This Master Agreement (the “Agreement”) is made effective on the dates on the order form (“Effective Date”) by and between One Kosmos, Inc., having an office and place of business at 100 W. Franklin Square Dr., Ste # 424, Somerset, NJ 08873 (“Supplier”) and the organization listed on the order form (“Customer”). Supplier and Customer are sometimes individually referred to in this Agreement as a “Party” and collectively as the “Parties”.

STATEMENT OF PURPOSE

1. Supplier wishes to sell, and Customer wishes to purchase, certain subscription services as described herein;

2. This Agreement sets forth terms and conditions applicable to the Services provided by the Supplier to the Customer.

AGREEMENT
1. SERVICE AND PROFESSIONAL SERVICES.

1.1 Supplier’s obligations. Supplier shall make the service available to Customer pursuant to this Agreement and the applicable order form during the term, and grants to the Customer a limited, non-sublicensable, non-exclusive, non-transferable (except as expressly permitted in section 12.1) right during the term to allow its users to access and use the service in accordance with the documentation, solely for Customer’s business purposes. Customer agrees that its purchase of the service or the professional services is neither contingent upon the delivery of any future functionality or features nor dependent upon any oral or written public comments made by Supplier with respect to future functionality or features. Supplier will comply with all applicable laws in its provision of the service. During the term, Supplier shall provide the service in accordance with Supplier’s Service Level Agreement, which is Exhibit B attached hereto. Supplier shall use commercially reasonable efforts to make the service available to Customer 24 hours a day, 7 days a week, every day of each year (except for any unavailability caused by a force majeure event).

1.2 Customer’s obligations.

1.2.1. Customer is responsible for all the activities conducted under its users’ logins to the service. Customer shall use the service in compliance with this Agreement, the applicable order forms, documentation and all applicable laws and shall not: (i) copy, rent, sell, lease, distribute, pledge, assign, or otherwise transfer or encumber rights to the service or any part thereof, or make it available to anyone other than its users; (ii) send or store in the service any personal health data, credit card data, personal financial data or other such sensitive data which may be, without limitation, subject to the health insurance portability and accountability act, Gramm-Leach-Bliley Act (GLBA), or the Payment Card Industry Data Security Standards (PCI DSS); (iii) send or store infringing or unlawful material in connection with the service; (iv) send or store malicious code to the service; (v) attempt to gain unauthorized access to or disrupt the integrity or performance of the service or the data contained therein; (vi) modify, copy or create derivative works based on the service or any portion thereof; (vii) access the service for the purpose of building a competitive product or service or copying its features or user interface; and (viii) delete, alter, add to or fail to reproduce in and on the service the name of Supplier and any copyright or other notices appearing in or on the service or which may be required by Supplier at any time.

1.2.2. Any use of the service in breach of this agreement, documentation or order forms by Customer or its users which in Supplier’s judgment threatens the security, integrity or availability of the service may result in Supplier’s immediate suspension of Customer’s access to the service; however, Supplier will use commercially reasonable efforts under the circumstances to provide customer with notice and an opportunity to remedy such violation or threat prior to such suspension.

1.3 Professional services. Customer and Supplier may enter into Statements of Work that describes the specific professional services to be performed by Supplier. If applicable, while on Customer premises for professional services, Supplier personnel shall comply with reasonable customer rules and regulations regarding safety and conduct made known to Supplier, and will at Customer’s reasonable request promptly remove from the project any Supplier personnel not following such rules and regulations.

1.4 Customer Affiliates. Customer Affiliates may purchase and use the service and professional services subject to the terms of this Agreement by executing Order forms or Statements of Work hereunder that incorporate by reference the terms of this Agreement, and in each such case, all references in this Agreement to Customer shall be deemed to refer to such Customer Affiliate for purposes of such Order form(s) or Statement(s) of Work. An Affiliate agrees to be bound by this Agreement.

2. SUPPLIER PARTNER ORDERS.

2.1 Pursuant to a separate Agreement between Customer and an authorized Supplier partner (including the applicable ordering document between Customer and such Supplier partner, the “partner agreement”), Customer may procure from such Supplier partner certain products or services to be delivered by Supplier. In such event, this Agreement specifies the terms and conditions under which such products or services will be provided by Supplier, apart from price, payment and other terms specified in such separate partner agreement.

2.2 Notwithstanding anything to the contrary in this Agreement, if Customer acquires a subscription to the service or obtains any professional services through a Supplier partner, then: (a) Customer shall pay the Supplier partner all applicable fees in accordance with the partner agreement; (b) the partner agreement is between customer and the Supplier partner and is not binding on Supplier, thus, any disputes related to the partner agreement shall be handled directly between Customer and the Supplier partner; and (c) any claims for refunds hereunder, shall be submitted by Customer to the Supplier partner. In the event of any conflict between this Agreement and a partner agreement, this Agreement shall govern as between Supplier and Customer.

3. SECURITY AND SUPPORT.

3.1. Security. Supplier shall maintain appropriate administrative, physical, and technical safeguards to protect the security and integrity of the service and the customer data as described in the applicable Supplier documentation. For purposes of the standard contractual clauses attached to the Data Protection Agreement, when and as applicable, customer and its applicable affiliates are each the data exporter, and customer’s signing of or entering into this agreement, and an applicable affiliate’s signing of or entering into an order form, shall be treated as signing of the standard contractual clauses and their appendices. In the event of a security breach, Supplier will promptly notify Customer in accordance with the security breach management procedures set forth therein, but in no event longer than seventy-two (72) hours of becoming aware of such security breach.

3.2. Support Services. During the term, Supplier shall provide support services to Customer in accordance with Supplier’s then-current support policy, a current copy of which is attached hereto as an exhibit and as identified in an order form. In the event that the level of support is not identified in the order form, customer shall receive a “basic” level of support that is included in the service at no additional cost. Any updates or modifications to the support services will not materially diminish Supplier’s responsibilities under the support policy during the term.

4. CONFIDENTIALITY.

Each party agrees to protect the Confidential information (as defined below) of the other party in the same manner that it protects the confidentiality of its own proprietary and confidential information of like kind, but in no event using less than a reasonable standard of care. A party shall not: (i) disclose or use any confidential information of the other party for any purpose outside the scope of this agreement, except with the disclosing party’s prior written permission and (ii) disclose or make the other party’s confidential information available to any party, except those of its employees, contractors, and agents that have signed an agreement for disclosure and use provisions substantially similar to those set forth herein and have a “need to know” in order to carry out the purpose of this Agreement. Confidential information shall not include any information that (a) is or becomes generally known to the public, other than as a result of the act or omission of the receiving party; (b) were rightfully known to a party prior to its disclosure by the other party without breach of any obligation owed to the other party; (c) is lawfully received from a third party without breach of any obligation owed to the other party; or (d) was independently developed by a party without breach of any obligation owed to the other party. If a party is compelled by law to disclose Confidential Information of the other party, it shall provide prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the other party’s cost, if the other party wishes to contest the disclosure. Due to the unique nature of the parties’ Confidential Information disclosed hereunder, there can be no adequate remedy in law for a party’s breach of its obligations hereunder, and any such breach may result in irreparable harm to the non-breaching party. Therefore, upon any such breach or threat thereof, the party alleging breach shall be entitled to seek injunctive and other appropriate equitable relief in addition to any other remedies available to it.

