MSAASA - United Kingdom

INTERNATIONAL DECISION SYSTEMS PTY LTD

MASTER SOFTWARE AS A SERVICE AGREEMENT (UK)

This Master Software as a Service Agreement, including all Order Forms, attachments, exhibits and schedules hereto (collectively the “Agreement”) is made by and between International Decision Systems Limited, a company incorporated and registered in England and Wales with company number 01239144, having its registered office at 8 Devonshire House, Aviary Court, Basingstoke, Hampshire, RG24 8PE, UK (“Supplier”) and ___________________, incorporated and registered in ____________ with company number ___________________, having its registered office at _______________________________ (“Customer”).

DEFINITIONS

“Affiliate” means any entity which directly or indirectly, through one or more intermediaries, controls, or is controlled by, or is under common control with a party to this Agreement, by way of majority voting stock ownership or the ability to otherwise direct or cause the direction of the management and policies of such party.

“Application Service(s)” means, collectively, any Package as listed on the applicable Order Form and as further described in the applicable Documentation but excluding Third Party Components and Professional Services.

“Authorized Users” means individuals who are authorized by Customer to use the Services pursuant to this Agreement or as otherwise defined, restricted or limited in an Order Form, for whom subscriptions to Services have been procured during the Subscription Period, and who have been supplied user identifications and passwords by Customer (or by Supplier at Customer’s request). Authorized Users may include: (a) Customers’ employees; and (b) contractors authorized by Customer and approved by Supplier to access the Services.

“Confidential Information” means the terms of this Agreement and/or any trade secrets or other nonpublic information of a party to this Agreement that is identified as or would be reasonably understood to be confidential and/or proprietary. Confidential Information of Supplier includes, without limitation, Services (and all algorithms, methods, techniques, and code and processes revealed or utilized therein and any related documentation), or other business plans, finances, marketing plans, customers, prospects, or other affairs that is disclosed to a Customer during the Subscription Term and/or that such Customer knows or has reason to know is confidential, proprietary, or trade secret information of the Supplier. Confidential Information of the Customer includes Customer Data. Notwithstanding the foregoing, with the exception of Personal Data, Confidential Information does not include any information that: (a) was known to the Receiving Party prior to receiving the same from the Disclosing Party in connection with this Agreement; (b) is independently developed by the Receiving Party without use of or reference to the Confidential Information of the Disclosing Party; (c) acquired by the Receiving Party from another source without restriction as to use or disclosure; or (d) is or becomes part of the public domain through no fault or action of the Receiving Party.

“Customer Data” means all electronic data (including Personal Data) submitted to the Services and the data (including Personal Data) available to Authorized Users from the Services.

“Data Protection Laws” means all applicable laws from time to time in force in the United Kingdom relating to the protection of Personal Data, including the Data Protection Act 2018 and (to the extent applicable) the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), and any laws substituting, re-enacting or replacing any of the foregoing, as amended or updated from time to time and in force in the United Kingdom.

“Disclosing Party” means the party to this Agreement disclosing Confidential Information to the Receiving Party.

“Documentation” means the then-current user manuals for the Application Services made accessible by Supplier to Customer, as updated from time to time.

“Effective Date” means for this Agreement, the date this Agreement is last signed by the parties as noted in the signature blocks, and for an Order Form, the date the Order Form is last signed by the parties as noted in the signature blocks.

“Error” means a reproducible defect or combination of defects that results in a failure of the Application Services to function substantially in accordance with the applicable Documentation. A reproducible defect shall mean a defect that Supplier can verify and reproduce using that version of the Application Services delivered by Supplier to Customer hereunder. Errors shall exclude those discrepancies caused by: (a) the hardware, network or operating system on which Customer connects to the Application Services; (b) use of the Application Services not in accordance with Supplier’s then-current instructions; (c) third party infrastructure providers (e.g. Amazon Web Services); (d) data which does not conform to Supplier’s specified data format; (e) negligence of Customer, accident, misuse or operator error; (f) any other software (e.g., database software) that connects to the Application Services; or (g) any other cause which, in Supplier’s reasonable determination, is not inherent in the Application Services. In addition, an Error shall not include any Services downtime that is subject to the Service Level Commitment set forth in Exhibit C.

“Force Majeure Event” means any occurrence or omission as a result of which the party relying on it is prevented or delayed in performing any of its obligations under this Agreement and that is beyond the reasonable control of that party, including, without limitation, acts of God, acts of government (including compliance with any law or governmental order, rule, regulation or direction), floods, fires, earthquakes, civil unrest and/or commotion, sabotage and/or malicious damage, acts of terror, strikes or other labour problems (other than those involving Supplier’s employees), failure of a utility service or transport or telecommunications network including but not limited to cloud or Internet service provider failures, breakdown of plant or machinery, default of suppliers or sub-contractors, or delays, or denial of service attack.

“Intellectual Property Rights” means any and all patents, utility models, rights to inventions, copyright and neighbouring and related rights, moral rights, trademarks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world (including, where applicable, all derivative works of the foregoing).

“Managed Cloud Services” means cloud support, infrastructure and application administration provided by Supplier to Customer as listed in Supplier’s then current “Managed Cloud Services Description” set forth on Exhibit A, as updated from time to time.

“Order Form” means the Supplier order form or other similar Supplier ordering document signed by the parties incorporating the terms of this Agreement, by which Customer purchases the Services or any Add-on Services to be provided by Supplier subject to the terms of this Agreement. Each Order Form will describe the Services to be provided by Supplier, the Effective Date, charges, and payment terms and any other agreed terms and conditions applicable to such Services. Order Forms shall be deemed incorporated herein by reference.

“Personal Data”, “appropriate technical and organisational measures”, “controller”, “data subject”, “personal data breach”, “processing” and “processor” shall have the respective meanings given to them in applicable Data Protection Laws from time to time (and related expressions, including process, processed and processes shall be construed accordingly.

“Professional Services” means the general consulting, project management, system design, conversion, programming, system training, implementation, and/or training services to be provided by Supplier or its contractors to Customer pursuant to a separate Software Services Agreement and Statement of Work (as defined in such agreement) entered into by the parties.

“Receiving Party” means the party to this Agreement receiving Confidential Information from the Disclosing Party.

“Services” means Application Services and Managed Cloud Services collectively.

“Services Fees” means the fees for the provision of Services as set forth on the applicable Order Form or invoice.

“Subscription Term” means the then current period during which Customer is licensed to use the Services under an Order Form. The Subscription Term commences on the Effective Date of the applicable Order Form.

“Support” is defined in Section 2.1.

“Term” is defined in Section 4.

“Third Party Components” means all hardware and software, including free and open source software, integrations, applications, or implementation, customization and other consulting services related thereto, owned by a party other than Supplier and that interoperate with the Services.

“Use Description” means the description of restrictions on Customer’s use of the Services as set forth on the applicable Order Form (e.g., and without limitation, Asset, Contract, Revenue as defined in the applicable Order Form).

USE OF THE SERVICES

Services and Support. Supplier will provide Customer with Services, and allow Authorized Users to access the Services in connection with Customer’s use of the Services, as set forth in one or more mutually agreed to and signed Order Forms during the applicable Subscription Term. Prior to obtaining access to the Services, Customer shall ensure that Authorized Users have executed a form of non-disclosure agreement that protects Supplier’s Confidential Information to the same extent as this Agreement and in each case are registered in the database of the Supplier with a unique UserID and a unique password. Customer shall ensure that no Authorized User is an equipment finance and/or leasing software or services provider or a representative of any such entity and that no Authorized User otherwise could reasonably be regarded as posing a threat to protection of Supplier’s Intellectual Property Rights. In consideration of the Services Fees, Supplier grants to Customer the right to use a limited, personal, non-exclusive, non-transferable, non-sublicensable license during the Subscription Term to access and use and permit Authorized Users to access and use the Services (as identified in the relevant Order Form) provided by Supplier to Customer in accordance with the Use Description, Documentation and this Agreement; in all cases, solely for the purposes of Customer’s internal operations. Subject to Customer paying the applicable fee for the Services, IDS shall (a) provide Customer with access (via the internet, telephone or other means established by IDS) to IDS’s support helpline, (b) install, when and if generally available, updates, enhancements or modifications to the then-current, general release version of the Applications Services software that are not separately priced or licensed as new products; and (c) shall use reasonable efforts to correct or provide work around solutions to Errors (the foregoing referred to collectively as “Support”). All fees for Support are included in the Services Fees.

