Legal Terms & Agreements

Master Services and Software Agreement – Cloud Solutions

Written by Trace One | Sep 13, 2024 9:11:00 AM

 

This Master Services and Software Agreement (this "Master Agreement") is effective as of the Effective Date of the applicable Order Form and entered into by and between Company and Customer. 

WHEREAS Customer desires to procure from Company, and Company desires to provide to Customer, certain services and/or software, on the terms and conditions set forth in this Master Agreement.

NOW THEREFORE, in consideration of the mutual promises and covenants contained herein, and of other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, Customer and Company hereby agree as follows:

 

1.                 LICENSE AND USAGE RIGHTS.

 

1.1. Subject to Customer's compliance with the terms and conditions of the Agreement and the applicable Documentation, Company shall grant to Customer a non-exclusive, non-transferable and non-assignable right and license to access and use the Materials and Services specified in the applicable Order Form during the relevant Term solely for Customer's internal business purposes (the "License"). Except for the License, Company retains all right, title and interest in and to the Materials and Services, including all copies of the Materials delivered or otherwise made available to Customer or made by or on behalf of Customer in connection with its use of the Materials or Services. Unless otherwise agreed by Company in writing, Customer shall not access or use the Materials or Services outside of the Location.

 

2.                 LICENSE AND USAGE RESTRICTIONS.

 

2.1. The applicable Order Form shall set forth the maximum number and type (e.g., Light Named User, Named User, Supplier User, etc.) of individuals that are permitted to access and use the Materials and Services (the "Authorized Users"). Only Authorized Users are allowed to access and use the Materials and Services.

 

2.2. Usernames, passwords and other account information applicable to the Materials and Services (collectively, "Access Credentials") may not be used by more than one Authorized User but may be transferred from one Authorized User to another if the original Authorized User is no longer permitted to use the Materials and Services, as applicable. Customer shall be responsible for (a) its employees', agents', contractors', outsourcers', customers' and suppliers' (collectively, "Representatives") access to and use of the Materials and Services and full compliance with the terms and conditions of the Agreement; (b) identifying and approving all Authorized Users; (c) controlling against unauthorized access to or use of the Materials and Services by its Representatives or third parties through its or its Representatives' networks or systems; (d) maintaining the confidentiality of its Access Credentials; and (e) all activities that occur under its Access Credentials.

 

2.3. Company shall deliver or otherwise make available to Customer the Materials and Services set forth in the applicable Order Form. The Materials and Services shall be delivered or otherwise made available to Customer in the format set forth in the applicable Order Form or, if no format is set forth therein, in Company's standard format.

 

2.4. Customer shall not (a) use the Materials or Services for rental, time sharing, subscription services, hosting, or outsourcing, or otherwise commercially exploit the Materials or Services; (b) remove or modify any program markings or any notice of Company's or its licensors' proprietary rights; (c) make the Materials or Services available in any manner to any third party for use in the third party's business operations (unless such access is expressly permitted by Company in writing for a specific program license); (d) reverse engineer, disassemble or decompile the Materials or Services or make derivative works (including, without limitation, to review data structures or similar materials produced by programs); (e) duplicate the Materials or Services (except that, with respect to Software installed on Customer's premises, Customer may make a sufficient number of copies of each program for the Authorized Users' licensed use and one copy of each program media); or (f) perform any benchmark, performance or other tests or scans on the Materials or Services or disclose any results of such tests or scans run on the Materials or Services.

 

2.5. Customer shall not use the Materials or Services for any purpose that may (a) menace or harass any person, or cause damage or injury to any person or property; (b) involve the publication of any material that is false, defamatory, harassing or obscene; (c) violate privacy rights or promote bigotry, racism, hatred or harm; (d) constitute unsolicited bulk email, junk mail, spam or chain letters; (e) constitute an infringement of intellectual property or other proprietary rights; (f) violate applicable laws or regulations; or (g) circumvent or endanger the operation or security of the Materials or Services. Company reserves the right to take remedial action if Customer's use of the Materials or Services violates the foregoing restrictions, including by suspending or limiting Customer's access to the Materials and Services.

 

2.6. Customer shall comply fully with all applicable export and import laws to ensure that neither the Materials or Services, nor any direct products thereof, are exported, directly or indirectly, in violation of applicable laws.

 

2.7. Customer shall monitor its own use of the Materials and Services and immediately report any use in violation of the Agreement to Company (including any use of the Materials and Services in excess of the applicable Usage Metrics). Company may monitor Customer's use of the Materials and Services to verify compliance with the Agreement, as well as to help provide and improve the Materials and Services. In addition, Customer shall (a) permit Company to audit Customer's use of the Materials and Services (which shall include, without limitation, the right for Company to inspect the Location and any other locations from which the Materials and Services are accessed and used, upon reasonable prior notice, for the purpose of verifying Customer's compliance with the terms and conditions of the Agreement) and (b) provide Company with reasonable assistance and access to information in the course of such audit.

 

2.8. Customer acknowledges that third party technology that may be appropriate or necessary for use with the Materials and Services is specified in the applicable Documentation or as otherwise notified by Company and that such third party technology is licensed to Customer only for use with the Materials and Services under the terms of the license agreement specified in the applicable Documentation or as otherwise notified by Company and not under the terms of the Agreement.

 

2.9. Customer must accept all patches, bug fixes, updates, maintenance and service packs (collectively, "Patches") required for the proper performance of the Materials and Services as such Patches are generally released by Company.

 

3.                 PAYMENT AND INVOICING TERMS.

 

3.1. Payment Terms. Unless otherwise agreed in the applicable Order Form, Customer shall pay all fees and expenses incurred in connection with the Agreement within thirty (30) days of the date of the applicable invoice. If Customer has a valid reason to dispute an invoice, Customer shall so notify Company within seven (7) days of Customer's receipt of the invoice, and, if no such notification is given, the invoice shall be deemed valid. If Customer disputes only a portion of an invoice, the portion of the invoice that is not in dispute shall be paid by Customer in accordance with the Agreement.

 

3.2.  A finance charge equal to the lesser of (a) one and one-half percent (1.5%) per month or (b) the maximum amount allowed by law shall be charged on any past due amounts. Payments by Customer shall be applied first to accrued interest and then to the principal unpaid balance. Any attorney fees, court costs, or other costs incurred by Company in the collection of past due amounts shall be paid by Customer. If payment of invoices is not current, or Customer has not complied with any of its other obligations under the Agreement, Company may suspend performing further work, as well as Customer's access to and use of the Materials and Services.

 

3.3.  To the extent Customer's use of the Materials or Services exceeds the Usage Metrics in the applicable Order Form, Company may invoice Customer, and Customer shall pay, any additional fees (at Company's then-current rates) to account for Customer's excess usage.

 

3.4.  All amounts payable by Customer pursuant to the Agreement are exclusive of taxes. Accordingly, Customer will pay any sales, value-added or other similar taxes imposed by applicable law that Company must pay based on the services Customer ordered, except for taxes based on Company income.

 

3.5.  Reimbursable Costs. Customer shall reimburse Company for all travel and living expenses incurred by Company personnel in connection with the Agreement. Upon Customer's reasonable request, Company shall provide Customer with substantiation of travel and living expenses incurred by Company personnel.

 

4.                 LIMITATION OF LIABILITY.

 

4.1.  NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE AGREEMENT, EXCEPT AS SET FORTH IN SECTION 4.3 AND SUBJECT TO SECTION 4.4, COMPANY'S AGGREGATE MAXIMUM LIABIITY FOR ANY DAMAGES ARISING OUT OF OR RELATED TO THE AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWHISSE, SHALL BE LIMITED TO THE AMOUNT OF THE FEES ACTUALLY PAID BY CUSTOMER TO THE COMPANY FOR THE APPLICABLE MATERIALS OR SERVICES UNDER THE ORDER FORM, AND IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE LIABILITY.

 

4.2. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE AGREEMENT, EXCEPT AS SET FORTH IN SECTION 4.3 AND SUBJECT TO SECTION 4.4, NEITHER PARTY SHALL BE LIABLE FOR ANY SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, DATA OR DATA USE.

 

4.3. CUSTOMER ACKNOWLEDGES THAT COMPANY DOES NOT PROVIDE LEGAL OR COMPLIANCE ADVICE. CUSTOMER IS RESPONSIBLE FOR MAKING ITS OWN ASSESSMENT OF ITS LEGAL AND REGULATORY REQUIREMENTS AND WHETHER CUSTOMER'S PROPOSED USE OF THE MATERIALS AND SERVICES MEETS THOSE REQUIREMENTS.

 

4.4. NOTWITHSTANDING SECTIONS 4.1 AND 4.2 ABOVE, TO THE FULLEST EXTENT PERMITTED BY LAW, FOR MATERIALS AND SERVICES PROVIDED AT NO CHARGE, COMPANY SHALL HAVE NO LIABILITY WHATSOEVER. 

 

5.                 REPRESENTATIONS AND WARRANTIES.

 

5.1. Authority. Each party represents and warrants that it has the full power, capacity and authority to enter into, and perform its obligations under the Agreement.

 

5.2. Compliance with Laws. Each party warrants that it will comply with all laws and regulations applicable to it in connection with: (a) in the case of Company, the operation of Company's business as it relates to the Materials and Services; and (b) in the case of Customer, Customer's access to and use of the Materials and Services.

 

5.3. DISCLAIMER. EXCEPT AS SET FORTH ELSEWHERE IN THE AGREEMENT, THE MATERIALS, SERVICES AND RELATED WORK PRODUCT ARE PROVIDED ON AN "AS IS" BASIS AND COMPANY MAKES NO WARRANTY OF ANY KIND, WHETHER, EXPRESS, IMPLIED OR STATUTORY, REGARDING THE MATERIALS, SERVICES OR WORK PRODUCT, INCLUDING, WHITOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, SUITABILITY, ORIGINALITY OR FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OR RESULTS TO BE DERIVED FROM THE USE OF OR INTEGRATION WITH ANY MATHERIALS, SERVICES OR WORK PRODUCT PROVIDED UNDER THE AGREEMENT, OR THAT THE OPERATION OF ANY MATERIALS, SERVICES OR WORK PRODUCT WILL BE SECURE, UNINTERRUPTED OR ERROR FREE. 

 

6.                 PROPRIETARY RIGHTS.

 

6.1.  The Materials, Services and Work Product and all copyright, patent, trade secret, trade mark and other proprietary and intellectual property rights of any kind (collectively, "Intellectual Property Rights") arising in the Materials, Services and Work Product, and in all other written or oral information provided by Company to Customer in connection with the Agreement, are and shall remain the exclusive property of Company. Customer agrees to execute and to ensure its third parties execute such documentation as reasonably necessary to secure Company's title over such rights. All Intellectual Property Rights arising in any third party content or other third party products or services are and shall remain the exclusive property of the third party provider of such third party content or other third party products or services. Subject to the preceding three sentences and other applicable provisions of the Agreement, all Intellectual Property Rights arising in the Customer Data are and shall remain the exclusive property of Customer.

