Compliance Cloud Terms of Use (before 15 September 2023)

BEFORE SEPT 15 2023

 

These Terms of Use for the Selerant Compliance Cloud (these "Terms") are effective as of the applicable Order Form Effective Date and entered into by and between You and Us. 

 

1.                   LICENSE AND USAGE RIGHTS, MODIFICATIONS AND CONTENT. 

 

1.1. License. Subject to Your compliance with the Agreement and the applicable Documentation, We will grant You a non-exclusive, non-transferable and non-assignable right and license to access and use the Selerant Compliance Cloud (SCC) as specified in the applicable Order Form during the relevant Subscription Period solely for Your internal buisiness purposes (the "License"). Except for the License, We retain all right, title and interest in and to the SCC. 

 

1.2. Modifications to SCC. We may modify the SCC at any time in Our sole discretion. We may inform You of such modifications in the same manner that We use to inform Our customers generally (e.g., by email, through the SCC portal, etc.). No modification will result in a material reduction to the overall performance of the SCC in the then-current Subscription Period.

 

1.3. Content. You acknowledge and agree that We will not be liable or responsible for content accessible through the SCC and that such content is: (a) information of a general nature and not intended to address Your specific circumstances or requirements or those of any other entity or individual; (b) not necessarily accurate, complete, comprehensive or up to date; (c) mainly linked to external sites over which We have no control; (d) not legal or professional advice; and (e) intended to be an initial reference source only.

 

 

2.                   LICENSE AND USAGE RESTRICTIONS.

 

 

2.1. The applicable Order Form sets forth the maximum number of individuals that are permitted to access and use the SCC (the "Authorized Users"). Only Authorized Users are allowed to access and use the SCC.

 

2.2 Usernames, passwords and other account information applicable to the SCC (collectively, "Access Credentials") may not be used by more than one Authorized User, but may be transferred from one Authorized User to another if the original Authorized User is no longer permitted to use the SCC. You will be responsible for (a) Your employees', agents', contractors', outsourcers', customers' and suppliers' (collectively, "Representatives") access to and use of the SCC and full compliance with the Agreement; (b) identifying and approving all Authorized Users; (c) controlling against unauthorized access to or use of the SCC by Your Representatives or third parties through Your Representatives' networks or systems; (d) maintaining the confidentiality of Your Access Credentials; and (e) all activities that occur under Your Access Credentials.

 

2.3. You will not (a) use the SCC for rental, time sharing, subscription services, hosting, or outsourcing, or otherwise commercially exploit the SCC; (b) remove or modify any program markings or any notice of Ours or Our licensors' proprietary rights; (c) make the SCC available in any manner to any third party for use in the third party's business operations (unless such access is expressly permitted by Us in writing for a specific program license); (d) reverse engineer, disassemble or decompile the SCC or make derivative works (including to review data structures or similar materials produced by programs); (e) duplicate the SCC; or (f) perform any benchmark, performance or other tests or scans on the SCC or disclose any results of such tests or scans run on the SCC.

 

2.4. You will not use the SCC for any purpose that may (a) menace or harass any person, or cause damage or injury to any person or property; (b) involve the publication of any material that is false, defamatory, harassing or obscene; (c) violate privacy rights or promote bigotry, racism, hatred or harm; (d) constitute unsolicited bulk email, junk mail, spam or chain letters; (e) constitute an infringement of intellectual property or other proprietary rights; (f) violate applicable laws or regulations; or (g) circumvent or endanger the operation or security of the SCC. We reserve the right to take remedial action if Your use of the SCC violates the foregoing restrictions, including by suspending or limiting Your access to the SCC.

 

2.5. You will monitor Your own use of the SCC and immediately report any use in violation of the Agreement to Us (including any use of the SCC in excess of the applicable Usage Metrics). We may monitor Your use of the SCC to verify compliance with the Agreement, as well as to help provide and improve the SCC. In addition, You will (a) permit Us to audit Your use of the SCC (which will include the right for Us to inspect the location(s) from which the SCC is accessed and used, upon reasonable prior notice, for the purpose of verifying Your compliance with the Agreement) and (b) provide Us with reasonable assistance and access to information in the course of such audit.

 

2.6. You acknowledge that third party technology that may be appropriate or necessary for use with the SCC is specified in the applicable Documentation or as otherwise notified by Us and that such third party technology is licensed to You only for use with the SCC under the terms of the license agreement specified in the applicable Documentation or as otherwise notified by Us and not under the Agreement.

 

2.7. You must accept all patches, bug fixes, updates, maintenance and service packs (collectively, "Patches") required for the proper performance of the SCC as such Patches are generally released by Us.

 

 

3.                   SUBSCRIPTION PERIOD, RENEWAL AND FEES.

 

 

3.1. Subscription Period. We will provide You with access to and use of the SCC, subject to the Agreement, for the Subscription Period stated in the applicable Order Form.

 

3.2. Renewal. Unless otherwise specified in the applicable Order Form, upon expiration of the then-current Subscription Period, the Subscription Period will automatically renew for additional Subscription Periods of the same length as the then-current Subscription Period unless a party provides the other party with at least thirty (30) days prior notice of its intention not to renew.

 

3.3. Subscription Fee. You will pay the Subscription Fee in consideration of the License to the SCC granted hereunder. Unless otherwise specified in the applicable Order Form, We will invoice You for the Subscription Fee annually in advance beginning upon the applicable Order Form Effective Date.

 

3.4. Consulting Fees. You will pay the Consulting Fees in consideration of any ancillary consulting services We provide to You in connection with the Agreement. Unless otherwise specified in the applicable Order Form, We will invoice you for the Consulting Fees monthly in arrears.  

 

3.5. Payment Terms. Unless otherwise agreed in the applicable Order Form, You will pay the Subscription Fee, the Consulting Fees and any other fees and expenses incurred in connection with the Agreement within thirty (30) days of the date of the applicable invoice. If You have a valid reason to dispute an invoice, You will so notify Us within seven (7) days of Your receipt of the invoice, and, if no such notification is given, the invoice will be deemed valid. If You dispute only a portion of an invoice, the portion of the invoice that is not in dispute will be paid by You in accordance with the Agreement.

 

3.6. Interest. A finance charge equal to the lesser of (a) one and one-half percent (1.5%) per month or (b) the maximum amount allowed by law may be charged on any past due amounts. Payments by You will be applied first to accrued interest and then to the principal unpaid balance. Any attorney fees, court costs, or other costs incurred by Us in the collection of past due amounts will be paid by You. If payment of invoices is not current, or You have not complied with any of Your other obligations under the Agreement, We may suspend Your access to and use of the SCC, as well as any other work We may be performing on Your behalf.