Service Level. During the Subscription Term, Supplier will: (a) use commercially reasonable efforts to make the Application Services available in accordance with the then current “Service Level Commitment” listed on Exhibit C, as updated from time to time by Supplier; (b) upon receipt of notice that the availability of the Application Services has been interrupted in accordance with the Service Level Commitment, promptly use reasonable endeavours to restore the Application Services. If the Application Services fail to achieve such “Service Level Commitment,” in addition to the non-monetary remedies available to Customer under Section 7.1 of this Agreement, Customer will be entitled, as its sole and exclusive remedy for failure to meet the Service Level Commitment, to a credit for the Application Services in accordance with the terms set forth in the Service Level Commitment. Supplier will provide the Application Services only in accordance with laws applicable to Supplier’s provision of the Application Services.

Subscriptions. Unless otherwise specified in the applicable Order Form, (a) Services are purchased as subscriptions and may be accessed by Authorized Users consistent with the Use Descriptions, and (b) Authorized Users may reproduce, without modification, and internally use a reasonable number of copies of the Documentation solely in connection with the use of the Services in support of Authorized Users internal business operations. Except as otherwise provided on the Order Form or this Agreement, each Order Form and Subscription Period is non-cancellable and shall be subject to the terms and conditions of this Agreement.

Changes to Services. Supplier may update or modify the functionality, user interface, Documentation and other user information, or other components of the Services from time to time in its sole discretion, but will not materially diminish the functionality of a Service during the Subscription Term for that Service. Supplier will provide reasonable notice to Customer of any material modifications or updates prior to the change taking effect.

Add-On Services. Additional Application Services and/or Managed Cloud Services may be added during the applicable Subscription Term by executing one or more mutually agreed to Order Forms. Unless otherwise stated on an Order Form, the added Services shall terminate on the same date as the pre-existing subscriptions.

Professional Services. Customer may from time to time request that Supplier provide Professional Services. Any such Professional Services shall be provided by Supplier or its contractors pursuant to a separately executed Professional Services agreement between the parties and not under this Agreement.

Supplier Compliance with Laws. Supplier will comply with those laws applicable to Supplier for the provision of Services. Supplier does not guarantee the compliance of any Services or Customer’s use of any Services will enable Customer to comply, with the laws, regulations, or rules of any territory.

Use Restrictions. Customer is responsible for all activities conducted under its Authorized User logins and for its Authorized Users’ compliance with this Agreement. Authorized Users may only use the Services during the Subscription Term and subject to any Use Descriptions specified in the applicable Order Form. Except as otherwise explicitly provided in this Agreement or as may be expressly permitted by applicable law (in a manner which cannot be excluded through contract), Customer and Authorized Users will not, and will not permit third parties to: (a) use the Services except as expressly authorized in this Agreement; (b) access or use the Services to circumvent or exceed the Use Descriptions restrictions; (c) use any device, software, or routine that interferes or disrupts any application, function, or use of the Services; (d) copy, modify, translate, transmit, reproduce, distribute, republish, display, frame, or mirror the Services, except as permitted by this Agreement; (e) decompile, reverse-compile, disassemble, reverse-engineer or otherwise reduce to human-perceivable form all or any part of the Services or any part of the Services or otherwise attempt to discover any source code or create derivative works of the Services or any part of the Services; (f) rent, lease, resell, sublicense, or otherwise permit third parties to access or use the Services; (g) use the Services to provide Services to third parties (e.g., as a service bureau or to otherwise provide data processing Services to third parties); (h) circumvent or disable any security or other technological features or measures of any Services or any part of the Services; (i) use the Services to build a similar or competitive product or service; (j) create user accounts under false or fraudulent pretences; (k) except as provided in an Order Form, create shared or generic identifications and passwords to any Services; (l) use the Services in a manner that is contrary to applicable law or in violation of any third party rights of privacy or Intellectual Property Rights; (m) use the Services to send or store viruses, worms, time bombs, Trojan horses, or other harmful or malicious code, files, scripts, agents or programs; (n) access the Services for purposes of monitoring its availability, performance or functionality, or for any other benchmarking or competitive purposes; (o) remove, alter or obscure any of the Intellectual Property Rights notice(s) or restrictive legend(s) embedded in or that Supplier otherwise provides with the Services; (p) interfere with or disrupt the integrity or performance of the Services; or (q) obtain unauthorized access to the Services (including without limitation permitting access to or use of the Services via another system or tool, the primary effect of which is to enable input of requests or transactions by other than Authorized Users).

Customer Compliance with Laws. Customer will use the Services only in compliance with the terms of this Agreement (including any applicable Order Form and Documentation), and in accordance with all applicable laws, including those related to export, electronic communications, anti-spam legislations, data privacy and the transmission of personal data in any applicable jurisdiction when using the Services and obtain any permits, licenses and authorizations required for such compliance. Customer will immediately report to Supplier and use reasonable efforts to stop any access or use of the Services not in compliance with such terms or in accordance with such laws.

Protection against Unauthorized Use. Customer shall: (a) ensure that all access and use of the Services by its Authorized Users is in accordance with the terms and conditions of this Agreement, and (b) enforce a policy that protects log-in credentials for the Services and prevents Authorized Users from sharing any log-in credentials. Customer will and procure Authorized Users will safeguard and prevent any unauthorized use of the Services and immediately notify Supplier in writing of any unauthorized use that comes to Customer’s attention. If there is unauthorized use by anyone who obtained access to the Services directly or indirectly through Customer, Customer will take, at Customer’s sole cost, all steps reasonably necessary to terminate the unauthorized use.

Ownership Rights.

(a) Ownership of Customer Data and Customer Confidential Information. As between Supplier and Customer, Customer shall retain all title and Intellectual Property Rights in and to the Customer Data and Customer Confidential Information; however, Customer grants to Supplier an irrevocable, non-exclusive, royalty-free licence: (i) for the Subscription Term, to use the Customer Data to provide Services to the Customer; and (ii) on an irrevocable, perpetual, non-exclusive, royalty-free, sub-licensable, transferable basis to aggregate de-identified statistical data regarding the use and functioning of its system by its various licensees, and all such data (none of which shall be considered Customer Data), will be the sole property of and vest in Supplier and to the extent that such Intellectual Property Rights in any such statistical data are for whatever reason vested in Customer than Customer hereby irrevocably assigns all such Intellectual Property Rights (by way of present and future assignment) to Supplier.
(b) Ownership of Services and Derivatives. As between Supplier and Customer:, (i) Supplier shall retain all title and Intellectual Property Rights in and to the Services including any modifications and derivatives thereof. Customer does not acquire any rights, express or implied, in the Services, other than those specified in this Agreement. Customer hereby irrevocably assigns to Supplier any and all rights it may be deemed to have in the Services or any modifications or derivative thereof and (other than the rights expressly granted under this Agreement); and (ii) Customer grants the Supplier a royalty-free, worldwide, perpetual license, free of any confidentiality restrictions, to commercially exploit, use and incorporate into the Services any suggestions, enhancement requests, recommendations or other feedback provided by Customer, including Authorized Users, relating to the operation of the Services.
(c) Further Acts. Customer shall execute, at Supplier’s reasonable expense, all documents necessary to implement and effect the assignments referred to in this section 2.11.

Customer Systems. Customer is responsible for obtaining, maintaining and supporting all internet access, computer hardware and other equipment and Services needed for it to access the Services and Supplier shall have no liability for failure to provide Services or inability to meet Service Level Commitments to the extent caused by any failure of the Customer to meet such responsibilities.