5. OWNERSHIP, FEEDBACK, AND STATISTICAL USAGE DATA.

5.1. Customer Data. As between Supplier and Customer, Customer owns its customer data. Customer grants to Supplier, its affiliates and applicable contractors a worldwide, limited-term license to host, copy, transmit and display customer data as reasonably necessary for Supplier to provide the service in accordance with this Agreement. Subject to the limited licenses granted herein, Supplier acquires no right, title or interest in any customer data. Customer shall be responsible for the accuracy, quality and legality of customer data and the means by which customer acquired customer data.

5.2. Restrictions. Except as otherwise provided hereunder, Customer shall not at any time, including after expiration or termination of this Agreement (a) modify, enhance, or create a derivative work of the Services provided hereunder; (b) transfer, distribute, assign, sublicense, rent, lease, time share or sell the Services as provided hereunder; (c) decompile, disassemble, reverse compile, reverse engineer or otherwise attempt to reconstruct the source code for the Services provided hereunder or (d) otherwise violate the license grant or restrictions set forth in this Agreement.

5.3. Supplier’s Ownership of the Service. Except for the rights expressly granted under this Agreement, Supplier and its licensors retain all right, title and interest in and to the service, documentation and professional services including all related intellectual property rights inherent therein. If Customer purchases professional services, Supplier grants to Customer a worldwide, non-exclusive, non-transferable (except as expressly permitted in Section 16.1), non-sublicensable right to use the professional services solely for customer’s use with the service. No rights are granted to Customer hereunder other than as expressly set forth in this agreement.

5.4. Feedback. Subject to the confidentiality provisions under Section 4 of this Agreement and provided that Customer identifies to Supplier such confidential information at the time of its disclosure, Supplier shall have a royalty-free, worldwide, transferable, sublicensable, irrevocable, perpetual license to use or incorporate into its products and services any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by Customer or its users relating to the features, functionality or operation of the service or the professional services (“feedback”). Supplier shall have no obligation to use feedback and Customer shall have no obligation to provide feedback.

5.5. Statistical Usage Data. Supplier owns the statistical usage data derived from the operation of the service, including data regarding web applications utilized in connection with the service, configurations, log data, and the performance results for the service (“usage data”). Nothing herein shall be construed as prohibiting Supplier from utilizing the usage data for purposes of operating Supplier’s business; provided that the usage data shall be de-identified and presented in the aggregate so that it will not disclose the identity of Customer or any user(s) to any third party.

6. TITLE.

6.1. All Customer Data, Output, and any developments or improvements to Customer’s systems or software to access or utilize the Services is and shall remain the sole property of Customer. Supplier shall not, without prior written authorization from Customer, alter, modify or change in any way any of the Customer Data. Supplier shall not sell, assign, lease, disseminate or otherwise dispose of the Customer Data or any part thereof (whether in an aggregated, anonymised form or otherwise) to any other person, nor shall Supplier commercially exploit any part of the Customer Data. For the avoidance of doubt, Supplier may not use Customer Data to create derivative products or services without Customer’s express written consent.

6.2. The Services, Professional Services, Documentation, Deliverables (unless otherwise stated in an Order), and Client-Side Software, if any, together with all Supplier Materials, including all derivative works thereto and improvements thereof are, and shall always remain, the sole property of Supplier.

6.3. All property shall be returned to their respective owners upon the later of (i) expiration or termination of this Agreement. Neither Party shall use, nor permit others to use, the property of the other except as permitted in this Agreement.

7. INCIDENT RESPONSE AND CHANGES.

7.1. Supplier will apply continuous efforts and resources to resolve any failure, malfunction, defect, problem, or non-conformity in the Services that may be identified by Customer, or is otherwise brought to Supplier’s attention in accordance with any Service Level commitment contained in a Schedule.

7.2. Supplier may make temporary changes required by an emergency to the Services provided that Supplier has made reasonable efforts at contacting Customer to obtain approval for such changes. Supplier will document and promptly report any such emergency changes to Customer in writing.

7.3. Supplier will not make any of the following changes to the Services without first obtaining Customer’s prior written approval:

7.3.1. a change that is reasonably expected to have a materially adverse impact on the Customer’s access to, or use of, the Services;

7.3.2. a change increasing Customer’s costs incurred or risks borne by Customer in accessing or using the Services, including introducing additional dependencies on Customer’s software or equipment, or downgrading the safeguards used to protect Customer’s Confidential Information or Customer Data; or

7.3.3. a change adversely impacting the interoperability between Customer’s systems and the Services.

7.4 If any changes are requested by Supplier, Supplier will provide to Customer: (i) a detailed, written report on the effect the proposed changes will have on the Services, and (ii) any tools or techniques that Supplier develops and makes available to its other customers to assist Customer with implementing or mitigating the effect of such changes.

8. DELIVERY AND ACCEPTANCE.

8.1. Supplier will deliver to Customer each Service, on or before the scheduled delivery date specified in the applicable Order Form.

8.2. For each Service, Supplier will provide to Customer at least one (1) copy (in printed or electronic form) of all available Documentation for such Service. Supplier will promptly deliver to Customer any updates or enhancements to such Documentation when such updates or enhancements become available to Supplier.

9. COMPLIANCE WITH LAWS.

9.1. Supplier represents and warrants that it has and will obtain all necessary regulatory approvals, licenses and permits applicable to its business, and that it does and will comply with all applicable laws and regulations and rules that may be in effect during the Term as they concern the subject matter hereof.

9.2. Supplier represents and warrants that it complies with, and will remain in compliance with, all applicable domestic and foreign anti-bribery and anti-corruption laws. Supplier shall maintain in place throughout the Term its own policies and procedures, including, but not limited to, adequate procedures to ensure compliance by Supplier with anti-bribery and anti-corruption laws and will enforce them where appropriate.

9.3. Supplier have not taken and shall not take any action in furtherance of an offer, payment, promise to pay, receipt, acceptance or authorization of the payment or giving or receiving of anything of value, either directly or indirectly, to or from any person in connection with Supplier’s provision of the Services while knowing that all or some portion of the money or value will be offered, given or promised to anyone to improperly influence official action, to obtain or retain business or otherwise to secure an improper advantage. Supplier shall promptly report to Customer any request or demand for, or offer of, any bribe received by Supplier in connection with this Agreement.

