MindTouch® Master Subscription Agreement

Version 2018.08.24

IMPORTANT – PLEASE READ CAREFULLY – THIS MASTER SUBSCRIPTION AGREEMENT (THE “AGREEMENT”) CONSTITUTES A LEGALLY BINDING CONTRACT BETWEEN MINDTOUCH, INC., A DELAWARE CORPORATION (“MINDTOUCH,” “WE,” “OUR,” OR “US”) AND YOU AND GOVERNS YOUR PURCHASE AND USE OF OUR SERVICES.  IF YOU REGISTER FOR A FREE TRIAL OF OUR SERVICES, THIS AGREEMENT WILL ALSO GOVERN THAT FREE TRIAL.

BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING ON THE “I ACCEPT” BUTTON BELOW OR BY EXECUTING AN ORDER FORM THAT REFERENCES THIS AGREEMENT, YOU AGREE TO THE TERMS OF THIS AGREEMENT.  IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERMS “YOU,” “YOUR” OR “CUSTOMER” SHALL REFER TO SUCH ENTITY.  IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.

Table of Contents

  1. Definitions
  2. Free Trial9.
  3. Paid Services
  4. Use of the Services
  5. Third-Party Providers
  6. Fees and Payment for Paid Services
  7. Proprietary Rights
  8. Professional Services
  9. Confidentiality
  10. Warranties and Disclaimers
  11. Indemnification
  12. Limitation of Liability; Basis of Bargain
  13. Term and Termination
  14. General Provisions

1. DEFINITIONS

Abuse” shall be deemed to have occurred if, in your access and use of the Service your actions, or inactions, cause material degradation to the Services for You and our other customers.  Examples of Abuse may include situations where (i) you build applications that interact with, or combine applications with, the Service which applications negatively affect the speed and performance of the Service, (ii) you create dynamic pages which (a) take longer than 5 seconds to resolve, or (b) take longer than 8 seconds to load, or (iii) you reach ten percent (10%) or more of the annual web request subscription allowance set forth in the Order Form within a 24-hour period.

Affiliate” means any entity which directly or indirectly controls, is controlled by, or is under common control with the subject entity.  For purposes of this definition, “control” means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

Extraordinary Circumstances” means all circumstances beyond our reasonable control including, without limitation, fire, flood, earthquake, elements of nature or acts of God, acts of war, terrorism, riots, civil disorders, rebellions, civil unrest, or revolutions, strikes, lockouts, labor difficulties, generalized internet interruptions (through denial of service, worms, telecommunications problems or the like).

Malicious Code” means viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs.

Order Form” means the ordering documents for the paid Services hereunder, including addenda thereto, that are entered into between you and us from time to time.  Order Forms shall be deemed incorporated herein by reference.

Professional Services” means the ancillary services such as data transfer and cleaning, training and consulting services offered by MindTouch set forth in the Order Form.

Services” means the services that you use as part of a free trial or are paid for under an Order Form.

Third-Party Applications” means online, web-based applications and offline software products that are provided by third parties, interoperate with the Services, and are identified as third-party applications.

User Guide” means the online user guide for the Services made available on our website located at http://success.mindtouch.com (the “Website”), as updated from time to time.

Users” means individuals who are authorized by you to use the Services, for whom subscriptions to a Service have been purchased, and who have been supplied user identifications and passwords by you (or by us at your request).  Users may include but are not limited to your employees, consultants, contractors and agents; or third parties with which you transact business.

Your Data” means all electronic data or information submitted by you or Users to the Services including identities, data and information on, of or about any Users of the Services.

2. FREE TRIAL

We may offer a free trial of our Services from time to time.  Free trial may be for a limited period of time or for limited features of the Services.  To view the specific details of, or eligibility for, a free trial, visit the Website.  We may require you to register and designate a payment method even for the free trial.  We may begin charging your designated payment method for annual subscription fees plus any applicable tax at the end of the free trial unless you cancel prior to the end of the free trial period.  You will not receive a notice from us that your free trial period has ended and your subscription shall be deemed to have commenced at the end of the free trial.  IF YOU CANCEL PRIOR TO THE END OF YOUR FREE TRIAL PERIOD, THERE WILL BE NO CHARGES TO YOUR PAYMENT METHOD.  Additional trial terms and conditions may appear on the trial registration web page.  Any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding.

ANY DATA YOU ENTER INTO THE SERVICE DURING YOUR FREE TRIAL WILL BE PERMANENTLY LOST UNLESS YOU PURCHASE A SUBSCRIPTION TO THE SAME SERVICE OR EXPORT SUCH DATA, BEFORE THE END OF THE TRIAL PERIOD.

3. PAID SERVICES

3.1. Provision of Paid Services

We shall make the Services available to you pursuant to this Agreement and the relevant Order Forms during the Subscription Period (as defined below).  You agree that your purchases hereunder are neither contingent on the delivery of any future functionality or features nor dependent on any oral or written public comments made by us regarding future functionality or features.

3.2. User Subscriptions

If specified in the applicable Order Form, (i) Services are purchased as User subscriptions and may be accessed by no more than the number of Users specified on the Order Form, (ii) additional User subscriptions may be added during the Subscription Period; provided, that the Subscription Period for all subscriptions shall be renewed from the date that the additional Users are added, (iii) the pre-existing User subscriptions and additional User subscriptions shall terminate at the end of the renewed Subscription Period, and (iv) prepaid fees for the remaining term of the Subscription Period of the pre-existing subscriptions shall be credited towards the fees for the renewed Subscription Period.  User subscriptions are for designated users and cannot be shared or used by more than one user but may be reassigned to new users replacing former users who no longer require ongoing use of the Services.

4. USE OF THE SERVICES

4.1 Our Responsibilities

During the Subscription Period, we shall: (i) offer you support for the Services as per the levels described in the Service Level Agreement attached hereto as Exhibit A (“SLA”), and provide you the support that you purchase under the Order Form, (ii) use commercially reasonable efforts to make the Services available as per the service levels set forth in the SLA, except for: (a) planned downtime (of which we shall give at least 48 hours’ notice via the Services and which we shall schedule to the extent practical during the weekend hours from 6:00 p.m. Pacific time Friday to 3:00 a.m. Pacific time Monday), or (b) any unavailability caused by Extraordinary Circumstances, and (iii) provide the Services only in accordance with applicable laws and government regulations.

4.2. Your Responsibilities

You shall (i) be responsible for Users’ compliance with this Agreement, (ii) be solely responsible for the accuracy, quality, integrity and legality of Your Data and of the means by which you acquired Your Data, (iii) use commercially reasonable efforts to prevent unauthorized access to or use of the Services, and notify us promptly of any such unauthorized access or use, and (iv) use the Services only in accordance with the User Guide and applicable laws and government regulations.

