Master Subscription Agreement (200612)
THIS MASTER SUBSCRIPTION AGREEMENT GOVERNS YOUR (HEREINAFTER, “YOU”, “YOUR”, OR “CUSTOMER”) PURCHASE AND RECEIPT OF PROCESSUNITY’S SUBSCRIPTION SERVICE.
BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE OR BY EXECUTING AN ORDER FORM OR STATEMENT OF WORK THAT REFERENCES THIS AGREEMENT, YOU AGREE TO THE TERMS OF THIS AGREEMENT AND SUCH DATE OF ACCEPTANCE OR EXECUTION SHALL BE DEEMED TO BE THE EFFECTIVE DATE (THE “EFFECTIVE DATE”) OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT RECEIVE THE SUBSCRIPTION SERVICE. YOU AND PROCESSUNITY ARE SOMETIMES REFERRED TO TOGETHER AS THE “PARTIES” AND INDIVIDUALLY AS A “PARTY.”
IN CONSIDERATION OF THE MUTUAL PROMISES HEREIN AND OTHER VALUABLE CONSIDERATION AND ON THE TERMS AND CONDITIONS SET FORTH BELOW AND IN ANY APPLICABLE ORDER FORM, PROCESSUNITY AGREES TO PROVIDE AND CUSTOMER AGREES TO RECEIVE AND PAY FOR THE SERVICE IN ACCORDANCE WITH THE FOLLOWING TERMS AND CONDITIONS:
1. DEFINITIONS.
“Affiliate” means any entity that directly or indirectly Controls, is controlled by, or is under common Control with such entity.
“Control” of an entity means direct or indirect ownership or control of more than 50% of the voting interests of such entity.
“Authorized Users” means Customer’s and its Affiliates’ employees and third party providers authorized to access the Service and/or to receive Customer Data through the Service.
“Competitor” means any entity that may be reasonably construed as offering competitive functionality or services to those offered by ProcessUnity.
“Confidential Information” of a Party means non-public or proprietary information regarding the business or affairs of that Party, whether oral, written or electronic, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Examples of Confidential Information include the terms and conditions of this Agreement, the Customer Data, business and marketing plans, technology and technical information, financial results and information, product designs, product roadmaps, and business processes.
“Customer Data” means the electronic data or information submitted by Customer or Authorized Users of the Service.
“Documentation” means the user guide for the Service, as updated from time to time, accessible via the ProcessUnity Online Help Center.
“Intellectual Property Rights” means all industrial and intellectual property rights and all rights associated therewith, throughout the world, including (1) all patents and applications therefor and all reissues, divisions, renewals, extensions, provisionals, continuations and continuations‑in‑part thereof, (2) all inventions (whether patentable or not) and all rights in invention disclosures, (3) improvements, trade secrets, proprietary information, know how, technology, technical data, proprietary processes and formulae, algorithms, specifications, customer lists and supplier lists, (4) all designs and any registrations and applications therefor, all trade names, logos, trade dress, trademarks and service marks, trademark and service mark registrations, trademark and service mark applications, and any and all goodwill associated with and symbolized by the foregoing items, (5) Internet domain name registrations, (6) all copyrights, copyright registrations and applications therefor (including copyrights in Software, and all other rights corresponding thereto, (7) all rights in databases and data collections, (8) all moral rights of authors and inventors, however denominated, and (9) any similar or equivalent rights to any of the foregoing.
“Laws” means all laws (including statutory law, common/case law, codes), regulations and governmental orders.
“Malicious Code” means viruses, worms, time bombs, Trojan horses and other malicious code, files, scripts, agents or programs.
“Order Form” means the separate ordering documents under which Customer subscribes to the ProcessUnity Service or requests Professional Services pursuant to this Agreement that have been fully executed by the Parties.
“Personal Data” means information relating to an identified or identifiable natural person. An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Service” means ProcessUnity’s software-as-a-service applications as described in the Documentation and subscribed to under an Order Form.
2. USE OF THE SERVICE.
2.1 ProcessUnity’s Responsibilities. ProcessUnity shall: (i) make the Service available to Customer pursuant to the terms of this Agreement and the applicable Order Form(s); (ii) provide Customer support in accordance with the terms of ProcessUnity’s Standard Support Policy; and (iii) use commercially reasonable efforts to make the Service available 24 hours a day, 7 days a week, except for (a) planned maintenance in accordance with the terms of ProcessUnity’s Standard Support Policy, (b) any unavailability caused by circumstances beyond ProcessUnity’s reasonable control, including, but not limited to, computer attacks or malicious acts on or through the Internet, or delays caused by an Internet service provider, telecommunications or hosting facility; and (c) any unavailability that results from Customer’s equipment, software, other technology, or the actions of Customer or any third party within Customer’s control. ProcessUnity shall not disclose Customer Data to anyone other than Authorized Users and shall not use Customer Data except: (i) to provide the Service; (ii) to prevent or address service or technical problems in accordance with this Agreement and the Documentation; or (iii) in accordance with Customer’s instructions.
