral, written, graphical or electronic, in connection with this Agreement, that is designated confidential or proprietary, or that a reasonable person should understand is confidential or proprietary. Confidential Information includes, but is not limited to: the terms of this Agreement, information related to either party’s technology, products, know-how, trade secrets, whether or not patentable or copyrightable, specifications, customers, business plans, pricing information, promotional and marketing activities, finances and other business affairs. For the avoidance of doubt, Jetpack Properties and anything else created or developed by Jetpack in connection with this Agreement and the Jetpack Offerings are the Confidential Information of Jetpack. Customer will not remove or destroy any proprietary markings or restrictive legends placed upon or contained in the Jetpack Properties.
15.2 Nondisclosure Obligations. The Receiving Party will not use the Confidential Information of the Disclosing Party for any purpose other than as necessary to fulfill its obligations or to exercise its rights under this Agreement, and by Jetpack to improve the Jetpack Offerings (the “Purpose”). The Receiving Party will not disclose Confidential Information of the Disclosing Party to any third party; provided that the Receiving Party may disclose Confidential Information to its third-party contractors who need access to such Confidential Information for the purpose of assisting the Receiving Party in the performance of its obligations hereunder and who are subject to written confidentiality obligations at least as stringent as the obligations set forth in this Section 15. Each party accepts responsibility for the actions of such third-party contractors, and will protect the other party’s Confidential Information in the same manner as it protects its own valuable confidential information, but with no less than reasonable care. The Receiving Party will promptly notify the Disclosing Party upon becoming aware of a breach or threatened breach hereunder, and will cooperate with any reasonable request of the Disclosing Party in enforcing its rights.
15.3 Exceptions to Confidential Information. “Confidential Information” does not include information which: (i) is known by the Receiving Party prior to receipt from the Disclosing Party, free of any obligation of confidentiality; (ii) becomes known to the Receiving Party from a third-party, free of any obligation of confidentiality; (iii) lawfully becomes publicly known or otherwise publicly available, except through no fault of the Receiving Party; or (iv) is independently developed by the Receiving Party without use of or access to the Disclosing Party’s Confidential Information. The Receiving Party may disclose Confidential Information pursuant to the requirements of applicable law, legal process or government regulation, but only after it notifies the Disclosing party (if legally permissible) to enable the Disclosing party to seek a protective order or otherwise to contest such required disclosure, at Disclosing Party’s expense.
15.4 Injunctive Relief. The Parties agree that any unauthorized disclosure of Confidential Information will cause immediate and irreparable injury to the Disclosing Party and that, in the event of such breach, the Receiving Party will be entitled, in addition to any other available remedies, to seek immediate injunctive and other equitable relief, without bond and without the necessity of showing actual monetary damages.
16. LIMITATION OF LIABILITY.
16.1 EXCEPT FOR LIABILITY ARISING UNDER SECTION 13, IN NO EVENT WILL THE COLLECTIVE AGGREGATE LIABILITY OF JETPACK, ITS AFFILIATES AND LICENSORS, ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY, OR ANY OTHER LEGAL OR EQUITABLE THEORY, EXCEED THE FEES PAID BY CUSTOMER FOR THE JETPACK OFFERINGS GIVING RISE TO THE LIABILITY IN THE TWELVE (12) MONTHS PRECEDING THE INCIDENT, WHICH IN THE CASE OF PRODUCTS LICENSED TO CUSTOMER FOR A PERPETUAL TERM, WILL BE BASED ON AN EQUAL PRORATION OF THE PREPAID AMOUNT OVER SIXTY (60) MONTHS FROM DELIVERY OF THE PRODUCTS.
