Software as a Service Agreement
PLEASE READ THIS SOFTWARE AS A SERVICE AGREEMENT (“Agreement”) CAREFULLY. BY CLICKING TO ACCEPT OR AGREE TO THE AGREEMENT WHEN THIS OPTION IS MADE AVAILABLE TO YOU (“Customer”), YOU AGREE TO THIS AGREEMENT BETWEEN YOU AND TRANSCEND MECHANICS LLC, A CONNECTICUT LIMITED LIABILITY COMPANY (“Provider”).
WHEREAS, Provider provides access to its software-as-a-service offerings to its customers;
WHEREAS, Customer desires to access certain software-as-a-service offerings described herein, and Provider desires to provide Customer access to such offerings, subject to the terms and conditions set forth in this Agreement.
NOW, THEREFORE, in consideration of the mutual covenants, terms, and conditions set forth herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:
1. Definitions.
“Access Credentials” means any username, identification number, password, license or security key, security token, PIN, or other security code, method, technology, or device, used alone or in combination, to verify an individual’s identity and authorization to access and use the Services.
“Action” means any claim, action, cause of action, demand, lawsuit, arbitration, inquiry, audit, notice of violation, proceeding, litigation, citation, summons, subpoena, or investigation of any nature, civil, criminal, administrative, regulatory, or other, whether at law, in equity, or otherwise.
“Affiliate” of a Person means any other Person that directly or indirectly, through one or more intermediaries, controls, is controlled by, or is under common control with, such Person. The term “control” (including the terms “controlled by” and “under common control with”) means the direct or indirect power to direct or cause the direction of the management and policies of a Person, whether through the ownership of voting securities, by contract, or otherwise.
“Agreement” has the meaning set forth in the preamble.
“Authorized Users” means Customer’s employees, consultants, contractors, and agents (a) who are authorized by Customer to access and use the Services under the rights granted to Customer pursuant to this Agreement; and (b) for whom access to the Services has been purchased hereunder.
“Business Day” means a day other than a Saturday, Sunday, or other day on which commercial banks in New York City are authorized or required by Law to be closed for business.
“Confidential Information” has the meaning set forth in Section 9.1.
“Customer” has the meaning set forth in the preamble.
“Customer Data” means information, data, and other content, in any form or medium, that is collected, downloaded, or otherwise received, directly or indirectly, from Customer or an Authorized User by or through the Services or that incorporates or is derived from the Processing of such information, data, or content by or through the Services. For the avoidance of doubt, Customer Data does not include Resultant Data or any other information reflecting the access or use of the Services by or on behalf of Customer or any Authorized User.
“Customer Failure” has the meaning set forth in Section 4.2.
“Customer Systems” means the Customer’s information technology infrastructure, including computers, software, hardware, databases, electronic systems (including database management systems), and networks, whether operated directly by Customer or through the use of third-party services.
“Disclosing Party” has the meaning set forth in Section 9.1.
“Documentation” means any manuals, instructions, or other documents or materials that the Provider provides or makes available to Customer in any form or medium and which describe the functionality, components, features, specifications or requirements of the Services or Provider Materials, including any aspect of the installation, configuration, integration, operation, use, support, or maintenance thereof.
“Effective Date” means the date this Agreement has been agreed to by Customer.
“Force Majeure Event” has the meaning set forth in Section 15.9.
“Harmful Code” means any software, hardware, or other technology, device, or means, including any virus, worm, malware, or other malicious computer code, the purpose or effect of which is to (a) permit unauthorized access to, or to destroy, disrupt, disable, distort, or otherwise harm or impede in any manner any (i) computer, software, firmware, hardware, system, or network; or (ii) any application or function of any of the foregoing or the security, integrity, confidentiality, or use of any data Processed thereby; or (b) prevent Customer or any Authorized User from accessing or using the Services or Provider Systems as intended by this Agreement. Harmful Code does not include any Provider Disabling Device.
“Indemnitee” has the meaning set forth in Section 12.3.
“Indemnitor” has the meaning set forth in Section 12.3.
“Initial Term” has the meaning set forth in Section 14.1.
“Intellectual Property Rights” means any and all registered and unregistered rights granted, applied for, or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection, or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world.
“Law” means any statute, law, ordinance, regulation, rule, code, order, constitution, treaty, common law, judgment, decree, or other requirement of any federal, state, local, or foreign government or political subdivision thereof, or any arbitrator, court, or tribunal of competent jurisdiction.
“Losses” means any and all losses, damages, deficiencies, claims, actions, judgments, settlements, interest, awards, penalties, fines, costs, or expenses of whatever kind, including reasonable attorneys’ fees and the costs of enforcing any right to indemnification hereunder and the cost of pursuing any insurance providers.
“Person” means an individual, corporation, partnership, joint venture, limited liability entity, governmental authority, unincorporated organization, trust, association, or other entity.
“Process” means to take any action or perform any operation or set of operations that the SaaS Services are capable of taking or performing on any data, information, or other content, including to collect, receive, input, upload, download, record, reproduce, store, organize, compile, combine, log, catalog, cross-reference, manage, maintain, copy, adapt, alter, translate, or make other derivative works or improvements, process, retrieve, output, consult, use, perform, display, disseminate, transmit, submit, post, transfer, disclose, or otherwise provide or make available, or block, erase, or destroy. “Processing” and “Processed” have correlative meanings.
“Provider” has the meaning set forth in the preamble.
“Provider Disabling Device” means any software, hardware, or other technology, device, or means (including any back door, time bomb, time out, drop dead device, software routine, or other disabling device) used by Provider or its designee to disable Customer’s or any Authorized User’s access to or use of the Services automatically with the passage of time or under the positive control of Provider or its designee.
“Provider Indemnitee” has the meaning set forth in Section 12.2.
“Provider Materials” means the Services, Documentation, and Provider Systems and any and all other information, data, documents, materials, works, and other content, devices, methods, processes, hardware, software, and other technologies and inventions, including any deliverables, technical or functional descriptions, requirements, plans, or reports, that are provided or used by Provider or any Subcontractor in connection with the Services or otherwise comprise or relate to the Services or Provider Systems. For the avoidance of doubt, Provider Materials include Resultant Data and any information, data, or other content derived from Provider’s monitoring of Customer’s access to or use of the Services, but do not include Customer Data.
“Provider Personnel” means all individuals involved in the performance of Services as employees, agents, or independent contractors of Provider or any Subcontractor.
“Provider Systems” means the information technology infrastructure used by or on behalf of Provider in performing the Services, including all computers, software, hardware, databases, electronic systems (including database management systems), and networks, whether operated directly by Provider or through the use of third-party services.
“Receiving Party” has the meaning set forth in Section 9.1.
“Renewal Term” has the meaning set forth in Section 14.2.
“Representatives” means, with respect to a party, that party’s employees, officers, directors, and legal advisors.
“Resultant Data” means data and information related to Customer’s use of the Services that is used by Provider in an aggregate and anonymized manner, including to compile statistical and performance information related to the provision and operation of the Services.
“Service Allocation” has the meaning set forth in Section 3.2.
“Services” means the software-as-a-service offering described in Exhibit A.