10. FEES, EXPENSES, AND TAXES.

10.1. Fees. Customer agrees to pay Supplier all fees set forth in the applicable Order Form (“Fees”) in accordance with this Agreement. If not otherwise specified on an Order Form, all such fees (except fees subject to a good faith dispute) will be due within thirty (30) days of Customer’s receipt of an invoice provided that if an invoice is sent electronically to the billing contact email address provided by Customer for billing, then it shall be deemed received by Customer as of the date it was sent. Except as otherwise specifically provided in this Agreement, all Fees paid and payable to Supplier hereunder are non-cancelable and non-refundable. All Fees are based on access rights acquired and not actual usage. If Customer fails to pay any amounts due under this Agreement by the due date, in addition to any other rights or remedies it may have under this Agreement or by matter of law, (i) Supplier reserves the right to suspend the Service upon thirty (30) days written notice until such amounts are paid in full, and (ii) Supplier will have the right to charge interest at a rate equal to the lesser of one and one- half percent (1.5%) per month or the maximum rate permitted by applicable Law until Customer pays all amounts due; provided that Supplier will not exercise its right to charge interest if the applicable charges are under reasonable and good faith dispute and Customer is cooperating diligently to resolve the issue.

10.2. Expenses. Unless otherwise specified in the applicable Statement of Work, upon invoice from Supplier, Customer will reimburse Supplier for all pre-approved, reasonable expenses incurred by Supplier while performing the professional services, including without limitation, transportation services, lodging, meal and out-of-pocket expenses related to the provision of the professional services. Supplier will include reasonably detailed documentation of all such expenses with each related invoice.

10.3. Taxes. Fees do not include and may not be reduced to account for any taxes including any local, state, federal or foreign taxes, levies, duties or similar governmental assessments of any nature, including value-added, use or withholding taxes (collectively “taxes”). Customer is responsible for paying all taxes associated with its purchases hereunder (excluding taxes based on Supplier’s net income or property) unless Customer provides Supplier with a valid tax exemption certificate authorized by the appropriate taxing authority. If Customer provides documentation that it should not be charged taxes Supplier has invoiced, then the parties will work together and along with the taxing authorities as appropriate to ensure Customer is not charged for taxes that Supplier is not required to pay or withhold.

10.4. Travel and Expenses. Supplier will not be entitled to reimbursement from Customer for its expenses unless stated otherwise in Order Form or Statement of Work or pre-approved by Customer in writing in each instance.

10.5. Direct Payment of Fees. All payments owed Supplier under this Agreement will be made by check or bank transfer in the place where Supplier is domiciled or where Supplier performs the applicable Services for Customer.

11. WARRANTIES AND DISCLAIMER.

11.1. Warranties.

11.1.1 Service. Each party warrants that it has the authority to enter into this Agreement. Supplier warrants that during the Term: (i) the Service shall be performed materially in accordance with the applicable Documentation, (ii) Supplier will employ then-current, industry-standard measures to test the Service to detect and remediate Malicious Code designed to negatively impact the operation or performance of the Service, and (iii) the overall functionality of the Service will not be materially decreased as described in the applicable Documentation. Supplier shall use commercially reasonable efforts to correct the non-conforming Service at no additional charge to Customer, and in the event Supplier fails to successfully correct the Service within a reasonable time of receipt of written notice from Customer detailing the breach, then Customer shall be entitled to terminate the applicable Service and receive an immediate pro-rata refund of any prepaid, unused Fees for the non-conforming Service. The remedies set forth in this subsection will be Customer’s sole remedy and Supplier’s entire liability for breach of these warranties unless the breach of warranties constitutes a material breach of this Agreement and Customer elects to terminate this Agreement in accordance with Section 15.2 entitled “Termination.” The warranties set forth in this subsection shall apply only if the applicable Service has been utilized in accordance with the Documentation, this Agreement and applicable Law.

11.1.2 Professional Services. Supplier warrants that the Professional Services will be performed in a good and workmanlike manner consistent with applicable industry standards. As Customer’s sole remedy and Supplier’s entire liability for any breach of the foregoing warranty set forth in this Section 11.1.2, Supplier will, at its sole option and expense, promptly re-perform the non-conforming professional services or refund to the Customer the fees paid for the non-conforming professional services; provided that the Customer notifies Supplier no later than thirty (30) days after delivery of such Professional Services.

11.2. Disclaimer. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH UNDER THIS SECTION 11, SUPPLIER AND ITS AFFILIATES HEREBY DISCLAIM ALL WARRANTIES RELATING TO THE SERVICE, PROFESSIONAL SERVICES OR OTHER SUBJECT MATTER OF THIS AGREEMENT, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTIES OF NON-INFRINGEMENT OF THIRD PARTY RIGHTS, TITLE, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE PARTIES ARE NOT RELYING AND HAVE NOT RELIED ON ANY REPRESENTATIONS OR WARRANTIES WHATSOEVER REGARDING THE SUBJECT MATTER OF THIS AGREEMENT, EXPRESS OR IMPLIED. SUPPLIER MAKES NO WARRANTY REGARDING ANY NON-SUPPLIER APPLICATION WITH WHICH THE SERVICE MAY INTEROPERATE.

12. DATA PROTECTION.

So long as Supplier possess Customer Personal Information each of Supplier and Customer will comply with its respective data protection obligations as set forth in Exhibit E (Data Protection: Personal Information Supplement) hereto.

13. LIMITATION OF LIABILITY.

13.1. IN NO EVENT WILL EITHER PARTY (OR SUPPLIER’S THIRD PARTY LICENSORS) BE RESPONSIBLE OR LIABLE WITH RESPECT TO ANY SUBJECT MATTER OF THIS AGREEMENT OR TERMS AND CONDITIONS RELATED THERETO UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER THEORY FOR (A) ERROR OR INTERRUPTION OF USE, LOSS OR INACCURACY OR CORRUPTION OF DATA, (B) COST OF PROCUREMENT OF SUBSTITUTE GOODS, SERVICES, RIGHTS, OR TECHNOLOGY, (C) ANY LOST PROFITS OR REVENUES, OR (D) ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, WHETHER OR NOT A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

13.2. TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL THE AGGREGATE LIABILITY OF EACH PARTY TOGETHER WITH ALL OF ITS AFFILIATES ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER AND ITS AFFILIATES HEREUNDER FOR THE SERVICE GIVING RISE TO THE LIABILITY IN THE TWELVE-MONTH PERIOD PRECEDING THE FIRST INCIDENT OUT OF WHICH THE LIABILITY AROSE (THELIABILITY CAP”). THE FOREGOING LIMITATION SHALL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, BUT WILL NOT LIMIT (1) CUSTOMER’S AND CUSTOMER’S AFFILIATES’ PAYMENT OBLIGATIONS UNDER THE ‘FEES’ SECTION ABOVE; (2) CLAIMS FOR INDEMNIFICATION PURSUANT TO SECTION 14 (INDEMNIFICATION); (3) CLAIMS FOR BREACH OF CONFIDENTIALITY OR BREACH OF SUPPLIER’S INFORMATION SECURITY OBLIGATIONS RESULTING IN UNAUTHORIZED DISCLOSURE OF CUSTOMER DATA (WHICH BOTH SHALL BE LIMITED TO TWO TIMES THE LIABILITY CAP); AND (4) CLAIMS FOR GROSS NEGLIGENCE AND/OR WILLFUL MISCONDUCT IN THE PERFORMANCE OF THAT PARTY’S OBLIGATIONS HEREUNDER.