THIRD PARTY PRODUCT PROVIDERS

Acquisition of Third Party Components. Supplier or third parties may from time to time make available to Customer Third Party Components, including but not limited to third party applications and implementation, customization and other consulting services. Any acquisition by Customer of such Third Party Components, and any exchange of data between Customer and any Third Party Component provider, is solely between Customer and the Third Party Component provider. Supplier does not warrant or support Third Party Components, whether or not they are designated by Supplier as “certified” or otherwise, except as specified in an Order Form.

Third Party Components and Customer Data. If Customer installs or enables Third Party Components for use with the Services, Customer acknowledges that Supplier may allow Third Party Components to access Customer Data as required for the interoperation of such Third Party Components with the Services. Supplier shall not be responsible for any disclosure, modification or deletion of Customer Data resulting from any such access by Third Party Component providers. The Services shall allow Customer to restrict such access by restricting Authorized Users from installing or enabling such Third Party Components for use with the Services and it is the Customer’s responsibility to implement any access restriction settings within the Services that it requires to protect its Customer Data.

Integration with Third Party Components. The Services may contain features designed to interoperate with Third Party Components. To use such features, Customer may be required to obtain access to such Third Party Components from the provider. If the provider of any such Third Party Components ceases to make Third Party Components available for interoperation with the corresponding Services feature(s) on reasonable terms, Supplier may cease providing such Services feature(s) without entitling Customer to any refund, credit, or other compensation.

TERM

The term of this Agreement shall commence on the Effective Date and shall continue until the date that the Application Service(s) set forth in all Order Forms are completed, expired or terminated in accordance with the terms therein or this Agreement (the “Term”). If not specified in an Order Form, and subject to Section 2.9 above, the initial Subscription Term of the Services procured by Customer under that Order Form shall continue for a period of five (5) years from the Effective Date of the applicable Order Form (“Initial Subscription Term”). Thereafter, the Subscription Term will automatically renew for additional renewal Subscription Terms of twelve (12) months (“Renewal Subscription Term”), but: (a) Customer or Supplier may elect to not renew the subscription by providing written notice to the other party at least ninety (90) days before the commencement of the next Renewal Subscription Term, and (b) Supplier reserves the right to change any fees under this Agreement for any Renewal Subscription Term or as otherwise expressly provided by this Agreement by providing written notice to Customer.

FORCE MAJEURE

No party will be in default if its delay or failure to perform any obligation under this Agreement is caused solely by a Force Majeure Event. This Section 5 does not excuse either party’s obligation to take reasonable steps to follow its normal disaster recovery procedures or Customer’s obligations to pay amounts due under this Agreement.

FEES AND PAYMENT

Services Fees. Customer will pay Supplier the Services Fees and any other amounts owing under this Agreement within thirty (30) days of the invoice date unless otherwise specified on the Order Form, plus any applicable sales, use, excise, or other taxes. The fees for Add-on Services and other items procured during an existing Subscription Term will be prorated through the end date of the Subscription Term for the applicable Services. Except as otherwise specified in an Order Form (a) payment obligations are non-cancellable and fees paid are nonrefundable; and (b) Applications Services subscriptions may only be reduced with at least ninety (90) days’ written notice prior to the commencement of a Renewal Subscription Term. If any fee payable is not paid within thirty (30) days from the date of the date of the invoice, Customer shall pay Supplier interest on the amount outstanding from the date due until payment is made at the rate of 1.5% of the outstanding balance per month, or the maximum permitted by law, whichever is lower, from the date such payment was due until the date paid.

Suspension of Services and Acceleration. If Supplier does not receive any amount due from Customer under this Agreement within fifteen (15) days of when the amount became overdue, Supplier may, without limiting Supplier’s other rights and remedies, accelerate Customer’s unpaid fee obligations under this Agreement so that all such obligations for payment to Supplier become immediately due and payable under the Subscription Term, and/or suspend Services to Customer until such amounts are paid in full. Supplier will give Customer at least seven (7) days’ prior notice that Supplier intends to accelerate the unpaid fees and/or suspend Services, in accordance with Section 13.1 (Notice), before accelerating fees and/or suspending Services to Customer. If Customer requires Supplier to use a system of payment that causes Supplier to incur any fees or Supplier incurs fees in connection with the Services, Supplier may invoice, and Customer will pay, all of those amounts.

Taxes. Other than net income taxes imposed on Supplier, Services Fees are exclusive of all taxes, duties, and other governmental charges (collectively, “taxes”) and Customer shall pay such applicable taxes in addition to the Services Fees to Supplier. Supplier shall invoice Customer the amount of the applicable taxes and Customer shall make payment under the invoice to Supplier within thirty (30) days of the invoice date. Customer will provide Supplier with official receipts issued by the appropriate taxing authority or such other evidence as is reasonably requested by Supplier to establish that such taxes have been paid.

No set-Off. Customer shall pay all amounts due to Supplier in full, without any set-off, counter-claim or deductions.

TERMINATION OF APPLICATION SERVICES

Termination for Material Breach. Either party may immediately terminate this Agreement and all Order Forms issued hereunder, in whole or in part, in the event the other party commits a material breach of any provision of this Agreement (other than the failure to pay any fees due under this Agreement, which is addressed below) which is not cured within thirty (30) days of written notice from the non-breaching party. A notice of breach of this Agreement shall not constitute a notice of termination under this Agreement. Any notice of termination shall be provided separately. If Supplier does not receive any amount due from Customer within thirty (30) days of when the amount became overdue, Supplier may terminate this Agreement, the Services, or any Order Form.

Additional Termination Rights. Supplier may immediately terminate this Agreement and all Order Forms issued hereunder, in whole or in part, in the event: (a) Customer assigns or transfers any rights under this Agreement unless approved in writing in advance by Supplier; (b) Customer threatens, or resolves to become, subject to any form of insolvency administration; or (c) Customer ceases or threatens to cease carrying on its business, ceases to conduct its business in the ordinary course, enters into a compromise or arrangement, scheme or arrangement or compromise with or for any of its creditors, or makes a general assignment for the benefit of its creditors.

Post-Termination Obligations. Upon expiration or termination of this Agreement: (a) Supplier may upon notice to Customer deactivate the Customer’s account and discontinue the provision of Services, (b) the total amount of all unpaid fees for the entire Subscription Term will become immediately due upon the deactivation or suspension of Services in accordance with Section 6.2.

(Suspension of Services); (c) Supplier will archive the Customer Data for thirty (30) days after Supplier deactivates the Services, (d) upon Customer’s written request at least fourteen (14) days prior to the date when Supplier may deactivate the Services, Supplier will make the Customer Data available to Customer in a mutually agreed to format at Supplier’s then current Professional Services rates, and (e) subject to 7.3(d), Supplier will be entitled to delete all Customer Data thirty (30) days following the deactivation date of the Services.

Survivorship. The following Sections will survive expiration or termination of this Agreement: 1, 2.11, 5, 6.1, 6.3, 7.3, 7.4, 8.3, 9.2, 9.3, 10, 11, and 13.

WARRANTIES, REMEDIES, AND DISCLAIMER

Mutual Warranties. Each party represents and warrants to the other that this Agreement has been duly executed and delivered and constitutes a valid and binding agreement enforceable against such party in accordance with its terms.