16.2 IN NO EVENT WILL JETPACK BE LIABLE FOR (A) INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES; OR ANY DAMAGES FOR LOST DATA, BUSINESS INTERRUPTION, LOST PROFITS, LOST REVENUE OR LOST BUSINESS, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT; OR (B) LOSS OF OR DAMAGE TO CUSTOMER’S DATA FROM ANY CAUSE, INCLUDING WITHOUT LIMITATION LOSS OF USE, REVENUES, PROFITS OR SAVINGS, SYSTEMS OR BUSINESS INTERRUPTION OR DISRUPTION, EVEN IF JETPACK KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES. EXCEPT AT ITS OPTION AS SET FORTH IN SECTION 13.2, JETPACK WILL NOT BE LIABLE FOR THE COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES. THE FOREGOING LIMITATIONS APPLY EVEN IF ANY REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
16.3 JETPACK DOES NOT LIMIT OR EXCLUDE ITS LIABILITY FOR (A) DEATH OR PERSONAL INJURY CAUSED BY NEGLIGENCE, (B) FRAUDULENT MISREPRESENTATION, OR (C) ANY OTHER LIABILITY TO THE EXTENT THAT SUCH LIABILITY CANNOT BE EXCLUDED OR LIMITED BY APPLICABLE LAW.
17. TERM AND TERMINATION.
17.1 Term. This Agreement begins on the effective date of the first Order Form that references these Terms and remains in effect for so long as an Order Form remains in effect. Each Order Form or SOW incorporating these Terms begins on its effective date and, unless earlier terminated under Section 17.2, continues in effect through the term set forth therein.
17.2 Termination for Cause. Either party may terminate any Order Form in whole or in part, for cause (i) on 30 days’ written notice to the other party of a material breach if such breach remains uncured at the expiration of such period (or immediately if the material breach is not capable of being remedied); or (ii) immediately upon written notice if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation, or an assignment for the benefit of creditors. In addition, Jetpack may terminate any Order Forms on written notice in the event (A) Customer fails to pay any amounts due hereunder, and such failure continues more than 10 days after written notice by Jetpack thereof; or (B) Customer infringes or misappropriates Jetpack’s Intellectual Property Rights, including without limitation through exploitation of a Jetpack Offering in excess of the license to use or access granted in this Agreement, including any limitation on scope, nature, type, term, purpose, consumption, or users.
17.3 Effect of Termination or Expiration of Agreement. On termination or expiration of an Order Form, Customer’s license or subscription to the Jetpack Product purchased thereunder will terminate and Customer and Users will immediately cease to use SaaS Subscription and either uninstall or destroy the On-Premise Software and any Auxiliary Programs. Upon request by Jetpack, Customer will certify in writing to Jetpack that all copies of such On-Premise Software have been uninstalled or destroyed, and are no longer in use. Jetpack will make any Customer Data stored in the SaaS Subscription available on request by Customer in the format in which it is stored in the SaaS Subscription for 30 days following the effective date of termination. After such 30-day period, Jetpack will have no obligation to maintain or provide any Customer Data and may thereafter, unless legally prohibited, delete all Customer Data in its systems or otherwise in its possession or under its control. For the avoidance of doubt, except in the case of termination following Customer’s material breach pursuant to Section 17.2 above, termination of one Order Form will not terminate any other Order Form or these Terms. Upon termination of an Order Form for any reason other than following Jetpack’s material breach pursuant to Section 17.2, Customer will pay Jetpack any unpaid fees covering the remainder of the term of such Order Form.
17.4 Survival. The following provisions will survive expiration or termination of this Agreement: (i) any payment obligations of Customer hereunder; (ii) 8 (Pricing, Invoicing, and Payments), 9 (Taxes and Duties), 10 (Restrictions), 11 (Proprietary Rights), 13 (Infringement of Third-Party Intellectual Property Rights), 14 (Customer Indemnity), 15 (Confidentiality), 16 (Limitation of Liability and Damages), 17 (Term and Termination), 24 (Notices), 26 (Governing Law), and (iii) any rights (including surviving perpetual licenses) or obligations which are expressed to, or by their nature, will survive. The expiry or termination of this Agreement does not affect any rights which accrued before the date of expiry or termination.
18. AUDIT. Customer grants Jetpack, or its designated agent, the right to audit Customer’s use of the Products, on reasonable notice and during normal business hours, once in any twelve-month period. Customer will reasonably cooperate with the audit and provide access to all records reasonably requested to verify Customer’s use of the Products as permitted by this Agreement. Customer will, without prejudice to other rights of Jetpack, address any non-compliance identified by the audit by promptly paying additional fees at Jetpack’s then-current list price, which may include reinstatement charges. Customer will promptly reimburse Jetpack for all reasonable costs of the audit if it reveals underpayment of more than five percent (5%) of the fees payable by Customer for the Products for the period audited, or that Customer has willfully withheld or materially failed to maintain accurate records of use needed to verify compliance.