 

6.2.  Customer shall notify Company immediately if Customer becomes aware of any unauthorized use of or access to the whole or any part of the Materials, Services, Work Product or Company's other proprietary materials or Confidential Information by any person or entity.

 

6.3. Customer grants to Company a worldwide, perpetual, irrevocable, royalty-free right and license to use and incorporate into Company's products and services any suggestion, enhancement request, recommendation, correction or other feedback provided by Customer relating to the operation of Company's products and services.

 

7.                 INDEMNIFICATION.

 

7.1.  Company shall defend Customer against claims brought against Customer by any third party alleging that Customer's use of the Materials, in accordance with the terms of the Agreement, constitutes an infringement or misappropriation of such third party's patent, copyright or trade secret rights ("IP Claims"). Company shall pay damages finally awarded against Customer (or the amount of any settlement Company enters into) with respect to IP Claims. This obligation of Company shall not apply if the alleged infringement or misappropriation results from (a) Company's compliance with any designs, specifications or instructions provided by or on behalf of Customer; (b) modification of the Materials or Services by or on behalf of Customer; (c) combination, operation or use of the Materials or Services with non-Company products, services, software or business processes; or (d) Customer's violation of, or access to or use of the Materials or Services other than as permitted by, the Agreement or the applicable Documentation. Customer shall indemnify, defend and hold harmless the Company Indemnitees from any and all Losses and threatened Losses due to third party claims arising out of or in connection with (i) Customer's breach of its obligations under the Agreement; (ii) the Customer Data or (iii) the activities described in items (a), (b), (c) and (d) above.

 

7.2. If Company believes that the Materials or Services may have violated a third party's intellectual property rights, Company may elect to either modify the Materials and Services or obtain a license to allow Customer to continue to use the Materials and Services. If neither of these alternatives is commercially reasonable, in Company's sole discretion, Company may terminate Customer's ability to further access to and use of the applicable Materials and Services.

 

7.3. The indemnification obligations under this Section 7 are conditioned on: (a) the party against whom a third party claim is brought (the "Indemnified Party") timely notifying the other party (the "Indemnifying Party") in writing of any such claim, provided however that the Indemnified Party's failure to provide or delay in providing such notice shall not relieve the Indemnifying Party of its obligations under this Section 7 except to the extent such failure or delay prejudices the defense; (b) the Indemnifying Party having the right to fully control the defense of such claim; and (c) the Indemnified Party reasonably cooperating in the defense of such claim. Any settlement of any claim shall not include a financial or specific performance obligation on or admission of liability by the Indemnified Party, provided however that Company may settle any claim on a basis requiring Company to substitute for the Materials or Services any alternative substantially equivalent non-infringing product or service. The Indemnified Party may appear, at its own expense, through counsel reasonably acceptable to the Indemnifying Party.

 

7.4.  The provisions of this Section 7 shall not apply with respect to Materials or Services provided at no charge and state the sole, exclusive and entire liability of Company, its Affiliates and their respective licensors to Customer, and is Customer's sole remedy, with respect to third party claims covered hereunder and to the infringement or misappropriation of third-party intellectual property rights.

 

8.                 NON-DISCLOSURE.

 

8.1. For the purposes of this Section 8, the term "Disclosing Party" refers to a party in the case of such party's disclosure of Confidential Information to the other party, and the term "Recipient" refers to a party in the case of such party's receipt of Confidential Information from the other party.

 

8.2.  Definition of Confidential Information.

 

8.2.1.  "Confidential Information" means all processes, formulae, data, know-how, improvements, inventions, techniques, marketing plans, strategies, customer lists, or other information that has been created, discovered, or developed by the Disclosing Party, or has otherwise become known to Recipient (other than as a result of disclosure to Recipient by the Disclosing Party), or to which rights have been assigned to, or otherwise acquired by, the Disclosing Party, as well as any other information and materials that are deemed confidential or proprietary to or by the Disclosing Party (including all such information and materials of the Disclosing Party’s customers and any other third party and their consultants), in each case, that are disclosed by Disclosing Party to the Recipient (whether directly or indirectly, intentionally or unintentionally), regardless of whether any of the foregoing are marked “confidential” or “proprietary” or communicated to the Recipient by the Disclosing Party in oral, written, visual, graphic, or electronic form. For the avoidance of doubt, the solutions and any other technology of the Company are deemed to be Confidential Information.

 

8.2.2.  Confidential Information does not, however, include any information that: (a) is or becomes publicly available without Recipient's breach of any obligation owed Disclosing Party; (b) became known to Recipient prior to Disclosing Party's disclosure of such information to Recipient; (c) became known to Recipient from a source other than Disclosing Party other than by the breach of an obligation of confidentiality owed to Disclosing Party; or (d) is independently developed by Recipient.

 

8.3.   Non-Disclosure and Non-Use of Confidential Information.

 

8.3.1.  Confidential Information is provided to Recipient for review and evaluation only and may only be used by Recipient to the extent necessary to perform its obligations under the Agreement. No other use is permitted.

 

8.3.2.  Recipient shall not disclose Confidential Information to anyone other than its employees and contractors who legitimately need access to it for permitted use. Recipient shall notify its employees and contractors who are given access to Confidential Information that they have an obligation not to disclose Confidential Information in violation of this Section 8 and shall take such steps as are reasonably necessary to ensure compliance with this obligation.

 

8.3.3.  Recipient shall safeguard Confidential Information with reasonable security means at least equivalent to measures that it uses to safeguard its own confidential information (but not less than commercially reasonable measures). Recipient shall store Confidential Information in a safe and secure location.

 

8.3.4.  Recipient may make copies of Confidential Information only as is necessary for it to perform its obligations under the Agreement. Recipient shall reproduce on any copy of Confidential Information all copyright, trademark, trade secret, confidentiality, and patent notices found on the original of such Confidential Information. Recipient shall not reverse engineer any Confidential Information in hardware or software form. Recipient shall not use the Confidential Information for any product design or development unless otherwise expressly agreed in writing by Disclosing Party.

 

8.3.5. The obligations regarding Confidential Information in the Agreement shall apply for five (5) years after expiration or termination of the Agreement.

 

8.4.   Reservation of Rights. No rights to Confidential Information are granted by implication and nothing in this Section 8 shall be construed as obligating a party to disclose its Confidential Information to the other party, or as granting to or conferring on a party, expressly or impliedly, any rights, title or interest (including license) in or to any Confidential Information of the other party. In addition to the restrictions in the Agreement, Disclosing Party reserves its rights under any of its patents, copyrights, trademarks, or trade secrets except as otherwise expressly provided in the Agreement.

 

8.5.  Return of Confidential Information. Within ten (10) business days of receipt of Disclosing Party's written request or when negotiations or business relations between Disclosing Party and Recipient cease (whichever is earlier), Recipient shall, at Disclosing Party's option, return to Disclosing Party, or destroy, all documents containing Disclosing Party's Confidential Information, including all copies of such Confidential Information made by Recipient. For purposes of this Section 8.5, the term "documents" includes any medium, including paper, disks, optical media, magnetic memory, and any other means of recording information. Recipient shall, upon request, certify in writing that it has complied with this Section 8.5.

 

8.6. Equitable Relief. Recipient hereby acknowledges that unauthorized disclosure or use of Disclosing Party's Confidential Information will cause immediate and irreparable harm to Disclosing Party. Accordingly, Disclosing Party shall have the right to seek and obtain preliminary and final injunctive relief to enforce the Agreement in case of any actual or threatened breach by Recipient of this Section 8, in addition to other rights and remedies that may be available to Disclosing Party.

 

9.                 CUSTOMER AND PERSONAL DATA.

 

9.1.  Customer Data. Customer is responsible for the Customer Data (including, where applicable, entering it into the Company Cloud or Customer Private Cloud). If and to the extent Customer provides Company with access to Customer Data, Customer grants to Company (including its Affiliates and subcontractors) a nonexclusive right to process such Customer Data to provide, support and improve the Materials and Services.

 

9.2.  Personal Data. Customer shall collect and maintain all Personal Data contained in the Customer Data in compliance with applicable data privacy and protection laws.

 

9.3.  Security. Customer shall maintain reasonable security standards for its Authorized Users' access to and use of the Materials and Services. Customer is responsible for any security vulnerabilities, and the consequences of such vulnerabilities, arising from Customer Data, including any viruses, trojan horses, worms or other programming routines contained in Customer Data.

 

9.4. Service Analyses. Company may compile statistical and other information related to the performance, operation and use of the Materials and Services (including Customer Data made accessible to Company and information derived from Customer's use of the Materials and Services) ("Service Analyses"), including for security and operations management, to create statistical analyses and for research and development purposes. Service Analyses shall anonymize and aggregate information and shall be treated as Company's Confidential Information.

 

10.              TERM AND Termination.

 

10.1.  Term. Unless otherwise terminated as set forth in Section 10.2 or elsewhere in the Agreement, this Master Agreement shall remain in effect from the Effective Date of the first applicable Order Form until the first date on which no Order Form is then in effect between the parties (the "Master Agreement Term").

 

10.2. Termination.

 

10.2.1. Material Breach. If a party (the "Breaching Party") commits a material breach of the Agreement, which breach is not cured within thirty (30) days after notice of the breach from the other party (the "Non-Breaching Party"), then Non-Breaching Party may, by giving notice to Breaching Party, terminate the Agreement, with respect to all or any part of the Materials and Services, as of a date specified in the notice of termination.

 

10.2.2. Non-Payment. If Customer fails to pay undisputed charges then due and owing under the Agreement by the specified due date, then, if Customer fails to cure such default within thirty (30) days of notice from Company of its intention to terminate, Company may, by notice to Customer, terminate the Agreement, with respect to all or any part of the Materials and Services, as of a date specified in the notice of termination.

 

10.2.3. Insolvency. If a party (a) files for bankruptcy, (b) becomes or is declared insolvent, or is the subject of any proceedings (not dismissed within sixty (60) days) related to its liquidation, insolvency or the appointment of a receiver or similar officer for such party, (c) makes an assignment for the benefit of all or substantially all of its creditors, (d) takes any corporate action for its winding-up, dissolution or administration, or (e) enters into an agreement for the extension or readjustment of substantially all of its obligations, then the other party may terminate the Agreement, with respect to all or any part of the Materials and Services, as of a date specified in the notice of termination.