Supplier Warranties. During the Subscription Term, Supplier warrants that: (a) it will use reasonable endeavors for the Application Services to operate without Errors; and (b) the Managed Cloud Services will be performed in a professional and workmanlike manner. As Customer’s sole and exclusive remedy for Supplier’s breach of these warranties, Supplier shall use commercially reasonable endeavors to modify the Application Services to correct the Error or provide the Managed Cloud Services in a professional and workmanlike manner, as applicable. If Supplier is unable to do so in a commercially reasonable period of time given the severity of the Error or failure to perform Managed Cloud Services as warranted (not less than 30 days for either material Errors or failures to perform Managed Cloud Services as warranted, or such longer period as may be required for nonmaterial Errors or nonmaterial failures of the Managed Cloud Services to perform as warranted), Customer shall be entitled to terminate the Agreement pursuant to Section 7.1 (Termination for Material Breach) hereof and receive a pro rata refund of the subscription fees paid for its use of the Services for the terminated portion of the Subscription Term that follows the effective date of termination. The remedies in this Section 8.2 (Supplier Warranties) represent Supplier’s sole obligations and liability for a breach of the foregoing warranties. Customer must provide written notice to Supplier of any warranty claim. Such warranty shall apply only if the applicable Services have been utilized in accordance with the applicable Documentation, this Agreement and applicable law.

Disclaimer. Customer assumes sole responsibility for results obtained from the use of the Services by Customer, and for conclusions drawn from such use and any reliance placed by the Customer on such results, and Supplier has no control over such use. Further, Supplier does not warrant that any information provided through the Services is accurate or complete or that any information provided through the Services will always be available Supplier shall have no liability for any damage caused by errors or omissions in any Customer Data provided to Supplier by Customer in connection with the Services, or any actions taken by Supplier at Customer’s direction. Except as expressly set out in this Agreement or any Order Form, (a) all warranties, representation conditions and all other terms of any kind whatsoever, whether implied by statute or common law or in any way otherwise, are hereby to the fullest extent permitted by applicable law expressly disclaimed and excluded from this Agreement; (b) the warranties within this Agreement do not guarantee that the Application Services will be secure, perform uninterrupted, or error-free, or that Supplier will be able to correct all errors or that the services meet customer’s requirements; and (c) the Services are provided to Customer on an “as is” basis.

INDEMNITY OBLIGATIONS

Supplier’s Indemnity Obligations. Subject to the terms of this Section 9 (Indemnity Obligations), Supplier shall defend, indemnify and hold harmless Customer and its Affiliates from and against any claims, actions, loss, damages, cost and expense (including reasonable legal fees) that Customer incurs because of a third-party claim that the use of the Application Services as used in accordance with this Agreement infringe a third party’s Intellectual Property Rights. Supplier will have no obligation to indemnify Customer or liability for any such third party infringement claim to the extent caused by: (a) the use of the Application Services in violation of this Agreement or applicable law;(b) the use of the Application Services after Supplier notifies Customer to discontinue use because of an infringement claim; (c) modifications to the Application Services not made by Supplier or made by Supplier based on Customer specifications or requirements; and (d) the use of the Application Services in combination with any non-Supplier software, application, or service; and/or (e) any product or service offered by Customer.

Customer’s Indemnity Obligations. Customer shall defend, indemnify and hold harmless Supplier, its Affiliates and third parties from and against any claim, actions, loss, damages, cost and expense (including reasonable legal fees) that Supplier incurs because of a third party claim alleging that: (a) Customer’s use of the Application Services miscalculated or otherwise mistakenly charged such third party for taxes, payments, or other amounts that were not otherwise properly owed as a result of Customer’s input and/or failure to use the Application Services in accordance with Documentation and/or failure to verify each asset location and applicable tax rate; (b) the Customer Data or use of any trademarks or service marks, infringe the copyright or trademark or misappropriates the trade secrets of a third party, or has caused harm to a third party; or (c) arising out of Customer’s breach of Section 2 (Use of the Services).

Notice and Obligations to Receive Indemnity. A party seeking indemnity agrees to no later than thirty (30) days after it receives notice of the claim or action (or sooner if required by applicable laws) to: (a) promptly notify the indemnifying party in writing as to any such third-party claim or action; (b) give the indemnifying party sole control of the defense and any settlement negotiations, provided, that the indemnifying party will not agree to any settlement without the indemnified party’s prior written consent, unless such settlement includes a release of all claims by the claiming party against the indemnified party, does not require payment of any money by the indemnified party, and does not require the indemnified party to admit any wrongdoing, and (c) provide the indemnifying party with the information, authority, and assistance reasonably necessary to defend against or settle any such claim or proceeding. If the indemnified party chooses to represent its own interests in any such action, it may do so at its own expense, but such representation must not prejudice the indemnifying party’s right to control the defense of the claim and negotiate its settlement or compromise.

Mitigation/Limited Remedy. In the event of an infringement claim against Customer, or if Supplier reasonably believes the Application Services may infringe or misappropriate the Intellectual Property Rights of another, Supplier may in its sole discretion and at no cost to Customer (a) modify the Application Services so that they no longer infringe or misappropriate, without breaching Supplier’s warranty set forth in Section 8.2(a) (Supplier Warranties), (b) obtain a license for Customer’s continued use of the Application Services in accordance with this Agreement, or (c) terminate Customer’s subscriptions for such Application Services upon thirty (30) days’ written notice and refund to Customer any prepaid fees covering the remainder of the Subscription Term after the effective date of termination. THIS SECTION 9.4 (Mitigation/Limited Remedy) SETS FORTH SUPPLIER’S EXCLUSIVE OBLIGATION AND LIABILITY AND CUSTOMER’S EXCLUSIVE RIGHTS AND REMEDIES WITH RESPECT TO INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS.

LIMITATIONS OF LIABILITY

Exclusion of Liability. SUBJECT TO SECTIONS 10.2 (CAP ON LIABILITY) AND 10.5 (EXCLUSIONS NOT PERMITTED UNDER LAW), NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED IN THIS AGREEMENT SUPPLIER ITS AFFILIATES AND THIRD PARTIES WILL NOT BE LIABLE TO ANYONE WHETHER IN TORT (INCLUDING FOR NEGLIGENCE OR BREACH OF STATUTORY DUTY), CONTRACT, MISREPRESENTATION, RESTITUTION, THROUGH INDEMNIFICATION OR OTHERWISE FOR ANY: (A) LOST PROFITS OR REVENUE; (B) LOSS OF BUSINESS; (C) DEPLETION OF GOODWILL AND/OR SIMILAR LOSSES; (D) LOSS OR CORRUPTION OF DATA OR INFORMATION; (E) PURE ECONOMIC LOSS; (G) INCIDENTAL, CONSEQUENTIAL, PUNITIVE, COVER, SPECIAL, RELIANCE OR EXEMPLARY DAMAGES, CHARGES OR EXPENSES, HOWSOEVER ARISING UNDER OR IN CONNECTION WITH THIS AGREEMENT AND ALL ORDER FORMS (AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES).

Cap on Liability. SUBJECT TO SECTION 10.5 (EXCLUSIONS NOT PERMITTED UNDER LAW), THE TOTAL AGGREGATE MAXIMUM LIABILITY OF SUPPLIER AND ITS AFFILIATES AND THIRD PARTIES ARISING UNDER OR IN CONNECTION WITH THIS AGREEMENT, ALL ORDER FORMS AND ANY LICENSE, USE OR OTHER EMPLOYMENT OF THE APPLICATION SERVICES, WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED ON BREACH OF CONTRACT, BREACH OF WARRANTY, NEGLIGENCE, TORT, STATUTORY DUTY, THROUGH INDEMNIFICATION OR OTHERWISE, SHALL BE AN AMOUNT EQUAL TO THE EQUIVALENT OF THE MOST RECENT TWELVE (12) MONTHS OF APPLICATION SERVICES FEES ACTUALLY PAID TO SUPPLIER BEFORE THE TIME OF THE EVENT, AND IN THE EVENT OF A BREACH OF SECTIONS 11 (CONFIDENTIAL INFORMATION) OR 12 (SAFEGUARDING CUSTOMER DATA) OF THIS AGREEMENT, SUCH MAXIMUM LIABILITY OF SUPPLIER SHALL BE AN AMOUNT EQUAL TO TWO (2) TIMES THE EQUIVALENT OF THE MOST RECENT 12 MONTHS OF APPLICATION SERVICES FEES ACTUALLY PAID TO SUPPLIER THE TIME OF THE EVENT.