4.3. Usage Limitations

Services may be subject to other limitations, such as, for example, limits on disk storage space, on the number of calls you are permitted to make against our application programming interface, and, for Services that enable you to provide public websites, on the number of page views by visitors to those websites.  Any such limitations are specified in the applicable Order Form.  The Services may provide real-time information to enable you to monitor your compliance with such limitations.

5. THIRD-PARTY PROVIDERS

5.1. Acquisition of Third-Party Products and Services

Any acquisition by you of third-party products or services, including but not limited to Third-Party Applications and implementation, customization and other consulting services, and any exchange of data between you and any third-party provider, is solely between you and the applicable third-party provider.  We do not warrant or support third-party products or services, whether or not they are designated by us as “certified” or otherwise, except as specified in an Order Form.

5.2. Third-Party Applications and Your Data

If you install or enable Third-Party Applications for use with the Services, you acknowledge that we may allow providers of those Third-Party Applications to access Your Data as required for the interoperation of such Third-Party Applications with the Services.  We shall not be responsible for any disclosure, modification or deletion of Your Data resulting from any such access by Third-Party Application providers.

5.3 Amazon Web Services

MindTouch is an Official APN Technology Partner with Amazon Web Services (“AWS”).  We currently leverage AWS to perform the Services.  AWS publishes a Service Organization Controls 1 (SOC 1), Type 2 report.  Audits for this report are conducted periodically in accordance with the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) and the International Standards for Assurance Engagements No. 3402 (ISAE 3402) professional standards. The SOC 1 report audit attests that AWS’ control objectives are appropriately designed and that the individual controls defined to safeguard customer data are operating effectively. This audit is the replacement of the Statement on Auditing Standards No. 70 (SAS 70) Type II report.   AWS intends to continue to obtain the appropriate security certifications and conduct audits to demonstrate the security of its infrastructure and services.

6. FEES AND PAYMENT FOR PAID SERVICES

6.1. User Fees

You shall pay all fees specified in all Order Forms hereunder.  Except as otherwise specified herein or in an Order Form, (i) fees are quoted and payable in United States dollars (ii) fees are based on the Services purchased and not actual usage, (iii) payment obligations are non-cancelable and fees paid are non-refundable, and (iv) if applicable, the number of User subscriptions purchased cannot be decreased during a Subscription Period.  You acknowledge that MindTouch may provide to you special incentives to complete an Order Form and purchase a Subscription to the MindTouch Service.  Such special incentives may be subject to your agreement to certain marketing and promotional activities that are identified in the Order Form.  You agree that your commitment to the marketing and promotions activities as a material incentive to MindTouch agreeing to provide you the Subscription at the special discounted rates.  Should you fail to meet the marketing and promotion commitments, you agree that MindTouch may (a) accelerate, invoice, and be paid all future payments remaining to be paid under the Order Form for the remaining Subscription Term at the non-discounted rate identified in the Order Form, and (b) invoice and be paid for past years at the non-discounted rate identified in the Order Form, prorated to reflect that portion of payment(s) already made by you.

6.2. Invoicing and Payment

You may provide us with a valid purchase order or alternative document reasonably acceptable to us.  Any such document must reference our Order Form by number and will be governed by the terms of this Agreement.  No terms or conditions stated in your purchase order or other ordering documentation (excluding Order Forms) shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void.  All charges for the Services shall be made in advance, either annually or in accordance with any different billing frequency stated in the applicable Order Form.  Unless otherwise stated in the Order Form, invoiced charges are due net 15 days from the invoice date.  You are responsible for maintaining complete and accurate billing and contact information in the Services.

6.3. Overdue Charges

If any charges are not received from you by the due date, then at our discretion, (a) such charges may accrue late interest at the rate of 3% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid, and/or (b) we may condition future subscription renewals and Order Forms on payment terms shorter than those specified in Section 6.2 (Invoicing and Payment).

6.4. Suspension of Service and Acceleration

If any amount owing by you under this or any other agreement for our services is thirty (30) or more days overdue, we may without limiting our other rights and remedies, cancel any extended payment plans or discounts awarded and accelerate all unpaid fee obligations under such agreements for the entire Subscription Period at the undiscounted rates so that all such obligations become immediately due and payable, and suspend our services to you until such amounts are paid in full.

6.5. Payment Disputes

We shall not exercise our rights under Section 6.3 (Overdue Charges) or 6.4 (Suspension of Service and Acceleration) if the applicable charges are under reasonable and good-faith dispute and you are cooperating diligently to resolve the dispute.

6.6. Taxes

Unless otherwise stated, our fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including but not limited to value-added, sales, use or withholding taxes, assessable by any local, state, provincial, federal or foreign jurisdiction (collectively, “Taxes”).  You are responsible for paying all Taxes associated with your purchases hereunder.  If we have the legal obligation to pay or collect Taxes for which you are responsible under this paragraph, the appropriate amount shall be invoiced to and paid by you, unless you provide us with a valid tax exemption certificate authorized by the appropriate taxing authority.  For clarity, we are solely responsible for taxes assessable against it based on our income, property and employees.

7. PROPRIETARY RIGHTS

7.1. Reservation of Rights

Subject to the limited rights expressly granted hereunder, we reserve all rights, title and interest in and to the Services, including all related intellectual property rights.  No rights are granted to you hereunder other than as expressly set forth herein.

7.2. Restrictions

You shall not, (i) make the Services available to anyone other than Users, (ii) sell, resell, rent or lease the Services, (iii) use the Services to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights, (iv) use the Services to store or transmit Malicious Code, (v) interfere with or disrupt the integrity or performance of the Services or third-party data contained therein, (vi) attempt to gain unauthorized access to the Services or their related systems or networks, (vii) create derivative works based on the Services, (viii) copy, frame or mirror any part or content of the Services, other than copying or framing on your own intranets or otherwise for your own internal business purposes, (ix) reverse engineer the Services, or (x) access the Services in order to build a competitive product or service, (xi) copy any features, functions or graphics of the Services, or (xii) Abuse the Services.  If an Abuse is flagged by our monitoring systems, we shall, in addition to, and not exclusive of, any other remedies at law or in equity, have the right to audit and require you to take immediate corrective actions.

7.3. Ownership of Your Data

As between us and you, you exclusively own all rights, title and interest in and to all of Your Data.  For the purposes of providing the Service and for no other purpose, You hereby grant to MindTouch a worldwide, non-exclusive, fully-paid, royalty-free, transferable license to use, reproduce and display Your Data solely in order to provide the Service to You.