2.2 Customer Responsibilities. Customer shall: (i) have sole responsibility for the accuracy and legality of all Customer Data; (ii) shall ensure that it has obtained all consents and permissions necessary to disclose any Personal Data within the Customer Data; and (iii) prevent unauthorized access to, or use of, the Service, and notify ProcessUnity promptly of any such unauthorized access or use. Customer shall be liable for the acts and omissions of its Authorized Users hereunder. Customer shall be responsible for acquiring all equipment necessary to make connections to the World Wide Web, including a computer and Internet access.
2.3 Access to the Service. Customer shall have a non-exclusive, limited (as specified in the applicable Order Form), non-transferable (except to Affiliates) right to access and use the Service during the Term solely by Authorized Users (up to any limits on number of users in the applicable Order Form) and solely for its internal business purposes and not for the benefit of any third parties.
2.4 Restrictions. Customer shall not: (i) modify, copy or create any derivative works based on the Service or Documentation; (ii) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share, offer in a service bureau, or otherwise make the Service or Documentation available to any third party, other than to Authorized Users as permitted herein; (iii) reverse engineer or decompile any portion of the Service or Documentation, including but not limited to, any software utilized by ProcessUnity in the provision of the Service and Documentation, except to the extent required by law; (iv) access the Service or Documentation in order to build any commercially available or competing product or service; (v) copy any features, functions, integrations, interfaces or graphics of the Service or Documentation; (vi) use the Service in violation of applicable Laws; (vii) send or store infringing, obscene, threatening, or otherwise unlawful material, including material that violates privacy rights; (viii) send or store Malicious Code in connection with the Service; or (ix) attempt to gain access to the Service in a manner not set forth in the Documentation.
2.5 Professional Services. ProcessUnity shall, on an as-needed basis, provide additional services as may be set forth in an Order Form or Statement of Work. Any Order Form or Statement of Work for additional services must be executed by ProcessUnity and Customer and must include or reference a reasonably detailed description of the project or services to be performed (“Professional Services”).
3. SUBSCRIPTION FEES AND PAYMENT.
3.1 Invoicing; Payment Terms; Taxes. Customer agrees to pay to ProcessUnity (i) subscription fees for the Service in the amount set forth in the applicable Order Form and (ii) any Professional Services fees set forth in the applicable Order Form or Statement of Work. Unless specified otherwise in the applicable Order Form, the subscription fees for the initial term shall be due and payable by Customer upon execution of the applicable Order Form and the subscription fees for each subsequent term shall be due and payable prior to the commencement of each subsequent term. Unless specified otherwise in the applicable Order Form, invoiced Professional Services fees shall be due and payable net thirty (30) days following receipt of ProcessUnity’s invoice therefor. The payment obligations set forth in this Agreement are exclusive of all sales, use, withholding, value-added, privilege, excise or similar taxes or duties and Customer is responsible for paying such taxes, excluding U.S. income taxes on ProcessUnity. Except as otherwise specified herein, all payment obligations under any and all Order Forms are non-cancelable and all payments made are non-refundable.
3.2 Automatic Renewal. Unless specified otherwise in the applicable Order Form, at the end of the then-current subscription term, each subscription to the Service shall automatically renew for an additional term of one (1) year (“Renewal Subscription Term”) unless Customer provides written notice of non-renewal to ProcessUnity at least thirty (30) days before the expiration date of the then-current subscription term or Renewal Subscription Term.
3.3 Annual Increases. Unless specified otherwise in the applicable Order Form, subscription fees are subject to annual increases which on average may not exceed 5% per year, which will become effective beginning upon the first day of each Renewal Subscription Term. ProcessUnity will notify Customer of any increase at least 30 days prior to Customer’s Renewal Subscription Term. Such notice may be in the form of an invoice or any other form of notice commonly used by ProcessUnity to communicate with Customer. This Section 3.3 does not preclude ProcessUnity from charging additional subscription fees for significant new functionality or features.
3.4 Overdue Payments; Non-Payment and Suspension of Service. Any payment not received from Customer by the due date may accrue (except with respect to charges then under reasonable and good faith dispute), at ProcessUnity’s discretion, late charges at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid. If Customer’s account is more than thirty (30) days past due (except with respect to charges subject to a reasonable and good faith dispute), in addition to any other rights or remedies it may have under this Agreement or by law, ProcessUnity reserves the right to suspend the Service upon thirty (30) days written notice, without liability to Customer, until such amounts are paid in full.