Exceptions. THIS SECTION 10 SETS OUT THE ENTIRE FINANCIAL LIABILITY OF SUPPLIER (INCLUDING ANY LIABILITY FOR THE ACTS OR OMISSIONS OF ITS EMPLOYEES, AGENTS AND SUB-CONTRACTORS) TO CUSTOMER: (A) ARISING UNDER OR IN CONNECTION WITH THIS AGREEMENT; (B) IN RESPECT OF ANY USE MADE BY CUSTOMER OF THE SERVICES OR ANY PART OF IT; AND IN RESPECT OF ANY REPRESENTATION, STATEMENT OR TORTIOUS ACT OR OMMISSION (INCLUDING NEGLIGENCE) ARISING UNDER OR IN CONNECTION WITH THIS AGREEMENT; AND (C) THE LIMITATIONS OF LIABILITY SET FORTH IN SECTION 10.2 (Cap on Liability) SHALL NOT APPLY TO: (I) FEES PAID OR PAYABLE UNDER THIS AGREEMENT; (II) A BREACH OF SECTIONS 2.8 – 2.11 (Use Restrictions, Compliance with Laws, Protection against Unauthorized Use, and Ownership Rights); (III) EITHER PARTY’S INDEMNITY OBLIGATIONS EXCEPT AS SET FORTH IN SECTION 9.4 (Mitigation/Limited Remedy); OR (D) DAMAGES CAUSED BY A PARTY’S DELIBERATE AND INTENTIONAL BREACH.

Independent Allocations of Risk. EACH PROVISION OF THIS AGREEMENT THAT PROVIDES FOR A LIMITATION OF LIABILITY, DISCLAIMER OF WARRANTIES, OR EXCLUSION OF DAMAGES IS TO ALLOCATE THE RISKS OF THIS AGREEMENT BETWEEN THE PARTIES. THIS ALLOCATION IS REFLECTED IN THE PRICING OFFERED BY SUPPLIER TO CUSTOMER AND IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES. EACH OF THESE PROVISIONS IS SEVERABLE AND INDEPENDENT OF ALL OTHER PROVISIONS OF THIS AGREEMENT. THE LIMITATIONS IN SECTION 8 AND THIS SECTION 10 WILL SURVIVE AND APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY IN THIS AGREEMENT.

Exclusions not permitted under law. NOTHING IN THIS AGREEMENT EXCLUDES THE LIABILITY OF EITHER PARTY FOR: (A) DEATH OR PERSONAL INJURY CAUSED BY THAT PARTY’S NEGLIGENCE; (B) FRAUD OR FRAUDULENT MISREPRESENTATION; OR (C) ANY LIABILITY WHICH CANNOT BE EXCLUDED OR LIMITED BY LAW.

CONFIDENTIAL INFORMATION

Confidentiality. The Confidential Information disclosed under this Agreement may be used, disclosed or reproduced only to the extent necessary to further and fulfill the purposes of this Agreement. Except as otherwise permitted under this Agreement, the Receiving Party will not knowingly disclose to any third party, or make any use of the Disclosing Party’s Confidential Information. The Receiving Party will use at least the same standard of care to maintain the confidentiality of the Disclosing Party’s Confidential Information that it uses to maintain the confidentiality of its own Confidential Information, but in no event less than reasonable care. The non-disclosure and non-use obligations of this Agreement will remain in full force with respect to each item of Confidential Information for a period of five (5) years after Receiving Party’s receipt of that item; provided, however, that Customer’s obligations to maintain the Services and Documentation as confidential will survive in perpetuity. In addition, each party shall only hold all Personal Data as Confidential Information for as long as required by the applicable statutory, legal and regulatory requirements and as set out in Section 12 where Supplier acts as a processor of Customer. Each of Supplier and Customer shall be shall be responsible for the breach of the confidentiality terms contained in this Section 11 (Confidential Information) by any of its directors, officers, employees, Authorized Users, agents, accountants and advisors. Notwithstanding the foregoing, this Section 11 is not intended to prevent: (a) Supplier from using suggestions for product improvements provided by Customers, subject to any Intellectual Property Rights of the Disclosing Party; or (b) Supplier from using aggregated data regarding the use of the Managed Cloud Services to provide reports or analytics to Customer or to improve the performance of the Services, provided such data does not contain any Personal Data regarding Customer, its employees, customers or Authorized Users.

Exceptions. Notwithstanding the above, nothing herein shall prevent Receiving Party from disclosing Confidential Information Receiving Party is required to disclose by court order pursuant to the rules and regulations of a governmental agency or as required to be disclosed by law, by any competent jurisdiction or by any regulatory or administrative body that Receiving Party is subject to, to the extent so required; provided, however, that prior to any such disclosure, Receiving Party shall, when legally permissible: (a) notify Disclosing Party promptly in writing of any order or request to disclose and of the facts and circumstances surrounding such order or request so that the Disclosing Party may seek an appropriate protective order; and (b) cooperate with Disclosing Party, at Disclosing Party’s sole cost and expense, in any proceeding to obtain an appropriate protective order.

Notification Obligations. Receiving Party will promptly provide Disclosing Party with written notice of any actual or threatened breach of which it is aware. Receiving Party agrees to take all reasonable measures, including, but not limited to, court proceedings at each Receiving Party’s own expense, to restrain current or future officers, employees, agents, consultants, contractors or advisors from unauthorized use or disclosure of Confidential Information.

Termination. Subject to Section 12.5, Receiving Party shall: (a) when contractually permissible or otherwise legally required and reasonably requested by Disclosing Party; or (b) upon the expiration of this Agreement, whichever occurs first, promptly destroy Confidential Information of Disclosing Party, any copies thereof, and all notes, correspondence, documents or other records relating to Confidential Information then in Receiving Party’s possession; provided, however, Receiving Party may keep an archival set of its working papers together with such copies of Disclosing Party’s Confidential Information necessary to comply with applicable laws, regulations and professional standards with respect to the documentation of work performed.

SAFEGUARDING CUSTOMER DATA & DATA PROTECTION

Safeguarding Customer Data. Supplier shall maintain appropriate administrative, physical, and technical safeguards designed to protect the security, confidentiality and integrity of Customer Data in the possession or under the control of Supplier or to which Supplier has access, which are: (a) no less rigorous than those maintained by Supplier for its own information of a similar nature; (b) no less rigorous than generally accepted industry standards; and (c) required by applicable laws. Other than with respect to Supplier’s rights to de-identified data described in Section 2.11(a), Supplier shall not: (i) modify Customer Data; (ii) disclose Customer Data except as compelled by law in accordance with Section 11.2 (Exceptions) or as expressly permitted in writing by Customer; or (iii) access Customer Data, except to provide the Services and prevent or address service or technical problems, monitor, make improvements, or adjustments to the Managed Cloud Services or at Customer’s request in connection with Customer support matters. Customer acknowledges that Supplier will have no obligation to protect Customer Data that is created in user defined fields within the Services unless the use of those fields are enabled as part of Supplier’s Professional Services or Managed Cloud Services.

Security. Without limiting the generality of Subsection 12.1, Supplier shall implement, maintain, and adhere to security policies and standards designed to protect Customer Data. Supplier’s public-facing Security Standards are attached hereto as Exhibit B, which may be updated from time to time.

Cloud Provider. Supplier currently leverages Amazon Web Services (“AWS”) for its infrastructure and service components. For these components, Supplier works in a shared responsibility model with AWS. AWS operates, manages, and controls the components from the host operation system and virtualization layer down to the physical security of the facilities in which the services operate, including network and internet connectivity, while the Supplier assumes responsibilities and management of the guest operating system and configuration of the AWS provided security group firewall. Supplier may change its cloud provider in its sole discretion upon advance written notice to Customer, which may be in the form of an email or other electronic transmission.