14. INDEMNIFICATION.

14.1. Supplier’s Indemnification Obligation. Subject to Section 14.3, Supplier will defend Customer from any and all claims, demands, suits or proceedings (“Claims”) brought against Customer by a third party alleging that the Service, as provided by Supplier to Customer under this Agreement infringes any patent, copyright or trademark or misappropriates any trade secret of any third party (each, an “infringement claim”). Supplier will indemnify Customer for all damages, costs, reasonable attorneys’ fees finally awarded by a court of competent jurisdiction, or paid to a third party in accordance with a settlement agreement signed by Supplier, in connection with an infringement claim. In the event of any such infringement claim, Supplier may, at its option: (i) obtain the right to permit Customer to continue using the Service, (ii) modify or replace the relevant portion(s) of the Service with a non-infringing alternative having substantially equivalent performance within a reasonable period of time, or (iii) terminate this Agreement as to the infringing Service and provide a pro rata refund of any prepaid, unused Fees for such infringing Service. Notwithstanding the foregoing, Supplier will have no liability for any Infringement Claim of any kind to the extent that it results from: (1) modifications to the Service made by a party other than Supplier, (2) the combination of the Service with other products, processes or technologies (where the infringement would have been avoided but for such combination), or (3) Customer’s use of the Service other than in accordance with the Documentation or this Agreement. The indemnification obligations set forth in this Section 14.1 are Supplier’s sole and exclusive obligations, and Customer’s sole and exclusive remedies, with respect to infringement or misappropriation of third party intellectual property rights of any kind.

14.2. Customer Indemnification Obligation. Subject to Section 14.3, Customer will defend Supplier from any and all claims brought against Supplier by a third party alleging a violation of third party’s rights arising from Customer’s provision or use of the customer data. Customer will indemnify Supplier for all damages, costs, reasonable attorneys’ fees finally awarded by a court of competent jurisdiction or paid to a third party in accordance with a settlement agreement signed by Customer, in connection with such claims.

14.3. Indemnity Requirements. The party seeking indemnity under this Section 14 (“Indemnitee”) must give the other party (“Indemnitor”) the following: (a) prompt written notice of any claim for which the Indemnitee intends to seek indemnity, provided that the failure to do so shall have no effect on the indemnitor’s obligations to the extent the indemnitor is not prejudiced by any delay, (b) all cooperation and assistance reasonably requested by the indemnitor in the defense of the claim at the Indemnitor’s sole expense, and (c) sole control over the defense and settlement of the claim, provided that the Indemnitee may participate in the defense of the claim at its sole expense and provided any settlement fully releases the Indemnitee and does not admit any liability on behalf of the Indemnitee.

14.4. Customer Mention. Supplier may, upon Customer’s prior written consent, use Customer’s name to identify Customer as an Supplier’s customer of the service, including on Supplier’s public website. Supplier agrees that any such use shall be subject to Supplier complying with any written guidelines that Customer may deliver to Supplier regarding the use of its name and shall not be deemed Customer’s endorsement of the service.

15. TERM, TERMINATION, AND EFFECT OF TERMINATION.

15.1. Term. The Term of this Agreement commences on the Effective Date and continues until the stated term in all Order Forms have expired or have otherwise been terminated. Subscriptions to the Service commence on the subscription start date, and are for a period, as set forth in the applicable Order Form (“Term”). Except as otherwise specified in an Order form, subscriptions to the service will automatically renew for additional terms equal to the expiring subscription term, unless and until either party gives the other notice of non-renewal at least sixty (60) days prior to the end of the then-current Term.

15.2. Termination. Either party may terminate this Agreement by written notice to the other party in the event that (i) such other party materially breaches this Agreement and does not cure such breach within thirty (30) days of such notice, or (ii) immediately in the event the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors. Upon any termination for cause by Customer pursuant to this section 15.2, Supplier will refund Customer a pro-rata portion of any prepaid fees that cover the remainder of the applicable term after the effective date of termination and a pro-rata portion of any prepaid professional services fees that cover professional services that have not been delivered as of the effective date of termination. For clarity, a breach or termination of any Statement of Work shall not be considered a breach or termination of this Agreement or any order form.

15.3. Effect of Termination. Upon termination of this Agreement for any reason, all rights and subscriptions granted to Customer including all Order Forms will immediately terminate and Customer will cease using the Service and Supplier confidential information. Termination for any reason other than termination for cause by Customer pursuant to section 15.2 shall not relieve Customer of the obligation to pay all future amounts due under all Order Forms. The sections titled “definitions,” “confidentiality,” “ownership, feedback, and statistical usage data,” “fees, expenses and taxes,” “disclaimer,” “limitation of liability,” “indemnification,” “term, termination, and effect of termination,” and “general” shall survive any termination or expiration of this Agreement.

16. GENERAL.

16.1. Assignment. Neither the rights nor the obligations arising under this Agreement are assignable or transferable by Customer or Supplier without the other party’s prior written consent which shall not be unreasonably withheld or delayed, and any such attempted assignment or transfer shall be void and without effect. Notwithstanding the foregoing, either party may freely assign this Agreement in its entirety (including all Order Forms), upon notice and without the consent of the other party, to its successor in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets, provided that all fees owed and due have been paid and the assignee agrees to be bound by all the terms of this Agreement.

16.2. Controlling Law, Attorneys’ Fees and Severability. This Agreement and any disputes arising out of or related hereto shall be governed by the laws of the State of New Jersey, without giving effect to its conflicts of laws rules or the United Nations convention on the international sale of goods. With respect to all disputes arising out of or related to this Agreement, the parties consent to exclusive jurisdiction and venue in the state and federal courts located in the State of New Jersey. In any action to enforce this Agreement the prevailing party will be entitled to costs and attorneys’ fees. In the event that any of the provisions of this Agreement shall be held by a court or other tribunal of competent jurisdiction to be unenforceable, such provisions shall be limited or eliminated to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect and enforceable.

16.3. Notices. All notices required or permitted under this Agreement will be in writing by commercial courier or overnight delivery service, or by certified mail, or by email and in each instance will be deemed effective upon receipt. All notices will be sent to the addresses set forth below or to such other address as may change from time to time in writing to the other Party.

Supplier:
One Kosmos, Inc.
100 W. Franklin Square Dr. – Ste 424
Somerset, NJ 08873

Customer:

16.4. Force Majeure. If the performance of this agreement or any obligation hereunder (other than obligations of payment) is prevented or restricted by reasons beyond the reasonable control of a party including but not limited to computer related attacks, hacking, epidemic, pandemic, or acts of terrorism (a “Force Majeure Event”), the party so affected shall be excused from such performance and liability to the extent of such prevention or restriction.

