This Software Services Agreement (the “Agreement”) is hereby entered into and agreed upon by company, as defined in the applicable Statement or Work of Purchase Order, (“Company”) and 100 North Rupert Street, Fort Worth, Texas 76107 (“Inspirus”), and is effective as of the date that Company accept this Agreement (defined below) (“Effective Date”). The term “Party” shall mean Inspirus and Customer individually, and the term “Parties” shall mean Inspirus and Customer collectively.
By accepting this Agreement, either by indicating Company’s acceptance, by executing a purchase order or a statement of work that references this agreement, or by utilizing the Services (defined below), you agree to this Agreement. This agreement is a legally binding contract between the Parties and sets forth the terms that govern the Services. Any changes, additions or deletions by Company to this Agreement will not be accepted and will not be a part of this Agreement. If Company does not agree to this Agreement, you must not access, download, install, or use the Services.
A. Inspirus is a leading provider of employee engagement and recognition technology, programs, awards, and related fulfillment services.
B. Customer desires to subscribe to such Inspirus services in accordance with the terms and conditions of this Agreement.
Intending to be legally bound, the Parties agree as follows:
ACH shall mean Automated Clearing House.
Action shall mean any claim, action, cause of action, demand, lawsuit, arbitration, inquiry, audit, notice of violation, proceeding, litigation, citation, summons, subpoena, or investigation of any nature, civil, criminal, administrative, regulatory, or other, whether at law, in equity, or otherwise.
Affiliate shall mean any other Person that directly or indirectly, through one or more intermediaries, controls, is controlled by, or is under common control with, such Person. The term "control" (including the terms "controlled by" and "under common control with") means the direct or indirect power to direct or cause the direction of the management and policies of a Person, whether through the ownership of voting securities, by contract, or otherwise.
Authorized Users shall mean Customer's employees, consultants, contractors, and agents (a) who are authorized by Customer to access and use the Services under the rights granted to Customer pursuant to this Agreement; and (b) for whom access to the Services has been purchased.
Confidential Information shall mean valuable materials, information, and/or data which such other Party considers to be confidential and proprietary relating to such other Party’s and its affiliates’ intellectual property, know-how, businesses, operations, finances and/or marketing, research and development and/or other plans and strategies. All such materials, information and/or data, together with all copies thereof, whether written or recorded in electronic or other format and on whatever media will be considered Confidential Information.
Customer Data shall mean all data that Customer or its Authorized Users load or enter into the Service. Customer Data does not include Inspirus Materials.
Customer Failure shall mean a delay or failure of performance caused in whole or in part by Customer's delay in performing, or failure to perform, any of its obligations under this Agreement or SOW.
Customer Materials shall mean Customer trademarks, Customer Data, and other materials and information provided by or on behalf of Customer or its Authorized Users.
Customer Systems shall mean Customer's information technology infrastructure, including computers, software, databases, electronic systems (including database management systems), and networks, whether operated directly by Customer or through the use of third-party services.
Documentation shall mean any manuals, instructions, or other documents or materials that Inspirus provides or makes available to Customer in any form or medium and which describe the functionality, components, features, or requirements of the Services or Inspirus Materials, including any aspect of the installation, configuration, integration, operation, use, support, or maintenance thereof.
First Derivative Data shall mean de-identified data that does not identify an individual and with respect to which there is no reasonable basis to believe that the data can be used to identify an individual. This data is used by Inspirus in an aggregate manner, and may be used, among other things, to compile statistical and performance information related to the provision and operation of the Services.
Force Majeure Event shall mean any circumstances beyond Inspirus's reasonable control.
Effective Date shall mean the date at which both parties have signed the document.
Harmful Code means any software, hardware, or other technology, device, or means, including any virus, worm, malware, or other malicious computer code, the purpose or effect of which is to (a) permit unauthorized access to, or to destroy, disrupt, disable, distort, or otherwise harm or impede in any manner any (i) computer, software, firmware, hardware, system, or network; or (ii) any application or function of any of the foregoing or the security, integrity, confidentiality, or use of any data Processed thereby; or (b) prevent Customer or any Authorized User from accessing or using the Services or Inspirus systems as intended by this Agreement. Harmful Code does not include any Inspirus Disabling Device.
Indemnitee shall mean the party seeking indemnification.
Indemnitor shall mean the indemnifying party.
Initial Term shall be defined by the time period outlined in section 4.A.
Inspirus Intellectual Property shall mean the Services and underlying technology, including without limitation, any and all materials, works, information, software, tools, technology, know-how, updates, upgrades, fixes, patches, error corrections, specifications, deliverables or other materials (including without limitation the Inspirus Materials) developed or provided by Inspirus or on its behalf under this Agreement, and any and all Intellectual Property Rights to the foregoing.
Inspirus Materials shall mean materials, algorithms, software, data, and/or information developed or provided by or on behalf of Inspirus and its contractors, including data and/or information that (i) is directly or indirectly derived from the Customer Data and/or other Customer Materials, and (ii) is de-identified such that it does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual, and all Intellectual Property Rights in the foregoing. Inspirus Materials include, without limitation, (1) artificial intelligence (“AI”) and machine learning (“ML”) algorithms, (2) training data for AI and ML algorithms that has been de-identified as set forth above in subsection (ii), (3) gains, weights, inferences and other parameters calculated or derived from training data for AI and ML algorithms, (4) methods of training AI and ML algorithms, (5) works and derivative works created by, and results of the operation of, such AI and ML algorithms, and (6) all Intellectual Property Rights in the foregoing.
Inspirus Disabling Device shall mean any software, hardware, or other technology, device, or means (including any back door, time bomb, time out, drop dead device, software routine, or other disabling device) used by Inspirus or its designee to disable Customer's or any Authorized User's access to or use of the Services automatically with the passage of time or under the positive control of Inspirus or its designee.
Intellectual Property Rights shall mean all intellectual property rights of any kind, worldwide, including without limitation trade secrets, patents, copyrights, trademarks, service marks, know-how, moral rights and other intellectual property rights existing under the laws of any governmental authority, domestic or foreign, including all applications and registrations relating to any of the foregoing. In no event shall the Services or any other Inspirus Intellectual Property be deemed to be “works made for hire”, nor shall Inspirus be deemed to have sold, assigned, or conveyed any rights in them.
Losses shall mean any and all losses, damages, deficiencies, claims, actions, judgments, settlements, interest, awards, penalties, fines, costs, or expenses of whatever kind, including reasonable attorneys' fees and the costs of enforcing any right to indemnification hereunder and the cost of pursuing any insurance providers.
Notice shall mean all notices, requests, consents, claims, demands, waivers, and other communications under this Agreement.
Recipient Party shall mean the Party who receives Confidential Information.
Person shall mean an individual, corporation, partnership, joint venture, limited liability entity, governmental authority, unincorporated organization, trust, association, or other entity.
Personal Data shall mean any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Data will also include, as applicable law requires, the data under the defined terms of personal information, personally identifiable information, credit card information, or patient health information.
Representative Party shall mean each Party and its respective directors, officers, employees, representatives, and agents.
Service(s) shall mean various employee service awards, award recognition fulfillment services, or other services described in applicable SOW.
SOW shall mean the Statement of Work, the document where the Parties agree to specific Services.
Specifications shall mean the specifications for the Services set forth in a SOW.
Subcontractor shall mean a third party which Inspirus engages to perform the Services.
Term shall mean the term of this Agreement and will incorporate the Initial Term and the continuation of such Initial Term.
Third-Party Materials shall mean materials and information, in any form or medium, including any open-source or other software, documents, data, content, specifications, products, equipment, or components of or relating to the Services that are not proprietary to Inspirus.
Web Site shall mean any web site or application provided as part of the Services for Customer.
A. Services. Inspirus hereby grants to Customer a non-exclusive, nontransferable right, without the right to sublicense, to access and use the Services for Customer’s and its employees’ internal use in the administration, management and operation of Customer’s employee engagement programs during the Term.