4. PROPRIETARY RIGHTS; AGGREGATED DATA.
4.1 Ownership; Reservation of Rights. ProcessUnity and its licensors own all right, title and interest in and to the Service, Documentation, and other ProcessUnity Intellectual Property Rights. Subject to the limited rights expressly granted hereunder, ProcessUnity reserves all rights, title and interest in and to the Service and Documentation, including all related Intellectual Property Rights. No rights are granted to Customer hereunder other than as expressly set forth herein. ProcessUnity shall have a royalty-free, worldwide, transferable, sub-licensable, irrevocable, perpetual license to use or incorporate into the Service any Customer feedback provided in connection with its use of the Service. Customer shall retain all right, title and interest in and to the Customer Data.
4.2 Use of Aggregated Data. ProcessUnity owns the aggregated and statistical data derived from the operation of the Service, including, without limitation, the number of records in the Service, the number and types of transactions, configurations, and reports processed in the Service and the performance results for the Service (the “Aggregated Data”). Nothing herein shall be construed as prohibiting ProcessUnity from utilizing the Aggregated Data for purposes of operating ProcessUnity’s business and enhancing ProcessUnity’s services, provided that ProcessUnity’s use of Aggregated Data will not reveal the identity, whether directly or indirectly, of any individual or specific data entered by any individual into the Service. In no event does the Aggregated Data include any Personal Data.
4.3 Right to Survey. ProcessUnity reserves the right to survey Authorized Users and Third Party users on a periodic basis solely for the purpose of enhancing the user experience and improving the Service. ProcessUnity is prohibited from selling, trading or sharing any data received from such surveys.
5. CONFIDENTIALITY.
5.1 Confidential Information. Either Party may from time to time disclose (the “Disclosing Party”) to the other Party (the “Receiving Party”) certain Confidential Information of the Disclosing Party. Except as expressly permitted by this Agreement, for a period of seven (7) years from receipt of the applicable Confidential Information, the Receiving Party shall (i) protect such Confidential Information of the Disclosing Party from unauthorized dissemination, using the same degree of care which the Receiving Party ordinarily uses with respect to its own proprietary information, but in no event with less than reasonable care, (ii) not use such Confidential Information of the Disclosing Party for any purpose not expressly permitted by this Agreement and (iii) limit the disclosure of such Confidential Information of the Disclosing Party to the employees, consultants, or agents of the Receiving Party who have a need to know such Confidential Information for purposes of this Agreement, and who are, with respect to such Confidential Information of the Disclosing Party, bound in writing by confidentiality terms no less restrictive than those contained herein. Notwithstanding the foregoing, Confidential Information may be disclosed if such disclosure is required by law or by the order of a competent court or similar competent judicial or administrative body; provided, however, that the Receiving Party shall notify the Disclosing Party of such requirement promptly and in writing, and shall cooperate reasonably with the Disclosing Party, at the Disclosing Party’s expense, in the obtaining of a protective or similar order enjoining, restraining or limiting the disclosure of such Confidential Information. Notwithstanding any other provision of this Agreement, the confidentiality obligations set forth herein shall apply indefinitely with regard to the (i) Customer Data, (ii) Service, (iii) any related technology, data and databases, algorithm or information contained therein or provided therewith and (iv) the Documentation, and in any event including any trade secrets related to any of the foregoing. Nothing in this Agreement shall limit any rights and remedies the Parties have under applicable laws governing trade secrets.
5.2 Return of Confidential Information. Except to the extent a Receiving Party is otherwise entitled to retain Confidential Information hereunder, the Receiving Party shall return to the Disclosing Party or destroy all Confidential Information of the Disclosing Party in tangible form and all materials or media containing or incorporating any Confidential Information of the Disclosing Party: (i) upon the written request of the Disclosing Party; or (ii) upon the expiration or termination of this Agreement, whichever comes first, and in both cases, the Receiving Party shall certify promptly and in writing that it has done so.
5.3 Remedies. If a Party discloses or uses (or threatens to disclose or use) any Confidential Information of the other Party in breach of confidentiality protections hereunder, the other Party shall have the right, in addition to any other remedies available, to seek injunctive relief to enjoin such acts, it being acknowledged by the Parties that any other available remedies are inadequate.
5.4 Exclusions. Confidential Information shall not include any information that: (i) is or becomes generally known to the public other than through a breach of a confidentiality obligation; (ii) was known to a Party prior to its disclosure by the other Party without breach of any obligation owed to the other Party; (iii) was independently developed by a Party without breach of any obligation owed to the other Party; or (iv) is received from a third party without breach of any obligation owed to the other Party. Customer Data shall not be subject to the exclusions set forth in this Section.