16.5. Independent Contractors. The parties shall be independent contractors under this Agreement, and nothing herein shall constitute either party as the employer, employee, agent, or representative of the other party, or both parties as joint venturers or partners for any purpose. There are no third-party beneficiaries under this Agreement.

16.6. Export Compliance. Each party represents that it is not named on any U.S. Government list of persons or entities with which U.S. Persons are prohibited from transacting, nor owned or controlled by or acting on behalf of any such persons or entities, and customer will not access or use the service in any manner that would cause any party to violate any U.S. or international embargo, export control law, or prohibition.

16.7. Government End User. If Customer is a U.S. Government entity or if this Agreement otherwise becomes subject to the Federal Acquisition Regulations (FAR), Customer acknowledges that elements of the Service constitute software and documentation and are provided as “commercial items” as defined in 48 C.F.R. 2.101 and are being licensed to U.S. Government Customer as commercial computer software subject to restricted rights described in 48 C.F.R. 2.101, 12.211 and 12.212. If acquired by or on behalf of any agency within the Department of Defense (“DOD”), the U.S. Government acquires this commercial computer software and/or commercial computer software documentation subject to the terms of the Agreement as specified in 48 C.F.R. 227.7202-3 of the DOD FAR Supplement (“DFARS”) and its successors. This U.S. Government End User Section 16.7 is in lieu of, and supersedes, any other FAR, DFARS, or other clause or provision that addresses government rights in computer software or technical data.

16.8. Anti-Corruption. Customer agrees that it has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any of Supplier’s employees or agents in connection with this Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If Customer learns of any violation of the above restriction, Customer will use reasonable efforts to promptly notify Supplier.

16.9. Free Trials. If Customer uses a Free Trial Service, Supplier will make such Free Trial Service available to Customer on a trial basis, free of charge, until the earlier of (a) the end of the free trial period for which Customer agreed to use such Free Trial Service, (b) the start date of any Service subscription purchased by Customer for such Service, or (c) termination of the Free Trial Service by Supplier in its sole discretion. A free trial period may be extended upon mutual agreement by Supplier and Customer. Notwithstanding anything to the contrary in this Agreement, a Free Trial Service is provided “AS IS.” SUPPLIER MAKES NO REPRESENTATION OR WARRANTY AND SHALL HAVE NO INDEMNIFICATION OBLIGATIONS WITH RESPECT TO A FREE TRIAL SERVICE. SUPPLIER SHALL HAVE NO LIABILITY OF ANY TYPE WITH RESPECT TO A FREE TRIAL SERVICE, UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW IN WHICH CASE SUPPLIER’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO A FREE TRIAL SERVICE IS US$1,000. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN SECTION 13 (“LIMITATION OF LIABILITY”), CUSTOMER SHALL NOT USE THE FREE TRIAL SERVICE IN A MANNER THAT VIOLATES APPLICABLE LAWS AND WILL BE FULLY LIABLE FOR ANY DAMAGES CAUSED BY ITS USE OF A FREE TRIAL SERVICE. ANY DATA AND CONFIGURATIONS ENTERED INTO CUSTOMER’S FREE TRIAL SERVICE ACCOUNT MAY BE PERMANENTLY LOST UPON TERMINATION OF THE FREE TRIAL SERVICE.

16.10. Entire Agreement. This Agreement together with the Order Form(s) constitutes the entire Agreement between the parties hereto pertaining to the subject matter hereof, and any and all prior or contemporaneous written or oral agreements existing between the parties hereto, including any non-disclosure agreement(s), and related to the subject matter hereof are expressly canceled. The parties agree that any term or condition stated in Customer’s purchase order or in any other of Customer’s order documentation is void. In the event of any conflict or inconsistency among the following documents, the order of precedence shall be: (1) the applicable Order Form between Supplier and Customer, (2) this Agreement, and (3) the Documentation. No modification, amendment or waiver of any provision of this Agreement will be effective unless in writing and signed by both parties hereto. Any failure to enforce any provision of this Agreement shall not constitute a waiver thereof or of any other provision.

17. GLOSSARY OF DEFINED TERMS

17.1. “Affiliate” means, with respect to Supplier or Customer, any entity that directly or indirectly controls, is controlled by, or is under common control with Supplier or Customer, respectively. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

17.2. “Claim” means any demand, or any civil, criminal, administrative, or investigative claim, action, or proceeding (including arbitration) asserted, commenced or threatened by a party against an entity or person.

17.3. “Confidential Information” means (a) Customer Data; (b) the Service, Documentation and the terms and conditions of this Agreement and all Order Forms including pricing; and (c) each party’s technical and business information (including but not limited to hardware, software, designs, specifications, techniques, processes, procedures, research, development, projects, products or services, business and marketing plans or opportunities, finances, vendors, actual and potential customers and transactions, penetration test results and other security information, defect and support information and metrics, and third party audit reports and attestations) that is designated by the disclosing party as confidential or the receiving party should reasonably know is confidential given the nature of the information and circumstances of disclosure.

17.4. “Customer Data” means all electronic data submitted by or on behalf of Customer to the Service.

17.5. “Documentation” means any written (including electronic versions) material including without limitation the texts, schematics, diagrams, pictures, graphs, charts etc. related to the Services including without limitation user, operations, training and reference manuals, specifications and any other documentation that is generally provided by Supplier to its other customers.

17.6. “Effective Date” means the last date this Agreement is executed, upon executing an Order Form, by accessing or using the Service in any manner or by clicking “Accept and Get Started” (or a similar button or checkbox) for use of a Free Trial Service.

17.7. “Error” means any defect or error in any Service that prevents: (i) the Service from operating in accordance with the relevant Documentation and Specifications; (ii) the Services from being provided in accordance with the Service Level(s).

17.8. “Free Trial Service” means any Supplier service or functionality that Supplier makes available to Customer to try at Customer’s option, at no additional charge, and which is clearly designated as “beta,” “trial,” “pre-GA,” “pilot,” “developer preview,” “free trial,” “evaluation,” or by a similar designation.

17.9. “Laws” means any local, state, or national law, treaties and/or regulations applicable to a respective party.

17.10. “Malicious Code” means viruses, worms, time bombs, Trojan horses and other malicious code, files, scripts, agents or programs.

17.11. “Non-Supplier Application” means a web-based, offline, mobile, or other software application functionality that is provided by Customer or a third party and interoperates with a Service.

17.12. “Supplier Partner” means authorized reseller, distributor or other partner of Supplier.

17.13. “Order Form” means an ordering document provided to Customer that specifies the products or services purchased by Customer or any of their Affiliates under this Agreement, including any supplements or addenda thereto. Order Forms do not include the terms of any preprinted terms on a Customer purchase order or other terms on a purchase order that are additional or inconsistent with the terms of this Agreement.