B. SOW. Inspirus agrees to provide for Customer the Services as outlined in a SOW. Inspirus shall provide to Customer the Services described in one or more SOWs, executed by both Parties from time to time during the Term. Each such SOW shall be subject to the terms and conditions of this Agreement.
C. Subcontractors. Inspirus may from time to time in its discretion engage Subcontractors.
D. Changes. Inspirus reserves the right, in its sole, reasonable, discretion, to make any changes to the Services and Inspirus Materials that it deems necessary or useful to:
i. maintain or enhance:
- the quality or delivery of Inspirus’ services to its Customers;
- the competitive strength of or market for Inspirus’ services; or
- the Services' cost efficiency or performance.; or
ii. to comply with applicable law.
Without limiting the foregoing, either party may, at any time during the Term, request in writing changes to the Services. The Parties shall evaluate and, if agreed, implement all such requested changes
3. Obligations of Customer.
A. Accessing User Accounts. Customer will issue each Authorized User a unique user ID required to access and use the Service. Customer will only access, and shall cause its Authorized Users to only access, and use the Services through user IDs approved by Inspirus. Customer will use reasonable efforts to ensure that Authorized Users do not share user IDs with each other or with third parties. Inspirus may rely on any user ID, instruction or information that meets the Service's automated criteria, or which is believed by Inspirus to be genuine. Inspirus may assume a person entering a user ID and password is, in fact, that user. Inspirus may assume the latest email addresses and registration information on file with the Services are accurate and current. When programmed to do so, the Services may take prescribed actions if proper and complete contrary instructions are not given. Customer will also ensure that the Authorized Users who access, use or provide any data or content to the Web Site will: (i) agree to and comply with the terms and conditions of any “click-through” or other Agreement included on the Web Site; and (ii) do so in a manner that: (a) neither infringes nor misappropriates the intellectual property right or other proprietary or privacy right of any third party; and (b) is not misleading, fraudulent, defamatory, libelous, slanderous, threatening, injurious to minors, pornographic, or illegal. Notwithstanding anything to the contrary in this Agreement, Inspirus reserves the sole right to terminate any person’s access to or use of the Web Site at any time. In any event of termination, Inspirus will provide notice to Customer following the termination of a User’s access and the reasons for termination.
B. Data Preparation & Configuration. Customer will ensure that:
i. Customer Data is accurate and in the proper format as reasonably required by Inspirus;
ii. Customer Data has been obtained lawfully and is transferred or made accessible to Inspirus and its suppliers and other contractors under this Agreement in accordance with applicable law;
iii. employees and other personnel have received proper notice of the processing of Customer Data in accordance with applicable law;
iv. its Authorized Users are familiar with the use and operation of the Service;
v. the Services will be used by Customer or its Authorized Users in accordance with applicable law and will not result in any decision based solely on automated profiling of employees and other personnel that has a legal effect or similarly significant effect on those employees and other personnel, and no other software, data or equipment having an adverse impact on the Services has been introduced or used by Customer or its Authorized Users; and
vi. Where applicable, in partial consideration for the Implementation Fee set forth in the Inspirus Employee Engagement Platform Implementation Reservation Agreement or in a SOW, Inspirus will load the initial Customer Data and assist with configuring the Service.
- (a) If Customer requires manual uploads of Customer Data after initial implementation, Inspirus will invoice Customer for any additional charges based on time and labor related to such uploads.
- (b) Customer will be responsible for any updates to its internal processes, as needed, to operate the Services and any updates in Customer's computing environment.
C. Use Restrictions. Customer shall not, and shall not permit any other Person to, access or use the Services or Inspirus Materials except as expressly permitted by this Agreement or a SOW for the administration, management, and operation of Customer’s employee programs. For purposes of clarity and without limiting the generality of the foregoing, Customer shall not, except as this Agreement expressly permits:
- i. copy, modify, or create derivative works or improvements of the Services or Inspirus Materials;
- ii. rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer, or otherwise make available any Services or Inspirus Materials to any Person, including on or in connection with the internet or any time-sharing, service bureau, software as a service, cloud, or other technology or service;
- iii. reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to the source code of the Services or Inspirus Materials, in whole or in part;
- iv. bypass or breach any security device or protection used by the Services or Inspirus Materials or access or use the Services or Inspirus Materials other than by an Authorized User through the use of his or her own then valid access credentials;
- v. input, upload, transmit, or otherwise provide to or through the Services or Inspirus Systems, any information or materials that are unlawful or injurious, or contain, transmit, or activate any Harmful Code;
- vi. damage, destroy, disrupt, disable, impair, interfere with, or otherwise impede or harm in any manner the Services, Inspirus Systems, or Inspirus’s provision of services to any third party, in whole or in part;
- vii. remove, delete, alter, or obscure any trademarks, Specifications, Documentation, warranties, or disclaimers, or any copyright, trademark, patent, or other intellectual property or proprietary rights notices from any Services or Inspirus Materials, including any copy thereof;
- viii. access or use the Services or Inspirus Materials in any manner or for any purpose that infringes, misappropriates, or otherwise violates any Intellectual Property Right or other right of any third party (including by any unauthorized access to, misappropriation, use, alteration, destruction, or disclosure of the data of any other Inspirus customer), or that violates any applicable law;
- ix. access or use the Services or Inspirus Materials for purposes of competitive analysis of the Services or Inspirus Materials, the development, provision, or use of a competing software service or product or any other purpose that is to the Inspirus’s detriment or commercial disadvantage;
- x. access or use the Services or Inspirus Materials in, or in association with, the design, construction, maintenance, or operation of any hazardous environments, systems, or applications, any safety response systems or other safety-critical applications, or any other use or application in which the use or failure of the Services could lead to personal injury or severe physical or property damage; or
- xi. otherwise access or use the Services beyond the scope of the authorization granted under this Section 3.C.
D. Effect of Customer Failure or Delay. Inspirus is not responsible or liable for any Customer Failure.
E. Corrective Action and Notice. If Customer becomes aware of any actual or threatened activity prohibited by Section 3.C, Customer shall, and shall cause its Authorized Users to, immediately: (a) take all reasonable and lawful measures within their respective control that are necessary to stop the activity or threatened activity and to mitigate its effects (including, where applicable, by discontinuing and preventing any unauthorized access to the Services and Inspirus Materials and permanently erasing from their systems and destroying any data to which any of them have gained unauthorized access); and (b) notify Inspirus of any such actual or threatened activity.
F. Customer Control and Responsibility. Customer has and will retain sole responsibility for: (a) all Customer Data, including its content and use; (b) all information, instructions, and materials provided by or on behalf of Customer or any Authorized User in connection with the Services; (c) Customer Systems; (d) the security and use of Customer's and its Authorized Users' Access Credentials; and (e) all access to and use of the Services and Inspirus Materials directly or indirectly by or through the Customer Systems or its or its Authorized Users' Access Credentials, with or without Customer's knowledge or consent, including all results obtained from, and all conclusions, decisions, and actions based on, such access or use.
G. Access and Security. Customer shall employ all physical, administrative, and technical controls, screening, and security procedures and other safeguards necessary to: (a) securely administer the distribution and use of all Access Credentials and protect against any unauthorized access to or use of the Services; and (b) control the content and use of Customer Data, including the uploading or other provision of Customer Data for Processing by the Services.
4. Term, Termination, and Early Termination.
A. Term; Renewals. The Initial Term shall commence upon the Effective Date and shall continue for a ninety (90) month period, unless terminated earlier in accordance with this Section 4. Thereafter, this Agreement shall renew annually, unless either party provides the other with prior written notice of its intent to terminate at least 90 days from the annual renewal date.
B. Termination for Lack of Payment. Inspirus may terminate this Agreement, effective on written notice to Customer, if Customer fails to pay any amount when due hereunder, and such failure continues more than 30 days after Inspirus’ delivery of written notice thereof.