7.4. Federal Government End Use Provisions

We provide the Services, including related software and technology, for ultimate federal government end use solely in accordance with the following: Government technical data and software rights related to the Services include only those rights customarily provided to the public as defined in this Agreement.  This customary commercial license is provided in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Software) and, for Department of Defense transactions, DFAR 252.227-7015 (Technical Data – Commercial Items) and DFAR 227.7202-3 (Rights in Commercial Computer Software or Computer Software Documentation).  If a government agency has a need for rights not conveyed under these terms, it must negotiate with us to determine if there are acceptable terms for transferring such rights, and a mutually acceptable written addendum specifically conveying such rights must be included in any applicable contract or agreement.

8. PROFESSIONAL SERVICES

8.1 Services

We agree to perform the Professional Services set forth on the Order Form or a mutually agreed statement of work (”SOW”) in a good and workmanlike manner consistent with applicable industry standards.

8.2 Customer Responsibilities

In connection with Professional Services, you will: (i) provide qualified personnel who are capable of performing your duties and tasks reasonably requested by us; (ii) provide us with access to your sites, systems and facilities as reasonably required by us to perform the Professional Services; and (iii) provide us with such working space and office support (including access to telephones, photocopying equipment, and the like) as we may reasonably request.  You will also make available to us any data, information and any other materials required by us to perform the Professional Services (collectively, “Your Materials”).  You will be responsible for ensuring that Your Materials are accurate and complete.

8.3 Ownership

Subject to your rights in Your Materials, we will own all rights, title and interest in and to any software programs or tools, utilities, technology, processes, inventions, devices, methodologies, specifications, documentation, techniques and materials of any kind used or generated by us in connection with performing the Professional Services (collectively “Our Materials”), including all intellectual property rights therein.  You will have no rights in Our Materials except as expressly agreed to in writing by the parties.  Nothing in these terms will be deemed to restrict or limit our right to perform similar services for any other party or to assign any employees or subcontractors to perform similar services for any other party; provided that we comply with our confidentiality obligations hereunder.  MindTouch shall have a royalty-free, worldwide, transferable, sublicensable, irrevocable, perpetual license to use, copy, modify, or distribute, including by incorporating into any product or service owned by MindTouch, any suggestions, enhancement requests, recommendations or other feedback provided by You and any of Your Users, relating to any product or service owned or provided by MindTouch.

9. CONFIDENTIALITY

9.1. Definition of Confidential Information

As used herein, “Confidential Information” means all confidential information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure.  Your Confidential Information shall include Your Data; our Confidential Information shall include the Services; and Confidential Information of each party shall include the terms and conditions of this Agreement and all Order Forms, as well as business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party.  However, Confidential Information shall not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party.

9.2. Protection of Confidential Information

Except as otherwise permitted in writing by the Disclosing Party, (i) the Receiving Party shall use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care) not to disclose or use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, and (ii) the Receiving Party shall limit access to Confidential Information of the Disclosing Party to those of its employees, contractors and agents who need such access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections no less stringent than those herein.

9.3. EU-US and Swiss-US Privacy Shield Frameworks

MindTouch complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively.  MindTouch has certified to the Department of Commerce that it adheres to the Privacy Shield Principles, as stated on the MindTouch Privacy Policy. Additionally, we agree to only process Personal Data (as defined in the EU-US and Swiss-US Privacy Shield Frameworks) on behalf of and in accordance with Your instructions and shall treat such Personal Data as Confidential Information. You hereby instruct us to process Personal Data for the following purposes: (i) Processing in accordance with the Agreement and applicable Order Form(s); (ii) Processing initiated by Users in their use of the Services; and (iii) Processing to comply with other reasonable instructions provided by You (e.g., via email) where such instructions are consistent with the terms of the Agreement.  Further, we have committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Frameworks to BBB EU Privacy Shield, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of a complaint filed by You with us, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. To learn more about the EU-US and Swiss-US Privacy Shield Frameworks, and to view our certification page, please visit https://www.privacyshield.gov/.

9.4  Protection of Your Data

Without limiting the above, we shall maintain appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Your Data. We shall not (a) modify Your Data, (b) disclose Your Data except as compelled by law in accordance with Section 9.5 (Compelled Disclosure) or as expressly permitted in writing by you, or (c) access Your Data except to provide the Services or prevent or address service or technical problems, or at your request in connection with customer support matters. In any case, to the extent applicable, we shall only process Personal Data received from you in accordance with the Privacy and Data Security procedures set forth in Exhibit B. For compatibility purposes, MindTouch continues to support TLS (Transport Layer Security)1.0.

9.5. Compelled Disclosure

The Receiving Party may disclose Confidential Information of the Disclosing Party if it is compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure.  If the Receiving Party is compelled by law to disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to such Confidential Information.

10. WARRANTIES AND DISCLAIMERS

10.1. Mutual Warranties

Each party represents and warrants that (i) it has the legal power to enter into this Agreement, and (ii) it will not transmit to the other party any Malicious Code (except for Malicious Code previously transmitted to the warranting party by the other party).

10.2. Disclaimer

EXCEPT AS SET FORTH HEREIN, THE SERVICES AND PROFESSIONAL SERVICES PROVIDED BY MINDTOUCH ARE PROVIDED AND LICENSED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTY OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.  WE DO NOT GUARANTEE THAT THE USE OF THE SERVICES WILL NOT BE INTERRUPTED OR ERROR FREE OR THAT THE SERVICES ARE COMPLIANT WITH ANY SPECIFIC DATA PROTECTION LAWS OR PRIVACY LAWS APPLICABLE TO YOU.  THE FOREGOING WARRANTY IS EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, AND MERCHANTABILITY.

11. INDEMNIFICATION

11.1. Indemnification by MindTouch

If a third party claims that your use of the Services as provided to you infringes any United States patent, copyright, trademark or trade secret, you must promptly notify us in writing.  We shall defend you against such claim if you reasonably cooperate with us and allow us to control the defense and all related settlement negotiations, and then we shall indemnify you from and against any damages finally awarded for such infringement or settlements entered into by us on your behalf.  Notwithstanding the foregoing, we shall have no liability, and shall have no obligation to defend or indemnify you, for any third party claim of infringement based upon (i) use of other than the then current, unaltered version of the applicable Services, unless the infringing portion is also in the then current, unaltered release; (ii) use, operation or combination of the applicable Services with non-MindTouch programs, data, equipment or documentation if such infringement would have been avoided but for such use, operation or combination; or (iii) any third party software; provided, that MindTouch will pass through to you any indemnification received from the owner of such third party software.  In the event the use of the Services is, or we believe is likely to be, alleged or held to infringe any third party intellectual property right, we may, at our sole option and expense, (i) procure for you the right to continue using the affected Service, (ii) replace or modify the affected Service with functionally equivalent service so that it does not infringe, or, if either (i) or (ii) is not commercially feasible, (iii) terminate this Agreement and refund the fees received by us from you for the affected Service for the remaining term of then-current Subscription Period.  The foregoing constitutes our entire liability, and your sole and exclusive remedy with respect to any third party claims of infringement of intellectual property rights.