17.14. “Professional Services” means implementation and configuration services provided by Supplier in connection with the Service, as described more fully in a Statement of Work. Professional Services shall not include the Service.

17.15. “Service” means the products and services subscribed to by Customer under an Order Form and provided by Supplier as described in the Documentation. “Service” excludes Professional Services, Free Trial Service, and Non-Supplier Applications.

17.16. “Statement of Work” means a document that describes certain Professional Services purchased by Customer under this Agreement and/or pursuant to an Order Form. Each Statement of Work shall incorporate this Agreement by reference.

17.17. “Support Services” means the support services provided by Supplier in accordance with Supplier’s then-current support policy and as identified in an Order Form.

17.18. “Term” has the meaning set forth in Section 15.1.

17.19. “Users” means individuals (including non-human devices, such as applications or services) who are authorized by Customer to use the Service, for whom a subscription to the Service has been procured. Users may include, for example, Customer’s and its Affiliates’ employees, consultants, clients, external users, contractors, agents, and third parties with which Customer does business.

 

EXHIBIT A
MASTER SUBCRIPTION AGREEMENT
PART A:SAMPLE ORDER FORM

sample order form

 

PART B: SAMPLE SCHEDULE OF WORK
EXHIBIT B
MASTER SUBCRIPTION AGREEMENT
SERVICE LEVEL AGREEMENT (SLA)

This Service Level Agreement (“SLA”) is provided under and forms an exhibit to Customer’s Master Subscription Agreement (or other, similarly- titled agreement that governs Customer’s use of the Supplier’s Service) (“MSA”). Capitalized terms used in this SLA that are not defined herein are defined as set forth in the MSA, if applicable.

Service Level Commitment:
The Service will, subject to the exceptions listed below, be available at least 99.9% of the time during any full calendar month in Customer’s production environment (“Availability Commitment”). The Availability Commitments do not apply to sandbox, beta and other test environments.
The Availability Commitment of the Service for a given month will be calculated as follows (rounded to the nearest one tenth of one percent):

Availability % = [100% x (total minutes in the month – total minutes unavailable in the month)]
/Total minutes in the month

The Service will be deemed to be unavailable only if the service does not respond to HTTPS requests, (“Unavailable”).

The Service will not be deemed Unavailable for any downtime or outages relating to: (i) a Customer outage event, (ii) equipment, applications, interfaces, integrations, or systems not owned by Supplier, or Service not offered by Supplier or (iii) a force majeure event.

“Customer Outage Event” means a period of time in which Service is not available due to acts, omissions or requests of Customer, including without limitation (a) configuration changes in, or failures of, the Customer end of the network connection, (b) work performed by Supplier at Customer’s request, (c) Customer’s unavailability or untimely response to incidents that require its participation for source identification and/or resolution or (d) Customer’s failure to provide the Supplier with any requested physical or remote access to any Customer facilities, equipment or personnel.

Emergency Maintenance:
Supplier may perform emergency maintenance for which Supplier will use commercially reasonable efforts to notify Customer at least twenty-four (24) hours in advance. For the avoidance of doubt, if the Service is unavailable due to emergency maintenance, such unavailability will be included in the availability calculation.

Service Level Credits:
For each full calendar month in which Supplier fails to meet the availability commitment of at least 99.9% (a “Service Level Failure”), Customer shall receive a Service Level Credit equal to an amount determined in accordance with this following schedule (“Service Level Credit”). The Service Level Credit shall be calculated as the applicable percentage outlined below multiplied by the annual subscription fee paid by the Customer for the then current annual period divided by twelve (12):

Service Level Credits will be issued to the entity that Supplier Invoices for the applicable Service, as a separate credit memo that can be applied towards fees payable for any subsequent annual term for that Service. If Customer elects not to renew service term prior to the application of a Service Level Credit pursuant to the preceding sentence, Customer will have the option to receive up to one (1) month of service following the termination of such service term at no charge in lieu of such Service Level Credit. Customer will not be eligible to receive a Service Level Credit if Customer’s account is delinquent. The Service Level Credits stated herein are Customer’s sole and exclusive remedy (and Supplier’s sole liability) for any claims in connection with this Service Level Agreement.

Reporting and Confirmation:

Customer may contact Supplier to report any issues by contacting the vendor’s support website.

Customer must log an incident with Supplier Customer Care within three (3) business day following any time in which the Service is unavailable, along with the following information, in order for the applicable minutes to be applied towards the availability % calculation:

(i) The manner in which the service is not available; and

(ii) The date and time in which the service first became not available.

Failure to provide such notice will forfeit the right to receive Service Level Credits. Provided such Notice is timely given, unavailable minutes will be calculated from the starting time of the incident until the time the incident is resolved by Supplier. Upon receipt of Customer’s notification, Supplier will verify Customer’s report through any available system logs and records.

 

EXHIBIT C
MASTER SUBCRIPTION AGREEMENT
SUPPLIER CUSTOMER SUCCESS SERVICES (“SUPPORT SERVICES”)

Supplier Customer success services terms are subject to the terms of the Master Subscription Agreement (“Agreement”), and Capitalized terms not defined here will have the meaning specified (if applicable) in the Agreement.

SUPPLIER SUPPORT OFFERINGS.

A. Supplier Offers Three Options for Customer Success Services:

• Basic

• Premier

• Premier plus

 

supplier support offerings

 

B. Supplier Offers Three Options for Professional Services:
• Basic
• Premier
• Premier plus

supplier offers three options

 

C. Priority Levels:
In the event that a Service-affecting issue is detected by Supplier or reported by Customer, Supplier shall, in its reasonable discretion, categorize the priority level pursuant to the criteria below.

priority levels

 

D. Response Times:
Supplier will use reasonable efforts to adhere to the following response times pursuant to the Support Service Package indicated on the Customer Order Form (Premier, Premier Plus or Basic):

(i) Premier and Premier Plus Response Time for The Service During 24×7 Support Hours

premier and premier plus response time

 

(ii) Basic Response Time for The Service During Business Success Support Hours

basic response time

 

EXHIBIT D
MASTER SUBCRIPTION AGREEMENT
ON-PREMISE ORDER FORM SUPPLEMENT FOR BLOCKID BROKER

This On-Premise Order Form Supplement for Supplier Access Gateway (“On-Premise Supplement”) governs your acquisition and use of the BlockID Broker (“BG”) on-premise software and related services. By executing an order form that references this on-premise supplement or otherwise accepting it, you (hereafter “customer” or “you”) agree to the terms of this on-premise supplement. If you are entering into this on-premise supplement on behalf of a company or other legal entity, you represent that you have the authority to bind such entity and its affiliates to this on-premise supplement. If you do not have such authority, or if you do not agree with these terms and conditions, you must not accept this on-premise supplement and may not use the software. This on-premise supplement is effective as of that date that you accept it.