19. INDEPENDENT CONTRACTORS. The parties are independent contractors and will so represent themselves in all regards.
20. FORCE MAJEURE. Except for Customer’s payment obligations hereunder, neither party will be responsible for any failure to perform due to causes beyond its reasonable control, including, but not limited to, acts of God, war, acts of terrorism (whether actual or threatened), riot or civil unrest, failure of electrical, Internet, co-location or telecommunications service, non-Jetpack applications, denial of service or similar attacks, acts of civil or military authorities, fire, floods, earthquakes, accidents, strikes, epidemics, quarantines, or energy crises.
21. ASSIGNMENT. Neither party may transfer or assign this Agreement, in whole or in part, without the other’s prior written consent. Notwithstanding the foregoing, Jetpack may, without Customer’s consent, assign this Agreement to any of its Affiliates, or to an entity who acquires all or substantially all of its business or assets, or in connection with a change in control of Jetpack (through merger, consolidation, reorganization, operation of law or otherwise). Any assignment in violation of this Section will be void ab initio and of no effect. Subject to the foregoing, this Agreement is binding upon, inures to the benefit of and is enforceable by the parties and their respective successors and assigns.
22. COMPLIANCE WITH LAWS.
22.1 Jetpack will comply with all laws and regulations that apply to its provision of the Jetpack Offerings. However, Jetpack is not responsible for compliance with any laws or regulations that apply to Customer or Customer’s industry that are not generally applicable to information technology service providers. Jetpack does not determine whether Customer Data includes information subject to any specific law or regulation.
22.2 Customer must comply with all laws and regulations applicable to its use of the Jetpack Offerings, including laws related to privacy, data protection and confidentiality of communications. Customer is responsible for implementing and maintaining privacy protections and security measures for components that Customer provides or controls, and for determining whether the SaaS Subscriptions are appropriate for storage and processing of information subject to any specific law or regulation.
23. DATA PROTECTION AND SECURITY.
23.1 As between Jetpack and Customer, Customer is the data controller of Personal Information contained within Customer Data and Jetpack shall process such Personal Information only as a data processor acting on behalf of Customer in order to perform its obligations under this Agreement.
23.2 Jetpack Technologies, Inc. and its Subsidiaries will process Personal Information in accordance with the terms of this Agreement and the Data Processing Addendum set forth on Exhibit A.
24. NOTICES. All notices, consents, and approvals under this Agreement must be delivered via email or in writing by courier, by electronic facsimile (fax), or by certified or registered mail (postage prepaid and return receipt requested) to the other party at the address set forth in the Order Form and will be effective upon receipt. Either party may change its address by giving notice of the new address to the other party. Either party may from time to time change its address for notices under this Section by giving the other party notice of the change in accordance with this Section.
25. CUSTOMER REFERENCE. Customer agrees that Jetpack may reference the Customer as a Jetpack customer, subject to Customer’s trademark and logo usage guidelines provided by Customer, and that occasionally, after Customer review, Jetpack may issue a press release and case study.
26. GOVERNING LAW. This Agreement will be governed by and construed in accordance with the laws of the State of California without regard to its conflicts of law principles. The parties hereby consent to the personal and exclusive jurisdiction of the federal and state courts located in Santa Clara County, California. If any provision of this Agreement is contrary to and in violation of an applicable law of any governmental unit in such country, such provision will be considered null and void to the extent that it is contrary to such law, but all other provisions of this Agreement will remain in effect. The parties agree that the 1980 United Nations Convention on Contracts for the International Sale of Goods is specifically excluded from application to this Agreement.