C. Termination for Cause. This Agreement may be terminated by either Party, effective upon delivery of written notice of such termination to the other Party in the event of a material breach by the other party of any of its obligations under this Agreement and the other party fails to cure such breach within thirty (30) days of receiving written notice of the breach. In addition, if (i) a receiver is appointed for either Party’s business, (ii) either Party files a voluntary petition in bankruptcy or for reorganization under the bankruptcy laws, (iii) if a petition in bankruptcy is filed against either Party and is not dismissed within sixty (60) days after filing, or (iv) either party makes an assignment for the benefit of creditors, then the other Party shall, upon thirty (30) days prior written notice, have the right to terminate this Agreement.
D. Termination for Convenience. After one year of time has passed following the Effective Date, either Party may terminate this Agreement and/or any Statement of Work for convenience upon ninety (90) days’ prior written notices to the other Party. Upon receipt of such notice by either Party, Inspirus shall:
- i. Immediately stop work under any applicable SOW upon the termination date;
- ii. Notify Customer of fees incurred up to the date of termination. Unless otherwise specified in a SOW, in the event of termination of a fixed fee project, the Parties shall mutually agree on what portion of the Services were actually completed by Inspirus as of the date of termination, and the fees owed by Customer shall be equal to that portion of the fixed fee.; and
E. Termination Fees. In the event of termination of this Agreement, Customer shall be responsible for all fees owing through the effective date of termination (and sundown period if elected) and any agreed upon fees described in Section 5 below and, if included, in each SOW.
F. Sundown Period. Customer can elect, with at least 90 days’ written notice to Inspirus prior to termination, of their desire to have a sundown period following the termination date of the Agreement. Inspirus and Customer will then agree upon the length of the sundown period, with a maximum duration of 120 days. During any such sundown period, Inspirus will continue to accommodate Customer’s employee’s recognition and redemption activity and full site maintenance and customer service. The billing details of any such sundown period will be governed in the SOW.
G. Effect of Termination or Expiration. Upon any expiration or termination of this Agreement, except as expressly otherwise provided in this Agreement:
- i. all rights, licenses, consents, and authorizations granted by either party to the other hereunder will immediately terminate, except for any rights granted by Customer to use data as part of First Derivative Data;
- ii. Inspirus shall promptly cease all use of any Customer Data or Customer's Confidential Information and (1) promptly return to Customer, or at Customer's written request destroy, all documents and tangible materials containing, reflecting, incorporating, or based on Customer Data or Customer's Confidential Information; and (2) permanently erase all Customer Data and Customer's Confidential Information from all systems Inspirus directly or indirectly controls, provided that, for clarity, Inspirus’ obligations under this Section 4.G.ii do not apply to any First Derivative Data;
- iii. Customer shall promptly cease all use of any Services or Inspirus Materials and (1) promptly return to Inspirus, or at Inspirus’s written request destroy, all documents and tangible materials containing, reflecting, incorporating, or based on Provider's Confidential Information; and (2) permanently erase all Provider Materials and Provider's Confidential Information from all systems Customer directly or indirectly controls.
- iv. notwithstanding anything to the contrary in this Agreement, with respect to information and materials then in its possession or control: (1) the Receiving Party may retain the disclosing Party's Confidential Information; and (2) Provider may retain Customer Data, in the case of each of subclause (1) and (2) in its then current state and solely to the extent and for so long as required by applicable law; (3) Provider may also retain Customer Data in its backups, archives, and disaster recovery systems until such Customer Data is deleted in the ordinary course; and (4) all information and materials described in this Section 4.G.iv will remain subject to all confidentiality, security, and other applicable requirements of this Agreement;
- v. Inspirus may disable all Customer and Authorized User access to the Services;
- vi. if either Party terminates this Agreement pursuant to Section 4.D, Customer will be relieved of any obligation to pay any Fees attributable to the period after the effective date of such termination and Inspirus will (1) refund to Customer fees paid in advance for Services that Inspirus has not performed as of the effective date of termination and (2) pay to Customer any unpaid service credits to which Customer is entitled.
- vii. if Inspirus terminates this Agreement pursuant to Section 4.B or Section 4.C, all fees that would have become payable had this Agreement remained in effect until expiration of the Term will become immediately due and payable, and Customer shall pay such fees, together with all previously-accrued but not yet paid fees, on receipt of Inspirus’ invoice therefor.
H. Surviving Terms. The provisions set forth in the following sections, and any other right or obligation of the parties in this Agreement that, by its nature, should survive termination or expiration of this Agreement, will survive any expiration or termination of this Agreement: Section 3.C, Section 8.B, Section 9, Section 10, Section 4.E, this Section 4.H, Section 16, and Section 17.
5. Fees and Payment Terms.
A. Due Date. Award redemption invoices are payable net fifteen (15) days from the date of the invoice. All other invoices are payable net thirty (30) days from the date of the invoice. All prices are stated and payable in U.S. Dollars.
- a. The Implementation Fee will be billed immediately upon receipt of a signed SOW, with receipt of payment required prior to onboarding activity.
- b. Inspirus will begin invoicing for monthly recurring fees upon onboarding completion or 90 days after receipt of signed SOW, whichever occurs first.
B. Late Payment. If Customer fails to make any payment when due, in addition to all other remedies that may be available, including that as outlined in Section 4.B, then:
- i. Inspirus may charge interest on the past due amount at the rate of 1.5% per month calculated daily and compounded monthly or, if lower, the highest rate permitted under applicable law;
- ii. Customer shall reimburse Inspirus for all reasonable costs incurred by Inspirus in collecting any late payments or interest, including attorneys' fees, court costs, and collection agency fees; and
- iii. if such failure continues for 30 days following written notice thereof, Inspirus may elect to (1) suspend performance of the Services or (2) suspend Customer employee recognition and redemption activity until all past due amounts and interest thereon have been paid, without incurring any obligation or liability to Customer or any other Person by reason of such suspension.
C. Taxes. All fees and other amounts payable by Customer under this Agreement are exclusive of taxes and similar assessments. Without limiting the foregoing, Customer is responsible for all sales, use, and excise taxes, and any other similar taxes, duties, and charges of any kind imposed by any federal, state, or local governmental or regulatory authority on any amounts payable by Customer hereunder, other than any taxes imposed on Provider's income.
D. No Deductions or Setoffs. All amounts payable to Inspirus under this Agreement shall be paid by Customer to Inspirus in full without any setoff, recoupment, counterclaim, deduction, debit, or withholding for any reason (other than service credits, if issued pursuant to a SOW, or any deduction or withholding of tax as may be required by applicable Law).
E. Banking Information. Any request issued by Inspirus to change the Inspirus mailing address for check payments or to change the Inspirus bank account for electronic wire or ACH payments will only be communicated in writing by an Inspirus Authorized Officer (Chief Financial Officer or Financial Controller). If during the Term of this Agreement, Customer receives such a request, prior to taking any action, Customer shall verify the validity of such request by contacting the Inspirus finance team directly via one of the methods below:
- i. Email: email@example.com
- ii. Phone: 1-817-332-6765, extension 7220.
F. Large Invoice Events. To reduce potential difficulties with
- a. Where Customer plans to initiate a greater than 25% distribution of anticipated yearly budget over a 30-day period, Customer shall inform Inspirus in writing prior to such a distribution and Client shall pre-fund such distribution.
- b. Should the sum of the dollar amount of outstanding invoices exceed five hundred thousand dollars ($500,000), Inspirus reserves the right to suspend Customer employee reward and redemption activity until any outstanding invoices are paid by Customer.
6. Intellectual Property.
A. Intellectual Property Rights. Inspirus and its suppliers shall retain all right, title and interest in and to the Inspirus Intellectual Property. Customer agrees that it will not incorporate or use any Inspirus Intellectual Property in any other product, service, technology or system. Customer acknowledges and agrees that, as between Customer and Inspirus, Inspirus is the author, inventor and creator of the Inspirus Materials, and that the Inspirus Materials include valuable trade secrets and other Intellectual Property Rights of Inspirus.