11.2. Indemnification by You

You shall defend and hold us harmless from and against any and all claims, damages, obligations, losses, liabilities, costs or debt, and expenses (including but not limited to attorney’s fees) arising from: (i) your use of and access to the Services except for claims covered by Section 10.1 above; (ii) your violation of this Agreement; or (iii) your violation of any third party right, including without limitation any copyright, property, or privacy right; provided, that we (a) promptly give you written notice of the claim; (b) give you sole control of the defense and settlement of the claim (provided that you may not settle any Claim unless the settlement unconditionally release us of all liability); and (c) provide to you all reasonable assistance, at our expense.

12. LIMITATION OF LIABILITY; BASIS OF BARGAIN

12.1. Limitation of Liability

EXCEPT WITH REGARD TO A PARTY’S BREACH OF CONFIDENTIALITY OBLIGATIONS UNDER THIS AGREEMENT, OR THE INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS OF ONE PARTY BY THE OTHER PARTY, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL EITHER PARTY OR OTHER PERSON OR ENTITY CLAIMING THROUGH SUCH PARTY UNDER ANY EQUITY, COMMON LAW, CONTRACT, ESTOPPEL, NEGLIGENCE, TORT, STRICT LIABILITY OR ANY OTHER THEORY (REGARDLESS OF THE FORM OF ACTION) BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES ARISING OUT OF OR IN ANY WAY RELATING TO THIS AGREEMENT, THE SERVICES PROVIDED PURSUANT TO THIS AGREEMENT, OR THE USE OF OR INABILITY TO USE THE SERVICES INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, LOST PROFITS, LOSS OF DATA, COMPUTER FAILURE OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES EVEN IF ADVISED OF THE POSSIBILITY THEREOF AND REGARDLESS OF THE LEGAL OR EQUITABLE THEORY (CONTRACT, TORT OR OTHERWISE) UPON WHICH THE CLAIM IS BASED.  EXCEPT WITH REGARD TO AMOUNTS DUE UNDER THIS AGREEMENT, A PARTY’S BREACH OF CONFIDENTIALITY OBLIGATIONS UNDER THIS AGREEMENT, OR THE INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS OF ONE PARTY BY THE OTHER PARTY IN NO EVENT WILL THE AGGREGATE AND CUMULATIVE LIABILITY OF EITHER PARTY ARISING OUT OF OR RELATING TO THIS AGREEMENT AND ALL ORDER FORMS EXCEED THE AMOUNTS RECEIVED BY US FROM YOU DURING TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE FIRST EVENT GIVING RISE TO LIABILITY, WITH RESPECT TO THE PARTICULAR SERVICE GIVING RISE TO LIABILITY UNDER THE MOST APPLICABLE ORDERING DOCUMENT.

12.2. Basis of Bargain

THE PARTIES ACKNOWLEDGE AND AGREE THAT THE FOREGOING SECTIONS ON WARRANTIES AND DISCLAIMERS, INDEMNIFICATION AND LIMITATION OF LIABILITY FAIRLY ALLOCATE THE RISKS BETWEEN THE PARTIES AND ARE ESSENTIAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES.  YOU EXPRESSLY ACKNOWLEDGE THAT THE FEES THAT WE CHARGE FOR THE SERVICES ARE BASED UPON OUR EXPECTATION THAT THE RISK OF ANY LOSS OR INJURY THAT MAY BE INCURRED BY USE OF THE SERVICES WILL BE BORNE BY YOU AND NOT US AND WERE WE TO ASSUME ANY FURTHER LIABILITY OTHER THAN AS SET FORTH HEREIN, SUCH FEES WOULD OF NECESSITY BE SET SUBSTANTIALLY HIGHER.  CERTAIN STATES AND/OR JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR LIMITATIONS OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE EXCLUSIONS SET FORTH ABOVE MAY NOT APPLY TO YOU.

13. TERM AND TERMINATION

13.1. Term of Agreement

This Agreement commences on the date you start using the Services and continues through the end of the Subscription Period.

13.2. Subscription Period

Your subscription commences on the start date specified in the applicable Order Form and continues for the period identified in such Order Form (the “Subscription Period”), provided that if no period is identified in the Order Form, then the Subscription Period shall be for a period of twelve (12) months from the commencement date. Except as otherwise specified in the applicable Order Form, at the end of the Subscription Period, the Subscription Period shall continue for successive periods of one (1) year each, unless either party gives the other notice of non-renewal at least sixty (60) days before the end of then- current Subscription Period. The fees during any renewal term shall be the same as that during the prior term unless we have given you written notice of a pricing increase at least sixty (60) days before the end of such prior term, in which case the pricing increase shall be effective upon renewal and thereafter. Any such pricing increase shall not exceed ten percent (10%) over the pricing for the same usage of Services in the immediately prior subscription term, unless the pricing in the prior term was designated in the relevant Order Form as promotional or one-time.

13.3. Termination

This Agreement will terminate at the expiration of ninety (90) days following written notice of termination given by one party to the other.  Termination of this Agreement will not operate to terminate any Order Form and the terms and conditions of this Agreement will continue in full force and effect to the extent necessary to give effect to any Order Form in effect at the time of termination of this Agreement and until such time as the applicable Order Form expires at the end of the then-current Subscription Period or is terminated as set forth below.  Except as otherwise provided in this Agreement, you may not terminate an Order Form before the end of the then-current Subscription Period.  We may terminate the Order Form if you materially breach the terms of this Agreement or an Order Form, and such breach (if capable of being cured) is not cured within thirty (30) days after written notice of the breach is given to you; provided, however, that no cure period will be required for a breach of Section 7.2 of this Agreement.  The termination of an individual Order Form will not terminate any other Order Form or this Agreement unless otherwise specified in the written notice of termination.

13.4. Return of Your Data

Upon request by you made within thirty (30) days after the effective date of termination or expiration of the Subscription Period or an Order Form, we will make available to you for download a file of Your Data in an industry standard format.  After such 30-day period, we shall have no obligation to maintain or provide any of Your Data and shall thereafter, unless legally prohibited, delete all of Your Data in our systems or otherwise in our possession or under our control.

13.5. Surviving Provisions

Sections 6 (Fees and Payment for Paid Services), 7 (Proprietary Rights), 9 (Confidentiality), 10 (Warranties and Disclaimers), 11 (Indemnification), 12 (Limitation of Liability), 13.4 (Return of your Data), 13.5 (Surviving Provisions) and 14 (General Provisions) shall survive any termination or expiration of this Agreement.