Except as otherwise set forth in this on-premise supplement, this on-premise supplement incorporates by reference all the terms and conditions of the Master Subscription Agreement or similarly-titled agreement for Supplier’s cloud service products (collectively, the “Agreement”) entered into between Supplier and Customer, provided that this on-premise supplement applies solely to the BG product sku identified in the applicable Order Form (and not such cloud service products or any professional services or other items related to such cloud service products (“cloud-related services”) and is effective so long as there is an active order form for SAG. Under this on-premise supplement, all references to the Service in the Agreement shall also apply to the software, provided that any obligations, rights or definitions in the Agreement regarding Customer Data and any other exhibits, agreements or documents referenced in the Agreement that apply specifically to the cloud-related services are not applicable to the software. To the extent that there is a conflict between the Agreement and this on-premise supplement with regards to the software, this on-premise supplement will take precedence. Terms not defined in this on-premise supplement have the meaning stated in the Agreement.

Customer and Supplier Hereby Agree as Follows:

1. Definitions.

(A) “Software” means the on-premise BG software products for which a subscription license is purchased by Customer from Supplier, as specified on an Order Form, and software updates or modifications to the foregoing, if any, provided to Customer by Supplier in a manner to be determined by Supplier. “Software” excludes the cloud-related services, the professional services, free trial software, and non-Supplier applications.

(B) “Software Documentation” means Supplier’s user guides and other end user documentation for the software, as may be updated by Supplier from time to time, including without limitation the materials available at support@1kosmos.com.

(C) “Subscription License” means the individual license granted with respect to each authorized user, as described further in Section 2 of this on-premise supplement.

2. Software.

(A) License to Use Software. Notwithstanding anything to the contrary in the Agreement, any rights in any subscriptions to the Service are not applicable to the software. Supplier grants to Customer a limited, non- exclusive, non-sublicensable, non-transferable license to use the software during the term of the applicable Order Form solely for its internal business purposes pursuant to the applicable Order Form (as limited to the number of authorized users therein), this on-premise supplement, and the software documentation.

(B) Restrictions. Customer is responsible for all activities conducted in connection with its and its users’ use of the software. Customer shall use the software in compliance with applicable law and shall not: (i) rent, sell, lease, distribute, pledge, assign, or otherwise transfer, or encumber rights to the software, or any part thereof, or make it available to anyone other than its users; (ii) modify, make derivative works of, disassemble, decompile, reverse engineer, reproduce, republish, or copy the software, or any portion thereof (including data structures or similar materials produced by programs); (iii) access or use the software for the purpose of building a competitive product or service or copying its features or user interface; or (iv) delete, alter, add to or fail to reproduce in and on the software the name of Supplier and any copyright or other notices appearing in or on the software or which may be required by Supplier at any time.

(C) Cease Software Use. If the Agreement or applicable Order Form terminates or expires, Customer will stop using the Software and Software Documentation, and promptly delete all copies thereof from its system(s).

3. Warranties, Disclaimers, and Exclusive Remedies.

(A) Software Warranties. Notwithstanding anything to the contrary in the Agreement, any warranties related to the Service are not applicable to the Software. With respect to the Software, Supplier warrants that: (i) the software will be free of malware when Supplier first makes the software available, (ii) the software shall perform materially in accordance with the applicable software documentation for a period of ______ (_____) days from the time Supplier first makes the software available to Customer, and (iii) it owns or otherwise has sufficient rights in the software to grant to Customer a license to use the software granted herein. As Customer’s exclusive remedy and Supplier’s entire liability for a breach of the warranties set forth in this Section 3(A), Supplier shall use commercially reasonable efforts to correct the non-conforming software at no additional charge to Customer, and in the event Supplier fails to successfully correct the software within a reasonable time of receipt of written notice from Customer detailing the breach, then Customer shall be entitled to terminate the applicable subscription licenses and receive an immediate pro rata refund of any prepaid, unused fees for the non-conforming software. The remedies set forth in this subsection shall be Customer’s sole remedy and Supplier’s sole liability for breach of these warranties. The warranties set forth in this section shall apply only if the applicable software has been utilized in accordance with the software documentation, this on-premise supplement and applicable law.

(B) Disclaimer. Except for any express warranties set forth under Section 3(A), Supplier and its partners/affiliates hereby disclaim all (and have not authorized anyone to make any) warranties relating to the software, professional services or other subject matter of this on-premise supplement, express or implied, including, but not limited to, any warranties of non-infringement of third party rights, title, merchantability and fitness for a particular purpose. Supplier does not guarantee that the software will perform error-free or uninterrupted or that Supplier will correct all software errors. The parties are not relying and have not relied on any representations or warranties whatsoever regarding the subject matter of this on-premise supplement, express or implied, except for the warranties set forth under Section 3(A). Supplier makes no warranty regarding any non-Supplier application with which the software may interoperate.

4. Indemnification.

Notwithstanding anything to the contrary in the Agreement, in addition to the infringement claim exclusions set forth in the Agreement, Supplier will have no indemnification obligations for any infringement claim of any kind to the extent that it results from Customer’s use of a version of the software which has been superseded, if the infringement claim could have been avoided by using an unaltered then-current version of the software which was made available to the Customer.

EXHIBIT E
MASTER SUBCRIPTION AGREEMENT
DATA PROTECTION: PERSONAL INFORMATION SUPPLEMENT
1. Definitions.

Terms herein shall have the meaning assigned to them in the Agreement unless otherwise set forth herein.

(a) “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly, determines the purposes and means of the processing of personal information.

(b) “Data Transfer Agreement” means a data transfer agreement to be provided by Customer, in a form that achieves compliance with the data export restrictions in the applicable privacy and data protection legislation.

(c) “Personal Information” means (i) any information relating to an individual, which can be used either alone or with other sources of information to identify that individual; or (ii) any other information which falls within the scope of the relevant privacy and data protection legislation. In some privacy and data protection legislation personal information may be referred to as personal data.

(d) “Personnel” means employees, agents and other representatives of a party.

(e) “Privacy And Data Protection Legislation” means all laws and regulations applicable to the processing of personal information and may include, but is not limited to, the EU General Data Protection Regulation (2016/679), the EU Directive on Privacy and Electronic Communications 2002/58/EC, The Canada Personal Information Protection and Electronic Documents Act, the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486), the Singapore Personal Data Protection Act 2012 and the California Consumer Protection Act (CCPA).

(f) “Processing” means any operation or set of operations which is performed on personal information or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, restriction, erasure or destruction, and “process”, “processes” and “processed” will be interpreted accordingly.

(g) “Processor” means any third-party processing personal information on behalf of a Controller;

2. Processing of Personal Information.

(a) Supplier acknowledges that Customer wishes to safeguard personal information under its control and that Customer is subject to laws and regulations imposing strict obligations on the processing of personal information.

(b) Each party shall comply with its own obligations under all relevant privacy and data protection legislation when processing personal information under this Agreement.