 

3.7. Excess Usage. To the extent Your use of the SCC exceeds the Usage Metrics in the applicable Order Form, We may invoice You, and You will pay, any additional fees (at Our then-current rates) to account for Your excess usage.

 

3.8. Taxes. All amounts payable by You pursuant to the Agreement are exclusive of taxes. Accordingly, You will pay any sales, value-added or other similar taxes imposed by applicable law that We must pay based on the services You ordered, except for taxes based on Our income.

 

4.                   LIMITATION OF LIABILITY.

 

 

4.1. DIRECT DAMAGES CAP. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE AGREEMENT, EXCEPT AS SET FORTH IN SECTION 4.3, OUR AGGREGATE MAXIMUM LIABILITY FOR ANY DAMAGES ARISING OUT OF OR RELATED TO THE AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, WILL BE LIMITED TO THE AMOUNT OF THE FEES ACTUALLY PAID BY YOU TO US FOR THE SCC UNDER THE APPLICABLE ORDER FORM, AND IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT, GIVING RISE TO THE LIABILITY.

 

4.2. INDIRECT DAMAGES EXCLUSION. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE AGREEMENT, EXCEPT AS SET FORTH IN SECTION 4.3, WE WILL NOT BE LIABLE FOR ANY SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, DATA OR DATA USE.

 

4.3. EXCEPTIONS. THE LIMITATIONS OF LIABILITY SET FORTH IN SECTIONS 4.1 AND 4.2 SHALL NOT APPLY WITH RESPECT TO (A) OUR INDEMNIFICATION OBLIGATIONS UNDER SECTION 7; OR (B) OUR FRAUD, WILLFUL MISCONDUCT OR GROSS NEGLIGENCE.

 

4.4. NO LEGAL ADVICE. YOU ACKNOWLEDGE AND AGREE THAT WE DO NOT PROVIDE LEGAL OR COMPLIANCE ADVICE. YOU ARE RESPONSIBLE FOR MAKING YOUR OWN ASSESSMENT OF YOUR LEGAL AND REGULATORY REQUIREMENTS AND WHETHER YOUR PROPOSED USE OF THE SCC MEETS THOSE REQUIREMENTS.

 

 

5.                   REPRESENTATIONS AND WARRANTIES.

 

 

5.1. Authority. Each party represents and warrants that it has the full power, capacity and authority to enter into, and perform its obligations under, the Agreement.

 

5.2. Compliance with Laws. Each party warrants that it will comply with all laws and regulations applicable to it in connection with: (a) in Our case, the operation of Our business as it relates to the SCC; and (b) in Your case, Your access to and use of the SCC.

 

5.3. SCC Warranty. We warrant that, when properly, accessed and used by You, the SCC will substantially operate as described in the applicable Documentation. If You notify Us of any breach of said warranty, We will use reasonable efforts to remedy any material defect or error in the SCC at Our own expense and within a reasonable time after receiving such notice from You, but only if: (a) You are fully compliant with Your payment and other obligations under the Agreement; (b) You, at Our request, promptly provide Us with documentation of the alleged defect or error; (c) You provide Us with complete information regarding the circumstances surrounding the alleged defect or error and cooperate fully in recreating the environment in which the alleged defect or error in question arose; and (d) the alleged defect or error does not result from or relate to: (i) any failure by You to perform Your obligations under the Agreement; (ii) the unauthorized or incorrect use of the SCC, or database or operator error; (iii) the use of computer equipment, products or services that have not been approved or supplied by Us; (iv) operation of the SCC outside Our recommended operating procedures and environmental specifications; or (v) accident, neglect, hazard, misuse, natural calamity, or failure or fluctuation of electrical power or environmental conditions. In the event that We are unable to cure any material defect or error in the SCC within a reasonable period of time, Your sole and exclusive remedy will be to terminate Your access to and use of the SCC upon thirty (30) days prior notice to Us and receive a pro-rata refund of any pre-paid, unused Subscription Fee for the remainder of the then-current Subscription Period.

 

5.4. DISCLAIMER. THE SCC IS PROVIDED “AS IS.” EXCEPT TO THE EXTENT (1) EXPRESSLY SET FORTH ELSEWHERE IN THESE TERMS, (2) PROHIBITED BY LAW, OR (3) ANY STATUTORY RIGHTS APPLY THAT CANNOT BE EXCLUDED, LIMITED OR WAIVED, WE AND OUR AFFILIATES AND LICENSORS (A) MAKE NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE REGARDING THE SCC, AND (B) DISCLAIM ALL WARRANTIES, INCLUDING ANY IMPLIED OR EXPRESS WARRANTIES (I) OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR QUIET ENJOYMENT, (II) ARISING OUT OF ANY COURSE OF DEALING OR USAGE OF TRADE, (III) THAT YOUR ACCESS TO OR USE OF THE SCC WILL BE UNINTERRUPTED, ERROR FREE OR FREE OF HARMFUL COMPONENTS, AND (IV) THAT ANY CONTENT WILL BE SECURE OR NOT OTHERWISE LOST OR ALTERED.

 

 

6.                   PROPRIETARY RIGHTS.

 

6.1. Ownership. The SCC and all copyright, patent, trade secret, trade mark and other proprietary and intellectual property rights of any kind (collectively, "Intellectual Property Rights") arising in the SCC, and in all other written or oral information or other materials provided by Us to You in connection with the Agreement, are and will remain Our exclusive property. You agree to execute and to ensure your third parties execute such documentation as reasonably necessary to secure Our title over such rights. All Intellectual Property Rights arising in any third party content or other third party products or services are and will remain the exclusive property of the third party provider of such third party content or other third party products or services. Subject to the preceding three sentences and other applicable provisions of the Agreement, all Intellectual Property Rights arising in Your Data are and will remain Your exclusive property.

 

6.2. Feedback. You grant to Us a worldwide, perpetual, irrevocable, royalty-free right and license to use and incorporate into the SCC and Our other products and services any suggestions, enhancement requests, recommendations, corrections or other feedback You provide relating to the operation of the SCC or Our other products and services.