“Subcontractor” has the meaning set forth in Section 2.7.
“Term” has the meaning set forth in Section 14.2.
“Third-Party Materials” means materials and information, in any form or medium, including any open-source or other software, documents, data, content, specifications, products, equipment, or components of or relating to the Services that are not proprietary to Provider.
2. Services.
2.1 Access and Use. Subject to and conditioned on Customer’s and its Authorized Users’ compliance with the terms and conditions of this Agreement, Provider hereby grants Customer a non-exclusive, non-transferable (except in compliance with Section 15.8) right to access and use the Services during the Term, solely for use by Authorized Users in accordance with the terms and conditions herein. Such use is limited to Customer’s internal use. Provider shall provide to Customer the Access Credentials within a reasonable time following the Effective Date. The total number of Authorized Users will not exceed the number set forth in Exhibit B, except as expressly agreed to in writing by the parties.
2.2 Documentation License. Provider hereby grants to Customer a non-exclusive, non-sublicensable, non-transferable (except in compliance with Section 15.8) license to use the Documentation during the Term solely for Customer’s internal business purposes in connection with its use of the Services.
2.3 Service and System Control. Except as otherwise expressly provided in this Agreement, as between the parties:
(a) Provider has and will retain sole control over the operation, provision, maintenance, and management of the Provider Materials; and
(b) Customer has and will retain sole control over the operation, maintenance, and management of, and all access to and use of, the Customer Systems, and sole responsibility for all access to and use of the Provider Materials by any Person by or through the Customer Systems or any other means controlled by Customer or any Authorized User, including any: (i) information, instructions, or materials provided by any of them to the Services or Provider; (ii) results obtained from any use of the Services or Provider Materials; and (iii) conclusions, decisions, or actions based on such use.
2.4 Reservation of Rights. Nothing in this Agreement grants any right, title, or interest in or to (including any license under) any Intellectual Property Rights in or relating to, the Services, Provider Materials, or Third-Party Materials, whether expressly, by implication, estoppel, or otherwise. All right, title, and interest in and to the Services, the Provider Materials, and the Third-Party Materials are and will remain with Provider and the respective rights holders in the Third-Party Materials.
2.5 Changes. Provider reserves the right, in its sole discretion, to make any changes to the Services and Provider Materials that it deems necessary or useful to: (a) maintain or enhance: (i) the quality or delivery of Provider’s services to its customers; (ii) the competitive strength of or market for Provider’s services; or (iii) the Services’ cost efficiency or performance; or (b) to comply with applicable Law.
2.6 Subcontractors. Provider may from time to time in its discretion engage third parties to perform Services (each, a “Subcontractor”).
2.7 Suspension or Termination of Services. Provider may, directly or indirectly, and by use of a Provider Disabling Device or any other lawful means, suspend, terminate, or otherwise deny Customer’s, any Authorized User’s, or any other Person’s access to or use of all or any part of the Services or Provider Materials, without incurring any resulting obligation or liability, if: (a) Provider receives a judicial or other governmental demand or order, subpoena, or law enforcement request that expressly or by reasonable implication requires Provider to do so; or (b) Provider believes, in its sole discretion, that: (i) Customer or any Authorized User has failed to comply with any material term of this Agreement, or accessed or used the Services beyond the scope of the rights granted or for a purpose not authorized under this Agreement or in any manner that does not comply with any instruction or requirement of the Documentation; (ii) Customer or any Authorized User is, has been, or is likely to be involved in any fraudulent, misleading, or unlawful activities; or (iii) this Agreement expires or is terminated. This Section 2.7 does not limit any of Provider’s other rights or remedies, whether at law, in equity, or under this Agreement.
3. Use Restrictions; Service Usage and Data Storage.
3.1 Use Restrictions. Customer shall not, and shall not permit any other Person to, access or use the Services or Provider Materials except as expressly permitted by this Agreement and, in the case of Third-Party Materials, the applicable third-party license agreement. For purposes of clarity and without limiting the generality of the foregoing, Customer shall not, except as this Agreement expressly permits:
(a) copy, modify, or create derivative works or improvements of the Services or Provider Materials;
(b) rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer, or otherwise make available any Services or Provider Materials to any Person, including on or in connection with the internet or any time-sharing, service bureau, software as a service, cloud, or other technology or service;
(c) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to the source code of the Services or Provider Materials, in whole or in part;
(d) bypass or breach any security device or protection used by the Services or Provider Materials or access or use the Services or Provider Materials other than by an Authorized User through the use of his or her own then valid Access Credentials;
(e) input, upload, transmit, or otherwise provide to or through the Services or Provider Systems, any information or materials that are unlawful or injurious, or contain, transmit, or activate any Harmful Code;
(f) damage, destroy, disrupt, disable, impair, interfere with, or otherwise impede or harm in any manner the Services, Provider Systems, or Provider’s provision of services to any third party, in whole or in part;
(g) remove, delete, alter, or obscure any trademarks, Documentation, warranties, or disclaimers, or any copyright, trademark, patent, or other intellectual property or proprietary rights notices from any Services or Provider Materials, including any copy thereof;
(h) access or use the Services or Provider Materials in any manner or for any purpose that infringes, misappropriates, or otherwise violates any Intellectual Property Right or other right of any third party (including by any unauthorized access to, misappropriation, use, alteration, destruction, or disclosure of the data of any other Provider customer), or that violates any applicable Law;
(i) access or use the Services or Provider Materials for purposes of competitive analysis of the Services or Provider Materials, the development, provision, or use of a competing software service or product or any other purpose that is to the Provider’s detriment or commercial disadvantage; or
(j) otherwise access or use the Services or Provider Materials beyond the scope of the authorization granted under this Section 3.1.
3.2 Service Usage and Data Storage. Provider allocates levels of usage and data storage (each a “Service Allocation”) for the Customer, which may be modified by Provider from time to time. Customer shall not exceed its Service Allocations. Customer acknowledges that exceeding its then-current Service Allocation may result in service degradation for Customer and other Provider customers and agrees that Provider has no obligation to permit Customer to exceed its then-current Service Allocation.
4. Customer Obligations.
4.1 Customer Systems and Cooperation. Customer shall at all times during the Term: (a) set up, maintain, and operate in good repair and in accordance with the Documentation all Customer Systems on or through which the Services are accessed or used; and (b) provide all cooperation and assistance as Provider may reasonably request to enable Provider to exercise its rights and perform its obligations under and in connection with this Agreement.
4.2 Effect of Customer Failure or Delay. Provider is not responsible or liable for any delay or failure of performance caused in whole or in part by Customer’s delay in performing, or failure to perform, any of its obligations under this Agreement (each, a “Customer Failure”).
4.3 Corrective Action and Notice. If Customer becomes aware of any actual or threatened activity prohibited by Section 3.1, Customer shall, and shall cause its Authorized Users to, immediately: (a) take all reasonable and lawful measures within their respective control that are necessary to stop the activity or threatened activity and to mitigate its effects (including, where applicable, by discontinuing and preventing any unauthorized access to the Services and Provider Materials and permanently erasing from their systems and destroying any data to which any of them have gained unauthorized access); and (b) notify Provider of any such actual or threatened activity.