6. DATA PRIVACY AND SECURITY.
6.1 Protection and Security. During the Term of this Agreement, ProcessUnity shall maintain a formal data privacy and data security program that is designed to: (i) ensure the security and integrity of Customer Data; (ii) protect against threats or hazards to the security or integrity of Customer Data; and (iii) prevent unauthorized access to Customer Data and Personal Data. Additional information about ProcessUnity’s data privacy and data security practices can be found in ProcessUnity’s Data Privacy & Data Security Statement, a copy of which is attached as Exhibit A.
7. WARRANTIES & DISCLAIMERS.
7.1 Limited Warranty. Subject to the limitations and exceptions set forth in this Agreement, ProcessUnity warrants that when accessed and used for the purpose and in the manner permitted and authorized by this Agreement, the Service will perform substantially in accordance with industry standards and with the specifications set forth in the then-applicable Documentation and that the functionality of the Service will not be materially decreased during the Term. Professional Services shall be performed in a professional manner, consistent with industry standards.
7.2 Remedy. In the event that the Service or Professional Services fails to conform to the warranties set forth herein in any material respect, ProcessUnity shall correct such failure to perform as warranted in a reasonable period of time without delay, provided that Customer reports deficiencies in writing to ProcessUnity within thirty (30) days of the first date the deficiency is identified by Customer. Customer agrees that this is the sole and exclusive remedy provided by ProcessUnity in connection with the Service.
7.3 DISCLAIMER. EXCEPT FOR THE EXPRESS WARRANTIES STATED IN THIS AGREEMENT, THE SERVICE IS PROVIDED AS-IS AND PROCESSUNITY DISCLAIMS ALL CONDITIONS, REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AS TO ANY MATTER WHATSOEVER OR ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS. EXCEPT AS SPECIFICALLY SET FORTH IN THIS AGREEMENT OR ANY APPLICABLE ORDER FORM, PROCESSUNITY AND ITS LICENSORS MAKE NO REPRESENTATION OR WARRANTY THAT ALL ERRORS HAVE BEEN OR CAN BE ELIMINATED FROM THE SERVICE OR ANY PROFESSIONAL SERVICES, THAT THE SERVICE WILL OPERATE WITHOUT INTERRUPTION OR LATENCY, OR THAT THE SERVICE WILL OPERATE WITH ANY NETWORK, HARDWARE OR THIRD PARTY SOFTWARE. THE WARRANTY HEREIN IS LIMITED ONLY TO CUSTOMER AND ITS AFFILIATES AND EXCLUDES ANY THIRD PARTY.
8. INDEMNIFICATION.
8.1 Indemnification by ProcessUnity. ProcessUnity agrees, at its own expense, to defend or, at its option, to settle, any claim or action brought against Customer or its Affiliates to the extent it is based on a claim that Customer’s or its Affiliates (i) use of the Service in accordance with this Agreement and the Documentation that infringes or violates any Intellectual Property Right of a third party or (ii) ProcessUnity’s willful misconduct, and will indemnify and hold Customer and its Affiliates harmless from and against any damages, costs and fees reasonably incurred (including reasonable attorneys’ fees) that are attributable to such claim or action and which are assessed against Customer or its Affiliates in a final judgment or awarded against Customer or agreed to in settlement by ProcessUnity in such action. Customer shall provide ProcessUnity with: (a) prompt written notification of the claim or action; (b) sole control and authority over the defense or settlement thereof; and (c) all available information, assistance and authority to settle and/or defend any such claim or action, at ProcessUnity’s expense. ProcessUnity shall not be required to indemnify Customer in the event of: (i) modification of the Service by Customer, its Employees, or Authorized Users in conflict with Customer’s obligations or as a result of any prohibited activity as set forth herein; (ii) use of the Service in a manner inconsistent with the Documentation; (iii) use of the Service in combination with any other product or service not provided by ProcessUnity; or (iv) use of the Service in a manner not otherwise contemplated by this Agreement.
8.2 Remedies. If ProcessUnity or Customer is enjoined from using the Service, becomes, or in the opinion of ProcessUnity is likely to become, the subject of an infringement claim or action otherwise covered by the indemnification remedy in Section 8.1, ProcessUnity may at its sole option: (a) procure, at no cost to Customer, for Customer the right to continue using the Service; (b) replace or modify the Service to render them non-infringing, provided there is no material loss of functionality; or (c) terminate this Agreement and refund the subscription fee(s) paid by Customer for the Service. ProcessUnity may not settle any Claim unless it unconditionally releases Customer of all liability.