 

10.2.4. Effect of Termination. Customer shall be liable for all payments to Company, including all fees and expenses for all Materials and Services incurred up to the date on which any termination takes place.

 

10.2.5. No Refund. In the event of any suspension or termination hereunder, Customer shall not be excused from its payment obligations or entitled to any refund of any payments made by Customer, except as expressly stated otherwise in this Agreement.

 

11.              MISCELLANEOUS.

 

11.1.  Insecurity and Adequate Assurances. If reasonable grounds for insecurity arise with respect to Customer's ability to make payments under the Agreement in a timely fashion, Company may demand in writing adequate assurances of Customer's ability to meet its payment obligations under the Agreement. Unless Customer provides the assurances in a reasonable time and manner acceptable to Company, in addition to any other rights and remedies available, Company may partially or totally suspend Company's performance while awaiting assurances, without any liability.

 

11.2. Severability. Should any part of the Agreement for any reason be declared invalid, such decision shall not affect the validity of any remaining provisions, which remaining provisions shall remain in full force and effect as if the Agreement had been executed with the invalid portion thereof eliminated, and it is hereby declared the intention of the parties that they would have executed the remaining portion of the Agreement without including any such part, parts, or portions which may, for any reason, be hereafter declared invalid. Any provision shall nevertheless remain in full force and effect in all other circumstances.

 

11.3. Waiver of Remedies. No waiver of any rights arising under the Agreement shall be effective unless in writing and signed by a duly authorized signatory of the party against whom the waiver is to be enforced. No failure or delay by either party in exercising any right, power or remedy under the Agreement (except as expressly provided herein) shall operate as a waiver of any such right, power or remedy.

 

11.4. Independent Contractor; Company Personnel. Company is an independent contractor of Customer, and no employment agency, trust, partnership or fiduciary relationship is created by the Agreement. The selection of personnel assigned or deployed to deliver the Services is at Company's sole discretion and Company reserves the right to replace any personnel at any time at its sole discretion with personnel of substantially equivalent skills.

 

11.5. Notices. Customer shall give Company written notice within two (2) years of obtaining knowledge of the occurrence of any claim or cause of action which Customer believes that it has, or may seek to assert or allege, against Company, whether such claim is based in law or equity, arising under or related to the Agreement or to the transactions contemplated hereby, or any act or omission to act by Company with respect to the Agreement. If Customer fails to give such notice to Company with regard to any such claim or cause of action and shall not have brought legal action for such claim or cause of action within said time period, Customer shall be deemed to have waived, and shall be forever barred from bringing or asserting such claim or cause of action in any suit, action or proceeding in any court or before any governmental agency or authority or any arbitrator. Except as otherwise specified in the Agreement, all notices or other communications hereunder shall be in writing, sent by courier or the fastest possible means, provided that recipient receives a manually signed copy and the transmission method is scheduled to deliver within forty-eight (48) hours, and shall be deemed given when delivered to the address specified in the applicable Order Form or such other address as may be specified in a written notice in accordance with this Section. Any party may, by notice given in accordance with this Section to the other party, designate another address or person or entity for receipt of notices hereunder. Notwithstanding the foregoing, Company may give notices to Customer by email to the address(es) specified in the applicable Order Form.

 

11.6. Assignment. Customer shall not assign the Agreement, in whole or in part, without Company's prior written consent. Company may assign the Agreement, in whole or in part, without the prior written consent of Customer to (1) an Affiliate that that agrees in writing to be bound by the terms and conditions of the Agreement or (2) an entity acquiring, directly or indirectly, Control of Company, an entity into which Company is merged or an entity acquiring all or substantially all of Company's assets, provided that the acquirer or surviving entity agrees in writing to be bound by the terms and conditions of the Agreement.

 

11.7. Disputes. Company and Customer recognize that disputes arising under the Agreement are best resolved at the working level by the parties directly involved. Both parties are encouraged to be imaginative in designing mechanisms and procedures to resolve disputes at this level. Such efforts shall include the referral of any remaining issues in dispute to higher authority within each participating party's organization for resolution. Failing resolution of conflicts at the organizational level, Company and Customer agree that any remaining conflicts arising out of or relating to the Agreement shall be submitted to non-binding mediation unless Company and Customer mutually agree otherwise. If the dispute is not resolved through non-binding mediation, then the parties may take other appropriate action subject to the other terms of the Agreement.

 

11.8. Section Headings. Title and headings of Sections of the Agreement are for convenience of reference only and shall not affect the construction of any provision of the Agreement.

 

11.9. Representations; Counterparts. Each person executing the Agreement on behalf of a party represents and warrants that such person is duly and validly authorized to do so on behalf of such party, with full right and authority to execute the Agreement and to bind such party with respect to all of its obligations hereunder and thereunder. The Agreement may be executed (by original or telecopied signature) in counterparts, each of which shall be deemed an original, but all of which taken together shall constitute one and the same instrument.

 

11.10. Residuals. Nothing in the Agreement or elsewhere will prohibit or limit Company's ownership and use of ideas, concepts, know-how, methods, models, data, techniques, skill knowledge and experience that were used, developed or gained in connection with the Agreement.

 

11.11.  Non solicitation of Employees. During and for one (1) year after the Master Agreement Term, Customer shall not solicit the employment of, or employ Company's personnel, without Company's prior written consent.

 

11.12. Cooperation. Customer shall cooperate with Company in taking actions and executing documents, as appropriate, to achieve the objectives of the Agreement. Customer agrees that Company's performance is dependent on Customer's timely and effective cooperation with Company. Accordingly, Customer acknowledges that any delay by Customer may result in Company being released from an obligation or scheduled deadline or in Customer having to pay extra fees for Company's agreement to meet a specific obligation or deadline despite the delay.

 

11.13. Governing Law and Construction; Consent to Jurisdiction. The Agreement shall be governed by and construed in accordance with the laws of (1) New York (if Company is located in the USA) or (2) the Italian Republic (if Company is located in the EU), without regard to the principles of conflicts of law. The language of the Agreement shall be deemed to be the result of negotiation among the parties and their respective counsel and shall not be construed strictly for or against any party. The exclusive venue for any disputes arising under or related to the Agreement shall be in the (A) state or federal courts located in New York, New York (if Company is located in the USA) or (B) Courts of Milan (Italy) (if Company is located in the EU). Customer and Company consent to the personal and exclusive jurisdiction of such courts for such disputes.

 

11.14. Entire Agreement; Amendments. The Agreement states the entire agreement between the parties and supersedes all previous agreements, understandings, representations, warranties, contracts, proposals and all other communications between the parties respecting the subject matter hereof (oral or written). Company may modify this Master Agreement at any time by posting a revised version on Company's website (currently https://www.traceone.com/terms-of-service (the "Website") or by otherwise notifying Customer by email. The modified terms shall become effective upon posting or, if Company notifies Customer by email, as stated in the email message. By continuing to use Materials or Services after the effective date of any modifications to this Master Agreement, Customer agrees to be bound by the modified terms. It is Customer's responsibility to check the Website regularly for modifications to this Master Agreement. Company last modified this Master Agreement on the date listed at the end of this Master Agreement. If Customer submits work orders, change orders, Services requests, purchase orders or other similar documents to Company for accounting or administrative purposes or otherwise, no pre-printed or similar terms and conditions contained in any such documents shall be deemed to supersede any of the terms and conditions of the Agreement.

 

11.15. Force Majeure. Company shall not be responsible for delays or failures if such delay or failure arises out of causes beyond its control. Such causes may include, without limitation, acts of God or of the public enemy, fires, floods, epidemics, pandemics, outbreaks, riots, quarantine restrictions, strikes, freight embargoes, earthquakes, electrical outages, computer or communications failures, government actions, travel restrictions and severe weather, and acts or omissions of subcontractors or third parties.

 

11.16. Third Party Beneficiaries. Except as expressly provided in the Agreement, the Agreement is entered into solely between, and may be enforced only by, Company and Customer. The Agreement shall not be deemed to create any rights or causes of action in or on behalf of any third parties, including employees, suppliers and customers of a party, or to create any obligations of a party to any such third parties.

 

11.17. Survival. Any provision of the Agreement which contemplates performance or observance subsequent to any termination or expiration of the Agreement shall survive any termination or expiration of the Agreement and continue in full force and effect. Additionally, all provisions of the Agreement shall survive the expiration or termination of the Agreement to the fullest extent necessary to give the parties the full benefit of the bargain expressed herein.

 

11.18. Hierarchy. In the event of any inconsistencies between this Master Agreement and an Order Form, the Order Form shall take precedence over the Master Agreement.

 

11.19. Waiver of Jury Trial. Customer hereby expressly waives any right to a trial by jury in any action or proceeding to enforce or defend any right, power, or remedy under or in connection with the Agreement or under or in connection with any amendment, instrument, document or agreement delivered or which may in the future be delivered in connection therewith arising from any relationship existing in connection with the Agreement, and agrees that any such action shall be tried before a court and not before a jury. The terms and provisions of this Section constitute a material inducement for the parties entering into the Agreement.

 

11.20. Subcontractors. Company may subcontract, in whole or in part, any of its obligations under the Agreement without the express prior written consent of Customer. Company shall be responsible and liable for any of its subcontractors' failure to perform in accordance with the Agreement to the same extent as if such failure to perform was committed by Company.

 

11.21. Required Consents. Customer shall obtain all consents or approvals that are required for Customer to use the Materials and Services in the manner contemplated under the Agreement, except for those consents or approvals that are expressly specified in the applicable Order Form as to be obtained by Company.

 

11.22. Language. If either party provides a translation of the English language version of the Agreement, the English language version of the Agreement shall control in the event of any conflict.

 

11.23. Publicity. Company and its Affiliates may use Customer's or its Affiliates' names, logos, service marks, trade names or trademarks, or refer to Customer or its Affiliates directly or indirectly in any press release, public announcement or public disclosure relating to the Agreement, including in any promotional, advertising or marketing materials, customer lists or business presentations, without the prior written consent of Customer or its Affiliates prior to each such use or reference.

 

11.24 Testimonial. Customer and its Affiliates agree to provide at least one testimonial and/or case study and/or quote regarding their choice of Company’s Software or Services, or their experience with Company’s Software and Services. Company and its Affiliates may use this testimonial and/or case study and/or quote for marketing purposes, and display it on Company’s website, promotional materials, and social media platforms, without the prior written consent of Customer or its Affiliates before each such use or reference. This testimonial and/or case study and/or quote shall be provided before the end of the initial Subscription Period of the Agreement.