4.4 Responsibility for Use of Services Output. Customer is solely responsible for (i) evaluating (including by human review) output of the Services for accuracy, completeness, and other factors relevant to Customer’s use before using, distributing, or relying on the output of the Services; and (ii) Customer’s decisions, actions, and omissions in reliance or based on the output of the Services.
5. Intentionally Omitted.
6. Data Backup. The Services do not replace the need for Customer to maintain regular data backups or redundant data archives. PROVIDER HAS NO OBLIGATION OR LIABILITY FOR ANY LOSS, ALTERATION, DESTRUCTION, DAMAGE, CORRUPTION, OR RECOVERY OF CUSTOMER DATA.
7. Security.
7.1 Information Security and Personal Data. Provider will implement and maintain commercially reasonable administrative, physical and technical safeguards to address the security and confidentiality of Customer Data. Details regarding these safeguards are set forth in the Data Security Schedule exhibit attached to the Data Processing Addendum (“DPA”), which is attached hereto as Exhibit C and incorporated by reference herein. Personal Data (as defined in the DPA) provided by the Customer to the Provider will be processed by Provider in accordance with the DPA.
7.2 Customer Control and Responsibility. Customer has and will retain sole responsibility for: (a) all Customer Data; (b) all information, instructions, and materials provided by or on behalf of Customer or any Authorized User in connection with the Services; (c) Customer’s information technology infrastructure, including computers, software, databases, electronic systems (including database management systems), and networks, whether operated directly by Customer or through the use of third-party services (“Customer Systems”); (d) the security and use of Customer’s and its Authorized Users’ Access Credentials; and (e) all access to and use of the Services and Provider Materials directly or indirectly by or through the Customer Systems or its or its Authorized Users’ Access Credentials, with or without Customer’s knowledge or consent, including all results obtained from, and all conclusions, decisions, and actions based on, such access or use.
7.3 Access and Security. Customer shall employ all physical, administrative, and technical controls, screening, and security procedures and other safeguards necessary to: (a) securely administer the distribution and use of all Access Credentials and protect against any unauthorized access to or use of the Services; and (b) control the content and use of Customer Data, including the uploading or other provision of Customer Data for Processing by the Services.
8. Intentionally Omitted.
9. Confidentiality.
9.1 Confidential Information. In connection with this Agreement each party (as the “Disclosing Party”) may disclose or make available Confidential Information to the other party (as the “Receiving Party”). Subject to Section 9.2, “Confidential Information” means information in any form or medium (whether oral, written, electronic, or other) that the Disclosing Party considers confidential or proprietary, including information consisting of or relating to the Disclosing Party’s technology, trade secrets, know-how, business operations, plans, strategies, customers, and pricing, and information with respect to which the Disclosing Party has contractual or other confidentiality obligations. Without limiting the foregoing: all Provider Materials are the Confidential Information of Provider and the financial terms and existence of this Agreement are the Confidential Information of each of the parties.
9.2 Exclusions. Confidential Information does not include information that the Receiving Party can demonstrate by written or other documentary records: (a) was rightfully known to the Receiving Party without restriction on use or disclosure prior to such information’s being disclosed or made available to the Receiving Party in connection with this Agreement; (b) was or becomes generally known by the public other than by the Receiving Party’s or any of its Representatives’ noncompliance with this Agreement; (c) was or is received by the Receiving Party on a non-confidential basis from a third party that, to the Receiving Party’s knowledge, was not or is not, at the time of such receipt, under any obligation to maintain its confidentiality; or (d) was or is independently developed by the Receiving Party without reference to or use of any Confidential Information.
9.3 Protection of Confidential Information. As a condition to being provided with any disclosure of or access to Confidential Information, the Receiving Party shall:
(a) not access or use Confidential Information other than as necessary to exercise its rights or perform its obligations under and in accordance with this Agreement;
(b) except as may be permitted by and subject to its compliance with Section 9.4, not disclose or permit access to Confidential Information other than to its Representatives who: (i) need to know such Confidential Information for purposes of the Receiving Party’s exercise of its rights or performance of its obligations under and in accordance with this Agreement; (ii) have been informed of the confidential nature of the Confidential Information and the Receiving Party’s obligations under this Section 9.3; and (iii) are bound by written confidentiality and restricted use obligations at least as protective of the Confidential Information as the terms set forth in this Section 9;
(c) safeguard the Confidential Information from unauthorized use, access, or disclosure using at least the degree of care it uses to protect its similarly sensitive information and in no event less than a reasonable degree of care;
(d) promptly notify the Disclosing Party of any unauthorized use or disclosure of Confidential Information and cooperate with Disclosing Party to prevent further unauthorized use or disclosure; and
(e) ensure its Representatives’ compliance with, and be responsible and liable for any of its Representatives’ non-compliance with, the terms of this Section 9.
(f) Notwithstanding any other provisions of this Agreement, the Receiving Party’s obligations under this Section 9 with respect to any Confidential Information that constitutes a trade secret under any applicable Law will continue until such time, if ever, as such Confidential Information ceases to qualify for trade secret protection under one or more such applicable Laws other than as a result of any act or omission of the Receiving Party or any of its Representatives.
9.4 Compelled Disclosures. If the Receiving Party or any of its Representatives is compelled by applicable Law to disclose any Confidential Information then, to the extent permitted by applicable Law, the Receiving Party shall: (a) promptly, and prior to such disclosure, notify the Disclosing Party in writing of such requirement so that the Disclosing Party can seek a protective order or other remedy or waive its rights under Section 9.3; and (b) provide reasonable assistance to the Disclosing Party, at the Disclosing Party’s sole cost and expense, in opposing such disclosure or seeking a protective order or other limitations on disclosure. If the Disclosing Party waives compliance or, after providing the notice and assistance required under this Section 9.4, the Receiving Party remains required by Law to disclose any Confidential Information, the Receiving Party shall disclose only that portion of the Confidential Information that the Receiving Party is legally required to disclose and, on the Disclosing Party’s request, shall use commercially reasonable efforts to obtain assurances from the applicable court or other presiding authority that such Confidential Information will be afforded confidential treatment.
10. Intellectual Property Rights.
10.1 Provider Materials. All right, title, and interest in and to the Provider Materials, including all Intellectual Property Rights therein, are and will remain with Provider and, with respect to Third-Party Materials, the applicable third-party providers own all right, title, and interest, including all Intellectual Property Rights, in and to the Third-Party Materials. Customer has no right, license, or authorization with respect to any of the Provider Materials except as expressly set forth in Section 2.1 or the applicable third-party license, in each case subject to Section 3.1. All other rights in and to the Provider Materials are expressly reserved by Provider. In furtherance of the foregoing, Customer hereby unconditionally and irrevocably grants to Provider an assignment of all right, title, and interest in and to the Resultant Data, including all Intellectual Property Rights relating thereto.
10.2 Customer Data. As between Customer and Provider, Customer is and will remain the sole and exclusive owner of all right, title, and interest in and to all Customer Data, including all Intellectual Property Rights relating thereto, subject to the rights and permissions granted in Section 10.3.