27. EXPORT CONTROLS. Customer agrees to comply with applicable U.S. Government, EU and UN export and re-export laws, regulations and requirements. Customer further certifies that it will not export or re-export any software that may be subject to such laws, regulations and requirements, to any location, or to any end-user, or for any end-use, without first obtaining any export license, permit or other approval that may be required. Without limiting the foregoing, Customer specifically agrees that it will not export or re-export any software subject to export and re-export laws to (1) any Group E country listed in SUPPLEMENT NO. 1 TO PART 740 – COUNTRY GROUPS and the Crimea Region of Ukraine or (2) any company, entity or person listed as a party of concern found here http://2016.export.gov/ecr/eg\_main\_023148.asp, or (3) for any end-use related to the development, production or use of nuclear, chemical or biological weapons or missiles.
28. ANTI-CORRUPTION. The Parties agree to comply with all applicable laws, statutes and regulations relating to anti-bribery and anti-corruption.
29. ENTIRE AGREEMENT. This Agreement sets forth the entire agreement and understanding between the parties with respect to the subject matter hereof, and supersedes any other agreements, discussions, proposals, representations or warranties, written or oral, with respect to the subject matter hereof. Each party acknowledges that it has participated in negotiating this Agreement, and agrees that contractual ambiguities are not to be construed in favor of or against any party based on its role in drafting this Agreement. Performance of any obligation required by a party hereunder may be waived only by a written waiver signed by an authorized representative of the other party. Failure or delay by either party in exercising any right or remedy will not constitute a waiver. If any provision of this Agreement will be declared invalid, the entire Agreement will not fail on its account, and that provision will be severed, with the balance of this Agreement continuing in full force and effect. This Agreement may only be amended in writing signed by both parties.
DATA PROTECTION ADDENDUM
This Data Protection Addendum (including the annexes attached hereto, this “Addendum”) forms part of the Jetpack Services Agreement (as amended, the “Agreement”) executed between Jetpack Technologies, Inc. (“Jetpack” or “Company”) and the Customer, under which Jetpack has agreed to provide services to Customer described therein (the “Services”) and is effective as of the effective date of the Agreement.
For purposes of this Addendum, the terms below have the meanings set forth below. Capitalized terms that are used but not defined in this Addendum have the meanings given in the Agreement.
1.1 Affiliate means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity, where “control” refers to the power to direct or cause the direction of the subject entity, whether through ownership of voting securities, by contract or otherwise.
1.2 Applicable Data Protection Laws means European Data Protection Laws and the CCPA, in each case, to the extent applicable to the relevant Personal Data or processing thereof under the Agreement.
1.3 CCPA means the California Consumer Privacy Act of 2018 and any regulations promulgated thereunder, in each case, as amended from time to time.
1.4 EEA means the European Economic Area.
1.5 EU means the European Union.
1.6 European Data Protection Laws means the GDPR and other data protection laws of the EU, its Member States, Switzerland, Iceland, Liechtenstein, Norway and the United Kingdom, in each case, to the extent it applies to the relevant Personal Data or processing thereof under the Agreement.
1.7 GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, as amended from time to time.
1.8 Information Security Incident means a breach of Company’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data in Company’s possession, custody or control. Information Security Incidents do not include unsuccessful attempts or activities that do not compromise the security of Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, or other network attacks on firewalls or networked systems.
1.9 Personal Data means (a) the personal data (as defined in GDPR) that Customer provides to Company for the provision of the Service and (b) any other information that Customer provides to Company for the provision of the Service that constitutes “personal information” under and governed by the CCPA. For purposes of this Addendum, Personal Data does not include personal data of representatives of Customer with whom Company has business relationships independent of the Service.
1.10 Security Measures has the meaning given in Section 4.1 (Company’s Security Measures).
1.11 Standard Contractual Clauses means the mandatory provisions of the standard contractual clauses for the transfer of personal data to processors established in third countries in the form set out by European Commission Decision 2010/87/EU.
1.12 Subprocessors means third parties authorized under this Addendum to process Personal Data in relation to the Service.
1.13 Third Party Subprocessors has the meaning given in Section 6 (Subprocessors) of Annex 1.
1.14 The terms controller, data subject, processing, processor and supervisory authority as used in this Addendum have the meanings given in the GDPR.
2. Duration and Scope of Addendum
2.1 This Addendum will, notwithstanding the expiration of the Agreement, remain in effect until, and automatically expire upon, Company’s deletion of all Personal Data.