Compliance with Data Protection. Both parties will comply with all applicable requirements of Data Protection Laws. Sections 12.4-12.9 are in addition to, and does not relieve, remove or replace, a party’s obligations under Data Protection Laws.

Supplier as Processor. If Supplier processes any Personal Data on Customer’s behalf when performing its obligations under this Agreement (the scope, nature, purpose and duration of which and the types of Personal Data will be set out in the Exhibit D), the parties acknowledge that for the purpose of the Data Protection Laws, Customer is the controller and Supplier is the processor. In any such case, and without prejudice to the generality of section 12.4:

(a) Supplier shall process the Personal Data only on the written instructions reasonably given by Customer from time to time which are comprised within this Agreement and any relevant Order Form, unless Supplier is required by the laws of the United Kingdom or the European Union applicable to Supplier to process the Personal Data. Where Supplier is relying on such applicable laws as the basis for processing, Supplier shall promptly notify Customer of this before performing the processing required by such applicable laws unless these laws prohibit Supplier from notifying Customer;
(b) Customer warrants, represents and undertakes that: (i) all Personal Data sourced by Customer and provided to or accessed by Supplier in performing its obligations under this Agreement shall comply in all respects, including in terms of its collection, storage and processing (which shall include Customer providing all of the required fair processing information to, and obtaining all necessary consents from, data subjects), with the Data Protection Laws and any other applicable data protection legislation; and (ii) all processing instructions given by it to Supplier in respect of the Personal Data shall at all times be in accordance with the Data Protection Laws and any other applicable data protection legislation;
(c) each party shall take reasonable technical and organisational measures against unauthorised or unlawful processing of the Personal Data or its accidental loss, destruction or damage appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it. In this regard, Supplier will implement the measures described in Section 12.2. If Customer considers that the technical and organizational measures implemented are insufficient or Customer requires alternative or additional measures, these could be implemented by mutual agreement and subject to Customer paying any additional costs;
(d) pursuant to Section 12.1, Supplier shall ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential;
(e) Supplier shall, at Customer’s cost, provide such reasonable assistance to Customer as Customer reasonably requires (taking into account the nature of processing and the information available to Supplier) in relation to any request from a data subject and in ensuring compliance with Customer’s obligations under the Data Protection Laws with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
(f) Customer agrees that Supplier may transfer Personal Data to countries outside the European Economic Area provided that the following conditions are fulfilled: (i) Customer or Supplier has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; and (iii) Supplier complies with its obligations under the Data Protection Laws by providing an adequate level of protection to any Personal Data that is transferred;
(g) Supplier shall notify Customer without undue delay on becoming aware of a personal data breach in compliance with Exhibit B, paragraph 6;
(h) Supplier shall, following the process set out in Section 7.3, delete or return the Personal Data to Customer on termination or expiry of this Agreement;
(i) Supplier shall within three months of a request from Customer (and at Customer’s cost) make available to the Customer, such information as is reasonably necessary to demonstrate its compliance with this Section 12.5.

Consent to Use Sub-Processor. Where Supplier act as processor of Customer, Customer consents to Supplier’s use of sub-processors engaged in the processing of Customer’s Personal Data by way of a general authorisation in respect of all sub-processors which exist at the date of this Agreement (or Order Form as applicable) and which may be appointed from time to time by Supplier.

Liability when processing under Customer’s instruction. Customer acknowledges that Supplier is reliant on Customer for instructions as to the extent to which Supplier is entitled to process any Personal Data. Consequently, to the maximum extent permitted by law, Supplier shall have no liability howsoever arising (whether in contract, tort (including negligence) or otherwise) for any losses, costs, expenses or liabilities arising from or in connection with any processing it carries out in accordance with Customer’s instructions.

Data Protection Indemnity. Customer shall indemnify Supplier and hold Supplier harmless against all liabilities, costs, expenses, damages and losses (including but not limited to any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) and all other reasonable professional costs and expenses) suffered or incurred by, awarded against or agreed to be paid by, Supplier and any sub-contractor or service provider arising from or in connection with any: (a) non-compliance by Customer with the Data Protection Laws; (b) processing carried out by Supplier or any sub-contractor or service provider pursuant to any processing instructions from Customer that infringes any Data Protection Laws; or (c) breach by Customer of its obligations under this Section 12, except to the extent Supplier is liable under Section 12.9.

Subject at all times to Section 10, Supplier shall be liable for any losses, costs, expenses or liabilities (howsoever arising, whether in contract, tort (including negligence) or otherwise) under or in connection with this Agreement: (a) only to the extent caused by the processing of Personal Data under this Agreement and directly resulting from Supplier’s breach of this Section 12; and (b) in no circumstances to the extent that any such losses, costs, expenses or liabilities (or the circumstances giving rise to them) are contributed to or caused by any breach of this Agreement by Customer.

GENERAL

Notice. The following notice types must be in writing and given within the time periods set forth below and will be deemed given when delivered personally; sent by registered or certified mail, return receipt requested; confirmed by first class mail; or sent by overnight courier. Notices must be sent to a party at its address shown on the signature page of this Agreement, or to such other place as the party may subsequently designate for its receipt of notices in accordance with this Section.

NOTICE TYPE:	TIME PERIOD:
Infringement claim	Within thirty (30) days of notification of claim (or sooner if required by law)
Breach of Section 8.2 or other breach by Supplier	Within ninety (90) days of breach
Fee dispute	Within thirty (30) days from date of invoice
Non-renewal of Subscription Term	Within (90) days before the commencement of the next Renewal Subscription Term

All other notices and correspondence, including invoices, payments, and other documents and communications may be sent electronically or via regular mail.

Independent Contractors. The parties to this Agreement are independent contractors. This Agreement does not (nor does it intend to) create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties. No party will have the power to bind the other, nor will any party misstate or misrepresent its relationship under this Agreement.

Anti-Corruption. Customer has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any Supplier employees or agents in connection with this Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If Customer learns of any violation of the above restriction, Customer will promptly notify Supplier’s Legal Department ([email protected]).

No Third-Party Beneficiaries. Supplier and Customer intend that this Agreement will not benefit or create any right or cause of action in, or on behalf of, any person or entity other than the parties (other than, where applicable, their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.

Waiver. No failure or delay, even if recurring, by either party in exercising any right under this Agreement shall constitute a waiver of that right. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.

Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision shall be, to the extent required severed or modified and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in effect.

Legal Fees. Customer shall pay on demand all of Supplier’s reasonable legal fees and other costs incurred by Supplier to collect any fees or charges due Supplier under this Agreement following Customer breach of Section 6.1 (Services Fees).

Assignability. Customer may not assign, sublicense, sub-contract, charge, publish, sell, transfer, or otherwise exploit this Agreement or any rights or obligations under this Agreement whether by operation of law or otherwise, without the prior written consent Supplier. For purposes of this Agreement, an “assignment” includes use of the Services for the benefit of any third party to a merger, acquisition and/or other consolidation by, with or of Customer, including any new or surviving entity that results from such merger, acquisition and/or other consolidation. Any attempt at such assignment will be void without the prior written consent of Supplier. The Supplier may at any time assign, sublicense, sub-contract, charge, publish, sell, transfer, or otherwise exploit any other manner with all or any of its rights or obligations under this Agreement upon giving written notice to Customer.

Export. The Services, other technology Supplier make available, and derivatives thereof may be subject to export laws and regulations of the United States and other jurisdictions. Each party represents that it is not named on any U.S. government denied-party list. Customer shall not permit any access or use of any Services in a U.S.-embargoed country or in violation of any U.S. export law or regulation.

Contractors. Subject to Section 12.6, Supplier may perform any of its obligations under this Agreement though any of Supplier’s Affiliates or subcontractors (“Contractors”), but, in all such cases, Supplier will remain subject to the obligations contained in this Agreement. Supplier will keep and have available all necessary records and make all payments, reports, collections, and deductions, and otherwise do any and all things necessary so as to fully comply with all federal, state and local laws, ordinances and regulations regarding its Contractors.