 

12. DEFINITIONS. The words "day", "month", "quarter" and "year" mean, respectively, calendar day, calendar month, calendar quarter and calendar year. The words "include" and "including" shall not be construed as terms of limitation and introduce a non-exclusive set of examples. The word "or" shall not be exclusive. Capitalized terms used herein but not defined herein shall have the meanings set forth in the applicable Order Form. The following terms, when used in the Agreement shall have the meanings specified below:

 

12.1.  "Agreement" means, collectively, this Master Agreement, including its Exhibits and Attachments, and the Order Forms.

 

12.2. "Affiliate" means, generally, with respect to any entity, any other entity Controlling, Controlled by or under common Control with such entity.

 

12.3.  "Cloud Fee" means the fees for the Cloud Services as specified in the applicable Order Form.

 

12.4. "Cloud Services" means the subscription-based, hosted, supported and operated on-demand solution with respect to the Company Cloud provided by Company under an Order Form, including the Maintenance Services and other support services (if any) specified in the applicable Order Form.

 

12.5.  "Company" means the entity specified on the applicable Order Form.

 

12.6. "Company Indemnitees" means Company, its Affiliates and their respective officers, directors, employees, agents, representatives, successors and assigns.

 

12.7.   "Control" and its derivatives means: (a) the legal, beneficial, or equitable ownership, directly or indirectly, of (i) at least fifty percent (50%) of the aggregate of all voting equity interests in an entity or (ii) equity interests having the right to at least fifty percent (50%) of the profits of an entity or, in the event of dissolution, to at least fifty percent (50%) of the assets of an entity; (b) the right to appoint, directly or indirectly, a majority of the board of directors; (c) the right to control, directly or indirectly, the management or direction of the entity by contract or corporate governance document; or (d) in the case of a partnership, the holding by an entity (or one of its Affiliates) of the position of sole general partner.

 

12.8. "Controller" means a natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the processing of Personal Data. For purposes of the Agreement, where Customer acts as a Processor for another Controller, it shall in relation to Company be deemed to be an additional and independent Controller with the respective Controller rights and obligations under the Agreement.

 

12.9.  "Current Release" means the most current Release of the Software.

 

12.10. "Customer" means the customer specified on the applicable Order Form.

 

12.11.  "Customer Data" means any content, materials, data and information that Authorized Users enter into (a) the Software or (b) the production system of the Company Cloud, or that Customer derives from its use of and stores in the Company Cloud (e.g., Customer specific reports), in all cases excluding any Confidential Information of Company or other Company-owned materials.

 

12.12. "Customer Private Cloud” means a cloud computing environment provided by Customer (or a third party on behalf of Customer) and made available to Company under the applicable terms of the Agreement.

12.13.  "Data Protection Law" means the applicable legislation protecting the fundamental rights and freedoms of persons and their right to privacy with regard to the processing of Personal Data under the Agreement including the General Data Protection Regulation (EU) 2016/679.

 

12.14. "Data Subject" means an identified or identifiable natural person as defined by Data Protection Law.

 

12.15.  "Deliverables" means Work Product that is expressly identified as a deliverable under the applicable Statement of Work for delivery to Customer.

 

12.16. "Documentation" means the operating manuals, customer instructions, technical literature and all other related materials in eye-readable form only as supplied to Customer by Company for aiding the use and application of the Materials and Services, as applicable.

 

12.17.  "License Fee" means the fee payable by Customer for the Software licenses, as specified in the applicable Order Form.

 

12.18.  "Light Named User" means a Named User with view-only rights to the Software or Materials and, if and to the extent agreed by the parties, the right to approve product specifications when the necessary module is available in the License profile.

 

12.19.  "Location" means with respect to Materials and Services made available to Customer as part of the Cloud Services, the Customer location(s) where such Materials and Services are to be accessed and used by Customer.

 

12.20.  "Losses" means all losses, liabilities, damages (including punitive and exemplary damages), fines, penalties, interest and claims (including taxes), and all related costs and expenses (including reasonable legal fees and disbursements and costs of investigation, litigation, experts, settlement, judgment, interest and penalties).

 

12.21.  "Maintenance and Support Fee" means the fee for the Maintenance Services as specified in the applicable Order Form.  

 

12.22. "Maintenance Services" means those services to be provided by Company to Customer under the applicable Order Form pursuant to the terms and conditions outlined in Exhibit 2 (Maintenance and Support Terms).

 

12.23. "Managed Services" means the services provided by Company to manage the applicable Software for Customer as further defined under the applicable Order Form.

 

12.24. "Materials" means the Software, Documentation and any other materials provided or developed by Company (independently or with Customer's cooperation) under the applicable Order Form.

 

12.25. "Named User" is defined as an individual authorized by Customer to use the server programs that are installed on a single server or on a server farm, regardless of whether the individual is actively using the Software at any given time. Each non-human operated device will be counted as a Named User in addition to all individuals authorized to use the server programs, if such device can access the Software. If multiplexing hardware or software (e.g., a TP monitor or a web server product) is used, this number must be measured at the multiplexing front end. Depending on the specific features of the Software and on Customer's indications about the kind and profile of its authorized users, the Named User can be enabled by Company to activate one or more different user profiles, each of them allowing access to a specific limited set of modules and functions of the Software, which might not correspond to the whole of the modules and functions of the Software as provided in the applicable specifications. As a consequence, the License Fee for the single Named User might be construed pursuant to the width of the functions enabled in the corresponding assigned user profile.

 

12.26. "Order Form" means all written order forms for Materials and Services entered into by Company and Customer containing the pricing and other specific terms and conditions applicable for the Materials and Services under the applicable Order Form.

 

12.27.  "Personal Data" means any information relating to a Data Subject that is protected under Data Protection Law. Personal Data is a subset of Customer Data.

 

12.28. "Processor" means a natural or legal person, public authority, agency or other body that processes Personal Data on behalf of the Controller, be it directly as Processor of a Controller or indirectly as Subprocessor of a Processor that processes Personal Data on behalf of the Controller.

 

12.29. "Professional Services" means those services as further defined by the specific Statement of Work provided to Customer under an Order Form that references this Master Agreement.

 

12.30. "Release" means any subsequent update, improvement, addition, modification, adaptation or development of the Software made available by Company to Customer pursuant to Exhibit 2 (Maintenance and Support Terms).

 

12.31. "Company Cloud" means a cloud computing environment provided by Company (or a third party on behalf of Company) and made available to Customer under the applicable terms of the Agreement.

 

12.32. "Trace One Regulatory Compliance" means Company's web-based global regulatory compliance application for the food industry.

 

12.33.   "Services" means, collectively, the Cloud Services, Managed Services, Maintenance Services and Professional Services, as applicable.

 

12.34.  "Software" means all computer programs and procedures developed by Company, owned by Company and/or licensed by third parties to Company, and offered by Company to Customer in accordance with the relevant terms of the Agreement. As specified in the applicable Order Form, Software is licensed on a subscription basis and hosted in the Company Cloud.

 

12.35. "Statement of Work" means the document that is provided with and becomes part of the applicable Order Form that further defines the scope of Managed Services or Professional Services and Deliverables to be provided and other engagement specifics.

 

12.36. "Subprocessor" means an Affiliate of Company, or a third party engaged by Company or its Affiliates in connection with the Cloud Services, that processes Personal Data in accordance with Exhibit 3 (Data Processing Agreement).

 

12.37.  "Subscription Period" means the term of a subscription for Materials and Services identified in the applicable Order Form, including all renewals.

 

12.38. "Supplier User" means an individual representative from a third party supplier of Customer who has been granted access to the Software, subject to and in accordance with this Agreement and Company's standard policies and procedures.

 

12.39. "Usage Metrics" means the standard of measurement for determining the permitted use and calculating the fees due for the Software and/or Maintenance Services as set forth in the applicable Order Form.

 

12.40. "Work Product" means any work product or tangible results produced by or with Company pursuant to the Agreement, including works created for or in cooperation with Customer.

 

13.              REGIONAL TERMS.

 

Customer agrees to the following modifications to the Agreement if Company is located in China and Customer’s billing address is in the People’s Republic of China (excluding Taiwan, Hong Kong and Macau):

    • Section 8.6 (Equitable Relief) is replaced as follows:

"8.6 Injunctive Relief. Recipient hereby acknowledges that unauthorized disclosure or use of Disclosing Party's Confidential Information will cause immediate and irreparable harm to Disclosing Party. Accordingly, Disclosing Party shall have the right to seek and obtain preliminary and final injunctive relief to enforce the Agreement in case of any actual or threatened breach by Recipient of this Section 8, in addition to other rights and remedies that may be available to Disclosing Party."

    • The words "or equity" in the first sentence of Section 11.5 (Notices) are deleted.
    • Section 11.14 (Governing Law and Construction; Consent to Jurisdiction) is replaced as follows:

"11.14 Governing Law and Construction; Consent to Jurisdiction. The parties agree that this Agreement will be governed by, and construed in accordance with, the laws of the People's Republic of China (excluding the laws of Taiwan, Hong Kong and Macao), without reference to its conflict of law provisions. Any dispute arising out of or in connection with this Agreement shall first be settled by the parties through friendly negotiations in good faith. If no settlement can be reached within fifteen (15) days from the date when either party notifies the other party in writing to request negotiation, such dispute shall be submitted to the Shanghai Arbitration Commission for arbitration in accordance with its arbitration rules in force at that time. The arbitration tribunal shall be composed of one (1) arbitrator. Arbitration shall be conducted in Chinese. The arbitration award shall be final and legally binding upon both parties."

 

Last updated September 1st, 2023 (the "Update Date").

 

 

Exhibit 1

Cloud Services Terms

 

1.                 PROVISIONING OF SERVICES.

 

1.1. Cloud Services. Company shall provide access to the Cloud Services as described in the Agreement.

 

1.2. Security. Company shall use reasonable security technologies in providing the Cloud Services. As a data Processor, Company shall implement technical and organizational measures designed to secure Personal Data processed in the Cloud Services in accordance with applicable Data Protection Law.

 

1.3. Modifications. Company may modify the Cloud Services at any time in its sole discretion. Company may inform Customer of such modifications in the same manner that Company uses to inform its customers generally (e.g., by email, the support portal, release notes, Documentation, through the Cloud Services themselves, etc.). No modification shall result in a material reduction to the overall performance of the Cloud Services in the then-current Subscription Period

 

1.4. Data Center Location. The applicable Order Form shall specify the data center location(s) within which the production instance(s) of the Company Cloud will reside.

 

1.5. Third Party Content. The Cloud Services may include integrations with, or links to, web services made available by third parties that are accessed through the Cloud Services and subject to terms and conditions with those third parties ("Third Party Content"). Third Party Content is not part of the Cloud Services, and the Agreement does not apply to it. Customer acknowledges and agrees that its access to and use of Third Party Content shall be entirely at its own risk and Company assumes no liability or responsibility with respect to any Third Party Content.