2.2 Annex 1 (EU Annex) to this Addendum applies to Personal Data or the processing thereof subject to European Data Protection Laws. Annex 2 (California Annex) to this Addendum, applies to Personal Data or the processing thereof subject to the CCPA.
3. Customer Instructions
Company will process Personal Data only in accordance with Customer’s instructions. By entering into this Addendum, Customer instructs Company to process Personal Data to provide the Service. Customer acknowledges and agrees that such instruction authorizes Company to process Personal Data (a) to perform its obligations and exercise its rights under the Agreement; (b) perform its legal obligations and to establish, exercise or defend legal claims in respect of the Agreement; (c) pursuant to any other written instructions given by Customer and acknowledged in writing by Company as constituting instructions for purposes of this Addendum; and (d) as reasonably necessary for the proper management and administration of Company’s business.
4.1 Company Security Measures. Company will implement and maintain technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data as described in Annex 3 (the “Security Measures”).
4.2 Information Security Incidents. If Company becomes aware of an Information Security Incident, Company will (a) notify Customer of the Information Security Incident without undue delay after becoming aware of the Information Security Incident and (b) take reasonable steps to identify the cause of such Information Security Incident, minimize harm and prevent a recurrence. Notifications made pursuant to this Section 4.2 will describe, to the extent possible, details of the Information Security Incident, including steps taken to mitigate the potential risks and steps Company recommends Customer take to address the Information Security Incident. Company’s notification of or response to an Information Security Incident under this Section 4.2 will not be construed as an acknowledgement by Company of any fault or liability with respect to the Information Security Incident.
4.3 Customer’s Security Responsibilities and Assessment
- 4.3.1 Customer’s Security Responsibilities. Customer agrees that, without limitation of Company’s obligations under Section 4.1 (Company Security Measures) and Section 4.2 (Information Security Incidents), Customer is solely responsible for its use of the Service, including (a) making appropriate use of the Service to ensure a level of security appropriate to the risk in respect of the Personal Data; (b) securing the account authentication credentials, systems and devices Customer uses to access the Service; (c) securing Customer’s systems and devices that Company uses to provide the Service; and (d) backing up Personal Data.
- 4.3.2 Customer’s Security Assessment. Customer is solely responsible for evaluating for itself whether the Service, the Security Measures and Company’s commitments under this Addendum will meet Customer’s needs, including with respect to any security obligations of Customer under Applicable Data Protection Laws or other laws. Customer acknowledges and agrees that (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Personal Data as well as the risks to individuals) the Security Measures implemented and maintained by Company provide a level of security appropriate to the risk in respect of the Personal Data.
5. Data Subject Rights
5.1 Customer’s Responsibility for Requests. If Company receives any request from a data subject in relation to the data subject’s Personal Data, Company will advise the data subject to submit the request to Customer and Customer will be responsible for responding to any such request.
5.2 Company’s Data Subject Request Assistance. Company will (taking into account the nature of the processing of Personal Data) provide Customer with self-service functionality through the Service or other reasonable assistance as necessary for Customer to perform its obligation under Applicable Data Protection Laws to fulfill requests by data subjects to exercise their rights under Applicable Data Protection Laws, including if applicable, Customer’s obligation to respond to requests for exercising the data subject’s rights set out in Chapter III of the GDPR. Customer shall reimburse Company for any such assistance, beyond providing self-service features included as part of the Service, at Company’s then-current professional services rates, which shall be made available to Customer upon request.
6. Customer Responsibilities
Customer represents and warrants to Company that (a) Customer has established or ensured that another party has established a legal basis for Company’s processing of Personal Data contemplated by this Addendum; (b) all notices have been given to, and consents and rights have been obtained from, the relevant data subjects and any other party as may be required by Applicable Data Protection Laws and any other laws for such processing; and (c) Personal Data does not and will not contain any protected health information subject to the Health Insurance Portability and Accountability Act (HIPAA), any biometric information, or any payment card information subject to the Payment Card Industry Data Security Standard (other than any Customer payment card information used to pay for the Service).
Customer acknowledges and agrees that Company may create and derive from processing under the Agreement anonymized and/or aggregated data that does not identify Customer or any natural person, and use, publicize or share with third parties such data to improve Company’s products and services and for its other lawful business purposes.