 

 

7.                   INDEMNIFICATION.

 

7.1. Indemnity. We will defend You against claims brought against You by any third party alleging that Your use of the SCC, in accordance with the Agreement, constitutes an infringement or misappropriation of such third party's patent, copyright or trade secret rights ("IP Claims"). We will pay damages finally awarded against You (or the amount of any settlement We enter into) with respect to IP Claims. This obligation of Ours will not apply if the alleged infringement or misappropriation results from (a) Our compliance with any designs, specifications or instructions provided by You or on Your behalf; (b) modification of the SCC by You or on Your behalf; (c) combination, operation or use of the SCC with third-party products, services, software or business processes; or (d) Your violation of, or access to or use of the SCC other than as permitted by, the Agreement or the applicable Documentation. You will indemnify, defend and hold harmless Our Indemnitees from any and all Losses and threatened Losses due to third party claims arising out of or in connection with (i) Your breach of the Agreement; (ii) Your Data or (iii) the activities described in items (a), (b), (c) and (d) above.

 

7.2. Mitigation. If We believe that the SCC may have violated a third party's intellectual property rights, We may elect to either modify the SCC or obtain a license to allow You to continue to use the SCC. If neither of these alternatives is commercially reasonable, We may, in Our sole discretion, suspend or terminate Your ability to further access and use the SCC.

 

7.3. Procedures. The indemnification obligations under this Section 7 are conditioned on: (a) the party against whom a third party claim is brought (the "Indemnified Party") timely notifying the other party (the "Indemnifying Party") of any such claim, provided however that the Indemnified Party's failure to provide or delay in providing such notice will not relieve the Indemnifying Party of its obligations under this Section 7 except to the extent such failure or delay prejudices the defense; (b) the Indemnifying Party having the right to fully control the defense of such claim; and (c) the Indemnified Party reasonably cooperating in the defense of such claim. Any settlement of any claim will not include a financial or specific performance obligation on, or admission of liability by, the Indemnified Party, provided however that We may settle any claim on a basis requiring Us to substitute for the SCC any alternative substantially equivalent non-infringing product or service. The Indemnified Party may appear, at its own expense, through counsel reasonably acceptable to the Indemnifying Party.

 

7.4. Sole Remedy. The provisions of this Section 7 state Our sole, exclusive and entire liability to You, and is Your sole remedy, with respect to third party claims covered hereunder and to the infringement or misappropriation of third-party intellectual property rights.

 

 

8.                   CONFIDENTIALITY. You may use Our Confidential Information only in connection with your use of the SCC as permitted under the Agreement. You will not disclose Our Confidential Information during the Subscription Period or at any time during the five (5) year period following the end of the Subscription Period. You will take all reasonable measures to avoid disclosure, dissemination or unauthorized use of Our Confidential Information, including, at a minimum, those measures you take to protect your own confidential information of a similar nature.

 

 

9.                   YOUR DATA AND PERSONAL DATA.

 

 

9.1. Your Data. You are responsible for Your Data (including, where applicable, entering it into the SCC). If and to the extent You provide Us with access to Your Data, You grant Us (including Our affiliates and subcontractors) a nonexclusive right to process Your Data to provide, support and improve the SCC.

 

9.2. Access to Your Data Hosted in the SCC.

 

9.2.1 During the Subscription Period, You may access Your Data in the SCC, and may export and retrieve Your Data in a standard format. Export and retrieval may be subject to technical limitations, in which case the parties will find a reasonable method to allow You to access Your Data.

 

9.2.2. Prior to expiration of the then-current Subscription Period or the effective date of termination, You may use Our self-service export tools (as available) to perform a final export of Your Data from the SCC. Upon the expiration or termination of the Subscription Period: (a) You will no longer be permitted to access or use the SCC; and (b) We may delete or render inaccessible any of Your Data remaining in the SCC (except to the extent applicable law requires retention).

 

9.2.3. In the event of third party legal proceedings related to Your Data in the SCC, We will reasonably cooperate with You and comply with applicable law (both at Your sole cost and expense) with respect to handling of Your Data. If You request assistance from Us to access, export or retrieve Your Data, We may invoice, and You will pay, for such assistance at Our then-current rates.

 

9.3. Personal Data. You will collect and maintain all Personal Data contained in Your Data in compliance with applicable data privacy and protection laws. Exhibit 1 (Data Processing Agreement) hereto, as well as Our Privacy Policy (currently available at http://www.selerant.com/agreement/SCC_Privacy_Policy.pdf), explain how We may use certain Personal Data that You provide to Us when You access and use the SCC, and how We will protect the privacy of such data. By using the SCC, You agree that We can use such data in accordance with Exhibit 1 (Data Processing Agreement), Our Privacy Policy (as amended from time to time) and the other applicable provisions of the Agreement.

 

9.4. Security. You will maintain reasonable security standards for Your Authorized Users' access to and use of the SCC. You are responsible for any security vulnerabilities, and the consequences of such vulnerabilities, arising from Your Data, including any viruses, trojan horses, worms or other programming routines contained in Your Data. We will use reasonable security technologies in providing the SCC. As a data Processor, We will implement technical and organizational measures designed to secure Your Data (including Personal Data) processed in the SCC in accordance with applicable Data Protection Law.

 

9.5. Service Analyses. We may compile statistical and other information related to the performance, operation and use of the SCC (including Your Data made accessible to Us and information derived from Your use of the SCC) ("Service Analyses"), including for security and operations management, to create statistical analyses and for research and development purposes. Service Analyses will anonymize and aggregate information and will be treated as Our Confidential Information.

 

 

10.                   SUSPENSION AND TERMINATION.

 

 

10.1. Temporary Suspension. We may suspend Your or any Authorized User's right to access or use any portion of the SCC immediately upon notice to You if We determine: (a) Your or an Authorized User's use of the SCC (i) poses a security risk to Us or any third party, (ii) could adversely impact Our or Our other customers' systems, (iii) could subject Us, Our affiliates or any third party to liability, or (iv) could be fraudulent; (b) You are, or any Authorized User is, in breach of the Agreement; (c) You are in breach of your payment obligations under the Agreement; or (d) You have ceased to operate in the ordinary course, made an assignment for the benefit of creditors or similar disposition of Your assets, or become subject of any bankruptcy, reorganization, liquidation, dissolution or similar proceeding.

 

10.2. Effect of Suspension. If We suspend your right to access or use any portion of the SCC, You remain responsible for all fees and charges You incur during the period of suspension.

 

10.3. Termination for Convenience.

 

10.3.1. By You. If the applicable Order Form contemplates a one (1) year Subscription Period, You may terminate the Agreement for any reason by providing Us notice and closing Your account for the SCC. If the applicable Order Form contemplates a multi-year Subscription Period (e.g., a two (2) year Subscription Period, a three (3) year Subscription Period, etc.), You may not terminate the Agreement for convenience without Our prior written consent (and such consent must make specific reference to this Section). You acknowledge and agree that We may withhold such consent in Our sole discretion, or may condition such consent on Your payment of an early termination fee calculated in accordance with Our then-current policies.