Non-Solicitation. During the term of the Services and for a period of twelve (12) calendar months after the Supplier has ceased supplying Services to the Customer for any reason, the Customer must not, and will procure that any affiliate of Customer does not, directly or indirectly offer to hire, hire, Solicit for employment or retention as an independent contractor, or in any way employ or allow any Resource of Supplier to perform services that are the same or similar to Services performed by Supplier in connection with Supplier’s products without the prior written consent of Supplier. For purposes of this Section: “Resource” means: (a) employees or independent contractors of Supplier who performed Services or demonstrations of the Supplier’s products for Customer; and (b) former employees of Supplier who have performed services in connection with the Application Services and whose employment with Supplier ended less than twelve (12) months prior to the date of such offer to hire, hire, Solicitation, or employment; and “Solicit” does not include: (1) general solicitations, such as advertisements in newspapers, trade publications or directed at a broad audience; or (2) referrals to Customer by a search firm, employment agency or similar firm, provided, however, that such firm was not specifically directed by Customer. Notwithstanding the foregoing, Customer is not permitted to hire or offer for hire any Supplier Resource to perform services that are the same or similar to Services performed by Supplier in connection with Supplier’s products if such Resource responds to a general solicitation or referral as described in (1) and (2) above. In the event a court or competent jurisdiction deems any term, obligation, or condition of this section unenforceable, the provisions of Section 13.7 shall apply. Supplier may give written consent to Customer to Solicit a Resource and any such consent given by Supplier shall be subject to Customer paying to Supplier a sum equivalent to 20% of the then current annual remuneration (or if such Resource is a former employee the most recent annual remuneration) of such Resource or, if higher, 20% of the annual remuneration to be paid by Customer to that Resource.

Publicity. Supplier may publicly disclose Customer name when included in a list of Supplier customers including but not limited to general marketing materials, website and communications. Subject to Customer’s approval, which will not be unreasonably withheld, Supplier may issue a press release concerning this Agreement, and post such press release on Supplier’s website. Supplier agrees to provide a quote for the press release and to promptly review drafts.

Governing Law. This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales. Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this agreement or its subject matter or formation (including non-contractual disputes or claims).

Counterparts. This Agreement and any amendments to this Agreement or other signed agreement or instrument entered into in connection with this Agreement, may be executed in counterpart. Any such counterpart, to the extent delivered by means of digital imaging, facsimile machine, or electronic mail will be treated in all manner and respects as an original executed counterpart and will be considered to have the same binding legal effect as if it were the original signed version thereof delivered in person.

Entire Agreement and Modifications. This Agreement, including the Order Forms, and all exhibits referenced therein, are the complete and exclusive statement of the Agreement and supersede all prior understandings and other prior or contemporaneous oral or written communications or obligations between the parties relating hereto, all of which are terminated. Each party acknowledges that in entering into this Agreement and any Order Forms, it does not rely on any statement, representation assurance or warranty (whether made innocently or negligently) that is not set out in this Agreement or any Order Form. Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in the Agreement or any Order Form. No usage of trade or other regular practice or method of dealing between the parties will be used to modify, interpret, supplement, or alter the terms of this Agreement. No modification of this Agreement will be effective unless it is in writing, is signed by each party, and expressly provides that it amends this Agreement. Supplier will not be bound by, and specifically objects to, any term, condition, or other provision that is different from or in addition to this Agreement that is proffered by Customer in any purchase order, receipt, acceptance, confirmation, correspondence, or otherwise, unless Supplier specifically agrees to such provision in a writing signed by an authorized agent of Supplier.

Section, Exhibit and paragraph headings shall not affect the interpretation of this Agreement.
A person includes an individual, corporate or unincorporated body (whether or not having separate legal personality).
Unless the context otherwise requires, a reference to one gender shall include a reference to the other genders.
A reference to a statute or statutory provision is a reference to it as it is in force as at the date of this Agreement.
A reference to a statute or statutory provision shall include all subordinate legislation made as at the date of this agreement under that statute or statutory provision.
A reference to writing or written includes email but not faxes.
References to Sections and Exhibits are to the Sections and Exhibits of this Agreement; references to paragraphs are to paragraphs of the relevant Exhibit to this Agreement.
Any obligation on a party not to do something includes an obligation not to allow that thing to be done.
Any words following the terms including, include, in particular, for example, e.g. or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.
In the case of conflict or ambiguity between: (a) any provision contained in the body of this Agreement and any provision contained in the Exhibits, the provision in the body of this Agreement shall take precedence; and (b) the provisions of any Order Form and the provisions contained in the body of this Agreement (including Exhibits), the provisions contained in the Order Form shall take precedence

Exhibit A

Managed Cloud Services

OPERATIONAL MANAGED CLOUD SERVICES

Operational Managed Cloud Services are defined as those infrastructure and application management Services that are performed on a regular and ongoing basis to help ensure that the infrastructure and application are running optimally. This includes troubleshooting infrastructure and application issues. Regular application maintenance activities are also included such as Nightly Jobstream execution (NJS) and period-end processing. The following list contains the primary Operational Managed Cloud Services that are included as part of the cloud offering.

1. Infrastructure Management

System upgrades
Application upgrades & patches
Backup & restore
Pro-active system monitoring
Database maintenance
Security audits & penetration scans
System, network and security incidents
troubleshooting
Change Management

2) Application Administration

Pro-active application monitoring
Application troubleshooting & issue
resolution
Portfolio Management specific administrative
services
Nightly Jobstream execution
Nightly Jobstream monitoring &
troubleshooting
Pre & post NJS processes (invoice, payment
batches, ACH, lockbox, credit bureau
extracts, period end close & purge
Period end processing (NJS)

ADHOC MANAGED CLOUD SERVICES

Adhoc Managed Cloud Services are those Services that the cloud application management team will do in response to an adhoc ticket submission from a cloud customer. The intent of these Services is to support the day to day administration of the Portfolio Management Service and Originations Service. Substantial changes to the Application Services including new functionality and packages, business process changes, and major re-configurations, require a separate time and materials engagement. The time spent providing Adhoc Managed Cloud Services is capped at 15 hours/month, and thereafter additional fees shall apply. The hours will not carryover from month to month. The following list contains some of the Adhoc Managed Cloud Services that may be needed. This is not an exclusive list but a sample of the types of Adhoc Managed Cloud Services the application administration team will provide.

1) Portfolio Management Application Administration

User account & password management
User-defined field creation
Destination maintenance
Contract messages
Company parameters
Parent code updates
Recalculate depreciation tables
User-defined worklist parameters

2) Originations Application Administration

Tasks
Tables and codes setup
Reason codes setup
User-defined fields
User-defined groups
Document status
Decision code setup
Form group template setup
Form setup
Flexible worklist setup
User interface templates
Users
User association setup
User group setup
IAQE tables (rate table, bid tables, etc.)

Exhibit B

Security Standards

Information Security Program. Supplier will maintain an information security program (including the adoption and enforcement of internal policies and procedures) designed to (a) identify reasonably foreseeable and internal risks to security and unauthorized access to the Supplier network, (b) minimize security risks, including through risk assessment and regular testing; and (c) address information security, physical security, and business continuity management.

Network Security.