Notwithstanding anything to the contrary in the Agreement, any notices required or permitted to be given by Company to Customer may be given (a) in accordance with any notice clause of the Agreement; (b) to Company’s primary points of contact with Customer; or (c) to any email provided by Customer for the purpose of providing it with Service-related communications or alerts. Customer is solely responsible for ensuring that such email addresses are valid.
9. Effect of These Terms
Except as expressly modified by the Addendum, the terms of the Agreement remain in full force and effect. To the extent of any conflict or inconsistency between this Addendum and the other terms of the Agreement, this Addendum will govern. This Addendum replaces all other privacy, security or other data protection terms of the Agreement. Any liabilities arising in respect of this Addendum are subject to the limitations of liability under the Agreement.
1. Processing of Data
1.1 Subject Matter and Details of Processing. The parties acknowledge and agree that (a) the subject matter of the processing under the Agreement is Company’s provision of the Service; (b) the duration of the processing is from Company’s receipt of Personal Data until deletion of all Personal Data by Company in accordance with the Agreement; (c) the nature and purpose of the processing is to provide the Service; (d) the data subjects to whom the processing pertains are Customer’s employees and other personnel; and (e) the categories of Personal Data are contact details, workplace communications and other information processed by workplace information systems about such data subjects.
1.2 Roles and Regulatory Compliance; Authorization. The parties acknowledge and agree that (a) Company is a processor of that Personal Data under European Data Protection Laws; (b) Customer is a controller of that Personal Data under European Data Protection Laws; and (c) each party will comply with the obligations applicable to it in such role under the European Data Protection Laws with respect to the processing of that Personal Data.
1.3 Company’s Compliance with Instructions. Company will only process Personal Data in accordance with Customer’s instructions described in this Section 3 (Customer Instructions) of the Addendum unless European Data Protection Laws requires otherwise, in which case Company will notify Customer (unless that law prohibits Company from doing so on important grounds of public interest).
1.4 Data Deletion. Upon termination of Customer’s access to the Service, Customer instructs Company to delete all Personal Data from Company’s systems as soon as reasonably practicable, unless European Data Protection Laws requires otherwise.
2. Data Security
2.1 Company Security Measures, Controls and Assistance
- 2.1.1 Company Security Assistance. Company will (taking into account the nature of the processing of Personal Data and the information available to Company) provide Customer with reasonable assistance necessary for Customer to comply with its obligations in respect of Personal Data under European Data Protection Laws, including Articles 32 to 34 (inclusive) of the GDPR, by (a) implementing and maintaining the Security Measures; (b) complying with the terms of Section 4.2 (Information Security Incidents) of the Addendum; and (c) complying with this Annex 1.
- 2.1.2 Security Compliance by Company Staff. Company will grant access to Personal Data only to personnel who need such access for the scope of their job duties, and are subject to appropriate confidentiality arrangements.
2.2 Reviews and Audits of Compliance
- 2.2.1 Customer may audit Company’s compliance with its obligations under this Addendum up to once per year and on such other occasions as may be required by European Data Protection Laws, including where mandated by Customer’s supervisory authority. Company will contribute to such audits by providing Customer or Customer’s supervisory authority with the information and assistance reasonably necessary to conduct the audit.
- 2.2.2 If a third party is to conduct the audit, Company may object to the auditor if the auditor is, in Company’s reasonable opinion, not independent, a competitor of Company, or otherwise manifestly unsuitable. Such objection by Company will require Customer to appoint another auditor or conduct the audit itself.
- 2.2.3 To request an audit, Customer must submit a detailed proposed audit plan to Company at least two weeks in advance of the proposed audit date and any third party auditor must sign a customary non-disclosure agreement mutually acceptable to the parties (such acceptance not to be unreasonably withheld) providing for the confidential treatment of all information exchanged in connection with the audit and any reports regarding the results or findings thereof. The proposed audit plan must describe the proposed scope, duration, and start date of the audit. Company will review the proposed audit plan and provide Customer with any concerns or questions (for example, any request for information that could compromise Company security, privacy, employment or other relevant policies). Company will work cooperatively with Customer to agree on a final audit plan. Nothing in this Section 2.2 shall require Company to breach any duties of confidentiality.