14. GENERAL PROVISIONS

14.1. Notices

Except as otherwise specified in this Agreement, all notices, permissions and approvals hereunder shall be in writing and shall be deemed to have been given upon: (i) personal delivery, (ii) the second business day after mailing, (iii) the second business day after sending by confirmed facsimile, or (iv) the first business day after sending by email (provided email shall not be sufficient for notices of termination or an indemnifiable claim).  Notices to you shall be addressed to the system administrator designated by you for your relevant Services account, and in the case of billing-related notices, to the relevant billing contact designated by you.

14.2. Agreement to Governing Law and Jurisdiction

Each party agrees to the applicable governing law of the State of California without regard to choice or conflicts of law rules, and to the exclusive jurisdiction of the applicable court in San Diego County, California.

14.3. Waiver of Jury Trial

Each party hereby waives any right to jury trial in connection with any action or litigation in any way arising out of or related to this Agreement.

14.4. Export Compliance

Each party shall comply with the export laws and regulations of the United States and other applicable jurisdictions in providing and using the Services.  Without limiting the foregoing, (i) each party represents that it is not named on any U.S. government list of persons or entities prohibited from receiving exports, and (ii) you shall not permit users to access or use Services in violation of any U.S. export embargo, prohibition or restriction.

14.5. Relationship of the Parties

The parties are independent contractors.  This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties.

14.6. No Third-Party Beneficiaries

There are no third-party beneficiaries to this Agreement.

14.7. Waiver and Cumulative Remedies

No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right.  Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity.

14.8. Severability

If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in effect.

14.9. Attorney Fees

You shall pay on demand all of our reasonable attorney fees and other costs incurred by us to collect any fees or charges due us under this Agreement following your breach of Section 6.2 (Invoicing and Payment).

14.10. Assignment

Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (not to be unreasonably withheld).  Notwithstanding the foregoing, we may assign this Agreement in its entirety (including all Order Forms), without your consent to our Affiliate or a successor in interest pursuant to a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets.  Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors and permitted assigns.

14.11. Force Majeure

Neither party shall be liable for any delay or failure in performance due to Extraordinary Circumstances.

14.12. Entire Agreement

This Agreement, including all exhibits and addenda hereto and all Order Forms, constitutes the entire agreement between the parties and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter.  No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and either signed or accepted electronically by the party against whom the modification, amendment or waiver is to be asserted.  However, to the extent of any conflict or inconsistency between the provisions in the body of this Agreement and any exhibit or addendum hereto or any Order Form, the terms of such exhibit, addendum or Order Form shall prevail.  Notwithstanding any language to the contrary therein, no terms or conditions stated in your purchase order or other order documentation (excluding Order Forms) shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void.

MindTouch Inc

MindTouch Executive

(Signature): ______________________________________

Printed Name: ____________________________________

Title: ____________________________________________

Date: ___________/___________/____________________

 

Client

Authorized Representative

(Signature): ______________________________________

Printed Name: ____________________________________

Title: ____________________________________________

Date: ___________/___________/____________________

 


Exhibit A

Service Level Agreement

MindTouch SLA

1. Definitions

For purposes of this Exhibit A, the following definitions will apply:

  1. “Response” or “Respond” means the acknowledgement by MindTouch to Customer that a problem has been reported and identification of a remedial course of action.
  2. “Response Time” means the maximum time period set forth in Table 1 below for MindTouch to convey its Response to Customer, with such period beginning upon Customer giving notice to MindTouch of the problem.
  3. “Severity Levels” means the Severity Levels defined in Section 7 of this Exhibit A.
  4. “Malfunction” means a function that is not executing at all.
  5. “Defect” means a function that is executing but is producing a system or application error during the execution.
  6. “Base-line” is a direct connection between the MindTouch performance monitoring service and the MindTouch servers.

2. Error Resolution

MindTouch will Respond to any Malfunction or Defect that is detected by Customer, reported to MindTouch via email, other writing or via phone in accordance with the following Table 1.  In the event that the Order Form is silent as to the level of support purchased by Customer, support shall be deemed to be Standard.

Table 1 – Schedule of Response for Service Errors
Hours and Support MethodsStandardPremiumEnterprise
Initial Response Time3 Business Days1 Business Day4 Business Hours
Coverage 6am PST to 5pm PST Monday – Friday
Number of Support Contacts allowed in the MindTouch Support Portal

2

2

3

Support Portal Access
Email Support
Real Time Chat (Business Hours Only)
Phone Support
Screen Sharing
Priority within the Support Queue

If MindTouch exceeds the Response Times set forth above in any month, the time in excess of the Response Time will be deemed an “Outage” and, without limiting Customer’s other rights and remedies under this Agreement or otherwise, MindTouch will provide Customer the Service Credits set forth in Section 5 below.

3. Services Availability

Except as may otherwise be provided by the Order Form, which may indicate an enhanced availability level,   MindTouch will provide a 99.5% up time for the Services, excluding scheduled maintenance time and Extraordinary Circumstances (“Availability”). The Services are “Unavailable” when Severity Level 1 incident occurs.

Compliance with the Availability level and calculation of Outages (as defined below) will be measured on a rolling average of the previous 31 days.  If the Services are Unavailable, an “Outage” corresponding to such incident will be measured from the time of the beginning of Unavailability until the Services are fully restored.

4. Availability Report.

MindTouch will provide Customer with an automated report of actual Services Availability, Response Time and Average Load Time every 31 days that includes a rolling average of the applicable Subscription Period.  The report is available at http://status.mindtouch.us.

5. Service Credit.

In the event that we fail to meet the Availability in any month, we will credit to you an amount (“Availability Credit”) equal to the prorated fees for a period of time that varies according to the actual Availability achieved of the Services for that month, as follows:

Table 2 – Service Credit
Outage DurationService Credit
At least 99.0% but less than 99.5%One (1) Day
At least 98.5% but less than 99.0%Three (3) Days
At least 98.0% but less than 98.5%Seven (7) Days
Less than 98.0%Fifteen (15) Days

6. Severity Levels

When Customer notifies MindTouch that Customer or its End Users detect an error in the Services or MindTouch identifies an error in the Services, MindTouch will investigate the error according to the Severity Levels set forth in Section 7 and the corresponding Response Times set forth in Section 2.

MindTouch will coordinate all error isolation, testing and repair work for the Services.  Severity Levels will be determined by MindTouch.  During the error isolation and troubleshooting process, MindTouch will communicate error resolution progress with Customer and escalate its problem resolution efforts based upon the times specified in Section 8.  MindTouch will provide status updates as described below, which updates will include the following information:

  • Services features or functionality that are affected.
  • Current status of repair.
  • Estimated time of repair.
  • Confirmation of repair.