B. Granting of Rights. Customer hereby grants to Inspirus and its Affiliates and contractors a worldwide, non-exclusive right and license, during the term of this Agreement, to use the Customer Materials in connection with Inspirus’ delivery of the Services, including without limitation for the creation, modification, and maintenance of the Inspirus Materials and for marketing purposes (e.g. indicating that Customer is a client of Inspirus).
- i. Customer shall not be deemed to have sold, assigned, or conveyed any rights to the Customer Materials to Inspirus, except as specifically set forth in this Agreement. For the avoidance of doubt, (i) the Customer Materials do not include the Inspirus Materials, and (ii) Inspirus, as the exclusive owner of the Inspirus Materials, shall be permitted to, without limitation, use, reproduce, copy, modify, prepare derivative works, license, assign, distribute, disclose, and otherwise exploit the Inspirus Materials during and after the term of this Agreement without restriction.
C. First Derivative Data. The Parties agree that Inspirus may process Personal Data contained in Customer Materials or obtained from Customer in connection with this Agreement to generate First Derivative Data. The First Derivative data will not contain Personal Data. Such First Derivative Data shall be considered Inspirus Materials owned by Inspirus pursuant to Section 6.A of this Agreement. As the owner of the First Derivative Data, Inspirus may, without limitation, use the First Derivative Data to create, modify and maintain other forms of Inspirus Materials.
7. Confidential and Proprietary Information.
A. Recipient Party. A Party have may have access to the other Party’s Confidential Information. Customer acknowledges that the Services (including any Documentation, Web Site, Inspirus Materials, source code, translations, compilations, copies, and derivative works) contains Confidential Information of Inspirus (or its third-party suppliers). Inspirus acknowledges that Customer Data contains Confidential Information of Customer’s employees or Customer.
B. Protection of Information. During the Term and until all Confidential Information becomes publicly known and made generally available through no action or inaction of the Recipient Party, Recipient Party agrees to retain, and to cause each of Recipient Party’s Representatives to retain, in confidence, and to refrain from disclosing and/or using for Recipient Party’s or its Representatives’ benefit or the benefit of any third party the Confidential Information disclosed to or obtained by Recipient Party or Recipient Party’s Representatives under this Agreement, except as permitted by this Agreement (including Section 7.B). Recipient Party shall use at least the same level of care to protect the other Party’s Confidential Information as it uses to protect its own Confidential Information, which shall be no less than reasonable care. These restrictions shall not apply to Confidential Information which (i) is or becomes public knowledge (through no fault of Recipient Party or its Representatives); or (ii) is lawfully made available to Recipient Party by an independent third party; or (iii) is already in Recipient Party’s possession at the time of initial receipt from the other Party as shown by documentary evidence; or (iv) is independently developed by Recipient Party or Recipient Party’s Representatives; or (v) is required by law, regulation, rule, act, or order of any court, governmental authority or agency to be disclosed by Recipient Party; provided, however, that Recipient Party will give the other Party sufficient advance written notice to permit it to seek a protective order with respect to the Confidential Information and, thereafter, Recipient Party disclose only the minimum Confidential Information required to be disclosed in order to comply, whether or not the other Party seeks or obtains any such protective order.
C. Use Limitation. Recipient Party will not, and Recipient Party will not permit any of Recipient Party’s Representatives to, use Confidential Information of the other Party for any purpose other than in carrying out Recipient Party’s obligations under this Agreement or as otherwise permitted by this Agreement (including Section 7.B). Recipient Party shall provide the Confidential Information received under this Agreement only to Recipient Party’s Representatives who are directly concerned with the performance of the obligations hereunder and who agree to be bound, by contract or otherwise, to maintain the confidentiality of the Confidential Information. Further, Recipient Party agrees to (i) advise Recipient Party’s Representatives of the confidential and proprietary nature of the Confidential Information and the terms and conditions of this Agreement requiring that the confidentiality of such information be maintained, and (ii) use reasonable safeguards to prevent unauthorized use by such Representatives. Recipient Party shall be responsible for any breach of this Agreement by Recipient Party’s Representatives. Recipient Party further agrees not to, and not to permit any of Recipient Party’s Representatives to, submit for publication any paper containing Confidential Information without the prior written permission of the other Party.
D. Ownership. All Confidential Information which Recipient Party or any of its Representatives shall obtain or to which Recipient Party or any such Representative of Recipient Party shall be given access pursuant to or in connection with this Agreement, shall be and remain the sole property of the Party granting access to such Confidential Information, and Recipient Party shall have no rights or interests (except as expressly provided in this Agreement) to such Confidential Information. Promptly upon the expiration or earlier termination of this Agreement, Recipient Party shall return to the other Party, or destroy, all Confidential Information (including all copies thereof) then in the possession of Recipient Party or any of its Representatives, and certify such destruction.
E. Relief. Recipient Party acknowledges that violation of the provisions of this Section 7 would cause irreparable harm to the disclosing party, not adequately compensable by monetary damages. In addition to other relief, it is agreed that injunctive relief shall be available without necessity of posting bond to prevent any actual or threatened violation of such provisions.
A. Due Authorization; No Conflicts. Each party represents and warrants to the other Party as follows:
- i. it is duly organized, validly existing, and in good standing as a corporation or other entity under the Laws of the jurisdiction of its incorporation or other organization;
- ii. it has the full right, power, and authority to enter into and perform its obligations and grant the rights, licenses, consents, and authorizations it grants or is required to grant under this Agreement;
- iii. the execution of this Agreement by its representative whose signature is set forth at the end of this Agreement has been duly authorized by all necessary corporate or organizational action of such party; and
- iv. when executed and delivered by both parties, this Agreement will constitute the legal, valid, and binding obligation of such party, enforceable against such party in accordance with its terms.
B. Warranty Disclaimer. NOTWITHSTANDING ANYTHING ELSE TO THE CONTRARY, EXCEPT FOR THE EXPRESS WARRANTIES CONTAINED IN THIS SECTION 8 OR A SOW, ALL SERVICES AND INSPIRUS MATERIALS ARE PROVIDED "AS IS." INSPIRUS SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. WITHOUT LIMITING THE FOREGOING, INSPIRUS MAKES NO WARRANTY OF ANY KIND THAT THE SERVICES OR INSPIRUS MATERIALS, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET CUSTOMER'S OR ANY OTHER PERSON'S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE. ALL THIRD-PARTY MATERIALS ARE PROVIDED "AS IS" AND ANY REPRESENTATION OR WARRANTY OF OR CONCERNING ANY THIRD-PARTY MATERIALS IS STRICTLY BETWEEN CUSTOMER AND THE THIRD-PARTY OWNER OR DISTRIBUTOR OF THE THIRD-PARTY MATERIALS.
9. Indemnity and Allocation of Risk. This Section 9 shall survive any termination or expiration of this Agreement.
A. Inspirus Indemnification. Inspirus shall indemnify, defend, and hold harmless Customer from and against any and all Losses incurred by Customer resulting from any Action by a third party (other than an Affiliate of Customer) that Customer's use of the Services (excluding Customer Data and Third-Party Materials) in accordance with this Agreement (including the Specifications) infringes or misappropriates such third party's US Intellectual Property Rights/US patents, copyrights, or trade secrets. The foregoing obligation does not apply to the extent that the alleged infringement arises from:
- i. Third-Party Materials or Customer Data;
- ii. access to or use of the Inspirus Materials in combination with any hardware, system, software, network, or other materials or service not provided by Inspirus or specified for Customer's use in the Documentation;
- iii. modification of the Inspirus Materials other than: (i) by or on behalf of Inspirus; or (ii) with Inspirus written approval in accordance with Provider's written specification;
- iv. failure to timely implement any modifications, upgrades, replacements, or enhancements made available to Customer by or on behalf of Inspirus; or
- v. act, omission, or other matter described in Section 9.B, whether or not the same results in any Action against or Losses by any Provider Indemnitee.