 

1.6.  Access to Customer Data Hosted in the Company Cloud. For purposes of clarity, this Section only applies to Customer Data hosted in the Company Cloud. Customer Data hosted in the Customer Private Cloud is subject to separate terms between Customer and the applicable third party provider of such Customer Private Cloud.

 

1.6.1.  During the Subscription Period, Customer may access its Customer Data in the Company Cloud and may export and retrieve its Customer Data in a standard format. Export and retrieval may be subject to technical limitations, in which case the parties shall find a reasonable method to allow Customer to access its Customer Data.

 

1.6.2. Prior to expiration of the then-current Subscription Period or the effective date of termination, Customer may use Company's self-service export tools (as available) to perform a final export of Customer Data from the Company Cloud.   Upon the expiration or termination of the Subscription Period: (a) Customer shall no longer be permitted to access or use the Company Cloud; and (b) Company may delete or render inaccessible any remaining Customer Data in the Company Cloud (except to the extent applicable law requires retention).

 

1.6.3. If Customer requests reasonable assistance from Company for the orderly transition of the Cloud Services (such assistance shall be known as the “Transition Services”), the Transition Services shall be provided on a time and materials basis, under Company’s then current applicable rates, and may include: (a) developing a plan in collaboration with the Customer for the orderly transition of the terminated Cloud Services from Company to the Customer (b) if required, transferring Customer Data to the Customer.

 

1.6.4. In the event of third party legal proceedings related to Customer Data in the Company Cloud, Company shall cooperate with Customer and comply with applicable law (both at Customer's expense) with respect to handling of such Customer Data.

 

2.                 SUBSCRIPTION PERIOD AND RENEWAL.

 

2.1.  Subscription Period. Company shall provide the Cloud Services, subject to the terms of the Agreement, for the Subscription Period stated in the applicable Order Form.

 

2.2. Renewal. Unless otherwise specified in the applicable Order Form, upon expiration of the then-current Subscription Period, the Subscription Period will automatically renew for additional Subscription Periods of one (1) year each unless a party provides the other party with at least ninety (90) days prior written notice of its intention not to renew.

 

3.                 FEES.

 

3.1. Cloud Fee. Customer shall pay the Cloud Fee in consideration of the Cloud Services granted hereunder. Unless otherwise specified in the applicable Order Form, Company shall invoice Customer for the Cloud Fee annually in advance beginning upon the Effective Date of the applicable Order Form.

 

3.2.  Beginning upon the first anniversary of the Effective Date of the applicable Order Form, Company may increase the Cloud Fee by giving Customer not less than thirty (30) days' prior written notice; provided, however, that Company shall not increase the Cloud Fee more than once in any twelve (12) month period. Within thirty (30) days after Customer's receipt of such notice, Customer may elect to terminate the Cloud Services upon written notice to Company.

 

3.3. In the event Customer purchases additional Cloud Services under the applicable Order Form, Company may immediately invoice Customer for the additional Cloud Fee on a pro-rata basis based on the number of days remaining in the then-current Subscription Period.

 

4.                 CLOUD SERVICES WARRANTY.

 

4.1.  Company warrants that, when properly, accessed and used by Customer, the Cloud Services will substantially operate as described in the applicable Documentation. If Customer notifies Company of any breach of said warranty, Company shall use reasonable efforts to remedy any material defect or error in the Cloud Services at its own expense and within a reasonable time after receiving such notice from Customer, but only if: (a) Customer is fully compliant with its payment and other obligations under the Agreement; (b) Customer, at Company's request, promptly provides Company with documentation of the alleged defect or error; (c) Customer provides Company with complete information regarding the circumstances surrounding the alleged defect or error and cooperates fully in recreating the environment in which the alleged defect or error in question arose; and (d) the alleged defect or error does not result from or relate to: (i) any failure by Customer to perform its obligations under the Agreement; (ii) the unauthorized or incorrect use of the Cloud Services, or database or operator error; (iii) the use of software other than the Current Release of the Software or the use of computer equipment, products or services that have not been approved or supplied by Company; (iv) operation of the Cloud Services outside Company's recommended operating procedures and environmental specifications; or (v) accident, neglect, hazard, misuse, natural calamity, or failure or fluctuation of electrical power or environmental conditions.

 

4.2. In the event that Company is unable to cure any material defect or error in the Cloud Services within a reasonable period of time, Customer's sole and exclusive remedy shall be to terminate its access to and use of the applicable Cloud Services upon thirty (30) days written notice to Company and receive a pro-rata refund of the pre-paid Cloud Fee for the remainder of the then-current Subscription Period.

 

4.3. Notwithstanding Section 11.5 (Notices) of the main body of the Master Agreement, Company may give notices applicable to its cloud services customer base by means of a general notice (e.g., on Company's portal for the Cloud Services), and notices specific to Customer by email to the address specified in the applicable Order Form.

 

 

 

EXHIBIT 2 

MAINTENANCE AND SUPPORT TERMS

 

1.         MAINTENANCE SERVICES. Subject to Customer's compliance with its obligations under the Agreement, Company hereby agrees to provide the Maintenance Services to Customer, during the Support Hours, for the Maintained Releases.

2.         TERM AND FEES.

2.1. Term. The initial term of the Maintenance Services shall commence on the Commencement Date and shall remain in force until the first anniversary of the Commencement Date. Thereafter, the term of the Maintenance Services shall automatically renew for additional terms of one (1) year each unless either party notifies the other party in writing of its desire not to renew at least ninety (90) days prior to the start of the renewal term.

2.2. Maintenance and Support Fee. Customer shall pay the Maintenance and Support Fee in consideration of the Maintenance Services performed hereunder. Company shall invoice Customer for the Maintenance and Support Fee on an annual basis, the first time (unless otherwise specified in the applicable Order Form) upon the Effective Date of the applicable Order Form.

2.3. Upon at least thirty (30) days' prior written notice to Customer, Company may increase the Maintenance and Support Fee beginning at the end of the initial term of the Maintenance Services; provided, however, that Company shall not increase the Maintenance and Support Fee more than once each in any twelve (12) month period. Within thirty (30) days after Customer's receipt of such notice, Customer may elect to terminate the applicable Maintenance Services upon written notice to Company.

2.4. In the event Customer purchases additional Software licenses under the Agreement, Company may immediately invoice Customer for the additional Maintenance and Support Fee on a pro-rata basis based on the number of days remaining in the then-current term of the Maintenance Services.

 

3.       MAINTENANCE SERVICES.

3.1.
During the term of the Maintenance Services, Company shall provide Customer with Maintenance Services for the Maintained Releases of the Software licensed to Customer under the Master Agreement.

3.2. In order to receive Maintenance Services, Customer must designate a qualified English-speaking contact within its organization (the "Contact Person") and provide Company with the contact details (including, without limitation, e-mail address and telephone number) for such Contact Person. Customer's Contact Person shall be Customer's authorized representative empowered to make necessary decisions for Customer or bring about such decisions without undue delay.

3.3. Error Correction Services. Company shall endeavor to correct any defects or errors found in the Software on the following basis:

3.3.1. If Customer discovers that a Maintained Release fails to substantially comply with the Specifications, Customer shall promptly submit a report (Incident) via Company's online ticketing system. The Incident report must be in English and contain sufficient information to describe the nature of the defect or error and its impact on Customer's operations so as to enable Company to classify the defect or error.

3.3.2. Upon Company's request, Customer shall provide any additional detail, information, or data and/or perform tests on the Software in order to identify the defect or error.

3.3.3. Promptly following Company's correction of such defect or error, Company shall deliver or otherwise make available to Customer the corrected version of the Maintained Release.

3.3.4. Company shall provide Customer with all such assistance, as may be reasonably required by Customer to enable Customer to implement and use the corrected version of the Maintained Release.

3.3.5. Company shall be under no obligation to correct defects or errors to the extent caused by:

(a) any failure by Customer to comply with its obligations under the Agreement;
(b) use of the Software in a manner that was not intended or contemplated by the applicable Documentation, or other misuse or abuse of the Software;
(c) use of the Maintained Releases on or with computer equipment or programs that have not been approved or designated for use with the Maintained Releases in the Specifications;
(d) any fault in equipment, databases or programs not supplied by Company and used in conjunction with the Maintained Releases;
(e) incorrect use of the Software or operator error;
(f) any defects or errors that, in the reasonable opinion of Company, result from any modifications to the Maintained Releases made by any person other than Company;
(g) operation of the Software outside Company's recommended applicable operating procedures, requirements and environmental specifications as specified in the applicable Documentation; or
(h) accident, neglect, hazard or misuse, natural calamity, failure or fluctuation of electrical power or environmental conditions.

3.3.6. The parties acknowledge that (a) the Software is complex, and that certain non-material errors and defects are incapable of correction or may require an inordinate amount of time and money to correct; and (b) certain errors are cosmetic and do not affect the accuracy of the data produced by the Software or deviate from the functional specifications set forth in the applicable Documentation. If a defect or error falls into either of these categories, then Company shall have no obligation to correct such defect or error other than to use its reasonable efforts to correct such defect or error in any subsequent Release.

3.3.7. In performing its obligations under this Section 3.3, Company may in its sole and absolute discretion:

(a) provide a local fix or patch to the Software;
(b) provide a temporary solution;
(c) schedule the resolution of the defect or error for inclusion in a subsequent Release;
(d) modify the applicable Documentation to reflect operating limitations and correct operating procedures; or
(e) request such additional information from Customer as may be required to enable it to identify and correct the defect or error in question.

 

3.4. Documentation Amendment Service. Customer shall notify Company in writing immediately if it discovers that the applicable Documentation does not provide adequate or substantially correct instruction for the proper use of any features or functions of the Maintained Releases as set out in the Specifications. Upon receipt of Customer's notice, Company shall endeavor to promptly correct the fault and provide Customer with appropriate updates to the applicable Documentation. This provision is not applicable to any documentation related to any customization services or specific configuration.
 
3.5. Support Hours. Company shall only be required to provide the Maintenance Services during the Support Hours.

3.6. Software Maintenance and New Releases Service.

3.6.1. Company shall make each new Release available to Customer through the Cloud Services, together with any updates to the applicable Documentation necessary to enable proper use of the altered features and functions of the new Release.
If required by Customer, Company shall provide training for Customer's staff in the use of the new Release as soon as reasonably practicable following delivery of the new Release at Company's then-current rates.
3.6.2. Company shall be under no obligation to ensure that Customizations that were previously applied to the Software will be compatible or interoperate with any new Release.
3.6.3 All new Releases provided to Customer (as well as any other Software or other Materials delivered to Customer) shall be subject to the terms and conditions of the Agreement.
3.6.4. Maintenance Services do not include advice or support related to the implementation and installation or use of upgrades or new Releases. If requested by Customer, such assistance and support shall be provided by Company as a separate service chargeable at Company's then current rates.
3.6.5. Company is not and shall not be obligated to develop new Releases.