8.3 Customer Indemnity. Customer agrees to indemnify and hold ProcessUnity and its officers, directors, employees, affiliates, agents, and business partners harmless from and against all losses, damages and expenses, including reasonable attorney’s fees, in connection with any claims brought by any third party against ProcessUnity or ProcessUnity’s officers or employees arising as a result of: (i) Customer’s use of the Service in violation of the terms of this Agreement, (ii) claims that the Customer Data infringes the rights of, or has caused harm to, a third party or violates any law, or (iii) Customer’s willful misconduct; provided, however, that ProcessUnity: (a) promptly gives written notice of the Claim to Customer; (b) gives Customer sole control of the defense and settlement of the Claim (provided that Customer may not settle any Claim unless it unconditionally releases ProcessUnity of all liability); and (c) provides to Customer, at Customer’s cost, all reasonable assistance.
9. LIMITATION OF LIABILITY; EXCLUSION OF DAMAGES.
9.1 Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED BY LAW AND EXCEPT WITH RESPECT TO EITHER PARTY’S INDEMNIFICATION OBLIGATIONS SPECIFIED IN SECTION 8 HEREIN OR A BREACH OF A PARTY’S CONFIDENTIALITY OBLIGATIONS SPECIFIED IN SECTION 5 HEREIN, IN NO EVENT SHALL EITHER PARTY’S (OR PROCESSUNITY’S THIRD PARTY LICENSORS’) AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, EXCEED THE SUBSCRIPTION FEES ACTUALLY PAID BY CUSTOMER IN CONSIDERATION FOR SERVICE DURING THE IMMEDIATELY PRECEDING TWELVE (12) MONTH PERIOD FROM WHICH THE CLAIM AROSE (OR, FOR A CLAIM ARISING BEFORE THE FIRST ANNIVERSARY OF THE EFFECTIVE DATE, THE AMOUNT PAID FOR THE FIRST TWELVE MONTH PERIOD).
9.2 Exclusions. EXCEPT WITH RESPECT TO EITHER PARTY’S INDEMNIFICATION OBLIGATIONS SPECIFIED IN SECTION 8 HEREIN OR A BREACH OF A PARTY’S CONFIDENTIALITY OBLIGATIONS SPECIFIED IN SECTION 5 HEREIN, IN NO EVENT SHALL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED, OR FOR ANY LOST PROFITS, LOSS OF USE, COST OF DATA RECONSTRUCTION, COST OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, WHETHER IN CONTRACT, TORT OR OTHERWISE, ARISING OUT OF, OR IN ANY WAY CONNECTED WITH THE SERVICE, INCLUDING BUT NOT LIMITED TO THE USE OR INABILITY TO USE THE SERVICE, ANY INTERRUPTION, INACCURACY, ERROR OR OMISSION, EVEN IF THE PARTY FROM WHICH DAMAGES ARE BEING SOUGHT OR SUCH PARTY’S LICENSORS HAVE BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES.
10. TERM & TERMINATION.
10.1 Term of Agreement; Term of Access to the Service. The term of this Agreement commences on the Effective Date and continues until the stated term in all Order Forms has expired or has otherwise been terminated, or at the end of the Renewal Subscription Term. Subscriptions to the Service commence on the date and are for the term as specified in the applicable Order Form or the Renewal Subscription Term.
10.2 Termination. Either Party may terminate this Agreement: (i) upon thirty (30) days prior written notice to the other Party of a material breach by the other Party if such breach remains uncured at the expiration of such notice period; or (ii) immediately in the event the other Party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors. In the event the Agreement is terminated, all Order Forms are simultaneously terminated.
10.3 Effect of Termination. Upon any termination of this Agreement, Customer shall, as of the date of such termination, immediately cease accessing and otherwise utilizing the applicable Service (except as permitted under the section entitled “Access to Customer Data”) and ProcessUnity Confidential Information. Termination for any reason shall not relieve Customer of the obligation to pay any fees accrued or due and payable to ProcessUnity prior to the effective date of termination and termination for any reason other than for uncured material breach by ProcessUnity shall not relieve Customer of the obligation to pay all future amounts due under all order forms. Upon termination for cause by ProcessUnity, all future amounts due under all Order Forms shall be accelerated and become due and payable immediately.
10.4 Access to Customer Data. Upon request by Customer made within thirty (30) days after any expiration or termination of this Agreement, ProcessUnity will make Customer Data available to Customer through the Service on a limited basis solely for purposes of Customer retrieving Customer Data for a period of up to thirty (30) day after such request is received by ProcessUnity. After such thirty (30) day period, ProcessUnity will have no obligation to maintain or provide any Customer Data and may thereafter, unless legally prohibited, delete all Customer Data. If Customer requests ProcessUnity’s assistance, Customer may acquire ProcessUnity professional services at ProcessUnity’s then-current billing rates pursuant to a separately executed Statement of Work.