(c) Supplier warrants that it shall comply, and ensure that Supplier Personnel comply, with the requirements set out in this paragraph 2 relating to the processing of personal information on behalf of Customer, and the parties agree that the provisions of this paragraph 2 shall prevail over any conflicting provisions in other agreements between the parties relevant to the processing of such personal information.

(d) The parties acknowledge and agree that when processing personal information, Supplier will process such personal information as processor of Customer. Each applicable Order Form or SOW shall include:

  • (i) The scope, nature and purpose of the processing of personal information;
  • (ii) The duration of the personal information processing;
  • (iii) The categories of individuals about whom personal information will be processed; and
  • (iv) The nature of the personal information processed by the Supplier.

(e) Customer shall retain all rights in, title to and interest in and to personal information, and Supplier agrees not to process personal information other than in relation to the performance of its obligations under this Agreement.

(f) In respect of personal information processed pursuant to this Agreement, Supplier shall:

  • (i) Only process personal information in compliance with Customer’s instructions and the terms of this Agreement, unless Supplier is otherwise required to process personal information to comply with law to which Supplier is subject, in which case Supplier shall give prior notice to Customer unless prohibited by law or important grounds of public interest;
  • (ii) Inform Customer where it reasonably believes that Customer’s instructions would be in breach of privacy and data protection legislation;
  • (iii) Comply with any instructions given by Customer in connection with the requirements of any relevant privacy and data protection legislation, including but not limited to assisting Customer with the completion of a data privacy impact assessment where required under privacy and data protection legislation;
  • (iv) Not disclose or provide access to personal information without the written authority of Customer except for the purpose of fulfilling Supplier obligations under this Agreement;
  • (v) Ensure that all reasonable steps are taken to ensure the reliability of the Supplier Personnel that will process personal information and Supplier shall limit such processing to those Supplier Personnel who have a need to know or access personal information for the purpose of providing services under or in relation to this Agreement, and who will process personal information under a duty of confidentiality;
  • (vi) Segregate personal information from Supplier’s own data and data supplier processes for other clients;
  • (vii) Not subcontract any personal information processing or obligations relating to personal information under this Agreement (including to other Supplier group entities) without prior consent of Customer and, where Supplier Subcontracts with the approval of Customer, Supplier is fully responsible and liable for the performance of the subcontractor obligations and will ensure that subcontractor is subject to a written agreement which imposes the same obligations as are imposed on Supplier by Customer in relation to Supplier processing Customer personal information;
  • (viii) Where personal information is subject to privacy and data protection legislation that restricts the export of personal information, not transfer such personal information to, or process such personal information in, a different jurisdiction without the approval of Customer. It may be a condition of any approval given by Customer that Supplier shall enter into a Data Transfer Agreement with Customer (or any Customer affiliated entity benefiting from this Agreement), including incorporating any required contractual clauses or other mechanism mandated by any regulator with jurisdiction over the applicable privacy and data protection legislation (which, in respect of transfers from the EEA, shall be in the form as set out in the annex to the European Commission Decision (https://eur-lex.europa.eu/legal-content/en/txt/?uri=celex%3a32010d0087) as updated from time to time, and in respect of other jurisdictions, shall be materially in this form), unless (i) the jurisdiction where the processing will take place is recognized at the time as providing adequate protection for such personal information; or (ii) the transfer benefits from an alternative justification pursuant to the relevant privacy and data protection legislation (including without limitation binding corporate rules or the US/EU or US/Swiss privacy shield).

(g) Supplier shall implement appropriate technical and organizational measures to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal information transmitted, stored or otherwise processed. Such measures shall be commensurate with those of best industry standards of the industries in which Customer operates and the jurisdictions in which the processing is undertaken, and shall include without limitation or without prejudice to Supplier’s obligations under any other provisions of this Agreement:

  • (i) The use of pseudonymization of personal information where appropriate and the encryption of all personal information stored on all digital or electronic portable storage devices such as computer laptops, CDs, diskettes, portable drives, magnetic tapes and other similar devices, and as otherwise appropriate;
  • (ii) Measures to ensure the ongoing confidentiality, integrity, availability and resilience of Supplier’s systems and services;
  • (iii) The ability to restore the availability and access to personal information in a timely manner in the event of a physical or technical incident;
  • (iv) A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of personal information; and
  • (v) Reasonably assisting to comply Customer with its own data security obligations under privacy and data protection legislation related to this Agreement.

(h) Supplier shall notify Customer in writing or in such form as may otherwise be agreed in writing between the parties from time to time, immediately (and in any event within twenty-four (24) hours) if it becomes aware of:

  • (i) Any actual or suspected loss, damage or destruction of any personal information;
  • (ii) Any third party accessing or suspected of accessing personal information other than as expressly permitted under this Agreement; or
  • (iii) Any other actual or suspected security breach affecting any personal information.

Such notice shall detail the volume and type of personal information affected and the categories and number of individuals concerned. Supplier shall take whatever action is necessary to minimize the impact of such security breach and prevent such events recurring (including, without limitation, any action reasonably requested by Customer for such purposes).

(i) Within thirty (30) days of the termination of this Agreement, Supplier shall, at the option of Customer, delete, destroy or return, in a manner determined by Customer, all the personal information held by Supplier and all subcontractors and any copies thereof, and certify to Customer in writing that it has done so. Supplier may retain a copy of specified personal information only to the extent it is obliged to do so to meet the requirements of the laws or regulations to which it is subject and evidenced to Customer for approval. In such cases, Supplier warrants that it will guarantee the ongoing confidentiality of the personal information and will not actively process the personal information. At the end of any such agreed retention period, Supplier shall, at the option of Customer, delete, destroy or return the personal information, in a manner determined by Customer.

(j) All applicable terms and conditions of this paragraph 2 shall remain in full force and effect so long as Supplier and its subcontractors process personal information.

3. Customer and Supplier as Controller

(a) The parties acknowledge that certain personal information, including professional contact details of each party’s respective personnel, may be processed in connection with this Agreement for the purpose of: (i) carrying out diligence and administrative tasks in connection with the provision or receipt of the services; (ii) applicable legal or regulatory requirements; (iii) requests and communications from competent authorities, courts or tribunals; (iv) protecting its rights; and/or (v) administrative, financial accounting, risk analysis, fraud/crime prevention and business relationship; and agree that, in respect of such personal information, each party:

  • (i) is a separate and individual Controller;
  • (ii) will comply with its respective obligations under applicable privacy and data protection legislation and not cause self or other party to be in breach of privacy and data protection legislation;
  • (iii) Act reasonably in providing such information and assistance the other party may reasonably require to enable the other party to comply with their obligations including:

(1) Complying with requests from individuals to exercise their rights under privacy and data protection legislation; and

(2) In the event of a personal information security breach.

The parties shall each make available to the other its privacy notice (as may be in effect from time to time), detailing the way in which personal information is processed to its personnel in connection with this Agreement.