10.3 Consent to Use Customer Data. Customer hereby irrevocably grants to Provider a worldwide, non-exclusive, royalty-free license including the right to grant sublicenses to Provider’s Subcontractors and Personnel to access, use, copy, display, perform, store, host, retrieve, anonymize, process, aggregate, mine, analyze, and modify Customer Data, including in connection with the use of digital tools and third-party applications that rely on artificial intelligence or other similar technologies, and to compile, combine, or incorporate such Customer Data with or into other data and information, for the purpose of the Agreement, to provide the Services, and for Provider’s internal business purposes.
11. Representations and Warranties.
11.1 Mutual Representations and Warranties. Each party represents and warrants to the other party that:
(a) it is duly organized, validly existing, and in good standing as a corporation or other entity under the Laws of the jurisdiction of its incorporation or other organization;
(b) it has the full right, power, and authority to enter into and perform its obligations and grant the rights, licenses, consents, and authorizations it grants or is required to grant under this Agreement;
(c) the execution of this Agreement by its representative whose signature is set forth at the end of this Agreement has been duly authorized by all necessary corporate or organizational action of such party; and
(d) when executed and delivered by both parties, this Agreement will constitute the legal, valid, and binding obligation of such party, enforceable against such party in accordance with its terms.
11.2 Additional Provider Representations, Warranties, and Covenants. Provider represents, warrants, and covenants to Customer that Provider will perform the Services using personnel of required skill, experience, and qualifications and in a professional and workmanlike manner in accordance with generally recognized industry standards for similar services and will devote adequate resources to meet its obligations under this Agreement.
11.3 Additional Customer Representations, Warranties, and Covenants.
(a) Customer represents, warrants, and covenants to Provider that Customer owns or otherwise has and will have the necessary rights and consents in and relating to the Customer Data so that, as received by Provider and Processed in accordance with this Agreement, they do not and will not infringe, misappropriate, or otherwise violate any Intellectual Property Rights of any third party or violate any applicable Law.
11.4 DISCLAIMER OF WARRANTIES. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN SECTION 11.1 AND SECTION 11.2, ALL SERVICES AND PROVIDER MATERIALS ARE PROVIDED “AS IS.” PROVIDER SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. WITHOUT LIMITING THE FOREGOING, PROVIDER MAKES NO WARRANTY OF ANY KIND THAT THE SERVICES OR PROVIDER MATERIALS, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE. ALL THIRD-PARTY MATERIALS ARE PROVIDED “AS IS” AND ANY REPRESENTATION OR WARRANTY OF OR CONCERNING ANY THIRD-PARTY MATERIALS IS STRICTLY BETWEEN CUSTOMER AND THE THIRD-PARTY OWNER OR DISTRIBUTOR OF THE THIRD-PARTY MATERIALS.
12. Indemnification.
12.1 Customer Indemnification. Customer shall indemnify, defend, and hold harmless Provider from and against any and all Losses incurred by such Provider Indemnitee resulting from any Action by a third party (other than an Affiliate of a Provider Indemnitee) that arise out of or result from, or are alleged to arise out of or result from:
(a) Customer Data, including any Processing of Customer Data by or on behalf of Provider in accordance with this Agreement;
(b) any other materials or information (including any documents, data, specifications, software, content, or technology) provided by or on behalf of Customer or any Authorized User, including Provider’s compliance with any specifications or directions provided by or on behalf of Customer or any Authorized User to the extent prepared without any contribution by Provider;
(c) allegation of facts that, if true, would constitute Customer’s material breach of any of its representations, warranties, covenants, or obligations under this Agreement; or
(d) negligence or more culpable act or omission (including recklessness or willful misconduct) by Customer, any Authorized User, or any third party on behalf of Customer or any Authorized User, in connection with this Agreement.
12.2 Indemnification Procedure. Each party shall promptly notify the other party in writing of any Action for which such party believes it is entitled to be indemnified pursuant to Section 12.1, as the case may be. The party seeking indemnification (the “Indemnitee”) shall cooperate with the other party (the “Indemnitor”) at the Indemnitor’s sole cost and expense. The Indemnitor shall promptly assume control of the defense and shall employ counsel reasonably acceptable to the Indemnitee to handle and defend the same, at the Indemnitor’s sole cost and expense. The Indemnitee may participate in and observe the proceedings at its own cost and expense with counsel of its own choosing. The Indemnitor shall not settle any Action on any terms or in any manner that adversely affects the rights of any Indemnitee without the Indemnitee’s prior written consent, which shall not be unreasonably withheld or delayed. If the Indemnitor fails or refuses to assume control of the defense of such Action, the Indemnitee shall have the right, but no obligation, to defend against such Action, including settling such Action after giving notice to the Indemnitor, in each case in such manner and on such terms as the Indemnitee may deem appropriate. The Indemnitee’s failure to perform any obligations under this Section 12.2 will not relieve the Indemnitor of its obligations under this Section 12, except to the extent that the Indemnitor can demonstrate that it has been prejudiced as a result of such failure.
13. Limitations of Liability.
13.1 EXCLUSION OF DAMAGES. EXCEPT AS OTHERWISE PROVIDED IN SECTION 13.3, IN NO EVENT WILL PROVIDER BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT OR ITS SUBJECT MATTER UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY: (a) LOSS OF PRODUCTION, USE, BUSINESS, REVENUE, OR PROFIT OR DIMINUTION IN VALUE; (b) IMPAIRMENT, INABILITY TO USE OR LOSS, INTERRUPTION, OR DELAY OF THE SERVICES, OTHER THAN FOR THE ISSUANCE OF ANY APPLICABLE SERVICE CREDITS PURSUANT TO SECTION 5.2; (c) LOSS, DAMAGE, CORRUPTION, OR RECOVERY OF DATA, OR BREACH OF DATA OR SYSTEM SECURITY; (d) COST OF REPLACEMENT GOODS OR SERVICES; (e) LOSS OF GOODWILL OR REPUTATION; OR (f) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES, REGARDLESS OF WHETHER SUCH PERSONS WERE ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE, AND NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE.
13.2 CAP ON MONETARY LIABILITY. EXCEPT AS OTHERWISE PROVIDED IN SECTION 13.3, IN NO EVENT WILL THE AGGREGATE LIABILITY OF PROVIDER ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER ARISING UNDER OR RELATED TO BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL OR EQUITABLE THEORY, EXCEED THREE TIMES THE TOTAL AMOUNTS PAID AND AMOUNTS ACCRUED BUT NOT YET PAID TO PROVIDER UNDER THIS AGREEMENT IN THE 12 MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM. THE FOREGOING LIMITATIONS APPLY EVEN IF ANY REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
13.3 Exceptions. The exclusions and limitations in Section 13.1 and Section 13.2 do not apply to liability for Provider’s gross negligence or willful misconduct.
14. Term and Termination.
14.1 Initial Term. The initial term of this Agreement commences as of the Effective Date and, unless terminated earlier pursuant any of the Agreement’s express provisions, will continue in effect until 2 years from such date (the “Initial Term”).