 

3.7. Support Service. Upon Customer's request, Company shall use reasonable endeavors to provide the Customer with support service to meet the Service Levels in all material respects and subject to the terms of this Agreement during the Support Hours:

3.7.1. identification and verification of the causes of suspected errors or defects in the Maintained Releases.
3.7.2. workarounds for such identified and verified errors or defects, where reasonably possible;
3.7.3. the completion of a fault report; and
3.7.4. the status of any fault report previously submitted by Customer that has not yet been resolved by Company pursuant to the Agreement.

 

3.8. Service Levels.

3.8.1. Service Levels for Supported Software. Company shall endeavor to meet the Service Levels defined below. 

In the event of an Incident identified by a Customer User, the latter shall provide Company Customer Support all necessary & relevant information to the extent they are reasonably able to do so, regarding the conditions under which such Incident occurred and, in particular:

-        The date and time of the event.

-        The User's login.

-        A screen shot if applicable.

-        The reference of the handled document (name and identifier), as examples technical specifications, pack copy, etc.

Once this Incident is recorded: Company shall analyze and qualify the Incident according to the three Incident / Exception Priority Levels, i.e. S1, S2 and S3, described below:

 

 

Incident Priority Definitions

 

Type

Definition of Incident

Severity 1 (S1)

A problem that causes substantial Customer production system downtime, system halts, data loss or corruption that renders the Software entirely unusable or non-functional and that can cause serious losses of service.

Severity 2 (S2)

A reproducible Incident where one of the major functions or features of the Company application is failing. Impacting a very limited number of Users. Time-sensitive issue important to long-term productivity that is not causing an immediate stoppage of work.

Severity 3 (S3)

A medium-to-low impact problem that involves partial non-critical functionality loss. One that impairs some operations but allows Customer to continue to function. It may be a minor issue with limited loss or no loss of functionality or impact to Customer's operation, or an issue in which there are means of circumvention or avoidance by Customer.

 

Company will collaborate with the Customer to ensure due consideration of the commercial business impact is reflected in the priority status allocation, and the Customer will have the opportunity to escalate specific issues via the standard escalation hierarchy.

 

SLA Corrective Maintenance objectives

 

Priority Level

Response Time*

Resolution Time*

S1

1 (one) Business Hour

 

95% within 8 hours

 

Company shall endeavor to remedy the Incident within 8 hours as from the opening of the Incident by Company or, if it is not possible to do so, to implement a workaround solution within the same deadline.

S2

 

2 (Two) Business Hour

 

Maintenance Release

Company shall endeavor to remedy the situation or to implement a workaround solution within a reasonable deadline as from the opening of the Incident by Company. Resolution will be delivered in a maintenance release.

S3

 

24 (twenty-four) Business Hours

 

Release

Company shall endeavor to remedy the situation or to implement a workaround solution within a reasonable deadline as from the opening of the Incident by Company. Resolution will be delivered in a standard release.

 

*during Support hours from the notification of the Incident by the User.

Part of the Incident Opening activities performed by Company includes an email to the Customer User and the Customer acknowledging the Incident and confirming it has been logged by presenting a unique reference to the Incident. This will happen within the allotted time.

Company will present an Incident report for all Incidents raised by the Customer User at priority S1. This will include a summary of the Incident including symptoms, details of the root cause, the fix applied, and any changes that will be implemented to prevent such an Incident reoccurring.

(a) The Service Levels titled "Response Time" measure Company's ability to notify Customer that Company has received an error report and has started working to correct the problem (a "Response") within the prescribed time period. These Service Levels are measured, during Support Hours, from the time that Company receives the applicable error report to the time when Company provides a Response or reduces the severity of the error report to Severity 3.

(b) The Service Level titled " Resolution Time" measures Company's ability to provide a solution, workaround, or action plan for the error in question (each, a "Correction") within the prescribed time period. This Service Level is measured, during Support hours, from the time that Company receives the applicable error report to the time when Company provides a Correction or reduces the severity of the error report to Severity 2 or Severity 3.

The Service Level titled " Resolution Time" only counts time when the error report is being processed by Company and does not include time when the error report is not being processed by Company.

(c) If Company provides an action plan to Customer, such action plan will include descriptions of:

         -  the status of the resolution process;
         - the next steps planned by Company and the responsible person(s) allocated by Company;
         - required cooperation by Customer;
         - date and time for the next status update from Company; and
         - estimated due dates for actions taken by Company, to the extent these are capable of being provided.

(d) Company will provide regular status updates on the processing of Severity 1 error reports, which shall include:

         - results of actions undertaken so far;
         - next steps planned; and
         - date and time for next status update.

3.8.2. Prerequisites. For Severity 1 error reports, the following prerequisites must be fulfilled by Customer:

(a) The issue and its business impact must be described in detail;
(b) An English-speaking counterpart must be assigned to assist Company during the time that Company is working to provide a Correction; and
(c) A contact person must be nominated for opening the remote connection to the system and to provide the necessary log-on data.

3.8.3. Exclusions. The following types of error reports are excluded from the Service Levels for "Response Time" and "Resolution Time":

(a) Error reports relating to a Release, Configuration, Customization, version and/or functionality of the Software developed specifically for Customer, including, without limitation, those developed by Company's professional services organization.
(b) Error reports relating to country versions that are not part of Company's standard version of the Software, including, without limitation, partner add-ons, enhancements, or modifications, even if these versions were created by Company or an associated organization.
(c) The root-cause behind the error report is not a malfunction in the Software, but rather a missing functionality that is not included in Company's standard version of the Software or the error report is ascribed to a consulting or development request.

3.8.4. Service Level Non-Performance.

(a) All Service Levels shall be measured on a quarterly basis, beginning on the first full quarter after the Effective Date of the applicable Order Form.
(b) In the event that either of the Service Levels for Response Time and/or the Service Level for Resolution Time are not met (each a "Failure"), the following rules and procedures shall apply:
     - Customer shall notify Company of any alleged Failure in writing. Such notice must be provided by Customer within thirty (30) days after the end of the quarter in which the alleged Failure occurred.
      - Following receipt of Customer's notice, Company will provide Customer with a report that confirms or denies the accuracy of Customer's claim.
      - Customer will provide reasonable assistance to Company in its efforts to correct any problems or processes inhibiting Company's ability to meet the Service Levels.

 

4.          CUSTOMER'S OBLIGATIONS.  

4.1. In order to enable Company to provide the Maintenance Services in accordance with the Agreement, Customer shall:

4.1.1. use only the Maintained Releases;
4.1.2. not alter or modify, or attempt to alter or modify, the Software or other Materials in any way;
4.1.3. not request, permit or authorize anyone other than Company to provide any maintenance or other support services in respect of the Maintained Releases;
4.1.4. co‑operate fully with Company's personnel in the diagnosis of any error or defect in the Software or other Materials;
4.1.5. make available to Company free of charge:
(a) all information, facilities and services reasonably required by Company to enable Company to perform the Maintenance Services, including , but not limited to, error messages, description of the defect, steps to reproduce the defect, computer runs, core dumps, printouts, data preparation (including data required by Company to replicate any problem encountered with the Software or Maintenance Services), office accommodations, and word processing and photocopying capabilities; and
(b) such telecommunication facilities as are reasonably required by Company for testing and diagnostic purposes.
4.1.6. provide first-level support to Customer's users (Company is only responsible for providing second-level support to Company's designated Contact Person); and
4.1.7. continue to pay all fees for the Maintenance Services in accordance with the Agreement.

4.2. Customer acknowledges that it is exclusively responsible for:

4.2.1. ensuring that its personnel are, at all times, educated and trained in the proper use and operation of the Maintained Releases;
4.2.2. ensuring that its personnel use and operate the Maintained Releases in accordance with the terms of the Agreement;
4.2.3. processing its data and ensuring the security and accuracy of all inputs and outputs;
4.2.4. checking all results obtained from its use of the Maintained Releases;
4.2.5. the selection, use of and results obtained from any other programs, equipment, materials or services used in conjunction with the Maintained Releases.

5.        DEFINITIONS. The following terms, when used in this Exhibit, shall have the meanings specified below:

5.1. "Commencement Date" means (a) the Commencement Date specified in the applicable Order Form or (b) if the Commencement Date is not specified in the applicable Order Form: (i) with respect to Software installed at Customer's premises or hosted in the Customer Private Cloud, the day immediately following the day that the Software is installed at the Location; and (ii) with respect to Software made available to Customer as part of the Cloud Services, the day immediately following the day that the Software is made available to Customer through the Cloud Services.

5.2. "Configuration" means a change in one or more of the components of the Software listed in the Configurable Component Specification document (which is part of the Specifications) as such document may be updated from time to time by Company.

5.3. "Customization" shall mean any change to a component of the Software that is not a Configuration, including: (a) a script file (.cs, .js, .vb); (b) a schema change in the database; (c) a User Defined Form; (d) a report; or (e) a workflow file; or (f) an integration with external systems.

5.4. "Maintained Releases" means: (a) the last two (2) Current Releases of the Software (either right or left of decimal point); and (b) all previous Releases for a period of five (5) years after their launch date or two (2) years after the launch date of their next Release, whichever is longer.

5.5. "Specifications" means the functional specifications of the Software, including: (a) the facilities and functions of the Software; (b) details of the environment in which the Software is designed to operate; (c) the language in which the Software is written; and (d) the results the Software is designed to achieve.

5.6. "Support Hours" means the hours between 9:00 am and 5:00 pm (of the time zone where the support facility is located) Monday to Friday (excluding public and statutory holidays) during which Company shall provide the Maintenance Services.

 

 

Exhibit 3 

DATA PROCESSING AGREEMENT

1.         BACKGROUND.

1.1. Purpose. This Exhibit applies to Company's and its Subprocessors' processing of Personal Data that Customer provides to Company (if any) as part of the Services purchased by Customer under the applicable Order Form. With respect to the Cloud Services, this Exhibit shall not apply to non-production environments of the Company Cloud (if such environments are made available by Company), and Customer shall not store Personal Data in such environments. Attachment 3.1 (Description of Processing) to this Exhibit, which describes the nature and purpose of the processing, the type of Personal Data and the categories of Data Subjects, is incorporated into and forms part of this Exhibit.

1.2. GDPR. The parties agree that it is each party's responsibility to review and adopt requirements imposed on Controllers and Processors by the General Data Protection Regulation 2016/679 ("GDPR") if and to the extent applicable to Personal Data of Customer that is processed as part of the applicable Services.