B. Customer Indemnification. Customer shall indemnify, defend, and hold harmless Provider and its Subcontractors, and each of its and their respective officers, directors, employees, agents, successors, and assigns (each, a "Inspirus Indemnitee") from and against any and all Losses incurred by such Inspirus Indemnitee resulting from any Action by a third party to the extent that such Losses arise out of or result from, or are alleged to arise out of or result from:
- i. Customer's use of the Services other than in accordance with the provisions of this Agreement;
- ii. Customer Data, including any Processing of Customer Data by or on behalf of Provider in accordance with this Agreement;
- iii. any other materials or information (including any documents, data, specifications, software, content, or technology) provided by or on behalf of Customer or any Authorized User, including Provider's compliance with any specifications or directions provided by or on behalf of Customer or any Authorized User to the extent prepared without any contribution by Provider;
- iv. allegation of facts that, if true, would constitute Customer's breach of any of its representations, warranties, covenants, or obligations under this Agreement; or
- v. Customer’s violation of the privacy or publicity rights of a person.
C. General Indemnity. Each Party shall indemnify and hold the other harmless from liability for bodily injury, death and tangible property damage resulting from the negligent or willfully injurious acts of its officers, agents, employees or representatives acting within the scope of their work.
D. Indemnification Procedure. Each Party shall promptly notify the other party in writing of any Action for which such party believes it is entitled to be indemnified pursuant to Section 9. The Indemnitee shall cooperate with the Indemnitor at the Indemnitor's sole cost and expense. The Indemnitor shall promptly assume control of the defense and shall employ counsel acceptable to the Indemnitee to handle and defend the same, at the Indemnitor's sole cost and expense. The Indemnitee may participate in and observe the proceedings at its own cost and expense with counsel of its own choosing. The Indemnitor shall not settle any Action on any terms or in any manner that adversely affects the rights of any Indemnitee without the Indemnitee's prior written consent, which shall not be unreasonably withheld or delayed. If the Indemnitor fails or refuses to assume control of the defense of such Action, the Indemnitee shall have the right, but no obligation, to defend against such Action, including settling such Action after giving notice to the Indemnitor, in each case in such manner and on such terms as the Indemnitee may deem appropriate. The Indemnitee's failure to perform any obligations under this Section 9 will not relieve the Indemnitor of its obligations under this Section 9, except to the extent that the Indemnitor can demonstrate that it has been materially prejudiced as a result of such failure.
E. Sole Remedy. THIS SECTION 9 SETS FORTH CUSTOMER'S SOLE REMEDIES AND PROVIDER'S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED, OR ALLEGED CLAIMS THAT THE SERVICES AND INSPIRUS MATERIALS OR ANY SUBJECT MATTER OF THIS AGREEMENT INFRINGES, MISAPPROPRIATES, OR OTHERWISE VIOLATES ANY INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY.
10. Limitation of Liabilities.
A. EXCLUSION OF DAMAGES. IN NO EVENT WILL INSPIRUS OR ANY OF ITS LICENSORS, SERVICE PROVIDERS, OR SUPPLIERS BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT OR ITS SUBJECT MATTER UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY: (a) LOSS OF PRODUCTION, USE, BUSINESS, REVENUE, OR PROFIT OR DIMINUTION IN VALUE; (b) IMPAIRMENT, INABILITY TO USE OR LOSS, INTERRUPTION, OR DELAY OF THE SERVICES, OTHER THAN FOR THE ISSUANCE OF ANY APPLICABLE SERVICE CREDITS PURSUANT TO AN APPLICABLE SOW; (c) LOSS, DAMAGE, CORRUPTION, OR RECOVERY OF DATA, OR BREACH OF DATA OR SYSTEM SECURITY; (d) COST OF REPLACEMENT GOODS OR SERVICES; (e) LOSS OF GOODWILL OR REPUTATION; OR (f) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES, REGARDLESS OF WHETHER SUCH PERSONS WERE ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE, AND NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE
B. CAP ON MONETARY LIABILITY. AGGREGATE LIABILITY OF INSPIRUS AND ITS LICENSORS, SERVICE PROVIDERS, AND SUPPLIERS ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER ARISING UNDER OR RELATED TO BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL OR EQUITABLE THEORY, EXCEED THE TOTAL AMOUNTS PAID TO INSPIRUS UNDER THIS AGREEMENT IN THE 12 MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM. THE FOREGOING LIMITATIONS APPLY EVEN IF ANY REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
Each Party shall deliver all Notices in writing and addressed to the other Party at its address set forth below (or to such other address that the receiving Party may designate from time to time in accordance with this Section 11). Notice under this Agreement must be given in writing and delivered to the appropriate party at the address set forth below the signatures to this Agreement. Notices sent in accordance with this Section 11 shall be deemed effectively given: (a) when received, if delivered by hand, with signed confirmation of receipt; (b) when received, if sent by a nationally recognized overnight courier, signature required; (c) when sent, if by email, if sent during the addressee's normal business hours, and on the next business day, if sent after the addressee's normal business hours; and (d) on the fifth day after the date mailed by certified or registered mail, return receipt requested, postage prepaid.
100 North Rupert Street
Fort Worth, Texas 76107
Address and email provided in applicable Statement of Work or Purchase Order.
Each party may change the above-referenced address(es) with notice to the other party.
12. Independent Contractor Status.
Each Party and its employees are independent contractors in relation to the other Party. This Agreement does not establish a partnership, joint venture, association or employment relationship between the Parties. Each Party shall remain responsible, and shall indemnify and hold harmless the other Party, for the withholding and payment of all Federal, state and local personal income, wage, earnings, occupation, social security, worker’s compensation, unemployment, sickness and disability insurance taxes, payroll levies or employee benefit requirements and attributable to themselves and their respective employees.
13. Data Privacy and Security.
The Parties agree to comply with all applicable privacy and data protection laws with respect to Customer Data and Inspirus Data. Notwithstanding the generality of the above, Parties agree to comply with Exhibit A.
Inspirus shall maintain during the Term and for the period of any obligations remaining thereafter:
A. Commercial General Liability Insurance. Commercial General Liability Insurance shall cover all operations by or on behalf of the named insured s and provide coverage for bodily injury and property damage liability, personal injury and advertising injury, including premises and operations, products and completed operations, contractual liability, including the indemnification obligations under this Agreement. The minimum limit of liability shall be US $1,000,000 per occurrence, US $2,000,000 aggregate or the equivalents in foreign currency. Additional insured status shall be granted to each party on the named insured's policy.
B. Worker’s Compensation. Worker’s Compensation insurance shall be in accordance with applicable statutes and Employer’s Liability with limits of not less than US$1,000,000 disease each employee, US $1,000,000 policy limits and US $1,000,000 each accident.
C. Cyber Liability Insurance. Cyber Liability Insurance with limits of US $2,000,000 each claim and US $2,000,000 in the aggregate. Coverage shall include, but not be limited to, the following: infringement of privacy or intellectual property rights.
D. Insurance Selection. The insurance coverages shall be with companies having an A.M Best rating of at least A-VII and each party hereto will provide certificates evidencing such insurance coverage to the other party before commencing performance under this Agreement.
15. Force Majeure.
A. No Breach or Default. In no event will Inspirus be liable or responsible to Customer or be deemed to have defaulted under or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement, when and to the extent such failure or delay is caused by a Force Majeure Event, including acts of God, flood, fire, earthquake or explosion, war, terrorism, invasion, pandemic, riot or other civil unrest, embargoes or blockades in effect on or after the date of this Agreement, national or regional emergency, strikes, labor stoppages or slowdowns or other industrial disturbances, passage of Law or any action taken by a governmental or public authority, including imposing an embargo, export or import restriction, quota, or other restriction or prohibition or any complete or partial government shutdown, or national or regional shortage of adequate power or telecommunications or transportation. Either party may terminate this Agreement if a Force Majeure Event affecting the other party continues substantially uninterrupted for a period of 60 days or more.