14.2 Renewal Term. This Agreement will automatically renew for additional successive one (1) year terms unless earlier terminated pursuant to this Agreement’s express provisions or either party gives the other party written notice of non-renewal at least 60 days prior to the expiration of the then-current term (each a “Renewal Term” and, collectively, together with the Initial Term, the “Term”).
14.3 Termination. In addition to any other express termination right set forth elsewhere in this Agreement:
(a) Provider may terminate this Agreement, effective on written notice to Customer, at any time and for any reason or no reason;
(b) either party may terminate this Agreement, effective on written notice to the other party, if the other party materially breaches this Agreement, and such breach: (i) is incapable of cure; or (ii) being capable of cure, remains uncured 30 days after the non-breaching party provides the breaching party with written notice of such breach; and
(c) either party may terminate this Agreement, effective immediately upon written notice to the other party, if the other party: (i) becomes insolvent or is generally unable to pay, or fails to pay, its debts as they become due; (ii) files, or has filed against it, a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency Law; (iii) makes or seeks to make a general assignment for the benefit of its creditors; or (iv) applies for or has appointed a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business.
14.4 Effect of Termination or Expiration. Upon any expiration or termination of this Agreement, except as expressly otherwise provided in this Agreement:
(a) all rights, licenses, consents, and authorizations granted by either party to the other hereunder will immediately terminate;
(b) Provider shall immediately cease all use of any Customer Data or Customer’s Confidential Information and (i) promptly return to Customer, or at Customer’s written request destroy, all documents and tangible materials containing, reflecting, incorporating, or based on Customer Data or Customer’s Confidential Information; and (ii) permanently erase all Customer Data and Customer’s Confidential Information from all systems Provider directly or indirectly controls, provided that, for clarity, Provider’s obligations under this Section 14.4(b) do not apply to any Resultant Data;
(c) Customer shall immediately cease all use of any Services or Provider Materials and (i) promptly return to Provider, or at Provider’s written request destroy, all documents and tangible materials containing, reflecting, incorporating, or based on any Provider Materials or Provider’s Confidential Information; and (ii) permanently erase all Provider Materials and Provider’s Confidential Information from all systems Customer directly or indirectly controls; and (iii) certify to Provider in a signed written instrument that it has complied with the requirements of this Section 14.4(c);
(d) notwithstanding anything to the contrary in this Agreement, with respect to information and materials then in its possession or control: (i) Provider may retain Customer Data in its then-current state and solely to the extent and for so long as required by applicable Law; (ii) Provider may also retain Customer Data in its backups, archives, and disaster recovery systems until such Customer Data is deleted in the ordinary course; and (iii) all information and materials described in this Section 14.4(d) will remain subject to all confidentiality, security, and other applicable requirements of this Agreement; and
(e) Provider may disable all Customer and Authorized User access to the Provider Materials.
14.5 Surviving Terms. The provisions set forth in the following sections, and any other right or obligation of the parties in this Agreement that, by its nature, should survive termination or expiration of this Agreement, will survive any expiration or termination of this Agreement: Section 3.1, Section 9, Section 11.4, Section 12, Section 13, Section 14.4, this Section 14.5, and Section 15.
15. Miscellaneous.
15.1 Further Assurances. On a party’s reasonable request, the other party shall, at the requesting party’s sole cost and expense, execute and deliver all such documents and instruments, and take all such further actions, as may be necessary to give full effect to this Agreement.
15.2 Relationship of the Parties. The relationship between the parties is that of independent contractors. Nothing contained in this Agreement shall be construed as creating any agency, partnership, joint venture, or other form of joint enterprise, employment, or fiduciary relationship between the parties, and neither party shall have authority to contract for or bind the other party in any manner whatsoever.
15.3 Public Announcements. Neither party shall issue or release any announcement, statement, press release, or other publicity or marketing materials relating to this Agreement or, unless expressly permitted under this Agreement, otherwise use the other party’s trademarks, service marks, trade names, logos, domain names, or other indicia of source, association, or sponsorship, in each case, without the prior written consent of the other party, which consent shall not be unreasonably withheld, provided, however, that Provider may, without Customer’s consent, include Customer’s name and other indicia in its lists of Provider’s current or former customers of Provider in promotional and marketing materials.
15.4 Notices. Any notice, request, consent, claim, demand, waiver, or other communications under this Agreement have legal effect only if in writing and addressed to the Provider by means provided through the Services and to the Customer at the contact information provided by Customer in Customer’s account (or to such other address or such other person that such party may designate from time to time in accordance with this Section 15.4). Notices sent in accordance with this Section 15.4 will be deemed effectively given: (a) when received, if delivered by hand, with signed confirmation of receipt; (b) when received, if sent by a nationally recognized overnight courier, signature required; (c) when sent, if by facsimile or email, (in each case, with confirmation of transmission), if sent during the addressee’s normal business hours, and on the next business day, if sent after the addressee’s normal business hours; and (d) on the third day after the date mailed by certified or registered mail, return receipt requested, postage prepaid.
15.5 Interpretation. For purposes of this Agreement: (a) the words “include,” “includes,” and “including” are deemed to be followed by the words “without limitation”; (b) the word “or” is not exclusive; (c) the words “herein,” “hereof,” “hereby,” “hereto,” and “hereunder” refer to this Agreement as a whole; (d) words denoting the singular have a comparable meaning when used in the plural, and vice-versa; and (e) words denoting any gender include all genders. Unless the context otherwise requires, references in this Agreement: (x) to sections, exhibits, schedules, attachments, and appendices mean the sections of, and exhibits, schedules, attachments, and appendices attached to, this Agreement; (y) to an agreement, instrument, or other document means such agreement, instrument, or other document as amended, supplemented, and modified from time to time to the extent permitted by the provisions thereof; and (z) to a statute means such statute as amended from time to time and includes any successor legislation thereto and any regulations promulgated thereunder. The parties intend this Agreement to be construed without regard to any presumption or rule requiring construction or interpretation against the party drafting an instrument or causing any instrument to be drafted. The exhibits, schedules, attachments, and appendices referred to herein are an integral part of this Agreement to the same extent as if they were set forth verbatim herein.
15.6 Headings. The headings in this Agreement are for reference only and do not affect the interpretation of this Agreement.
15.7 Entire Agreement. This Agreement, together with any other documents incorporated herein by reference, constitutes the sole and entire agreement of the parties with respect to the subject matter of this Agreement and supersedes all prior and contemporaneous understandings, agreements, representations, and warranties, both written and oral, with respect to such subject matter.
15.8 Assignment. Customer shall not assign or otherwise transfer any of its rights, or delegate or otherwise transfer any of its obligations or performance under this Agreement, in each case whether voluntarily, involuntarily, by operation of law, or otherwise, without Provider’s prior written consent, which consent shall not be unreasonably withheld, conditioned, or delayed. For purposes of the preceding sentence, and without limiting its generality, any merger, consolidation, or reorganization involving Customer (regardless of whether Customer is a surviving or disappearing entity) will be deemed to be a transfer of rights, obligations, or performance under this Agreement for which Provider’s prior written consent is required. No assignment, delegation, or transfer will relieve Customer of any of its obligations or performance under this Agreement. Any purported assignment, delegation, or transfer in violation of this Section 15.8 is void. This Agreement is binding upon and inures to the benefit of the parties hereto and their respective successors and permitted assigns.