10.5 Survival. Notwithstanding anything to the contrary in this Section 10, the provisions of Sections 1-5 and 8-11 shall survive termination of this Agreement.
11. GENERAL PROVISIONS.
11.1 Entire Agreement. This Agreement contains the entire agreement and understanding of the parties with respect to the subject matter hereof and shall supersede and merge all prior and contemporaneous communications and agreements with respect to the subject matter hereof. No addition to or modification of any provision of this Agreement shall be binding upon the parties unless in a written agreement signed by the parties hereto. No quote, purchase order, invoice or similar document will modify the terms of this Agreement even if accepted by the receiving Party. In the event of a conflict, the provisions of an Order Form shall take precedence over provisions of the body of this Agreement and over any other Exhibit or Attachment.
11.2 Assignment. Neither Party shall be entitled to assign or otherwise transfer rights or obligations under this Agreement, including use of the Service, whether in whole or in part, except with the prior written consent of the other Party, such consent not to be unreasonably withheld or delayed. Notwithstanding the foregoing, either Party may assign this Agreement in its entirety (including all Order Forms) without consent of the other Party in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets provided the assignee has agreed to be bound by all of the terms of this Agreement and all past due fees are paid in full, except that Customer shall have no right to assign this Agreement to a Competitor of ProcessUnity. Any attempt by a Party to assign its rights or obligations under this Agreement in breach of this section shall be void and of no effect. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the Parties, their respective successors and permitted assigns.
11.3 Force Majeure. Neither Party shall be liable for, or be considered to be in breach of or default on account of, any delay or failure to perform as a result of any cause or condition beyond such Party’s reasonable control (including, but not limited to, computer attacks or malicious acts, such as attacks on or through the Internet, or delays caused by an Internet service provider, telecommunications or hosting facility). Neither Party’s payment obligations shall be excused by a force majeure event.
11.4 Notices. All notices and other communications under this Agreement shall be in writing and shall be effective when received or, if delivery is not accomplished by reason of or some fault of the addressee, when tendered, and may be transmitted by (i) personal delivery, (ii) express mail by registered or certified mail, (iii) by courier or delivery service, or (iv) by fax or email with a receipt confirmed in writing by the receiving Party, to ProcessUnity at ProcessUnity, Inc., 33 Bradford Street, Concord, MA 01742, attn: Legal, fax number 978-610-6440, or email address [email protected] or to Customer at their address set forth on the applicable Order Form(s), or to such other addresses as either Party may from time to time notify the other Party of in accordance with this Section.
11.5 Relationship between the Parties. In all matters relating to this Agreement, Customer and ProcessUnity shall act as independent parties and nothing in this Agreement shall be construed to create a partnership, joint venture, agency relationship or employment or franchise relationship between the Parties. Neither Party has the right, power or authority to bind the other or incur, assume or create any obligation on behalf of the other Party.
11.6 Choice of Law and Venue. This Agreement shall be governed by the laws of the Commonwealth of Massachusetts, without regard to any of its conflict of laws provisions. Any action or proceeding relating to this Agreement must be brought in a federal or state court in the Commonwealth of Massachusetts (provided, however, that nothing in this Agreement shall prevent a Party from seeking injunctive relief to enforce the terms of this Agreement in any venue or jurisdiction as determined in such Party’s sole discretion and convenience), and each Party irrevocably submits to the jurisdiction and venue of any such court in any such action or proceeding.
11.7 Export Controls. Each Party shall comply with the export laws and regulations of the United States and other applicable jurisdictions in providing and using the Service. Without limiting the generality of the foregoing, Customer shall not make the Service available to any person or entity that: (i) is located in a country that is subject to a U.S. government embargo; (ii) is listed on any U.S. government list of prohibited or restricted parties; or (iii) is engaged in activities directly or indirectly related to the proliferation of weapons of mass destruction.
11.8 Headings; Counterparts; “Includes” and “Including”. All captions, titles or section headings of this Agreement are for ease of reference only, shall not affect the interpretation or construction of any provisions of this Agreement and shall not be deemed part of this Agreement. Wherever the word “including” or “include” shall appear in this Agreement, such term shall be construed to mean “including without limitation” or “include without limitation,” as the case may be.
11.9 Partial Invalidity. If any provision of this Agreement or the application thereof to any Party or circumstances shall be declared void, illegal or unenforceable by a competent court of law, competent arbitrator or other competent authority, the remainder of this Agreement shall be valid and enforceable to the extent permitted by applicable law. The invalid provision shall be replaced by an appropriate provision, which to the extent permitted by applicable law, comes closest to the Parties’ intent of what the Parties would have agreed on, had they been aware of the invalidity or unenforceability, in order to meet the spirit and purpose of this Agreement.