B. Affected Party Obligations. In the event of any failure or delay caused by a Force Majeure Event, Inspirus shall give prompt written notice to Customer stating the period of time the occurrence is expected to continue and use commercially reasonable efforts to end the failure or delay and minimize the effects of such Force Majeure Event.
16. Legal Interpretation.
A. Governing Law. This Agreement is governed by and construed in accordance with the internal laws of the State of New York without giving effect to any choice or conflict of law provision or rule that would require or permit the application of the laws of any jurisdiction other than those of the State of New York. Any legal suit, action, or proceeding arising out of or related to this Agreement or the licenses granted hereunder will be instituted exclusively in the federal courts of the United States or the courts of the State of New York in each case located in the city of New York, and each party irrevocably submits to the exclusive jurisdiction of such courts in any such suit, action, or proceeding. Service of process, summons, notice, or other document by mail to such party's address set forth herein shall be effective service of process for any suit, action, or other proceeding brought in any such court.
B. Conflicting Terms and Conditions. In case of any conflict between the terms and conditions of a SOW and the terms and conditions of this Agreement, this Agreement shall be controlling, except and only to the extent that (i) a SOW expressly overrides a particular provision of this Agreement, identified by section number and heading; or (ii) this Agreement expressly states that SOW shall govern as to a particular term or condition.
C. Headings. The headings in this Agreement are for reference only and do not affect the interpretation of this Agreement.
D. Severability. If any term or provision of this Agreement is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability does not affect any other term or provision of this Agreement or invalidate or render unenforceable such term or provision in any other jurisdiction. Upon a determination that any term or provision is invalid, illegal, or unenforceable, the Parties shall negotiate in good faith to modify this Agreement to effect the original intent of the Parties as closely as possible in order that the transactions contemplated hereby be consummated as originally contemplated to the greatest extent possible.
E. Amendment and Modification. This Agreement and its Exhibits constitute the entire Agreement between the Parties with respect to the subject matter hereof and supersede all other communications, whether written or oral, including, but not limited to, any SOW, term sheets or similar Agreements. No amendment to, rescission, termination, or discharge of this Agreement is effective unless it is in writing and signed by an authorized Representative of the Party against whom enforcement is sought
F. Interpretation. For purposes of this Agreement: (a) the words "include," "includes" and "including" are deemed to be followed by the words "without limitation"; (b) the word "or" is not exclusive; (c) the words "herein," "hereof," "hereby," "hereto," and "hereunder" refer to this Agreement as a whole; (d) words denoting the singular have a comparable meaning when used in the plural, and vice-versa; and (e) words denoting any gender include all genders. Unless the context otherwise requires, references in this Agreement: (i) to sections and exhibit, mean the sections of, and exhibit attached to, this Agreement; (ii) to a Agreement, instrument, or other document means such Agreement, instrument, or other document as amended, supplemented, and modified from time to time to the extent permitted by the provisions thereof; and (iii) to a statute means such statute as amended from time to time and includes any successor legislation thereto and any regulations promulgated thereunder. The Parties drafted this Agreement without regard to any presumption or rule requiring construction or interpretation against the Party drafting an instrument or causing any instrument to be drafted. The exhibits referred to herein are an integral part of this Agreement to the same extent as if they were set forth verbatim herein.
G. Electronic Contracting. The Parties agree that this Agreement may be executed using electronic contracting technology using symbols or other data in digital form and agree that such electronic signature is the legal equivalent of a manual signature binding the parties to the terms and conditions stated herein.
H. Signature. This Agreement may be executed in counterparts, each of which shall be deemed an original, and all such counterparts together shall constitute but one and the same instrument. A facsimile signature will be accepted as if it were an original signature.
I. Waiver of Jury Trial. Each party irrevocably and unconditionally waives any right it may have to a trial by jury in respect of any legal action arising out of or relating to this Agreement or the transactions contemplated hereby.
A. Compliance with Export Regulations. Inspirus has, or shall obtain, in a timely manner all necessary or appropriate licenses, permits or other governmental authorizations or approvals necessary for its providing of the Services. Inspirus shall not directly or indirectly export or re-export (including by transmission) any regulated technology provided under this Agreement to any country to which such activity is restricted by regulation or statute, without the prior written consent, if required, of the administrator of export laws (e.g., in the U.S., the Bureau of Export Administration of the U.S. Department of Commerce). This provision and the assurances made in this Section 17 with regard to the Services provided, shall survive termination of this Agreement.
B. Recovery of Attorney Fees. The prevailing party in any dispute between the Parties arising out of the interpretation, application or enforcement of any provision hereof shall be entitled to recover its reasonable attorneys’ fees and costs.
C. Assignment. Customer shall not assign or otherwise transfer any of its rights, or delegate or otherwise transfer any of its obligations or performance under this Agreement, in each case whether voluntarily, involuntarily, by operation of law, or otherwise, without Inspirus’ prior written consent, which consent shall not be unreasonably withheld, conditioned, or delayed. No assignment, delegation, or transfer will relieve Customer of any of its obligations or performance under this Agreement. Any purported assignment, delegation, or transfer in violation of this Section 17.C is void. This Agreement is binding upon and inures to the benefit of the parties hereto and their respective successors and permitted assigns.
D. No Third-Party Beneficiaries. This Agreement is for the sole benefit of the parties hereto and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer upon any other Person any legal or equitable right, benefit, or remedy of any nature whatsoever under or by reason of this Agreement.
E. Equitable Relief. Each party acknowledges and agrees that a breach or threatened breach by such party of any of its obligations under Section 7 would cause the other party irreparable harm for which monetary damages would not be an adequate remedy and that, in the event of such breach or threatened breach, the other party will be entitled to equitable relief, including a restraining order, an injunction, specific performance, and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity, or otherwise.
G. Governing Language. All communications, data, documentation, and disclosures of information by the Parties under this Agreement will be in English and the English language will be the governing language in the performance of this Agreement. Any translation of this Agreement or any of the foregoing communications, data, documentation, and disclosures into any language other than English will be for reference only and without legal effect.
Data Processing Addendum
This Data Processing Addendum (the "DPA”) describes the obligations of the parties regarding the processing of Personal Data of Customer.
The provisions set forth below apply where Provider processes Personal Data for the purposes of performing the Services.
Controller: any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data that may be performed as part of the Agreement. Unless, otherwise specified, Customer is Controller.
Data Protection Regulation(s): This means all applicable laws and regulations relating to the processing, protection or privacy of the Personal Data, including where applicable, the guidance and codes of practice issued by regulatory bodies in any relevant jurisdiction. This may include the GDPR, and all additional regulations and rules in force in the relevant Member State(s) of the European Union applicable to the Processing.
Data Subject: any identified or identifiable natural person from whom Personal Data is collected. This definition may be expanded based on local Data Protection Regulation requirements. (e.g. the California Consumer Privacy Act of 2018, as amended (Cal. Civ. Code §§ 1798.100 to 1798.199), and related regulations or guidance provided by the California Attorney General (collectively “CCPA”) definition including that of the household). The type(s) of Personal Data processed by the Processor and other relevant information describing the nature and purpose is specified in Appendix A of Exhibit A.
Data Subject Request: a request from a data subject to exercise the data subject's right of access, right to rectification, restriction of processing, erasure, data portability, objection to the processing, or its right not to be subject to an automated individual decision making (“Data Subject Request”).
General Data Protection Regulation or GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th, 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC. GDPR applies to Customer Personal Data of this DPA when the Customer specifically intended to draw European Economic Area (EEA) Data Subjects as customers.
Personal Data: any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Data will also include, as applicable Data Protection Regulation requires, the data under the defined terms of personal information, personally identifiable information, credit card information, or patient health information. The type(s) of Personal Data processed by the Processor and other relevant information describing the nature and purpose is specified in Appendix A of this Exhibit A.