Severity Level 1 (Critical):

A “Severity Level 1” is an error that renders the Services inoperable and Customer or End Users are unable to operate the Services.  A Severity Level 1 issue is defined as a situation where Customer users are unable to access the MindTouch Services, and/or log in using local MindTouch authentication.

MindTouch will:

  • Immediately assign MindTouch personnel and commence work to correct the error
  • Provide on-going communication to Customer regarding the status of the correction and follow the escalation procedures set forth in this Schedule 1

Severity Level 2 (Major):

A “Severity Level 2” is an error that causes the Services to be partially inoperative and the inoperative portion of the Services severely restricts Customer’s or End Users’ use of the Services. Under a Severity Level 2 issue Customer users will be able to access the MindTouch Services , and log in using local MindTouch authentication.

MindTouch will:

  • Immediately assign MindTouch personnel to analyze the nature and implications of the error and commence work to correct the error
  • Provide on-going communication regarding the status of the correction

Severity Level 3 (Minor):

A “Severity Level 3” is an error that causes the Services not to comply with its specifications but does not severely restrict Customer’s or End Users’ use of the Services, which are still usable but with moderately limited functions.

Severity Level 4 (Informational):

A “Severity Level 4” is an error that does not materially affect the operation of the Services, which are still usable.

7. Escalation Procedures

MindTouch will maintain an escalation process to aid in problem resolution for Severity Level 1 issues should any outstanding errors warrant or because a party has not Responded to an error within the parameters set forth in this Exhibit A.

8. Planned Outages

Coordination of Maintenance

As of the Effective Date, the MindTouch standard maintenance downtime for the Services is one (1) time per week between 11:00 PM PST and 12:00 AM PST.  Any activities beyond the regularly scheduled maintenance window are considered unplanned Outages and will be addressed per the above provisions on Availability.

Regular

Regular maintenance is defined as routine, scheduled maintenance outside the scheduled maintenance downtime described above.

Emergency

Emergency maintenance is defined as maintenance that must be performed immediately, regardless of time of day / busy hour.  Such maintenance will be categorized as an Outage to the extent described above.

9. Redundancy and Disaster Recovery Plan.

The Services will be fully physically redundant.  Throughout the Subscription Period, MindTouch will maintain a written disaster recovery plan to apply in the event of Extraordinary Circumstances or other similar disruption to the Services. MindTouch will promptly implement the plan upon the occurrence of any Extraordinary Circumstance or similar circumstance. Without limitation, the MindTouch disaster recovery plan will include back-up and a disaster recovery data set, including Customer Content, will be available to Customer that is current within 3 days of the day the primary data set was lost, destroyed or otherwise becomes unavailable.

10. Contact Information

Hours of Operation: 8AM PST to 6PM PST

Contact Phone Number: US:  619-795-8459

Email Address: [email protected]

11. MindTouch 24 x7 Support

MindTouch 24×7 Customer Support is an add-on to Customer’s Enterprise Support Plan to cover “Show-Stopper” issues as described below.  If MindTouch 24×7 Customer Support is purchased, Customer’s support will include the additional Issue Classification and Response Time identified in the following Table 3:

Table 3 – Issue Classification
Development Classification*Legal-TermDefinition24×7 Support Available
Show-StopperDowntimeSite unavailable.  Authentication unavailable (LDAP, Active Directory, SAML, ADFS)

*Only issues classified as Show-Stopper are able to receive 24×7 Support.  Non Show-Stopper issues that are reported outside of regular hours (6AM PST to 5PM PST) will be triaged and classified pursuant to the Severity Levels and response times applicable to Customer’s Enterprise Support Plan details.

Table 4 – Response Times
ContactDescriptionResponse Time
24×7 SupportAvailable 24×7 for Show-Stopper issuesTwo (2) Hours
[email protected]Available Monday – Friday 6AM PST to 5PM PST for all issue classifications.≥ Four (4) Hours during business hours
619-795-8459Available Monday – Friday 6AM PST to 5PM PST for all issue classifications.During business hours

MindTouch will provide the support portion of the Services in accordance with the service levels set forth in this Exhibit A during the Subscription Period.

MindTouch Inc

MindTouch Executive

(Signature): ______________________________________

Printed Name: ____________________________________

Title: ____________________________________________

Date: ___________/___________/____________________

 

Client

Authorized Representative

(Signature): ______________________________________

Printed Name: ____________________________________

Title: ____________________________________________

Date: ___________/___________/____________________

 


Exhibit B

Privacy And Data Security

(Global – Privacy Shield Certified Vendors)

1. Definitions

“Personal Data” will mean any data, information or record that directly or indirectly identifies a natural person (data subject) or relates to an identifiable natural person, including but not limited to, name, address, telephone number, email address, payment card data, identification number such as social security or tax ID number, date of birth, driver’s license number, medical and health-related information, and any other personally identifiable information that Supplier or any third party acting on Supplier’s behalf processes in connection with the Services.

“Process,” “Processing” or “Processed” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Security Incident” means any (i) loss, destruction, or theft of Personal Data; (ii) unauthorized use, disclosure, acquisition, alteration, transmission of or access to, or other unauthorized Processing of Personal Data

 

2. Processing of Personal Data

2.1 Purpose Limitation

Supplier will only Process Personal Data on behalf of and in accordance with Company’s written instructions as set forth in the Agreement. Supplier will treat Personal Data as confidential information and impose confidentiality obligations on all personnel who Process Personal Data.

If applicable law requires Supplier (or, for avoidance of doubt, any sub-processor) to conduct Processing that is or could be construed as inconsistent with Company’s instructions, Supplier will notify Company hereof promptly and prior to commencing the Processing, unless this notification is prohibited by law on important grounds of public interest.

2.2 Data Ownership

As between Supplier and Company, Company is the owner of any and all Personal Data, and Supplier will have no ownership rights or interest in such Personal Data.

 

3. Compliance with Applicable Law

Supplier will comply with all applicable foreign, international, federal, state and local laws, including but not limited to the laws of any jurisdiction from which the Personal Data originates. This includes all regulations and requirements, including such measures as are necessary to ensure an adequate level of protection for Personal Data (including without limitation European Union Directives governing general data protection (Directive 1995/46/EC), electronic commerce (Directive 2002/58/EC), data retention and the General Data Protection Regulation (Regulation EU 2016/679) (eff. May 25, 2018) as well as Implementing and Delegating Acts as adopted or amended from time to time). Subject to Section 6.4, Supplier will comply with all industry standards and other applicable requirements that relate in any way to the privacy, data protection, electronic storage, confidentiality or security of Personal Data and apply to Supplier or Company.