11.10 Waiver. No waiver by either Party to this Agreement of any provision hereof, and no failure by either Party to exercise any of such Party’s rights or remedies hereunder, shall be deemed to constitute a waiver of such provision, right, or remedy in the future, or of any other provision, right, or remedy hereunder, unless such waiver shall be set forth in a written instrument signed by the Party against whom such waiver is sought to be enforced.
11.11 Third Party Beneficiary. Other than as expressly set forth herein, no provision of this Agreement shall be deemed for the benefit of any other person or entity, including any third party.
11.12 Miscellaneous. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in effect. Except as otherwise specified in writing by Customer, ProcessUnity may use Customer’s name and logo in lists of customers, on marketing materials and on its website. This Agreement may be executed in counterparts, which taken together shall form one binding legal instrument. The parties hereby consent to the use of electronic signatures in connection with the execution of this agreement, and further agree that electronic signatures to this agreement shall be legally binding with the same force and effect as manually executed signatures.
Exhibit A
PROCESSUNITY DATA PRIVACY & DATA SECURITY STATEMENT
Version 8.3.18
This Data Privacy & Data Security Statement (the “Statement”), is provided by ProcessUnity, Inc. (“ProcessUnity”) to its Customers (each, a “Customer”). This Statement describes ProcessUnity’s commitments with regard to data privacy and data security. ProcessUnity may update this Statement from time to time. Updated versions will be published on ProcessUnity’s website.
1. Definitions
“Authorized Persons” means ProcessUnity’s employees, agents, and contractors that have a need to know or otherwise access User Data to enable ProcessUnity to provide the Services.
“Controller” means a controller as defined under the GDPR.
“Data Protection Laws” means all international, federal, national and state privacy and data protection laws and regulations to the extent applicable to ProcessUnity and the Services. The Data Protection Laws include GDPR, to the extent applicable to ProcessUnity.
“Data Security Incident” means any accidental, unauthorized or unlawful access, acquisition, theft, destruction, or disclosure of User Data that occurs while such User Data is in the possession of or under the control of ProcessUnity.
“GDPR” means the EU General Data Protection Regulation 2016/679.
“Personal Data” means information relating to an identified or identifiable natural person. An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Process” or “Processing” means any operation or set of operations that are performed upon User Data, whether or not by automatic means, such as collection, accessing, processing, use, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, transmittal, alignment or combination, blocking, erasure, destruction or otherwise used as set out in the applicable Data Protection Laws.
“Processor” means a processor as defined under the GDPR.
“Services” means ProcessUnity’s cloud-based governance, risk and compliance solutions.
“Sub-Processor” shall mean an entity engaged by ProcessUnity to assist it in Processing the User Data in fulfillment of its obligations with regard to the Services.
“User Data” means all data relating to a ProcessUnity Customer or its authorized users (“Users”) that is provided to ProcessUnity by a Customer or that is otherwise obtained or accessed by ProcessUnity in connection with the Services. User Data may include Personal Data.
“Third Party” is any person or entity other than ProcessUnity and Customer and Customer’s Users.
2. Data Privacy.
A. Compliance with Laws. ProcessUnity is committed to complying with its obligations under all Data Protection Laws that are applicable to ProcessUnity and the Services.
B. Distribution of User Data. Customers and Users should provide ProcessUnity only with Personal Data that is requested by ProcessUnity or that is otherwise necessary for ProcessUnity to provide the Services. ProcessUnity is not responsible for any other Personal Data.
C. Limitations on Use of Personal Data. ProcessUnity will not Process User Data other than for the purpose of providing the Services or as otherwise specified by Users. ProcessUnity will not Process User Data for the benefit of any Third Party. ProcessUnity will access only the User Data that it needs to perform the Services (i.e., no more than necessary). ProcessUnity will not store User Data longer than necessary to achieve the permitted purposes specified by User.
D. Restrictions. Except with a User’s prior, written approval, on a case-by-case basis, ProcessUnity will not: (a) use User Data other than as necessary for ProcessUnity to provide the Services, (b) disclose, sell, assign, lease or otherwise provide User Data to Third Parties (other than to its affiliates or Sub-Processors) except to the extent required or permitted by Data Protection Laws, or (c) merge User Data with other data, modify or commercially exploit any User Data.
E. Sensitive Personal Data. Customers and Users are advised never to provide ProcessUnity with Sensitive Personal Data. “Sensitive Personal Data” means (a) information that reveals a natural person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, (b) information or data concerning a natural person’s health or sex life or sexual orientation; or (c) genetic data or biometric data about a natural person.