Personal Data Breach or Breach: any suspected or actual security incident leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data transmitted, stored, or otherwise Processed.
Processing or Processed: every operation or set of operations which is performed with regard to Personal data, including without limitation the collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, combining, linking to other data, blocking, erasure or destruction of Customer Personal Data. Processing includes the purposes and operations mentioned within an appendix of each SOW.
Processor: the person or body which processes or sub-processes Personal Data under the instructions of Customer or any other relevant Controller(s). Processor for the purposes of this DPA is Provider. Provider and/or its Affiliates is (are) Processor(s). Processor is also to be a Service Provider as defined under the CCPA.
Subprocessor: any natural or legal person engaged by Processor only for the performance of the Processing under the Agreement and as specifically authorized in advance in writing by Controller.
Third Party(/ies): any company or entity other than Customer, Provider, or an affiliate and other than Processor, Data Subject and Controller and persons who, under the direct authority of Controller or Processor are authorized to process Personal Data.
Third-Party Country: any country, territory, or specified sector within that country, outside of the Personal Data country of origin.
2. Compliance with Data Protection Regulation
(a) Each party warrants to the other that it shall comply at all times with their respective obligations under the applicable Data Protection Regulation in disclosing Personal Data to the other party, and in the performance of its obligations under the Agreement.
(b) Each party shall comply with its obligations as set out in the Data Protection Regulation. In the unlikely event that Provider does act as Controller in relation to any of the Personal Data Processed for the purposes of the Agreement, especially to Process the Personal Data of Customer’s employees identified as contacts, solely for the purpose of customer relationship management between Customer and Provider under the Agreement, Provider shall do so always in compliance with the Data Protection Regulation.
3. Obligations of Provider
(a) comply with the Data Protection Regulation in relation to its performance of the Processing, in such a way as to not expose Controller to any violation of the Data Protection Regulation;
(b) process Controller Personal Data as a Processor on behalf of and only in accordance with the written instructions of Controller (and only for the purposes of performing the Agreement and determined by Controller, as documented within an appendix in each SOW);
(c) promptly inform Controller if Provider cannot provide such compliance for whatever reason of its inability to comply, in which case Controller reserves the right to immediately and automatically suspend any Processing and/or terminate the Agreement;
(d) not modify, amend or alter the contents of the Personal Data unless Processor has the prior written consent of Controller;
(e) upon Controller’s request, assist Customer in the fulfilment of Customer’s obligations to provide Data Subjects with the required information, to respond to requests and complaints made by the Data Subjects, to put in place appropriate security measures, to notify Personal Data Breach to the supervisory authority and/or to Data Subjects if required, and to carry out a data protection impact assessment or to prior consult the supervisory authority where required;
(f) maintain a record of all categories of Processing activities carried out on behalf of Customer in the performance of the Agreement;
(g) promptly notify (by sending an email to the email address listed in applicable Statement of Work or Purchase Order) Customer if Processor receives a Data Subject Request. Considering the nature of the processing, Processor shall assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer's obligation to respond to a Data Subject Request under Data Protection Legislation. In addition, to the extent Customer, in its use of the Services, does not have the ability to address a Data Subject Request, Processor shall, upon Customer's request, provide commercially reasonable efforts to assist Customer in responding to such Data Subject Request, to the extent Processor is legally permitted to do so and the response to such Data Subject Request is required under applicable Data Protection Legislation;
(h) promptly inform Customer (if lawful to do so) in writing (by sending an email to the email address listed in applicable Statement of Work or Purchase Order) if it receives any correspondence or request for information from a supervisory authority in relation to Customer Personal Data to which this DPA relates; Provider shall provide such reasonable assistance to the Data Subject in order to respond to such supervisory authority; and provide assistance and co-operation by supporting Controller to carry out any required risk assessments and audits of Provider's Data Processing operations; and
(i) delete or return all Customer Personal Data and any copies thereof which it is processing, has processed or have had processed on behalf of Controller in a format agreed upon with Controller after the end of the performance of the Agreement at the choice of Controller, and delete existing copies unless the applicable local law requires storage of the Personal Data. Deletion of data shall be performed in a manner that is at a minimum compliant with Data Protection Regulation requirements.
4. Security and Confidentiality Measures
(a) Processor shall take and implement the appropriate, relevant industry standard, technical and organizational security and confidentiality measures (examples include applicable ISO or SSAE standard industry certifications standards) to ensure the security and confidentiality of Customer Personal data, and regularly update them, to provide a level of security appropriate to the risk related the Processing of the Personal Data and to protect such data from any unauthorized or unlawful Processing, accidental loss, alteration, destruction or damage, as may be required or directed by Controller from time to time.
If the GDPR applies, these obligations must at a minimum comply with Article 32 of the GDPR.
(b) During the term of the Agreement, Processor shall implement and maintain training and awareness program regarding Personal Data security for its employees and Subprocessors who may have access to Personal Data. Processor shall ensure persons authorized to process Personal Data are properly trained in the Processing of Personal Data and only have access to the Personal Data on a need-to-know basis subject to obligation of confidentiality. Processor shall also take steps to ensure that the authorized persons do not Process Personal Data except on instructions from Controller unless Processor is required to do so by locale law.
(c) Processor shall require that any authorized persons entrusted with Processing Personal Data hereunder have undertaken to comply with the principle of confidentiality and have been duly instructed about the Data Protection Regulation.
(d) Processor shall implement awareness programs on Personal Data protection and confidentiality.
- i. During the term of the Agreement, Processor shall implement and maintain an up-to-date training and awareness program regarding Personal Data security for its employees and Subprocessors who may have access to Personal Data. Processor shall ensure persons authorized to process Personal Data are properly trained in the Processing of Personal Data and only have access to the Personal Data on a need-to-know basis subject to obligation of confidentiality. Processor shall also take steps to ensure that the authorization persons do not Process Personal Data except on instructions from Controller, unless Processor is required to do so by locale law.
- ii. Processor shall require that any authorized persons entrusted with Processing Personal Data hereunder have undertaken to comply with the principle of confidentiality and have been duly instructed about the Data Protection Regulation.
(a) Processor shall not disclose or permit the disclosure of Personal Data to any Third Party, and/or shall not subcontract whole or part of the Processing to any Third Party, unless Processor has the prior written consent of Controller or as required by Data Protection Regulation.
(b) Controller provides a general authorization to Processor to engage onward subcontractors that are involved in processing of Personal Data or sub-processing Personal Data in connection with the provision of the Services (“Sub-processors”), subject to compliance with the requirements in the Data Protection Regulation, all Sub-processors are bound by contractual terms no less onerous than those contained in this DPA, and subject to Processor properly vetting Sub-processors for such compliance. The parties agree that the copies of the Sub-processor Agreements that must be provided by Processor to Controller may have all commercial information, or clauses unrelated to the Standard Contractual Clauses or their equivalent and the data protection clauses, removed by Processor beforehand, and that such copies will be provided by Processor, in a manner to be determined in its discretion, only upon written request by Controller.
The general authorization may be revoked in specific instances where Controller believes that a Sub-processor selected by Processor is objectionable, where such objection is reasonable. Processor must then cease the Sub-processor’s processing of Controller’s data until reasonable steps have been taken to address the objections raised by Controller and Controller has been provided with a reasonable written explanation of the steps taken to remediate the reasons for objection.
(c) Processor will:
- i. upon written request by Controller, make available to Controller a list of all Sub-processors, if any, together with a description of the nature of services provided by each Sub-processor (“Sub-processor List”). This Sub-processor List is available at https://www.inspirus.com/third-party-access and will update such a list prior to adding a Sub-processor to allow Controller reasonable time to object to any such additions.; and
- ii. be liable for the acts and omissions of its Sub-processors to the same extent Company would be liable if performing the services of each of those Sub-processors directly under the terms of this DPA, except as otherwise set forth in this DPA.