 

10.3.2. By Us. We may terminate the Agreement for any reason by providing You at least thirty (30) days' prior notice. If we terminate pursuant to the preceding sentence, we will provide you with a pro-rata refund of any pre-paid, unused Subscription Fee for the remainder of the then-current Subscription Period.

 

10.4. Termination for Cause. Either party may terminate the Agreement for cause if the other party is in material breach of the Agreement and the material breach remains uncured for a period of thirty (30) days from receipt of notice by the other party. We may also terminate the Agreement immediately upon notice to You (a) for cause if We have the right to suspend under Section 10.1, (b) if Our relationship with a third-party partner who provides software or other technology We use to provide the SCC expires, terminates or requires Us to change the way We provide the software or other technology as part of the SCC, or (c) in order to comply with the law or requests of governmental entities.

 

10.5. Effect of Termination. You remain responsible for all fees and charges You have incurred through the effective date of termination. Upon the effective date of termination, You will immediately return or, if instructed by Us, destroy all Our Confidential Information in Your possession or under Your control.

 

10.6. No Refund. In the event of any suspension or termination hereunder, You will not be excused from Your payment obligations or entitled to any refund of any payments made by You, except as expressly stated otherwise in these Terms.

 

 

11.                   MISCELLANEOUS.

 

 

11.1. Severability. Should any part of the Agreement for any reason be declared invalid, such decision will not affect the validity of any remaining provisions, which remaining provisions will remain in full force and effect as if the Agreement had been executed with the invalid portion thereof eliminated, and it is hereby declared the intention of the parties that they would have executed the remaining portion of the Agreement without including any such part, parts, or portions which may, for any reason, be hereafter declared invalid. Any provision will nevertheless remain in full force and effect in all other circumstances.

 

11.2. Waiver of Remedies. No waiver of any rights arising under the Agreement will be effective unless in writing and signed by a duly authorized signatory of the party against whom the waiver is to be enforced. No failure or delay by either party in exercising any right, power or remedy under the Agreement (except as expressly provided herein) will operate as a waiver of any such right, power or remedy.

 

11.3. Independent Contractor. We and You are independent contractors, and the Agreement will not be construed to create a partnership, joint venture, agency, or employment relationship. Neither party, nor any of their respective affiliates, is an agent of the other for any purpose or has the authority to bind the other.

 

11.4. Notices.

 

11.4.1. To You. We may provide any notice to You under the Agreement by: (a) posting a notice on the SCC portal; or (b) sending a message to the email address then associated with Your account. Notices We provide by posting on the SCC portal will be effective upon posting and notices We provide by email will be effective when We send the email. It is Your responsibility to keep Your email address current. You will be deemed to have received any email sent to the email address then associated with Your account when We send the email, whether or not You actually receive the email.

 

11.4.2. To Us. To give Us notice under the Agreement, You must contact Us by facsimile transmission or personal delivery, overnight courier or registered or certified mail to the facsimile number or mailing address, as applicable, listed on the applicable Order Form. We may update the facsimile number or address for notices to Us by posting a notice on the SCC portal. Notices provided by personal delivery will be effective immediately. Notices provided by facsimile transmission or overnight courier will be effective one (1) business day after they are sent. Notices provided by registered or certified mail will be effective three (3) business days after they are sent.

 

11.5. Assignment. You may not assign the Agreement, in whole or in part, without Our prior written consent. We may assign the Agreement, in whole or in part, without Your prior written consent to (a) an affiliate that that agrees in writing to be bound by the Agreement or (b) an entity acquiring, directly or indirectly, control of Us, an entity into which We are merged or an entity acquiring all or substantially all of Our assets, provided that the acquirer or surviving entity agrees in writing to be bound by the Agreement.

 

11.6. Section Headings. Title and headings of Sections of the Agreement are for convenience of reference only and will not affect the construction of any provision of the Agreement.

 

11.7. Residuals. Nothing in the Agreement will prohibit or limit Our ownership and use of ideas, concepts, know-how, methods, models, data, techniques, skill knowledge and experience that were used, developed or gained in connection with the Agreement.

 

11.8. Non-solicitation of Employees. During and for one (1) year after the expiration or termination of the Agreement, You will not solicit the employment of, or employ Our personnel, without Our prior written consent.

 

11.9. Cooperation. You will cooperate with Us in taking actions and executing documents, as appropriate, to achieve the objectives of the Agreement.

 

11.10. Governing Law and Construction; Consent to Jurisdiction.

 

11.10.1. If We are Selerant Corp. This Section 11.10.1 shall apply if the entity executing the applicable Order Form on Our behalf is Selerant Corp. The Agreement will be governed by and construed in accordance with the laws of New York, without regard to the principles of conflicts of laws. The exclusive venue for any disputes arising under or related to the Agreement will be in the state or federal courts located in New York, New York (USA). The parties hereby consent to the personal and exclusive jurisdiction of such courts for such disputes.

 

11.10.2. If We are not Selerant Corp. This Section 11.10.2 shall apply if the entity executing the applicable Order Form on Our behalf is not Selerant Corp. The Agreement will be governed by and construed in accordance with the UNIDROIT Principles of International Commercial Contracts, without regard to the principles of conflicts of laws. Any proceeding arising out of or relating to the Agreement will be settled exclusively by arbitration under the Rules of the Chamber of Arbitration of Milan (the "Rules") by one (1) arbitrator appointed in accordance with the Rules, which are deemed to be incorporated by reference into this Section. The seat of the arbitration will be Milan, Italy. The language of the arbitration will be English. This provision may be filed with any court as written evidence of the knowing and voluntary irrevocable agreement between the parties to waive any objections to jurisdiction, to venue or to convenience of forum. Each of the parties hereto agrees that it will not bring any action relating to the Agreement other than by arbitration under the Rules, as described above.