3. Sub-Processors.
ProcessUnity may engage Sub-Processors in connection with the provision of the Services, provided, however, that ProcessUnity will not provide a Sub-Processor with access to User Data unless the Sub-Processor has: (i) a business need to know / access the relevant User Data, as necessary for the purposes of the Services; (ii) signed a written obligation of confidentiality or are under professional obligations of confidentiality; and (iii) implemented technical, operational, physical, and organization safeguards to protect User Data against accidental or unlawful destruction or alteration and unauthorized disclosure or access.
4. Data Subject Rights; Cooperation.
ProcessUnity will use commercially reasonable efforts to cooperate and assist with a User’s exercise of his/her rights under applicable Data Protection Laws with respect to Personal Data Processed by ProcessUnity, including, without limitation, the right to be forgotten, the right to data portability, and the right to access data under the GDPR.
5. Return or Destruction of User Data.
Upon the written request of a User, ProcessUnity will return User Data to a User or securely delete User Data as soon as reasonably practicable. However, if ProcessUnity is required by law to retain User Data or if User Data is stored in a manner such that it cannot readily be returned or destroyed without affecting other data, then ProcessUnity will continue to protect such User Data in accordance with this Statement and limit any use to the purposes of such retention.
6. Data Security.
A. Security Program Requirements. ProcessUnity will maintain a security program that contains administrative, technical, and physical safeguards appropriate to the complexity, nature, and scope of its activities. ProcessUnity’s security program shall be designed to protect the security and confidentiality of User Data against unlawful or accidental access to, or unauthorized processing, disclosure, destruction, damage or loss of User Data. At a minimum, ProcessUnity’s security program shall include: (a) limiting access of User Data to Authorized Persons; (b) implementing network, application, database, and platform security; (c) means for securing information transmission, storage, and disposal within ProcessUnity’s possession or control; (d) means for encrypting User Data stored on media within ProcessUnity’s possession or control by using modern acceptable cyphers and key lengths, including backup media; (e) means for encrypting User Data transmitted by ProcessUnity over public or wireless networks by using modern acceptable cyphers and key lengths; and (f) means for keeping firewalls, routers, servers, personal computers, and all other resources current with appropriate security-specific system patches.
B. Regular Reviews. ProcessUnity will ensure that its security measures are regularly reviewed and revised to address evolving threats and vulnerabilities.
7. Data Security Incident Procedures.
A. Notification. ProcessUnity shall notify Customer as promptly as reasonably feasible, but in any event within forty-eight (48) hours of becoming aware of a Data Security Incident. ProcessUnity shall provide Customer with a detailed description of the Data Security Incident, the type of data that was the subject of the Data Security incident and, to the extent known to ProcessUnity, the identity of each affected person, as soon as this information can be collected or otherwise becomes available, as well as all other information and cooperation that Customer may reasonably request relating to the Data Security Incident.
B. Mitigation. ProcessUnity agrees to take action immediately, at its own expense, to investigate the Data Security Incident and to identify, prevent, and mitigate the effects of the Data Security Incident and, with Customer’s prior agreement, to carry out any recovery or other action necessary to remedy the Data Security Incident. ProcessUnity will inform Customer of the steps it is taking to mitigate the effects of the Data Security Incident and to minimize the chances of another Data Security Incident happening again.
C. Publicity. ProcessUnity will not issue, publish or make available to any third party any press release or other communication concerning the Data Security Incident without Customer’s prior written approval or request.
D. Cooperation. ProcessUnity shall provide full cooperation and assistance to Customer to enable Customer to fulfill its obligations to enable Data Subjects affected by the Data Security Incident to exercise their rights under the Data Protection Laws. ProcessUnity will notify Customer within three (3) business days of all communications Customer receives from an affected Data Subject seeking to exercise his/her right in connection with the Data Security Incident.
8. Cross-Border Transfers.
A. Location. ProcessUnity systems and ProcessUnity’s Processing of User Data will occur within the following jurisdictions: United States of America and Ireland (the “Processing Jurisdictions”). ProcessUnity will not transfer any User Data outside of the Processing Jurisdictions without the prior written agreement of Customer and Users.
B. Sub-Processors. Before providing User Data of a European citizen to Sub-Processors, ProcessUnity will use commercially reasonable efforts to ensure that the Sub-Processors will either be certified under the EU-US Privacy Shield or that the Sub-Processors execute EU-prescribed Standard Contractual Clauses.
9. Audits Reports.
If ProcessUnity engages a third party auditor to perform a system controls or data security audit of ProcessUnity’s operations, information security program or disaster recovery/business continuity plan, ProcessUnity shall provide a copy of the audit report to Customer or User within a reasonable period of time after receipt of a request from Customer or the User for such a report. Any such audit reports shall be ProcessUnity’s confidential information.