15.9 Force Majeure.
(a) No Breach or Default. In no event will either party be liable or responsible to the other party, or be deemed to have defaulted under or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement (except for any obligations to make payments), when and to the extent such failure or delay is caused by any circumstances beyond such party’s reasonable control (a “Force Majeure Event”), including (i) acts of God; (ii) flood, fire, earthquake, epidemics, or explosion; (iii) war, invasion, hostilities (whether war is declared or not), terrorist threats or acts, riot or other civil unrest; (iv) government order, law, or actions; (v) embargoes or blockades in effect on or after the date of this Agreement; and (vi) national or regional emergency; and (viii) shortage of adequate power. Either party may terminate this Agreement if a Force Majeure Event affecting the other party continues substantially uninterrupted for a period of 30 days or more.
(b) Affected Party Obligations. In the event of any failure or delay caused by a Force Majeure Event, the affected party shall give prompt written notice to the other party stating the period of time the occurrence is expected to continue and use commercially reasonable efforts to end the failure or delay and minimize the effects of such Force Majeure Event.
15.10 No Third-Party Beneficiaries. This Agreement is for the sole benefit of the parties hereto and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer upon any other Person any legal or equitable right, benefit, or remedy of any nature whatsoever under or by reason of this Agreement.
15.11 Amendment and Modification; Waiver. No amendment to or modification of or rescission, termination, or discharge of this Agreement is effective unless it is in writing and signed by an authorized representative of each party. No waiver by any party of any of the provisions hereof shall be effective unless explicitly set forth in writing and signed by the party so waiving. Except as otherwise set forth in this Agreement, no failure to exercise, or delay in exercising, any rights, remedy, power, or privilege arising from this Agreement will operate or be construed as a waiver thereof; nor shall any single or partial exercise of any right, remedy, power, or privilege hereunder preclude any other or further exercise thereof or the exercise of any other right, remedy, power, or privilege.
15.12 Severability. If any term or provision of this Agreement is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability shall not affect any other term or provision of this Agreement or invalidate or render unenforceable such term or provision in any other jurisdiction. Upon such determination that any term or other provision is invalid, illegal, or unenforceable, the parties hereto shall negotiate in good faith to modify this Agreement so as to effect the original intent of the parties as closely as possible in a mutually acceptable manner in order that the transactions contemplated hereby be consummated as originally contemplated to the greatest extent possible.
15.13 Governing Law; Submission to Jurisdiction. This Agreement is governed by and construed in accordance with the internal laws of the State of Connecticut without giving effect to any choice or conflict of law provision or rule that would require or permit the application of the laws of any jurisdiction other than those of the State of Connecticut. Any legal suit, action, or proceeding arising out of or related to this Agreement or the licenses granted hereunder will be instituted exclusively in the federal courts of the United States or the courts of the State of Connecticut in each case located in the city of New Haven and County of New Haven, and each party irrevocably submits to the exclusive jurisdiction of such courts in any such suit, action, or proceeding. Service of process, summons, notice, or other document by mail to such party’s address set forth herein shall be effective service of process for any suit, action, or other proceeding brought in any such court.
15.14 Waiver of Jury Trial. Each party irrevocably and unconditionally waives any right it may have to a trial by jury in respect of any legal action arising out of or relating to this Agreement or the transactions contemplated hereby.
15.15 Equitable Relief. Each party acknowledges and agrees that a breach or threatened breach by such party of any of its obligations under Section 9 or, in the case of Customer, Section 3.1, Section 4.3, or Section 7.3, would cause the other party irreparable harm for which monetary damages would not be an adequate remedy and that, in the event of such breach or threatened breach, the other party will be entitled to equitable relief, including a restraining order, an injunction, specific performance, and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity, or otherwise.
15.16 Attorneys’ Fees. In the event that any action, suit, or other legal or administrative proceeding is instituted or commenced by either party against the other party arising out of or related to this Agreement, the prevailing party is entitled to recover its reasonable attorneys’ fees and court costs from the non-prevailing party.
[End of Page]
EXHIBIT A
SERVICES
Provider furnishes a beta version of deFlex, a software-as-a-service offering for the generation of flexure and compliant mechanism designs. The feature set includes 2D (or more commonly 2.5D designs) and 3D designs, with specification of preserves, preserve pairs, obstacles, mechanical advantage, prescribed displacement, material, max stress, max stiffness, degrees of freedom and more as the beta progresses.
deFlex will be in beta until terminated by Provider.
EXHIBIT B
NUMBER OF AUTHORIZED USERS
1 Authorized User
EXHIBIT C
DATA PROCESSING ADDENDUM
This Transcend Data Processing Addendum (“Addendum”) is appended to and forms part of the Software as a Service Agreement, or other written or electronic terms and license agreements that reference this Addendum, between Transcend Mechanics LLC (“Transcend”) and Customer ( the “Principal Agreements”). This Addendum applies where, and to the extent that, Transcend processes Personal Data on behalf of Customer when providing Services under the Principal Agreements. This Addendum does not apply where Transcend is the Data Controller.
This Addendum shall also include: (i) Exhibit 1 – Details of Data Processing and Exhibit 2 – Data Security Schedule; (ii) Standard Contractual Clauses (as defined below), which shall be applicable to international transfer of Customer Personal Data from the European Economic Area to Transcend located in a third country; and (iii) the UK IDTA (as defined below), which shall be applicable to any international transfer of Customer Personal Data from the UK to Transcend located in a third country.
The terms of the Principal Agreements are incorporated into this Addendum by this reference. The terms used in this Addendum shall have the meanings set forth in Section 1 (Definitions) below or elsewhere in this Addendum. Any capitalized term not otherwise defined herein will be as defined in the Principal Agreements. Except as modified below, the terms of the Principal Agreements shall remain in full force and effect.
In the event of any conflict or inconsistency between the terms of the Principal Agreements and this Addendum, the terms of this Addendum shall prevail with respect to the subject matter of this Addendum. For clarity, the terms of the Standard Contractual Clauses or UK IDTA, as applicable, shall prevail over any other term in this Addendum. If required by applicable Data Protection Laws and at Customer’s request, Transcend and Customer will execute additional agreements.
1. DEFINITIONS
“Affiliate” means an entity that directly or indirectly Controls, is Controlled by or is under common Control with an entity, where "Control" means an ownership, voting or similar interest representing fifty percent (50%) or more of the total voting interests then outstanding of such entity. The terms “Controls” and "Controlled" will be construed accordingly.
“CCPA” and “CPRA” means the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., and its implementing regulations, as amended by the California Privacy Rights Act of 2020. For purposes of this Addendum, any reference to CCPA shall also include CPRA.
“Customer Personal Data” means Personal Data that has been provided by or for Customer as part of the Services or collected and Processed by or for Customer through the Services.
“Data Controller” means the entity that determines the purposes and means of the Processing of Personal Data.