 

11.11. Entire Agreement; Amendments. The Agreement state the entire agreement between the parties and supersede all previous agreements, understandings, representations, warranties, contracts, proposals and all other communications between the parties respecting the subject matter hereof (oral or written). We may modify these Terms at any time by posting a revised version on Our website (currently https://www.selerant.com/agreement/SCC-Terms_of_use.pdf) (the "Website") or by otherwise notifying You. The modified terms will become effective upon posting or, if We notify You, as stated in the applicable notification. By continuing to access or use the SCC after the effective date of any modifications to these Terms, You agree to be bound by the modified terms. It is Your responsibility to check the Website regularly for modifications to these Terms. We last modified these Terms on the date listed at the end of these Terms. If You submit work orders, change orders, services requests, purchase orders or other similar documents to Us for accounting or administrative purposes or otherwise, no pre-printed or similar terms and conditions contained in any such documents will be deemed to supersede any of the terms and conditions of the Agreement. The language of the Agreement will not be construed strictly for or against any party.

 

11.12. Force Majeure. We will not be responsible for delays or failures if such delay or failure arises out of causes beyond Our control. Such causes may include acts of God or of the public enemy, fires, floods, epidemics, pandemics, outbreaks, riots, quarantine restrictions, strikes, freight embargoes, earthquakes, electrical outages, computer or communications failures, government actions, travel restrictions and severe weather, and acts or omissions of subcontractors or third parties.

 

11.13. Third Party Beneficiaries. Except as expressly provided in the Agreement, the Agreement is entered into solely between, and may be enforced only by, You and Us. The Agreement will not be deemed to create any rights or causes of action in or on behalf of any third parties, including employees, suppliers and customers of a party, or to create any obligations of a party to any such third parties.

 

11.14. Survival. Any provision of the Agreement which contemplates performance or observance subsequent to any termination or expiration of the Agreement will survive any termination or expiration of the Agreement and continue in full force and effect. Additionally, all provisions of the Agreement will survive the expiration or termination of the Agreement to the fullest extent necessary to give the parties the full benefit of the bargain expressed herein.

 

11.15. Hierarchy. In the event of any inconsistencies between these Terms and an Order Form, these Terms will take precedence over the Order Form except to the extent the Order Form expressly states that it takes precedence over these Terms.

 

11.16. Waiver of Jury Trial. You hereby expressly waive any right to a trial by jury in any action or proceeding to enforce or defend any right, power, or remedy under or in connection with the Agreement or under or in connection with any amendment, instrument, document or agreement delivered or which may in the future be delivered in connection therewith arising from any relationship existing in connection with the Agreement, and agree that any such action will be tried before a court and not before a jury. The terms and provisions of this Section constitute a material inducement for the parties entering into the Agreement.

 

11.17. Subcontractors. We may subcontract, in whole or in part, any of its obligations under the Agreement without Your prior written consent. We will be responsible and liable for any of Our subcontractors' failure to perform in accordance with the Agreement to the same extent as if such failure to perform was committed by Us.

 

11.18. Required Consents. You will obtain all consents or approvals that are required for You to use the SCC in the manner contemplated under the Agreement, except for those consents or approvals that are expressly specified in the applicable Order Form as to be obtained by Us.

 

11.19. Third Party Content. The SCC may include integrations with, or links to, content or other web services made available by third parties that are accessed through the SCC and subject to terms and conditions with those third parties ("Third Party Content"). Third Party Content is not part of the SCC and the Agreement does not apply to it. You acknowledge and agree that Your access to and use of Third Party Content will be entirely at Your own risk and We assume no liability or responsibility with respect to any Third Party Content.

 

11.20. Publicity. We (including Our Affiliates) may use Your (or Your Affiliates') names, logos, service marks, trade names or trademarks, or refer to You (or its Affiliates) directly or indirectly in any press release, public announcement or public disclosure relating to the Agreement, including in any promotional, advertising or marketing materials, customer lists or business presentations, without Your (or Your Affiliates') prior written consent prior to each such use or reference.

 

 

12.                   DEFINITIONS. The words "day", "month", "quarter" and "year" mean, respectively, calendar day, calendar month, calendar quarter and calendar year. The words "include" and "including" will not be construed as terms of limitation and introduce a non-exclusive set of examples. The word "or" will not be exclusive. The following terms, when used in the Agreement will have the meanings specified below:

 

12.1. "Affiliate" means, generally, with respect to any entity, any other entity Controlling, Controlled by or under common Control with such entity.

 

12.2. "Agreement" means, collectively, these Terms, including its Exhibits and Attachments, the Order Forms and any other policy or terms referenced in or incorporated into the Agreement.

 

12.3. "Consulting Fees" means at the fees payable by You for any ancillary consulting services as specified in the applicable Order Form (following the first anniversary of the applicable Order Form Effective Date, or if the applicable Order From does not specify the fees for ancillary consulting services, Our then-current fees will apply).

 

12.4. "Control" and its derivatives means: (a) the legal, beneficial, or equitable ownership, directly or indirectly, of (i) at least fifty percent (50%) of the aggregate of all voting equity interests in an entity or (ii) equity interests having the right to at least fifty percent (50%) of the profits of an entity or, in the event of dissolution, to at least fifty percent (50%) of the assets of an entity; (b) the right to appoint, directly or indirectly, a majority of the board of directors; (c) the right to control, directly or indirectly, the management or direction of the entity by contract or corporate governance document; or (d) in the case of a partnership, the holding by an entity (or one of its Affiliates) of the position of sole general partner.

 

12.5. "Controller" means a natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the processing of Personal Data. For purposes of the Agreement, where You act as a Processor for another Controller, it will in relation to Us be deemed to be an additional and independent Controller with the respective Controller rights and obligations under the Agreement.

 

12.6. "Data Protection Law" means the applicable legislation protecting the fundamental rights and freedoms of persons and their right to privacy with regard to the processing of Personal Data under the Agreement.

 

12.7. "Data Subject" means an identified or identifiable natural person as defined by Data Protection Law.

 

12.8. "Documentation" means the operating manuals, customer instructions, technical literature and all other related materials in eye-readable form only as supplied or made available to You by Us for aiding the use and application of the SCC.

 

12.9. "Losses" means all losses, liabilities, damages, fines, penalties, interest and claims (including taxes), and all related costs and expenses (including reasonable legal fees and disbursements and costs of investigation, litigation, experts, settlement and judgment).

 

12.10. "Order Form" means all written order forms for the SCC entered into by You and Us containing the pricing and other specific terms and conditions applicable for the SCC under the applicable Order Form.

 

12.11. "Order Form Effective Date" means the effective date of the applicable Order Form as specified therein (or, if no effective date is specified therein, the date of the last signature thereto).

 

12.12. "Our," "Us," or "We" means the Selerant entity specified on the applicable Order Form.