1.3. Relationship of the Parties. The parties acknowledge and agree that, in connection with the processing of Personal Data as part of the applicable Services: (a) Company shall act as a Processor and (b) Customer and those entities that Customer permits to use or receive the applicable Services shall act as Controllers. Customer shall act as a single point of contact and is solely responsible for obtaining any relevant authorizations, consents and permissions for the processing of Personal Data in accordance with the Agreement, including, where applicable, approval by Controllers to use Company as a Processor. Where authorizations, consents, permissions or instructions are provided by Customer these are provided not only on behalf of Customer but also on behalf of any other Controller using or receiving the applicable Services. Where Company informs or gives notice to Customer, such information or notices shall be deemed received by those Controllers permitted by Customer to use or receive the applicable Services and it is Customer's responsibility to forward such information and notices to the relevant Controllers.

2.        SECURITY

2.1. Security Measures. Company has implemented and shall apply the technical and organizational measures set forth in Attachment 3.2 (Technical and Organizational Measures) to this Exhibit (the "Security Measures"). Customer acknowledges that it has reviewed the Security Measures and agrees that, with respect to the applicable Services, the Security Measures are appropriate taking into account the state of the art, costs of implementation, nature, scope, context and purposes of the processing of Personal Data. Attachment 3.2 (Technical and Organizational Measures) applies only to the extent the applicable Services are performed on or from Company premises. In the case where Company is performing the applicable Services on Customer's premises and Company is given access to Customer's systems and data, Company shall comply with Customer's reasonable administrative, technical and physical conditions to protect such systems and data and guard against unauthorized access. In connection with any access to Customer's systems and data, Customer shall be responsible for providing Company with user authorizations and passwords to access its systems and revoking such authorizations and terminating such access, as Customer deems appropriate from time to time. Customer shall not grant Company access to Customer's systems or data (of Customer or any third party) unless such access is essential for the performance of the applicable Services. Customer shall not store any Personal Data in non-production environments.

2.2. Changes. Company may change the Security Measures at any time without notice so long as it maintains a comparable or better level of security. Individual Security Measures may be replaced by new security measures that serve the same purpose without diminishing the overall level of security protecting Personal Data.

 

3.       COMPANY'S PROCESSING OBLIGATIONS.

3.1. Compliance with Customer Instructions. Company shall process Personal Data only in accordance with documented instructions from Customer. The Agreement (including this Exhibit) constitutes such documented initial instructions and Customer may provide further instructions during the performance of the applicable Services (for clarity, with respect to the Cloud Services, each use of the Cloud Services constitutes such further instructions). Company shall use reasonable efforts to follow any other Customer instructions, as long as they are required by Data Protection Law, technically feasible and do not require changes to the applicable Services. If any of the preceding exceptions apply, or Company cannot otherwise comply with an instruction or is of the opinion that an instruction violates Data Protection Law, Company shall promptly notify Customer.

3.2. Legal Requirements. Company may also process Personal Data to the extent required by applicable law. In such a case, Company shall inform Customer of the applicable legal requirement before processing (except to the extent legally prohibited from doing so).

3.3. Cooperation. At Customer's request, Company shall reasonably cooperate with Customer and its Controllers in handling requests from Data Subjects or regulatory authorities regarding Company's processing of Personal Data or any Personal Data Breach. Company shall notify Customer as soon as reasonably practical about any request it receives from a Data Subject in relation to its processing of Personal Data; provided, however, that Company shall not respond to such request without Customer's further instructions. With respect to the Cloud Services, Company shall endeavor to provide functionality that supports Customer's ability to correct or remove Personal Data from the Company Cloud or restrict its processing in accordance with Data Protection Law. Where such functionality is not provided as part of the Cloud Services, Company shall correct or remove Personal Data, or restrict its processing, in accordance with Customer's instructions and Data Protection Law. With respect to any applicable Services other than the Cloud Services i.e., the Maintenance Services, Managed Services or Professional Services), Company shall correct or remove any Personal Data in its possession, or restrict its processing, in accordance with Customer's instructions and Data Protection Law.

3.4. Personal Data Breach Notification. Company shall notify Customer without undue delay after becoming aware of any Personal Data Breach and provide reasonable information in its possession to assist Customer to meet Customer's obligations to report such Personal Data Breach as required under Data Protection Law. Company may provide such information in phases as it becomes available. Such notification shall not be interpreted or construed as an admission of fault or liability by Company.

3.5. Data Protection Impact Assessment. If, pursuant to Data Protection Law, Customer or its Controllers are required to perform a data protection impact assessment or prior consultation with a regulator, Company shall, at Customer's reasonable request, provide such documents as it generally makes available for its other similarly situated customers. Any additional assistance shall be mutually agreed between the parties.

 

4.       DATA EXPORT AND DELETION.

4.1. Cloud Services. The following shall apply with respect to the Cloud Services:

4.1.1. Export and Retrieval by Customer. During the Subscription Period, Customer may access its Personal Data in the Company Cloud and may export and retrieve its Personal Data in a standard format. Such export and retrieval may be subject to technical limitations, in which case Company and Customer shall find a reasonable method to allow Customer access to its Personal Data.
4.1.2. Deletion. Prior to expiration of the then-current Subscription Period or the effective date of termination, Customer may use Company's self-service tools (as available) to perform a final export of Personal Data from the Company Cloud. At the end of the Subscription Term for the Cloud Services, Customer hereby instructs Company to delete any Personal Data remaining on servers hosting the Company Cloud within a reasonable time period in accordance with Data Protection Law (unless applicable law requires retention).

4.2. Other Applicable Services. With respect to any applicable Services other than the Cloud Services, Customer hereby instructs Company to delete any Personal Data remaining with Company within a reasonable time period in accordance with Data Protection Law once such Personal Data is no longer required for execution of the Agreement.

 

5.        CUSTOMER AUDIT RIGHTS.

5.1. Customer Audit. Subject to Sections 5.3 and 5.4 below, Customer or its independent third party auditor reasonably acceptable to Company (which shall not include any third party auditor that is a competitor of Company, not suitably qualified or independent or has not executed a written confidentiality agreement applicable to Company before conducting the audit) may (once in any twelve (12) month period unless mandatory Data Protection Law requires more frequent audits) audit Company's control environment(s) and security practices relevant to Personal Data processed by Company as part of the applicable Services, but only if:

5.1.1. Company has not provided sufficient evidence of its compliance with applicable technical and organizational measures that protect the production systems of the Cloud Services through providing either (a) a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate); or (b) in the case of the Cloud Services, a valid ISAE3402 or ISAE3000 or other SOC1-3 attestation report. Company's audit reports or ISO certifications are available upon Customer's reasonable request;

5.1.2. a Personal Data Breach has occurred;

5.1.3. an audit is formally requested by Customer's data protection authority; or

5.1.4. mandatory Data Protection Law provides Customer with a direct audit right.

5.2. Other Controller Audit. Any other Controller may audit Company's control environment and security practices relevant to Personal Data processed by Company in accordance with Section 5.1 above, but only if any of the cases set out in Section 5.1 above applies to such other Controller. Such audit must be undertaken through and by Customer unless the audit must be undertaken by the other Controller itself under Data Protection Law. If several Controllers whose Personal Data is processed by Company require an audit, Customer shall use best efforts to combine the audits and avoid multiple audits.

5.3. Scope of Audit. Customer shall provide at least sixty (60) days prior written notice of any audit unless mandatory Data Protection Law or a competent data protection authority requires shorter notice. The frequency and scope of any audit shall be mutually agreed between the parties acting reasonably and in good faith. Any audit shall (a) be subject to Company's applicable policies; (b) be limited in time to a maximum of three (3) business days; (c) be conducted during Company's regular business hours; and (d) not interfere with Company's business operations. Beyond such restrictions, the parties shall use current certifications or other audit reports to avoid or minimize repetitive audits. Customer shall provide the results of any audit to Company.

5.4. Cost of Audit. Customer shall bear the costs of any audit. If an audit determines that Company has breached its obligations under this Exhibit, Company shall promptly remedy the breach at its own cost

 

6.       SUBPROCESSORS. 

6.1. Permitted Use. Notwithstanding anything to the contrary in the Agreement, Company shall be permitted to subcontract the processing of Personal Data to Subprocessors. Company shall engage Subprocessors under a written contract (which may be in electronic form) consistent with the terms of this Exhibit in relation to each Subprocessor's processing of Personal Data. Company shall be responsible and liable for any of its Subprocessors' failure to perform in accordance with this Exhibit to the same extent as if such failure to perform was committed by Company. Company shall evaluate the security, privacy and confidentiality practices of each Subprocessor prior to selection to help establish that it is capable of providing the level of protection of Personal Data required by this Exhibit. Company shall make its list of Subprocessors available to Customer upon Customer's reasonable request, including the name, address and role of each Subprocessor that Company uses to provide the applicable Services.

6.2. New Subprocessors. Company's use of Subprocessors is at its sole discretion. The Customer authorizes the Company to make use of New Subprocessors under the following conditions:

- The Subprocessor is bound by the obligations set out in this Agreement, which shall be reiterated in the agreement signed between the Subprocessor and Company;

- Company shall remain fully liable towards the Customer for the performance by the Subprocessor of its contractual obligations.

 

Company shall endeavor to inform Customer by keeping an up-to-date list of its Subprocessors and shall endeavor to inform the Customer by providing it with an updated version of such list (directly available on Company’s website : https://www.traceone.com/terms-of-service). The Customer may reasonably object to any New Subprocessor within thirty (30) days following the update. Use of the Services after such period shall constitute the Customer’s acceptance of the updated list.

6.3. Emergency Replacement. Company may replace a Subprocessor without advance notice where the reason for the replacement is outside of Company's reasonable control and prompt replacement is required for security or other urgent reasons. In this case, Company shall inform Customer of the replacement Subprocessor as soon as reasonably possible following its appointment and Section 6.2 above shall apply accordingly.

 

7.        INTERNATIONAL PROCESSING.

7.1. International Processing. Company shall be entitled to process Personal Data, including by using Subprocessors or its Affiliates, in accordance with this Exhibit outside the country in which Customer is located as permitted under Data Protection Law. Company may process Personal Data outside the European Union provided that:
     - the country of destination is covered by an adequacy decision by the European Commission; or
     - the transfer is covered by appropriate guarantees such as the signature of Standard Contractual Clauses adopted by the European Commission.

7.2. Standard Contractual Clauses. Where (a) Personal Data of an European Economic Area (EEA) or Swiss based Controller is processed in a country outside the EEA, Switzerland or any jurisdiction acknowledged by the European Union as a safe jurisdiction with an adequate level of data protection under Art 45 GDPR; or (b) Personal Data of another Controller is processed internationally and such international processing requires an adequacy means under the laws of the country of the Controller and the required adequacy means can be met by entering into Standard Contractual Clauses, then, the Customer appoints Company to perform any such transfer and the Customer give to the Company a mandate to sign, in its name and on its behalf, Standard Contractual Clauses governing the transfers of Personal Data from Controller to Processors established in third countries (2010/87/ EU), unless otherwise notified in writing.