“Data Processor” means an entity that engages in the Processing of Personal Data on behalf of the Data Controller. As used herein, “Data Processor” includes, as applicable, a “processor” or “service provider” as such term is defined in applicable Data Protection Laws.
“Data Protection Laws” means all applicable local, state, national and/or foreign law, treaties, and/or regulations, including the GDPR and other laws and regulations of the European Union, the European Economic Area and their member states, United Kingdom, and U.S. Data Protection Laws, as applicable to the Processing of Personal Data under the Principal Agreements. For the avoidance of doubt, if Transcend is Processing Customer Personal Data that is not within the scope of a given Data Protection Law, then such law is not applicable for purposes of this Addendum.
“Data Subject” means the individual to whom Personal Data relates.
"EEA" means the European Economic Area.
“GDPR” means Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (also referred to as “General Data Protection Regulation”).
“Personal Data” has the meaning as defined under applicable Data Protection Laws, including without limitation, (i) any information relating to an identified or identifiable natural person; (ii) any information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, with a particular consumer or household; or (iii) any information about an individual that can be used to contact or locate such individual. As used herein, “Personal Data” includes, as applicable, “personal information” as such term is defined in the CCPA. Unless prohibited or specifically governed by applicable Data Protection Laws, Personal Data shall not include information or data that is anonymized, de-identified and/or compiled on a generic basis and which does not name or identify a specific person.
“Process” or “Processing” means any operation or set of operations which is performed upon Customer Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Security Incident" means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Customer Personal Data.
“Standard Contractual Clauses” or “SCCs” means (i) where the EU GDPR applies, the standard contractual clauses, as described in Article 46 of the EU GDPR and approved by the European Commission decision 2021/914/EC, dated 4 June 2021 and available at: EU SCCs; (ii) where the Swiss Data Protection Act applies, the applicable standard data protection clauses issued, approved or otherwise recognized by the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) (the “Swiss SCCs”); and (iii) or any set of clauses later approved by the European Commission which amend, replace or supersede such version.
“Subprocessor” means any Data Processor engaged by Transcend to assist in fulfilling its obligations with respect to providing the Services pursuant to the Principal Agreements or this Addendum.
"UK” means the United Kingdom of Great Britain and Northern Ireland.
"UK GDPR” means the Data Protection Act of 2018 in which the UK has implemented GDPR.
“UK IDTA” means the template addendum issued by the UK ICO and laid before the UK Parliament in accordance with s119 of the Data Protection Act of 2018 which amends the Standard Contractual Clauses for the transfer of Personal Data to Controller or Processor (as appropriate) established in third countries approved by a competent United Kingdom authority, and available at: UK IDTA.
“U.S. Data Protection Laws” means any applicable U.S. privacy law or U.S. state privacy statutes and regulations relating to the protection of Personal Data, whether in existence as of the effective date of the Principal Agreements or promulgated thereafter, as amended or superseded, including CCPA.
2. PURPOSE OF THIS ADDENDUM
The purpose of this Addendum is solely to reflect the parties’ agreement with regard to the Processing of Customer Personal Data in accordance with the requirements of applicable Data Protection Laws and this Addendum.
3. SCOPE OF THIS ADDENDUM
In the course of providing the Services to Customer pursuant to the Principal Agreements, Transcend may Process Customer Personal Data on behalf of Customer, and the parties agree to comply with the provisions in this Addendum. Transcend shall not Process Customer Personal Data, except to perform and provide the Services and under the Principal Agreements, and only in accordance with the terms of this Addendum, Customer’s Instructions (as defined below), and applicable Data Protection Laws. Transcend will Process Customer Personal Data for the term of the Principal Agreements, unless otherwise agreed to by the parties in writing or pursuant to a requirement under Data Protection Laws.
4. PROCESSING OF PERSONAL DATA
a. Roles of the Parties. The parties acknowledge and agree that with regard to the Processing of Customer Personal Data, Customer (and/or its Affiliates) is the Data Controller and Transcend is a Data Processor.
b. Customer’s Processing of Personal Data. Customer shall, in its access, use or configuration of the Services, Process Customer Personal Data in accordance with the requirements of Data Protection Laws. In addition, Customer’s instructions for the Processing of Customer Personal Data shall comply with Data Protection Laws. Customer shall have sole responsibility for the accuracy, quality, and legality of Customer Personal Data and the means by which Customer acquired Customer Personal Data. Customer shall ensure that the Customer is entitled to transfer Customer Personal Data to Transcend so that Transcend and its Subprocessors may lawfully Process and transfer Customer Personal Data in accordance with this Addendum and the Principal Agreements on Customer’s and its Affiliates’ behalf. Without limiting the foregoing, Customer shall ensure that (i) it has provided notice and has obtained all consents and rights necessary for Transcend to Process Customer Personal Data pursuant to this Addendum and the Principal Agreements, and (ii) it shall not violate the rights of any Data Subject, including without limitation, any individual who has exercised their rights to opt out of sales or other disclosures of Personal Data, to the extent applicable under Data Protection Laws. Customer shall only provide Transcend with the minimum necessary Customer Personal Data that is required for Transcend to perform the Services.
c. Transcend’s Processing of Personal Data. Transcend shall Process Customer Personal Data only for the purpose of providing the Services and in accordance with Customer’s instructions, as set forth in this Addendum and the Principal Agreements. The parties agree that the Customer’s instructions with regard to the Processing of Customer Personal Data are set out in this Addendum and the Principal Agreements. Processing outside the scope of these instructions (if any) will require prior written agreement between Customer and Transcend, including additional instructions for such Processing. Transcend acknowledges and confirms that it does not receive any Customer Personal Data as consideration for any Services or other items that Transcend provides to Customer. Transcend shall not have, derive, or exercise any rights or benefits regarding Customer Personal Data. Transcend shall not sell any Customer Personal Data, as such term is defined in applicable U.S. Data Protection Laws. In addition, Transcend shall not collect, combine, share, retain, or use any Customer Personal Data except as necessary to provide the Services for Customer and only within the direct business relationship with Customer. Taking into account the nature of the Services, Transcend will reasonably assist the Customer with meeting the Customer’s compliance requirements under the applicable Data Protection Laws.
d. Details of Customer Personal Data Processing. The details and the nature of the Processing of Customer Personal Data shall be set forth in Exhibit 1 to this Addendum. Customer instructs Transcend to Process Customer Personal Data for the following purposes: (i) Processing in accordance with the Principal Agreements, which includes updating the Services and preventing or addressing service or technical issues; (ii) Processing initiated by Customer’s users in their use of the Services; (iii) Processing to comply with other reasonable instructions provided by Customer (e.g., via email) where such instructions are consistent with the terms of the Principal Agreements; and (iv) Processing as otherwise agreed by the parties in writing.