(a) Vulnerability Identification. Supplier will use commercially reasonable efforts to monitor, on a regular basis, reputable sources of computer security vulnerability information such as FIRST, CERT/CC, and Supplier mailing lists, and take appropriate measures to obtain, test, and apply relevant service packs, patches, upgrades, and workarounds.
(b) Access Controls. The Supplier network on which Customer Data is stored will be electronically accessible to employees, contractors and any other person only as necessary to provide the Services. Supplier will maintain access controls and policies to manage what access is allowed to the Supplier network from each network connection and user.
(c) Secure Transmission. Supplier shall ensure that all remote administrative access to production systems of the Supplier network is performed over encrypted connections (e.g., SSH, SCP, SSL-enabled web-management interfaces, and VPN solutions).
(d) Penetration Testing. Supplier (or its service provider) will conduct external and internal penetration tests on an annual basis and provide to Customer a summary of the report detailing any critical and high-level issues based on the CVSS rating assigned to the issue as it applies to Customer Data, if requested by Customer. If such penetration tests expose vulnerabilities that Supplier believes could result in a breach of security, Supplier shall use commercially reasonable efforts to implement an appropriate remedy in a timely manner.
(e) Log Maintenance. Supplier will maintain material event log files concerning activity on the Customer network related to: (a) user sessions established; (b) failed user authentication attempts and unauthorized attempts to access resources; and (c) events generated (e.g., commands issued) to make changes in security profiles, permission levels, application security configurations, and/or system resources.
(f) The Supplier shall ensure that all Customer Data is protected by encryption while in use, at rest and during transmission. Supplier shall not unlock, reverse engineer, or otherwise link to a known person, hashed, encrypted, or otherwise anonymized Customer Data.
(g) Intrusion Protection and Detection. Supplier shall deploy multiple layers of defense on Supplier network, including, but not limited to firewalls, network intrusion detection, and host-based intrusion detection systems. All security monitoring systems including, but not limited to, firewalls and intrusion detection systems will be monitored 24 hours per day, 365 days per year. Supplier shall configure firewalls, network routers, switches, load balancers, name servers, mail servers, and other network components in accordance with commercially reasonable industry standards. Supplier shall maintain corrective action and incident response plans to respond to potential security threats. Supplier shall configure infrastructure platforms and services (operating systems, web servers, database servers, firewalls, routers, etc.) used to provide Services under this Agreement and authentication mechanisms according to reasonable industry standards.

Personnel

(a) Coordination and Training. Supplier shall ensure that one or more employees coordinate the information security program, and that applicable employees are regularly trained on how to comply with the information security program. All personnel having access to Customer Data shall be informed of its restricted nature and their obligations with respect to protection and restricted use of Customer Data.
(b) Pre-Employment Screening. Supplier shall conduct criminal background checks, as permitted by applicable law, as part of pre-employment screening practices for employees and contractors commensurate with the employee’s or contractor’s position and level of access to the Facilities. Supplier will not permit an employee or contractor to have access to the non-public Customer Data if such employee or contractor has failed to pass such background check.

Physical Security

(a) Physical Access Controls. Physical components of the Supplier network are housed in nondescript facilities (the “Facilities”). Physical barriers are used to prevent unauthorized entrance to the Facilities both at the perimeter and at building access points. Passage through the physical barriers at the Facilities requires either electronic access control validation (e.g., card access systems, etc.) or validation by human security personnel (e.g., contract or in-house security guard service, receptionist, etc.). Employees and contractors are assigned photo-ID badges that must be worn while the employees and contractors are at any of the Facilities. Visitors are required to sign-in with designated personnel, must show appropriate identification, are assigned a visitor ID badge that must be worn while the visitor is at any of the Facilities, and are continually escorted by authorized employees or contractors while visiting the Facilities.
(b) Limited Employee and Contractor Access. Supplier provides access to the Facilities to those employees and contractors who have a legitimate business need for such access privileges. When an employee or contractor no longer has a business need for the access privileges assigned to him/her, the access privileges are promptly revoked, even if the employee or contractor continues to be an employee of Supplier or its affiliates.
(c) Physical Security Protections. All access points (other than main entry doors) are maintained in a secured (locked) state. Access points to the Facilities are monitored by video surveillance cameras designed to record all individuals accessing the Facilities. Supplier also maintains electronic intrusion detection systems designed to detect unauthorized access to the Facilities, including monitoring points of vulnerability (e.g., primary entry doors, emergency egress doors, roof hatches, dock bay doors, etc.) with door contacts, glass breakage devices, interior motion-detection, or other devices designed to detect individuals attempting to gain access to the Facilities. All physical access to the Facilities by employees and contractors is logged and routinely audited.

Continued Evaluation. Supplier will conduct periodic reviews of the security of its Supplier network and adequacy of its information security program as measured against industry security standards and its policies and procedures. Supplier will continually evaluate the security of its Supplier network and associated Services to determine whether additional or different security measures are required to respond to new security risks or findings generated by the periodic reviews.

Breach Notification. Without limiting Supplier’s obligation under law, In the event Supplier becomes aware that the security of any Customer Data, including Personal Data, has been compromised, or that Customer Data has been or is reasonably expected to be subject to a use or disclosure not authorized by this Agreement (a “Data Security Incident”), Supplier shall: (a) promptly (and in any event within 48 hours of becoming aware of such Data Security Incident), notify Customer, in writing, of the occurrence of such Data Security Incident; (b) investigate such Data Security Incident and conduct a reasonable analysis of the cause(s) of such Data Security Incident; (c) provide periodic updates of any ongoing investigation to Customer; (d) develop and implement an appropriate plan to remediate the cause of such Data Security Incident to the extent such cause is within Supplier’s control; and (e) cooperate with Customer’s reasonable investigation or Customer’s efforts to comply with any notification or other regulatory requirements applicable to such Data Security Incident.

Exhibit C

Service Level Commitment

Uptime. Supplier will use commercially reasonable efforts to make the Services available with a quarterly uptime percentage of at least 99.5% during each calendar quarter of the Term, excluding regularly scheduled maintenance times or Force Majeure Events or cloud provider downtime (“Quarterly Uptime Percentage”). If in any calendar quarter this uptime commitment is not met by Supplier and Customer was negatively impacted (i.e., attempted to log into or access the Service and failed due to the unscheduled downtime of the Services), Supplier shall provide, as the sole and exclusive remedy in connection with any interruption of Services a service credit equal to 25% of one month’s fee for the use of the Services during that calendar quarter. Only one service credit shall be available to Customer during any calendar quarter.

Scheduled and Unscheduled Maintenance. Regularly scheduled maintenance time does not count as downtime. Regularly scheduled maintenance time typically is communicated at least a week in advance, scheduled to occur at night on the weekend, and takes less than 10-15 hours each quarter. Supplier hereby provides notice that every Saturday night 8:00pm-10:00pm Australian Eastern Standard Time (AEST) is reserved for routine scheduled maintenance as needed. Supplier in its sole discretion may take the Service down for unscheduled maintenance and in that event, will attempt to notify customer in advance in accordance with the Notice section set forth below. Such unscheduled maintenance will be counted against the uptime guarantee.

Credit Request. In order to receive a credit under this Service Level Commitment, Customer must request it by emailing Supplier at [email protected] within fifteen (15) days of the end of the calendar quarter with details of the incident. Customers who are past due or in default with respect to any payment or any material contractual obligations to Supplier are not eligible for any credit under this Services Level Commitment. The service credit may be applied on the Customer’s next invoice or an extension of the Subscription Term. Service level downtime will be calculated using Supplier’s system logs and other records.

Updates/Notice. Notices will be sufficient if provided to a user designated as an administrator of your Supplier cloud account either: (a) as a note on the screen presented immediately after completion of the log in authentication credentials at the log in screen, or (b) by email to the registered email address provided for the administrator(s) for Customer’s account.

Exclusions. Supplier Sandbox and Test accounts and other nonproduction or test environments are expressly excluded from this or any other service level commitment.

Backup and Disaster Recovery. The Supplier cloud solution is hosted in a primary data center, which is backed up by a second data center to provide disaster recovery protection. There are nightly backups of the databases and transaction logs saved at regular intervals.

Exhibit D

Data Protection Details

Scope of data processing	Provision of the Services to Customer.
Purpose of the processing	Provision of the Services to Customer.
Types of personal data	Names, email addresses, Customer details, passwords, login details [PLEASE AMEND AS NEEDED]
Nature of processing	To allow Authorized Users to login and use the Service. [PLEASE AMEND AS NEEDED]
Duration of the processing	Duration of this Agreement
Categories of data subject	Authorized Users [PLEASE AMEND AS NEEDED]