 

12.13. "Our Confidential Information" means all nonpublic information disclosed by Us or Our affiliates or business partners, or Our or their respective employees, contractors or agents, that is designated as confidential or that, given the nature of the information or circumstances surrounding its disclosure, reasonably should be understood to be confidential. Our Confidential Information includes: (a) nonpublic information relating to Our or Our affiliates' or business partners’ technology, customers, business plans, promotional and marketing activities, finances and other business affairs; (b) third-party information that We are obligated to keep confidential; and (c) the nature, content and existence of any discussions or negotiations between You and Us or Our affiliates. Our Confidential Information does not include any information that: (i) is or becomes publicly available without breach of the Agreement; (ii) can be shown by documentation to have been known to You at the time of Your receipt from Us; (iii) is received from a third party who did not acquire or disclose the same by a wrongful or tortious act; or (iv) can be shown by documentation to have been independently developed by You without reference to Our Confidential Information.

 

12.14. "Our Indemnitees" means Us and Our affiliates, and Our and their respective officers, directors, employees, agents, representatives, successors and assigns.

 

12.15. "Personal Data" means any information relating to a Data Subject that is protected under Data Protection Law. Personal Data is a subset of Your Data.

 

12.16. "Personal Data Breach" means a confirmed (a) accidental or unlawful destruction, loss, alternation, unauthorized disclosure of or unauthorized third party access to Personal Data or (b) similar incident involving Personal Data, in each case for which a Controller is required under Data Protection Law to provide notice to competent data protection authorities or Data Subjects.

 

12.17. "Processor" means a natural or legal person, public authority, agency or other body that processes Personal Data on behalf of the Controller, be it directly as Processor of a Controller or indirectly as Subprocessor of a Processor that processes Personal Data on behalf of the Controller.

 

12.18. "Selerant Compliance Cloud" or "SCC" means Our web-based global regulatory compliance application for the food industry.

 

12.19. "Standard Contractual Clauses" means the Standard Contractual Clauses or any subsequent version thereof published by the European Commission.

 

12.20. "Subprocessor" means an affiliate of Ours, or a third party engaged by Us or Our affiliates in connection with the provision of the SCC, that processes Personal Data in accordance with the Agreement.

 

12.21. "Subscription Fee" means the fee payable by You for the SCC, as specified in the applicable Order Form. Beginning upon the first anniversary of applicable Order Form Effective Date, We may increase the Subscription Fee by giving You not less than thirty (30) days' prior notice; provided, however, that We will not increase the Subscription Fee more than once in any twelve (12) month period. Within thirty (30) days after Your receipt of such notice, You may elect to terminate Your access to and use of the SCC upon notice to Us.

 

12.22. "Subscription Period" means the term of a subscription for the SCC identified in the applicable Order Form, including all renewals.

 

12.23. "Usage Metrics" means the standard of measurement for determining the permitted use and calculating the fees due for the SCC as set forth in the applicable Order Form.

 

12.24. "You" or "Your" means the customer entity specified on the applicable Order Form.

 

12.25. "Your Data" means any content, materials, data and information that Authorized Users enter into the SCC or that You derive from Your use of and store in the SCC (e.g., Your specific reports), in all cases excluding any of Our Confidential Information or other materials owned by Us.

 

Last updated June 30, 2022.

 

 

EXHIBIT 1

 

DATA PROCESSING AGREEMENT

 

1.                   BACKGROUND.

 

1.1 Purpose. This Exhibit applies to Our and Our Subprocessors' processing of Personal Data that You provide to Us (if any) in connection with Your access to and use of the SCC. Attachment 1 (Description of Processing) to this Exhibit, which describes the nature and purpose of the processing, the type of Personal Data and the categories of Data Subjects, is incorporated into and forms part of this Exhibit.

1.2. GDPR. The parties agree that it is each party's responsibility to review and adopt requirements imposed on Controllers and Processors by the General Data Protection Regulation 2016/679 ("GDPR") if and to the extent applicable to Personal Data of Yours that is processed in connection with Your access to and use of the SCC.

1.3. Relationship of the Parties. The parties acknowledge and agree that, in connection with the processing of Personal Data in connection with Your access to and use of the SCC: (a) We will act as a Processor and (b) You and those entities that You permit to access or use the SCC will act as Controllers. You will act as a single point of contact and are solely responsible for obtaining any relevant authorizations, consents and permissions for the processing of Personal Data in accordance with these Terms, including, where applicable, approval by Controllers to use Us as a Processor. Where authorizations, consents, permissions or instructions are provided by You these are provided not only on behalf of You but also on behalf of any other Controller accessing or using the SCC. Where We inform or give notice to You, such information or notices will be deemed received by those Controllers permitted by You to access or use the SCC and it is Your responsibility to forward such information and notices to the relevant Controllers.

 

2.                   SECURITY. 

 

2.1. Security Measures. We have implemented and will apply the technical and organizational measures set forth in Attachment 4.2 (Technical and Organizational Measures) to this Exhibit (the "Security Measures"). You acknowledge that You have reviewed the Security Measures and agree that, with respect to the SCC, the Security Measures are appropriate taking into account the state of the art, costs of implementation, nature, scope, context and purposes of the processing of Personal Data.

2.2. Changes. We may change the Security Measures at any time without notice so long as We maintain a comparable or better level of security. Individual Security Measures may be replaced by new security measures that serve the same purpose without diminishing the overall level of security protecting Personal Data.

 

3.                   OUR PROCESSING OBLIGATIONS.

 

3.1. Compliance with Your Instructions. We will process Personal Data only in accordance with documented instructions from You. These Terms (including this Exhibit) constitute such documented initial instructions and You may provide further instructions in connection with Your access to and use of the SCC (for clarity, each use of the SCC constitutes such further instructions). We will use reasonable efforts to follow any other instructions You provide, as long as they are required by Data Protection Law, technically feasible and do not require changes to the SCC. If any of the preceding exceptions apply, or We cannot otherwise comply with an instruction or We are of the opinion that an instruction violates Data Protection Law, We will promptly notify You.

3.2. Legal Requirements. We may also process Personal Data to the extent required by applicable law. In such a case, We will inform You of the applicable legal requirement before processing (except to the extent legally prohibited from doing so).

3.3. Cooperation. At Your request, We will reasonably cooperate with You and Your Controllers in handling requests from Data Subjects or regulatory authorities regarding Our processing of Personal Data or any Personal Data Breach. We will notify You as soon as reasonably practical about any request We receives from a Data Subject in relation to Our processing of Personal Data; provided, however, that We will not respond to such request without Your further instructions. With respect to the SCC, We will endeavor to provide functionality that supports Your ability to correct or remove Personal Data from the SCC, or restrict its processing in accordance with Data Protection Law. Where such functionality is not provided as part of the SCC, We will correct or remove Personal Data, or restrict its processing, in accordance with Your instructions and Data Protection Law.