- 2.2.4 If the controls or measures to be assessed in the requested audit are addressed in an SOC 2 Type 2, ISO, NIST or similar audit report performed by a qualified third party auditor within twelve (12) months of Customer’s audit request and Company has confirmed there are no known material changes in the controls audited, Customer agrees to accept such report lieu of requesting an audit of such controls or measures.
- 2.2.5 The audit must be conducted during regular business hours, subject to the agreed final audit plan and Company’s safety, security or other relevant policies, and may not unreasonably interfere with Company business activities.
- 2.2.6 Customer will promptly notify Company of any non-compliance discovered during the course of an audit and provide Company any audit reports generated in connection with any audit under this Section 2.2, unless prohibited by European Data Protection Laws or otherwise instructed by a supervisory authority. Customer may use the audit reports only for the purposes of meeting Customer’s regulatory audit requirements and/or confirming compliance with the requirements of this Addendum.
- 2.2.7 Any audits are at Customer’s expense. Customer shall reimburse Company for any time expended by Company or its Third Party Subprocessors in connection with any audits or inspections under this Section 2.2 at Company’s then-current professional services rates, which shall be made available to Customer upon request. Customer will be responsible for any fees charged by any auditor appointed by Customer to execute any such audit. Nothing in this Addendum shall be construed to require Company to furnish more information about its Third Party Subprocessors in a connection with such audits than such Third Party Subprocessors make generally available to their customers.
3. Impact Assessments and Consultations
Company will (taking into account the nature of the processing and the information available to Company) reasonably assist Customer in complying with its obligations under Articles 35 and 36 of the GDPR, by (a) making available documentation describing relevant aspects of Company’s information security program and the security measures applied in connection therewith; and (b) providing the other information contained in the Agreement including this Addendum.
4. Data Transfers
4.1 Data Processing Facilities. Company may, subject to Section 4.2 (Transfers out of the EEA), store and process Personal Data in the United States or anywhere Company or its Subprocessors maintains facilities.
4.2 Transfers out of the EEA. If Customer transfers Personal Data out of the EEA to Company in a country not deemed by the European Commission to have adequate data protection, such transfer will be governed by the Standard Contractual Clauses, the terms of which are hereby incorporated into this DPA. In furtherance of the foregoing, the parties agree that:
- 4.2.1 for purposes of the Standard Contractual Clauses, (a) Customer will act as the data exporter and (b) Company will act as the data importer;
- 4.2.2 for purposes of Appendix 1 to the Standard Contractual Clauses, the categories of data subjects, data, special categories of data (if appropriate), and the processing operations shall be as set out in Section 1.1 to this Annex 1 (Subject Matter and Details of Processing);
- 4.2.3 for purposes of Appendix 2 to the Standard Contractual Clauses, the technical and organizational measures shall be the Security Measures;
- 4.2.4 upon data exporter’s request under the Standard Contractual Clauses, data importer will provide the copies of the subprocessor agreements that must be sent by the data importer to the data exporter pursuant to Clause 5(j) of the Standard Contractual Clauses, and that data importer may remove or redact all commercial information or clauses unrelated the Standard Contractual Clauses or their equivalent beforehand;
- 4.2.5 the audits described in Clause 5(f) and Clause 12(2) of the Standard Contractual Clauses shall be performed in accordance with Section 2.2 of this Annex 1 (Reviews and Audits of Compliance);
- 4.2.6 Customer’s authorizations in Section 5 of this Annex 1 (Subprocessors) will constitute Customer’s prior written consent to the subcontracting by Company of the processing of Personal Data if such consent is required under Clause 5(h) of the Standard Contractual Clauses;
- 4.2.7 certification of deletion of Personal Data as described in Clause 12(1) of the Standard Contractual Clauses shall be provided only upon Customer’s request; and
4.3 notwithstanding the foregoing, the Standard Contractual Clauses (or obligations the same as those under the Standard Contractual Clauses) will not apply to the extent an alternative recognized compliance standard for the lawful transfer of Personal Data outside the EEA (e.g., US-E.U. Privacy Shield, binding corporate rules) applies to the transfer.