6. International Personal Data Transfers
(a) This Section 6 shall apply (i) where Controller is a EU Controller, or (ii) where Controller, even if not established in the European Union where Processor is established in the European Union, or where goods or services are offered to Data Subjects in the European Union, or where the behavior of such Data Subjects is monitored to the extent such behavior takes place within the European Union.
(b) Provider will process Personal Data in any Third-Party Country and/or have Personal Data processed in any Third-Party Country (including a Sub-processor), including for onward transfers of Personal Data from a Third-Party Country to another Third-Party Country, only where Provider has in place the required legal protections.
7. Personal Data Breach
(a) In the event of a Personal Data Breach arising during the performance of the services by Processor, Processor shall, at its own cost:
- i. notify Controller in writing (by sending an email to the email address listed in applicable Statement of Work or Purchase Order about the Personal Data Breach without undue delay of becoming aware;
- ii. after investigating the causes of such a Personal Data Breach, take actions as may be necessary or reasonably expected by Controller to minimize the effects of any Breach;
- iii. take all actions as may be required by Data Protection Regulation and, more generally, provide Controller with reasonable assistance in relation to Controller’ obligations to notify to the supervisory authority and to the Data Subjects, as the case may be, of the Breach;
- iv. maintain a record of all information relating to the Breach, including the results of its own investigations and authorities’ investigations; and
- v. cooperate with Controller and/or Customer and take all measures as necessary to prevent future Breaches from occurring again.
(b) In the event that it is determined in a forensic audit conducted by an independent third party engaged by Controller that a Breach is due solely or in part to Processor’s failure to comply with this Amendment, then Processor shall reimburse Controller for all reasonable costs and expenses, apportioned based on degree of fault as assigned by the audit. This reimbursement of all costs and expenses may include, but not be limited to, all fees due to such qualified, independent third party for such forensic audit, all fees and fines associated with the Breach (including notification costs), and any costs associated with a one-year contract for credit monitoring services if Controller decides to offer such monitoring as a result of the Breach. Notwithstanding the foregoing, Inspirus shall not be obligated to pay for the costs of the Breach in the event that the Breach would have been avoided if the Customer had installed all updates, modifications, service pack and patches available.
8. Evidence and Audit Rights
(a) Processor shall promptly provide to Controller, upon request, information reasonably necessary to demonstrate its compliance with this DPA.
(b) During normal hours of business and with reasonable prior notice to Processor, Controller, or its designated third party, may audit Processor’s processing and maintenance of Personal Data and compliance with this DPA: (i) once annually; (ii) any time a Breach has occurred; and (iii) if Controller, in its sole discretion, reasonably believes that a Breach has occurred or Processor is not in compliance with this DPA. Such audit procedures may occur through review of documentation provided by Processor and through conversations with Processor personnel responsible for compliance with the applicable terms of this DPA, who shall be made available by Processor for such purpose. Processor shall assist and cooperate in the performance of such audit procedures.
9. Processing of Personal Data of Provider
If Customer Processes Provider Personal Data that is collected in connection with the performance of the services:
(a) Provider Personal Data will be Processed for purposes of contractual relationship management with Provider, risk management purposes and data analytics purposes.
(b) Customer shall grant rights of access, rectification, limitation, erasure, and opposition on legitimate grounds in relation to Provider Personal Data that can be exercised by sending an email to Customer’s appropriate Data Protection contact at the following email addresses: firstname.lastname@example.org.
(c) Customer shall grant the right to data portability.
(d) Provider Personal Data will be Processed in accordance with the Data Protection Regulation and will follow the corresponding obligations as stated in Section 3 above for Provider.
Subject to any liability limitations of the Agreement, Provider agrees to indemnify, keep indemnified, and defend at its own expense Customer against all costs, claims, damages, or expenses incurred by Customer or for which Customer may become liable due to any material failure by Provider or its employees, subcontractors or agents to comply with any of its obligations under this DPA or the Data Protection Regulation.
Exhibit A, Appendix A
Description of the Processing
|DURATION OF THE PERSONAL DATA PROCESSING
|Provider will process Personal Data throughout the duration of the contracted services provided to Customer.
|NATURE AND PURPOSE
|Provider will be providing employee engagement and recognition technology, programs, awards, and related fulfillment services to Customers.
|TYPES OF PERSONAL DATA PROCESSED (THERE MAY BE OVERLAP)
|A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
|B. Personal information categories
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories.
|C. Protected classification characteristics under CCPA
(1) Personal Information that reveals (A) a consumer's social security, driver's license, state Identification card, or passport number;
(B) consumer's account log-In, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
(C) a consumer's precise geolocation;
(D) a consumer's racial or ethnic origin, religious or philosophical beliefs, or union membership;
(E) the contents of a consumer's mall, email and text messages, unless the business Is the Intended recipient of the communication;
(F) a consumer's genetic data; and
(2}(A) the processing of biometric Information for the
purpose of uniquely identifying a consumer;
(B) personal Information collected and analyzed concerning a consumer's health; or
(C) personal Information collected and analyzed concerning a consumer's sex life or sexual orientation.
|☐ If applicable, please specify which types:
|D. Commercial information
|Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|E. Biometric information
|Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
|F. Internet or other similar network activity
|Browsing history, search history, and information on a consumer's interaction with a website, application, or advertisement.
|G. Geolocation data
|Physical location or movements.
|H. Sensory data
|Audio, electronic, visual, thermal, olfactory, or similar information.
|I. Professional or employment-related information
|Current or past job history or performance evaluations.
|J. Non-public education information (per the Family Educational Rights and Privacy Act)
|Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
|K. Inferences drawn from other personal information
|Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
|L. Sensitive Data under GDPR and CCPA/CPRA
Information reflecting the
(a) the racial or ethnic origin of the data subject;
(b) their political opinions;
(c) their religious beliefs or other beliefs of a similar nature;
(d) whether they are a member of a trade union;
(e) their physical or mental health or condition;
(f) their sexual life or orientation;
(g) the commission or alleged commission by them of any offence; or
(h) any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings.
|CATEGORIES OF DATA SUBJECTS
Short Messaging Service / Text Message Offering
a) Inspirus may offer Company the ability to message Company employees via mobile short messaging service or similar technology (“Text Message Service”). Inspirus reserves the right to discontinue use of the Text Message Offering at any time.
b) Company agrees that any use of Text Message Service for any unlawful or abusive purpose, including but not limited to any use which disrupts the Text Message Service or other customers of Inspirus, is prohibited.
c) Company agrees to comply with all laws while using the Text Message Service and Customer agrees not to transmit any communication that would violate any laws, court order or regulation or would likely be offensive to a recipient. Company is responsible for all content transmitted through Text Message Service.
d) Inspirus will not be held liable for any consequences that might arise from sending messages by Company or Company representatives that use the Text Message Service.
e) Inspirus makes no express warranty regarding the Text Message Service and disclaims any implied warranty, including any warranties of merchantability or fitness for a particular purpose. Inspirus does not authorize anyone to make a warranty of any kind on its behalf and Company should not relay in any such statement.
f) Company guarantees that the phone numbers provided to Inspirus through the Text Message Service account are 100% opt-in, and recipients recognize the sender and expect to receive messages from them. If for any reason Inspirus suspects that the numbers may not be 100% opt-in, it reserves the right to request a written explanation from Company including the method of collecting the phone numbers and a guarantee signed by client that all the people on their list agreed to receive text messages from Company. Inspirus reserves the right to take any action it thinks appropriate in such case of a suspected non-opt-in list, including but not limited to cancellation of the Text Message Service.
g) Limitation of Liability. Under no circumstances will Inspirus be liable to you or any other person for any indirect, direct, special, punitive, incidental, or consequential damages of any character that arise from Company, or any users of Company, use of the Text Message Service. Inspirus is not liable for any act associated with the proper exercise of its rights under this Text Message Service section.