3.4. Personal Data Breach Notification. We will notify You without undue delay after becoming aware of any Personal Data Breach and provide reasonable information in Our possession to assist You to meet Your obligations to report such Personal Data Breach as required under Data Protection Law. We may provide such information in phases as it becomes available. Such notification will not be interpreted or construed as an admission of fault or liability by Us.

3.5. Data Protection Impact Assessment. If, pursuant to Data Protection Law, You or Your Controllers are required to perform a data protection impact assessment or prior consultation with a regulator, We will, at Your reasonable request, provide such documents as We generally make available for Our other similarly situated customers. Any additional assistance will be mutually agreed between the parties.

 

4.                   DATA EXPORT AND DELETION.

 

4.1. SCC. The following will apply with respect to the SCC:

4.1.1. Export and Retrieval by You. During the Subscription Period, You may access Your Personal Data in the SCC, and may export and retrieve Your Personal Data in a standard format. Such export and retrieval may be subject to technical limitations, in which case the parties will find a reasonable method to allow You access to Your Personal Data.

4.1.2. Deletion. Prior to expiration of the then-current Subscription Period or the effective date of termination, You may use Our self-service tools (as available) to perform a final export of Personal Data from the SCC. At the end of the Subscription Period for the SCC, You hereby instruct Us to delete any Personal Data remaining on servers hosting the SCC within a reasonable time period in accordance with Data Protection Law (unless applicable law requires retention).

 

5.                   YOUR AUDIT RIGHTS.

 

5.1. Your Audit. Subject to Sections 5.3 and 4 below, You or Your independent third party auditor reasonably acceptable to Us (which will not include any third party auditor that is a competitor of Ours, not suitably qualified or independent or has not executed a written confidentiality agreement applicable to Us before conducting the audit) may (once in any twelve (12) month period unless mandatory Data Protection Law requires more frequent audits) audit Our control environment(s) and security practices relevant to Personal Data processed by Us in connection with Your access to and use of the SCC, but only if:

5.1.1. We have not provided sufficient evidence of Our compliance with applicable technical and organizational measures that protect the SCC through providing either (a) a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate); or (b) a valid ISAE3402 or ISAE3000 or other SOC1-3 attestation report. Our audit reports or ISO certifications are available upon Your reasonable request;

5.1.2. a Personal Data Breach has occurred;

5.1.3. an audit is formally requested by Your data protection authority; or

5.1.4. mandatory Data Protection Law provides You with a direct audit right.

5.2. Other Controller Audit. Any other Controller may audit Our control environment and security practices relevant to Personal Data processed by Us in accordance with Section 5.1 above, but only if any of the cases set out in Section 5.1 above applies to such other Controller. Such audit must be undertaken through and by You unless the audit must be undertaken by the other Controller itself under Data Protection Law. If several Controllers whose Personal Data is processed by Us require an audit, You will use best efforts to combine the audits and avoid multiple audits.

5.3. Scope of Audit. You will provide at least sixty (60) days prior notice of any audit unless mandatory Data Protection Law or a competent data protection authority requires shorter notice. The frequency and scope of any audit will be mutually agreed between the parties acting reasonably and in good faith. Any audit will (a) be subject to Our applicable policies; (b) be limited in time to a maximum of three (3) business days; (c) be conducted during Our regular business hours; and (d) not interfere with Our business operations. Beyond such restrictions, the parties will use current certifications or other audit reports to avoid or minimize repetitive audits. You will provide the results of any audit to Us.

5.4. Cost of Audit. You will bear the costs of any audit. If an audit determines that We have breached Our obligations under this Exhibit, We will promptly remedy the breach at Our own cost.

 

6.                   SUBPROCESSORS.

 

6.1. Permitted Use. Notwithstanding anything to the contrary in these Terms, We will be permitted to subcontract the processing of Personal Data to Subprocessors. We will engage Subprocessors under a written contract (which may be in electronic form) consistent with the terms of this Exhibit in relation to each Subprocessor's processing of Personal Data. We will be responsible and liable for any of Our Subprocessors' failure to perform in accordance with this Exhibit to the same extent as if such failure to perform was committed by Us. We will evaluate the security, privacy and confidentiality practices of each Subprocessor prior to selection to help establish that it is capable of providing the level of protection of Personal Data required by this Exhibit. We will make Our list of Subprocessors available to You upon Your reasonable request, including the name, address and role of each Subprocessor that We use.

6.2. New Subprocessors. Our use of Subprocessors is at Our sole discretion. We will endeavor to inform You in advance of any intended additions or replacements to the list of Subprocessors, including the name, address and role of each new Subprocessor (the "Subprocessor Notice"). If You have a legitimate reason under Data Protection Law to object to a new Subprocessor's processing of Personal Data in connection with Your access to and use of the SCC, You may terminate Your access to and use of the SCC upon notice to Us. Such termination will take effect at the time determined by You and will be no later than thirty (30) days from the date of the Subprocessor Notice (the "Termination Window"). If You do not terminate within the Termination Window, You will be deemed to have accepted the new Subprocessor. Within the Termination Window, You may request that the parties discuss a resolution to the objection in good faith. Such discussions will not extend the Termination Window and do not affect Our right to use the new Subprocessor. Any termination under this Section 6.2 will be deemed to be without fault by either party and will be subject to the Agreement.

6.3. Emergency Replacement. We may replace a Subprocessor without advance notice where the reason for the replacement is outside of Our reasonable control and prompt replacement is required for security or other urgent reasons. In this case, We will inform You of the replacement Subprocessor as soon as reasonably possible following its appointment and Section 6.2 above will apply accordingly.

 

7.                   INTERNATIONAL PROCESSING.

 

7.1. International Processing. We will be entitled to process Personal Data, including by using Subprocessors, in accordance with this Exhibit outside the country in which You are located as permitted under Data Protection Law.