Supplier will cooperate and provide Company with assistance that Company deems reasonably necessary to comply with applicable law, including assisting Company with ensuring that Company’s technical and organizational security measures meet the requirements of applicable law and obtaining approval from data protection authorities, as required. In particular, but without limiting the generality of the foregoing, if Company determines that applicable law or Company policy requires an assessment of the privacy impacts of any Processing by or on behalf of Supplier, Supplier will cooperate fully with and facilitate Company’s conduct of the assessment. If Company determines that applicable law or a Company policy requires Company to notify, seek guidance from or consult with a third party, including any governmental authority or representative labor body, concerning Supplier’s Processing of Personal Data, Supplier will cooperate with Company in connection with such advisory request or consultation.

If Supplier believes that any instruction from Company is in violation of, or would result in Processing in violation of applicable law, then Supplier will notify Company immediately.

 

4. Transfer of Personal Data

Supplier will store Personal Data within the United States and neither Supplier nor Supplier’s Agents outside of the United States will access the Personal Data within the United States. Supplier will not transfer Personal Data outside the United States without the prior express written consent of Company, establishing a legal basis for such transfer and taking such steps as the Company may require to ensure that the transfer meets the requirements of applicable law. If Supplier discovers or reasonably believes that any Personal Data has been or is being Processed in jurisdictions other than the United States, Supplier will provide prompt notice to Company.

 

5. Sub-Processors

5.1 Appointment of Sub-Processors

Supplier will not subcontract any of its rights or obligations under this Agreement without the prior express written consent of Company. Where Supplier, with the consent of Company, subcontracts its obligations under this Agreement, it will do so only by way of a written agreement with its subcontractor that imposes the same privacy and security obligations, as well as confidentiality obligations on the subcontractor as are set out in this Agreement. Whenever Supplier employs the services of third-party service providers to assist it in performing its obligations under this Agreement, Supplier agrees that such service providers are capable of maintaining appropriate safeguards for Company’s Personal Data and that Supplier has contractually obligated such service providers to maintain appropriate safeguards designed to comply with applicable law and applicable privacy standards.

5.2 Liability

Supplier will be liable for the acts and omissions of its subcontractors and sub-processors to the same extent that Supplier would be liable if performing the services of each subcontractor or sub-processor Directly.

 

6. Security

6.1 Security Program

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of data subjects, the Supplier will maintain or cause to be maintained a reasonable and commercially feasible information security program that complies with all applicable laws and is designed to reasonably ensure the security and confidentiality of all Personal Data.

6.2 Security Measures

Supplier will take all appropriate and commercially reasonable measures, including, without limitation, administrative, physical, technical (including electronic), and procedural safeguards. Supplier will ensure that Personal Data are only available to Supplier personnel who have a legitimate business need to access the Personal Data, who are bound by legally enforceable confidentiality obligations, who have received training on applicable data protection policies and procedures, and who will only process the Personal Data in line with Company’s instructions.

6.3. Additional Security Measures

Supplier will implement and maintain any additional privacy and security safeguards, as directed by Company, in the event of any (i) material changes to any services subject to the Agreement, or any relevant technology or systems; (ii) Security Incident; or (iii) the discovery of a material privacy or security vulnerability or weakness,; provided that the failure of Company to direct Supplier to implement such additional safeguards will not impact, eliminate or decrease Supplier’s obligations under this Agreement.

6.4. Conflicts

In the event of any conflict between Supplier’s obligation to employ and maintain a reasonable Information Security Program, its obligation to comply with industry standards or any privacy or security-related obligations contained in this Exhibit, Supplier will comply with the obligations that provide the most protection for the Personal Data.

6.5 Security Incident Response and Notification

Supplier will promptly and without undue delay, notify Company of any Security Incident of which Supplier becomes aware. Such notification will be made to the individual identified in the table below. The notice will summarize in reasonable detail the nature of the Security Incident; whether the suspected data that is lost, stolen or compromised, if known; Supplier’s appraisal of the consequences of the Security Incident; the corrective action taken or to be taken by Supplier; any internal point(s) of contact responsible for managing or responding to the Incident; and Supplier’s Data Protection Officer, if any. Supplier will promptly take all necessary and advisable corrective actions and will cooperate fully with Company in all reasonable and lawful efforts to prevent, mitigate, or rectify such Security Incident. All information relating to each Security Incident must be retained by Supplier until Company has specifically consented in writing to its destruction. Supplier will consult with Company on the content of any mandated communications. Except for mandated communications, the content of any external filings, communications, notices, press releases or reports to be issued by Supplier related to any Security Incident must be promptly reviewed and approved by Company prior to any publication or communication. Company will not unreasonably withhold such approval.

In the event of a Security Incident, if Company determines that any Security Incident must be disclosed or reported to a third party, including individuals or governmental authorities (including, but not limited to, any data protection authorities in the European Economic Area), Supplier will fully cooperate with and assist Company in fulfilling Company’s reporting and disclosure obligations. In addition Supplier will, at Company’s option and at the direction of Company, whether or not required by applicable law, provide written notice to the individuals whose Personal Data was reasonably connected to the Security Incident, or reimburse Company for all direct out of pocket and commercially reasonable costs it incurs in providing such notice.

Security Incident notifications will be provided to:

 

Name: ___________________________________

Company: ________________________________

Address: _________________________________

                 _________________________________

Email: ___________________________________

Phone: __________________________________

7. Access Requests

7.1 Notice of Access Requests

Supplier will promptly notify Company of any request for access to any Personal Data from any regulatory body, government official or other third person. Supplier will notify Company of any warrant, subpoena, or other request to Supplier regarding any Personal Data no later than five (5) business days following receipt, unless prohibited by applicable law. Supplier will comply with any preservation requests from Personal regarding Personal Data and will provide support so that Company can comply with third party requests if Company cannot otherwise reasonably obtain such information.

7.2 Responding to Access Requests

Supplier will cooperate with Company if Company, its regulators or a data subject requests access to Personal Data for any reason.

 

8. Retention, Return and Deletion of Personal Data

8.1 Retention

Supplier will not retain Personal Data any longer than is reasonably necessary, in accordance with Company record retention policies, to accomplish the intended purposes for which the data was Processed pursuant to this Agreement. Data will be retained for 30 days following the termination of the contract after which data will be purged.

8.2 Backup

Unless designated otherwise on an Order Form, Supplier will take commercially reasonable steps to back up Personal Data, conducted at least on a daily basis. Backed up data will be stored at two (2) separate geographical locations or more. Such back-up copies of Personal Data will be used by Supplier and its agents solely for back-up purposes.

8.3 Return and Deletion

When Personal Data are no longer necessary for the purposes set forth in the Agreement or promptly upon the expiration or termination of the Agreement, whichever is earlier, or at an earlier time as Company requests in writing, Supplier will (i) provide to Company, in the format and on the media requested by Company, a copy of all or, if specified by Company, any part of the Personal Data; and (ii) destroy all, or if specified by the Company, any part of the Personal Data in Supplier’s possession, in accordance with the National Institute of Standards and Technology (NIST) Special Publication 800-88, Guidelines for Media Sanitization) standards. Supplier will provide a certification of destruction and a detailed report summarizing the sanitized or destroyed items if requested.