7.3. Hierarchy. Nothing in the Agreement shall be construed to prevail over any conflicting clause of the Standard Contractual Clauses. For the avoidance of doubt, where this Exhibit further specifies audit and subprocessor rules in Sections 5 and 6 above, such specifications also apply in relation to the Standard Contractual Clauses.

7.4. Governing Law of Standard Contractual Clauses. The Standard Contractual Clauses shall be governed by the law of the country in which the Company is incorporated. If the Company is not incorporated in the EU, the governing law shall be the French law.

 

8.     RECORDS.

Each party shall be responsible for its compliance with its documentation requirements, in particular maintaining records of processing where required under Data Protection Law. Each party shall reasonably assist the other party in its documentation requirements, including providing the information the other party needs from it in a manner reasonably requested by the other party (such as using an electronic system), in order to enable the other party to comply with any obligations relating to maintaining records of processing.

 

9.      DEFINITIONS. The following terms, when used in this Exhibit, shall have the meanings specified below:

9.1. "Personal Data Breach" means a confirmed (a) accidental or unlawful destruction, loss, alternation, unauthorized disclosure of or unauthorized third party access to Personal Data or (b) similar incident involving Personal Data, in each case for which a Controller is required under Data Protection Law to provide notice to competent data protection authorities or Data Subjects.

 

ATTACHMENT 3.1 

DESCRIPTION OF PROCESSING

 

 

Cloud Services

Maintenance Services

Managed Services

Professional Services

Data Exporter

Customer, which subscribes to the Cloud Services and allows Authorized Users to enter, amend, use, delete or otherwise process Personal Data, is the data exporter. Where Customer allows other Controllers to also use the Cloud Services, such other Controllers are also data exporters.

Customer, which benefits from the applicable Services, is the data exporter. Where Customer allows other Controllers to use the applicable Services, such other Controllers are also data exporters.

Data Importer

Company, its Affiliates and its Subprocessors, which provide the Cloud Services, are the data importers.

Company its Affiliates and its Subprocessors, which provide the applicable Services, are the data importers.

Data Subjects

Unless provided otherwise by the data exporter, transferred Personal Data relates to the following categories of Data Subjects:

·  Authorized Users (Customer’s Employees);

·  Contractors;

·  Business partners; or

·  Other individuals whose Personal Data is

   stored in the Cloud Services.

Unless provided otherwise by the data exporter, transferred Personal Data relates to the following categories of Data Subjects:

·   Authorized Users (Customer’s Employees);

·   Contractors;

·   Business partners; or

·  Other individuals whose Personal Data is accessed

    by or provided to the data importer.

Categories of Data

The data exporter determines the categories of data that could be transferred to the data importer. Transferred Personal Data typically relates to the following categories of data:

·        Name (first and last name);

·        Phone number;

·        Professional Email address;

·        Title;

·        Location Data (Time zone);

·        Address data (IP address, cookies);

·        System access / usage / authorization data;

·        Contract data;

·        Application specific data that is transferred by Customer's users or recipients of the applicable

         Services (e.g., bank account data, credit card data, debit card data, etc.).

Special Categories of Data

None

Processing Operations

Unless otherwise agreed in the applicable Order Form, the transferred Personal Data shall be subject to the following basic processing activities:

·  Setting up, operating, monitoring and

   providing the Cloud Services;

·  Providing consulting services;

·  Communicating to Authorized Users;

·  Invoicing/ accounting;

·  Storing Personal Data in dedicated data centers;

·  Uploading fixes or upgrades to the Cloud

   Services;

·  Backing up Personal Data;

·  Computer processing of Personal Data (e.g., data

   transmission, data retrieval, data access, etc.);

·  Network access to allow Personal Data transfer;

·  Verifying compliance with the terms and

   conditions of the Agreement;

·  Testing and applying new product or system

   versions, patches, updates and upgrades;

·  Consulting;

·  Monitoring and testing system use and

   performance;

·  Resolving bugs and other issues;

·  Complying with applicable legal requirements;

   and

·  Execution of Customer's instructions in

   accordance with the Agreement.

Transferred Personal Data shall be subject to the basic processing activities described in the Agreement, which may include:

·   Use of Personal Data to provide the applicable

    Services;

·   Storage of Personal Data;

·   Invoicing/ accounting;

·   Computer processing of Personal Data for data

    transmission; and

·   Execution of Customer's instructions in accordance

    with the Agreement.

·   Maintenance Services include providing support when

    Customer submits a support ticket because the

    Software is not working as expected.

·   Managed Services include monitoring and supporting

    the applicable Software as further defined in the

    applicable Order Form.

·   Professional Services include providing certain services

    related to the Software as further defined in a

    Statement of Work attached to the applicable Order

    Form.

 

 

ATTACHMENT 3.2 

TECHNICAL AND ORGANIZATIONAL MEASURES

 

1.1. Introduction. When processing Personal Data on behalf of Customer in connection with the applicable Services, Company has implemented and will maintain appropriate technical and organizational security measures for the processing of such data, including the measures specified in this Attachment to the extent applicable. These measures are intended to protect Personal Data against accidental or unauthorized loss, destruction, alteration, disclosure or access, and against other unlawful forms of processing.

1.2. Physical Access Control. Company employs measures designed to prevent unauthorized persons from gaining access to data processing systems in which Personal Data is processed, such as the use of security personnel, secured buildings and data center premises.

1.3. System Access Control. The following controls are applied depending upon the particular Services ordered: authentication via passwords or two-factor authentication, documented authorization processes, documented change management processes and logging of access on several levels. For Cloud Services hosted by Company: (i) log-ins to Cloud Services environments by Company employees and Subprocessors are logged; (ii) logical access to the data centers is restricted and protected by firewall/VLAN; and (iii) intrusion detection systems, centralized logging and alerting, and firewalls are used.

1.4. Data Access Control. Personal Data is accessible and manageable only by properly authorized staff appointed as system administrators, direct database query access is restricted, and application access rights are established and enforced.

1.5. In addition to the access control rules described above Company is responsible to manage the access and rights to operate the Cloud Services (as for instance administration, exploitation, security, data protection, backups). However, it is Customer’s responsibility to manage the access and rights to the application and data accessible through it.

1.6. Transmission Control. For Cloud Services hosted by Company: except as otherwise specified the Agreement or the applicable Documentation, transfers of data outside the Cloud Services environment are encrypted. The content of communications (including sender and recipient addresses) sent through some email or messaging services may not be encrypted. Customer is solely responsible for the results of its decision to use unencrypted communications or transmissions.

1.7. Input Control. The Personal Data source is under the control of the Customer. Personal Data integration into the system is managed by secured file transfer (i.e., via web services or entered into the application) from the Customer. To the extent the applicable Services permit Customer to use unencrypted file transfer protocols, Customer is solely responsible for its decision to use such unencrypted field transfer protocols.

1.8. Data Backup. For Cloud Services hosted by Company: back-ups are taken on a regular basis and are secured using a combination of technical and physical controls, depending on the particular Cloud Services.

1.9. Data Segregation. Personal Data from different Company customers' environments is logically segregated on Company's systems.

 

 

Exhibit 4 

Professional Services Terms 

 

1. PROFESSIONAL SERVICES.

1.1. Professional Services to Customer. Company shall provide the Professional Services to Customer as specified in the applicable Order Form. Company shall cause its personnel, while performing the Professional Services at or from the premises of Customer, to comply with all reasonable internal rules and regulations of Customer, including security procedures, applicable to such premises, provided such rules and regulations apply to Customer's third party contractors generally and are disclosed to Company reasonably in advance and in writing.

1.2. Acceptance. The parties may agree in an Order Form that specific Deliverables provided by Company to Customer will be subject to acceptance by Customer. If the applicable Order Form states that such Deliverables are subject to acceptance procedures, the following procedures shall apply:

1.2.1. Within ten (10) days (or such other time period as may be agreed in writing by the parties) after a Deliverable has been performed or delivered by Company ("Acceptance Period"), Customer shall review and verify that the Deliverable is in substantial compliance with the acceptance criteria set forth in the applicable Order Form ("Compliance"). Company shall provide reasonable assistance to Client in connection with its review and verification of the Deliverable. If the Deliverable is in Compliance, Customer shall accept the Deliverable. Acceptance shall not be unreasonably withheld, delayed or conditioned by Customer.

1.2.2. If Customer finds that the Deliverable is not in Compliance, Customer shall send a written notice to Company describing in reasonable detail why the Deliverable is not in Compliance ("Rejection Notice"). Within ten (10) business days (or such other time period as may be agreed in writing by the parties) after receipt of that Rejection Notice (the "Correction Period"), Company shall, at no additional cost to Customer, render the Deliverable in Compliance and redeliver such corrected Deliverable to Customer for an additional Acceptance Period. If Customer fails to provide a Rejection Notice, or accept the Deliverable, within the Acceptance Period, Customer shall be deemed to have accepted the Deliverable.

1.2.3. Upon acceptance of a Deliverable, all Professional Services associated with such Deliverable shall be deemed accepted and Company shall have no further obligation with respect to an accepted Deliverable. Where acceptance criteria are not specified in the applicable Order Form for a Deliverable, such Deliverable shall be deemed completed and accepted by Customer the day after Company performs it or delivers it.

 

2. PAYMENT AND INVOICING TERMS.

2.1. Payment for Professional Services. The fees for the Professional Services shall be as specified in the applicable Order Form.

2.2. Invoicing. Unless otherwise specified in the applicable Order Form, invoices shall be submitted monthly by Company for payment by Customer.

 

3. CHANGES. Either party may request changes to the Professional Services in accordance with the change request form made available by Company from time to time or included in the applicable Order Form ("Change Request"). Company is not required to perform under a Change Request until agreed to and signed by the parties.

 

4. LICENSE TO USE WORK PRODUCT. Once all amounts due under the applicable Order Form are paid in full and all claims have been satisfied, Customer is granted a non-exclusive, non-transferable and non-assignable license, so long as Customer complies with the terms of the Agreement, to use any Deliverables or other Work Product provided to it by Company under the applicable Order Form for Customer's internal business purposes. Customer shall not (a) use the Deliverables or Work Product to provide services to third parties (e.g., business process outsourcing, service bureau applications or third party training) other than to Customer's Affiliates; nor (b) lease, loan, resell, sublicense or otherwise distribute the Deliverables or Work Product other than to Customer's Affiliates.