7.2. Standard Contractual Clauses. Where (a) Personal Data of an European Economic Area (EEA) or Swiss based Controller is processed in a country outside the EEA, Switzerland or any jurisdiction acknowledged by the European Union as a safe jurisdiction with an adequate level of data protection under Art 45 GDPR; or (b) Personal Data of another Controller is processed internationally and such international processing requires an adequacy means under the laws of the country of the Controller and the required adequacy means can be met by entering into Standard Contractual Clauses, then:

7.2.1. the parties will enter into the Standard Contractual Clauses;

7.2.2. You will enter into the Standard Contractual Clauses with each relevant Subprocessor as follows, either (a) You join the Standard Contractual Clauses entered into by Us or the applicable Subprocessor(s) as an independent owner of rights and obligations (the "Accession Model") or (b) the applicable Subprocessor (represented by Us) will enter into the Standard Contractual Clauses with You (the "Power of Attorney Model"). The Power of Attorney Model will apply if and when We have expressly confirmed that the applicable Subprocessor(s) is(are) eligible for it through the Subprocessor list referenced in Section 6 above or a notice to You; or

7.2.3. other Controllers whose access to or use of the SCC has been authorized by You may also enter into Standard Contractual Clauses with Us or the applicable Subprocessor(s) in the same manner as You in accordance with Sections 7.2.1 and 2.2 above. In such case, You will enter into the Standard Contractual Clauses on behalf of the other Controllers.

7.3. Hierarchy. Nothing in these Terms will be construed to prevail over any conflicting clause of the Standard Contractual Clauses. For the avoidance of doubt, where this Exhibit further specifies audit and subprocessor rules in Sections 5 and 6 above, such specifications also apply in relation to the Standard Contractual Clauses.

7.4. Governing Law of Standard Contractual Clauses. The Standard Contractual Clauses will be governed by the law of the country in which the relevant Controller is incorporated.

 

8.                   RECORDS. Each party will be responsible for its compliance with its documentation requirements, in particular maintaining records of processing where required under Data Protection Law. Each party will reasonably assist the other party in its documentation requirements, including providing the information the other party needs from it in a manner reasonably requested by the other party (such as using an electronic system), in order to enable the other party to comply with any obligations relating to maintaining records of processing.

 

 

 

 

ATTACHMENT 4.1

 

DESCRIPTION OF PROCESSING

 

 

Selerant Compliance Cloud

Data Exporter

You, who subscribe to the SCC and allow Authorized Users to enter, amend, use, delete or otherwise process Personal Data, are the data exporter. Where You allow other Controllers to also access or use the SCC, such other Controllers are also data exporters.

Data Importer

We and Our Subprocessors, which provide the SCC, are the data importers. The SCC includes the following support:

·        Monitoring the SCC;

·        Backup and restoration of Your Data stored in the SCC;

·        Release and development of fixes and upgrades to the SCC;

·        Monitoring, troubleshooting and administering the underlying SCC infrastructure and database; and

·        Security monitoring, network-based intrusion detection support and penetration testing.

We provide support when You submit a support ticket because the SCC is not available or not working as expected for some or all Authorized Users. We answer phones and perform basic troubleshooting, and handle support tickets in a tracking system that is separate from the production instance of the SCC.

Data Subjects

Unless provided otherwise by the data exporter, transferred Personal Data relates to the following categories of Data Subjects:

·        Employees;

·        Contractors;

·        Business partners; or

·        Other individuals whose Personal Data is accessed by or provided to the data importer.

Categories of Data

The data exporter determines the categories of data that could be transferred to the data importer. Transferred Personal Data typically relates to the following categories of data:

·        Name;

·        Phone number;

·        Email address;

·        Time zone;

·        Address data;

·        System access / usage / authorization data;

·        Company name;

·        Contract data;

·        Invoice data; and

·        Application specific data that is transferred by Your Authorized Users.

Special Categories of Data

Any special categories of transferred Personal Data will be set forth in the applicable Order Form.

Processing Operations

Unless otherwise agreed in the applicable Order Form, the transferred Personal Data will be subject to the following basic processing activities:

·        Setting up, operating, monitoring and providing the SCC;

·        Providing consulting services;

·        Communicating to Authorized Users;

·        Storing Personal Data in dedicated data centers;

·        Uploading fixes or upgrades to the SCC;

·        Backing up Personal Data;

·        Computer processing of Personal Data (e.g., data transmission, data retrieval, data access, etc.);

·        Network access to allow Personal Data transfer;

·        Verifying compliance with these Terms;

·        Testing and applying new product or system versions, patches, updates and upgrades;

·        Monitoring and testing system use and performance;

·        Resolving bugs and other issues;

·        Complying with applicable legal requirements; and

·        Execution of Your instructions in accordance with these Terms.

 

 

 

ATTACHMENT 4.2

 

TECHNICAL AND ORGANIZATIONAL MEASURES

 

1.1. Introduction. When processing Personal Data on Your behalf in connection with Your access to or use of the SCC, We have implemented and will maintain appropriate technical and organizational security measures for the processing of such data, including the measures specified in this Attachment to the extent applicable. These measures are intended to protect Personal Data against accidental or unauthorized loss, destruction, alteration, disclosure or access, and against other unlawful forms of processing.

1.2. Physical Access Control. We employ measures designed to prevent unauthorized persons from gaining access to data processing systems in which Personal Data is processed, such as the use of security personnel, secured buildings and data center premises.

1.3. System Access Control. To the extent applicable: (a) authentication via passwords or two-factor authentication, (b) documented authorization processes, (c) documented change management processes, (d) logging of access on several levels, (e) log-ins to the SCC environments by Our employees and Subprocessors are logged; (f) logical access to the data centers is restricted and protected by firewall/VLAN; and (g) intrusion detection systems, centralized logging and alerting, and firewalls are used.

1.4. Data Access Control. Personal Data is accessible and manageable only by properly authorized staff appointed as system administrators, direct database query access is restricted, and application access rights are established and enforced. The list of system administrators is available upon Your reasonable request.

1.5. In addition to the access control rules described above, we implement an access policy under which You control access to the SCC environment and to Personal Data and other data by Your authorized personnel.

1.6. Transmission Control. Except as otherwise specified these Terms or the applicable Documentation, transfers of data outside the SCC environment are encrypted. The content of communications (including sender and recipient addresses) sent through some email or messaging services may not be encrypted. You are solely responsible for the results of Your decision to use unencrypted communications or transmissions.

1.7. Input Control. The Personal Data source is under Your control. Personal Data integration into the system is managed by secured file transfer (i.e., via web services or entered into the application) from You. To the extent the SCC permits You to use unencrypted file transfer protocols, You are solely responsible for Your decision to use such unencrypted file transfer protocols.

1.8. Data Backup. Back-ups are taken on a regular basis and are secured using a combination of technical and physical controls, depending on the circumstances.

1.9. Data Segregation. Personal Data from Our different customers' environments is logically segregated on Our system