5.1 Consent to Subprocessor Engagement. Customer specifically authorizes the engagement of Company’s Affiliates as Subprocessors. In addition, Customer generally authorizes the engagement of any other third parties as Subprocessors (“Third Party Subprocessors”).
5.2 Information about Subprocessors. Information about Subprocessors, including their functions and locations, is available at Authorized Sub-processors (as may be updated by Company from time to time in accordance with this Annex 1).
5.3 Requirements for Subprocessor Engagement. When engaging any Subprocessor, Company will enter into a written contract with such Subprocessor containing data protection obligations not less protective than those in this Addendum with respect to Personal Data to the extent applicable to the nature of the services provided by such Subprocessor. Company shall be liable for all obligations subcontracted to, and all acts and omissions of, the Subprocessor. Opportunity to
5.4 Object to Subprocessor Changes. When any new Third Party Subprocessor is engaged during the term of the Agreement, Company will notify Customer of the engagement (including the name and location of the relevant Subprocessor and the activities it will perform) by updating the website listed in Section 5.2 (Information about Subprocessors). If Customer objects to such engagement in a written notice to Company within 15 days of being informed thereof on reasonable grounds relating to the protection of Personal Data, Customer and Company will work together in good faith to find a mutually acceptable resolution to address such objection. If the parties are unable to reach a mutually acceptable resolution within a reasonable timeframe, Customer may, as its sole and exclusive remedy, terminate the Agreement and cancel the Service by providing written notice to Company.
- Company shall not retain, use, or disclose any Personal Data that constitutes “personal information” under the CCPA (“CA Personal Information”) for any purpose other than for the specific purpose of providing the Service, or as otherwise permitted by CCPA, including retaining, using, or disclosing the CA Personal Information for a commercial purpose (as defined in CCPA) other than providing the Services.
- Company shall not (a) sell any CA Personal Information; (b) retain, use or disclose any CA Personal Information for any purpose other than for the specific purpose of providing the Service, including retaining, using, or disclosing the CA Personal Information for a commercial purpose (as defined in the CCPA) other than provision of the Service; or (c) retain, use or disclose the CA Personal Information outside of the direct business relationship between Company and Customer. Company hereby certifies that it understands its obligations under this Section 2 and will comply with them.
- Provision of the Services encompasses the processing authorized by Customer’s instructions described in Section 3 of the Addendum (Customer Instructions).
- Notwithstanding anything in the Agreement or any order form entered in connection therewith, the parties acknowledge and agree that Company’s access to CA Personal Information or any other Personal Data does not constitute part of the consideration exchanged by the parties in respect of the Agreement.
As from the effective date of the Agreement, Company will implement and maintain the Security Measures set out in this Annex 3.
- Organizational management and staff responsible for the development, implementation and maintenance of Company’s information security program.
- Audit and risk assessment procedures for the purposes of periodic review and assessment of risks to Company’s organization, monitoring and maintaining compliance with Company’s policies and procedures, and reporting the condition of its information security and compliance to internal senior management.
- Data security controls which include logical segregation of data, restricted (e.g. role-based) access and monitoring, and utilization of commercially available and industry standard encryption technologies for Personal Data that is:
- transmitted over public networks (i.e. the Internet) or when transmitted wirelessly; or
- at rest or stored on portable or removable media (i.e. laptop computers, CD/DVD, USB drives, back-up tapes).
- Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g. granting access on a need-to-know basis, use of unique IDs and passwords for all users, periodic review and revoking/changing access when employment terminates or changes in job functions occur).
- Password controls designed to manage and control password strength, expiration and usage.
- Change management procedures and tracking mechanisms designed to test, approve and monitor all changes to Company’s technology and information assets.
- Incident / problem management procedures design to allow Company to investigate, respond to, mitigate and notify of events related to Company’s technology and information assets.
- Network security controls that provide for the use of enterprise firewalls, and intrusion detection systems and other traffic and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.
- Vulnerability assessment and threat protection technologies and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.
- Business resiliency/continuity and disaster recovery procedures designed to maintain service and/or recovery from foreseeable emergency situations or disasters.
Company may update or modify such Security Measures from time to time provided that such updates and modifications do not materially decrease the overall security of the Services.