In the event that applicable law does not permit Supplier to comply with the delivery or destruction of the Personal Data, Supplier warrants that it will ensure the confidentiality of the Personal Data and that it will not use or disclose any Personal Data at or after the termination or expiration of the Agreement.

 

9. Audit

Company will have the right to verify compliance by Supplier and any subcontractor or sub-processor with the terms of this Agreement or to appoint a third party under reasonable covenants of confidentiality to verify the same on Company’s behalf. Supplier will grant Company or its agents access to the extent necessary to accomplish the inspection and review of all data processing facilities, data files and other documentation used for Processing of Personal Data in relation to the Agreement. Supplier agrees to provide reasonable assistance to Company in facilitating this inspection function.

Supplier will keep records of the Processing activities it performs on behalf of Company in accordance with applicable law including, without limitation, records regarding the categories of Processing activities performed; information regarding cross-border data transfers; a general description of the security measures implemented in respect of the processed data; Supplier’s Data Protection Officer, if any; and Supplier’s representative(s) within the European Union, if any. Supplier will provide Company with all information necessary to demonstrate compliance with applicable law.

 

10. Rights of Data Subjects

Supplier will assist Company as requested with responding to data subjects’ requests to exercise their rights under applicable data protection laws and regulations, which may include, without limitation, rights of access, correction, amendment, blocking and deletion. Supplier will notify Company promptly if it receives any such request or claim from a data subject relating to Personal Data or Supplier’s Processing thereof.

 

11. Additional Terms for Privacy Shield-Certified Suppliers

11.1 Application of Privacy Shield Principles

Supplier self-certifies to the EU-U.S. and/or Swiss-U.S. Privacy Shield Framework, as administered by the U.S. Department of Commerce (the “Privacy Shield”), and is committed to complying with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse Enforcement and Liability and all applicable Supplemental Principles (collectively, the “Principles”). Supplier represents that it has provided Company with a current and valid Privacy Shield certification evidencing its placement and good standing on the U.S. Department of Commerce’s Privacy Shield List. Supplier agrees, that at any and all times during which Supplier Processes Company Personal Data that originated from the European Union (EU) and/or Switzerland, or concerns citizens or residents of the EU and/or Switzerland (collectively, “EU Personal Data”),

Supplier will:

  1. Provide at least the same level of protection for EU Personal Data received pursuant to this Agreement as is required by the Principles, whether or not such data was transferred from the EU or Switzerland to the U.S. pursuant to Supplier’s Privacy Shield Certification;
  2. Ensure Supplier maintains its EU and/or Swiss Privacy Shield self-certification(s) for so long as it retains EU Personal Data pursuant to this Agreement.

11.2 Notice of Non-Compliance

If Supplier determines it can no longer meet its obligation to provide the same level of protection as is required by the Principles, Supplier will immediately notify Company in writing.

11.3 Disclosure to Regulators

Company may provide a copy of this Agreement to any regulator entitled to access in connection with the enforcement of the Privacy Shield and/or Principles or with jurisdiction over the Personal Data received by Supplier in connection with this Agreement.

11.4 Modifications

The Privacy Shield and the Principles may be updated or changed from time to time. In the event of any such changes, Supplier agrees to negotiate in good faith with Company to make corresponding changes in a subsequent amendment to the Agreement. If the parties cannot agree upon any such subsequent amendment, Company will have the right to terminate this Agreement, in whole or in part, prior to the effective date of such changes in the Privacy Shield or Principles. If the Privacy Shield is invalidated, Supplier agrees to enter into such further contractual provisions or frameworks as may be required by Company to ensure lawful transfer and/or Processing of Personal Data originating from the EU/EEA or Switzerland, which may include without limitation, “Standard Contractual Clauses.”

 

12. Miscellaneous

12.1 Standard of Protection

This Exhibit supersedes any provision of this Agreement to the extent such provision relates to the privacy, confidentiality or security of Personal Data; provided, however, that in the event of any conflict between the provisions of this Exhibit and the other portions of the Agreement, Supplier will comply with the obligations that provide the most protection for Personal Data.

12.2 Governing Law

This Exhibit will be governed by and construed in accordance with the laws and jurisdiction identified in the Agreement, except to the extent that applicable data protection laws require otherwise, in which event this Exhibit will be governed in accordance with applicable data protection laws.

12.3 Annex 1

The Annex 1 attached hereto is incorporated into this Exhibit.

ANNEX 1 TO PRIVACY AND DATA SECURITY EXHIBIT

Data Controller

Data Controller refers individually and collectively to the Company and its affiliates (as defined in the Agreement).

Data Processor

Data Processor refers to Supplier who processes Personal Data upon the instruction of the Data Controller in accordance with the terms of the Agreement.

Data Subjects

Data Controller has instructed Data Processor to Process certain information as may be submitted in connection with the Services outlined in the Agreement. The information submitted may include Personal Data provided by the individual data subjects or the organization in accordance with the relevant Services selected by such organization. The extent of the Personal Data collected is determined and controlled by the Data Controller in its sole discretion, and may include, but is not limited to Personal Data relating to the following categories of data subjects:

Details are specified in the contracts for the services (“Services”) which reference this Data Security Exhibit. Data exporter may submit Personal Data to the Services, the extent of which is determined and controlled by the data exporter in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:

  • Data exporter’s Users authorized by data exporter to use the Services provided by Data Importer

Additional information may be included in the applicable Order Form.

Categories of Data

The Personal Data processed concern the following categories of data:

Details are specified in the contracts or a purchase orders for the Services which reference this Data Protection Agreement. The personal data transferred concern the following categories of data (please specify):

  • The personal data transferred concern data subjects residing in the European Economic Area and Switzerland.

Additional information may be included in the applicable Order Form.

Special categories of data (if appropriate)

Data Controller, reporters or authorized users of the Services may submit special categories of data to the Services, the extent of which is determined and controlled by the Data Controller in its sole discretion, and which is for the sake of clarity Personal Data that may include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.

Additional information may be included in the applicable Order Form.

Processing operations

The Personal Data transferred will be processed by Data Processor as more fully set forth in the Agreementand/or applicable Order Form.

 

MindTouch Inc

MindTouch Executive

(Signature): ______________________________________

Printed Name: ____________________________________

Title: ____________________________________________

Date: ___________/___________/____________________

 

Client

Authorized Representative

(Signature): ______________________________________

Printed Name: ____________________________________

Title: ____________________________________________

Date: ___________/___________/____________________

 

Effective date: August 24, 2018

Do NOT follow this link or you will be banned from the site!