5. COOPERATION
a. Requests. In the event that any request from individuals, Data Subjects, or applicable data protection authorities is made directly to Transcend where such request identifies Customer or requests access or disclosure of Customer Personal Data, Transcend shall not respond to such communication directly without Customer's prior authorization, unless legally required to do so, and instead, after being notified by Transcend, Customer shall respond. If Transcend is required to respond to such a request, Transcend will promptly notify Customer and provide Customer with a copy of the request unless legally prohibited from doing so.
b. Required Disclosures. To the extent Transcend is required under Data Protection Laws, Transcend will (at Customer's expense) provide reasonably requested information regarding the Services as required by law.
c. Records. Transcend will maintain applicable records regarding any Processing of Customer Personal Data it carries out for the Customer, including but not limited to, the access, control, and security of the Customer Personal Data, Subprocessors, the Processing purposes, and any other records required by the applicable Data Protection Laws. To the extent applicable to the Services, Transcend will promptly comply with any Customer request or instruction requiring Transcend to provide, amend, transfer or delete Customer Personal Data, or to stop, mitigate, or remedy any unauthorized Processing, and communicate such requirement or instruction to any applicable Subprocessor or onward recipient.
6. SUBPROCESSORS
a. Appointment. Customer acknowledges and agrees that Transcend may engage third-party Subprocessors in connection with the provision of the Services. Transcend utilizes the Subprocessors listed on Exhibit 3, attached to this Addendum.
b. Subprocessors. Customer generally approves Transcend’s use of Subprocessors and Transcend will only appoint any new Subprocessors in accordance with the applicable requirements of applicable Data Protection Laws. If Transcend intends to utilize a new Subprocessor that is not listed in Exhibit 3 , Transcend shall give Customer thirty (30) days written notice before adding a new Subprocessor. Upon receiving any such notification, Customer may object in writing to Transcend’s appointment of a new Subprocessor, provided that such objection is provided within thirty (30) days after notification and is based on reasonable grounds relating to data protection. If Customer does not object to any new Subprocessor within the thirty (30) day period, then Customer will be deemed to having provided its consent to the new appointment. If Customer provides its objection, then in such event, the parties will discuss such concerns in good faith with a view to achieving resolution. If Transcend cannot provide an alternative Subprocessor, or the parties are not otherwise able to achieve resolution as provided in the preceding sentence, Customer, as its sole and exclusive remedy, may terminate the Principal Agreements (including this Addendum). Following such termination, Transcend will refund to Customer any prepaid fees covering the remainder of the term of such terminated Services following the effective date of termination with respect to such terminated Services.
c. Requirements and Liability. Transcend shall enter into a written agreement with each Subprocessor imposing data protection terms that require the Subprocessor to protect the Customer Personal Data to the standard required by Data Protection Laws and this Addendum. Transcend shall be liable for the acts and omissions of its Subprocessors to the same extent Transcend would be liable if performing the services of each Subprocessor directly under the terms of this Addendum and the Principal Agreements.
7. SECURITY
a. Security Program. Transcend shall maintain an information security program that includes administrative, physical and technical safeguards for protection of the security, confidentiality and integrity of Customer Personal Data, which safeguards are set forth in Exhibit 2 to this Addendum. These safeguards are designed to be reasonably appropriate to (i) Transcend’s business (including type, size, and scope); (ii) the amount of resources available to Transcend; (iii) the type of information that Transcend will store; and (iv) the need for security and confidentiality of such information. Transcend shall regularly monitor compliance with such safeguards.
b. Security Measures. Customer is responsible for reviewing the safeguards detailed in Exhibit 2 relating to data security measures implemented by the Services, and making an independent determination as to whether the Services meet Customer’s requirements and legal obligations under Data Protection Laws. Customer acknowledges that Transcend’s data security measures are subject to technical progress and development and that Transcend may update or modify its data security measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services purchased by the Customer.
c. Personnel. Transcend restricts its personnel from Processing Customer Personal Data without authorization by Transcend in accordance with its standard security practices, and shall ensure that any person who is authorized by Transcend to Process Customer Personal Data is under an appropriate obligation of confidentiality.
d. Customer Responsibilities. Customer agrees that except as expressly provided by this Addendum, Customer is responsible for its secure use of the Services. Customer may elect to implement technical or organizational measures in relation to Customer Personal Data, which may include (i) protecting account authentication credentials; (ii) protecting the security of Customer Personal Data when in transit to and from the Services; (iii) implementing measures to allow Customer to backup and archive appropriately in order to restore availability and access to Customer Personal Data in a timely manner in the event of a physical or technical incident; and (iv) taking any appropriate steps to securely encrypt or pseudonymize any Customer Personal Data. Customer acknowledges that Transcend will not assess the contents of Customer Personal Data in order to identify information subject to any specific legal requirements. Customer is solely responsible for complying with incident notification laws applicable to Customer and fulfilling any third-party notification obligations related to any Security Incidents.
e. Security Incident Response. Upon confirming a Security Incident, Transcend shall: (i) notify Customer without undue delay, and in any event such notification shall, where feasible, occur no later than 72 hours from Transcend confirming the Security Incident; (ii) provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer; and (iii) promptly take reasonable steps to contain, investigate, and mitigate any Security Incident. Transcend's notification of or response to a Security Incident under this sub-section will not be construed as an acknowledgment by Transcend of any fault or liability with respect to the Security Incident.
8. ADDITIONAL TERMS FOR EEA and UK CUSTOMER PERSONAL DATA
a. Data Transfers. To the extent that Transcend Processes any Customer Personal Data that is subject to the GDPR, UK GDPR, or other applicable Data Protection Laws of the EEA, the parties agree that any transfers of Customer Personal Data from the EEA or the UK to Transcend shall be subject to the provisions of this Section 8. Customer and Transcend agree that Module Two of the Standard Contractual Clauses or the UK IDTA (controller to processor), respectively, shall govern the transfer of Customer Personal Data to Transcend. For purposes of such transfers, Transcend agrees that it is a "data importer" and Customer is the "data exporter" under the SCCs and UK IDTA.
b. Standard Contractual Clauses. With respect to the SCCs the parties agree to the following:
i. Clause 7, the optional docking clause will not apply;
ii. Clause 9, the general authorization option shall apply;
iii. Clause 11, the optional language will not apply;
iv. Clause 17, the SCCs will be governed by Irish law; the UK IDTA will be governed by UK law;
v. Clause 18(b), disputes will be resolved before the courts of Ireland for the SCCs, and the UK for the UK IDTA;
vi. Annex I of the SCCs will be deemed completed with the information from Exhibit 1;
vii. Annex II of the SCCs will be deemed completed with the information from Exhibit 2; and,
viii. Annex III of the SCCs will be deemed completed with the information set forth in Section 6 above of this Addendum.
c. UK IDTA. With respect to the UK IDTA, the parties agree to the following:
i. for Table 1 of Part One of the UK IDTA, the parties’ names are as set forth in the Principal Agreements, Customer is the data exporter, and Transcend is the data importer;
ii. for Table 2 of Part One of the UK IDTA, it shall be deemed completed with the information set forth in section 8(b)(ii)-(iv) above;
iii. for Table 3 of Part One of the UK IDTA, Annex 1A, the parties’ names are as set forth in the Principal Agreements, Annex 1B is completed with Exhibit 1, Annex II is completed with Exhibit 2, and Annex III is completed with section 8(b)(viii) above; and
iv. for Table 4 of Part One of the UK IDTA, the box for “neither party” is selected.
d. Cooperation. Taking into account the nature of the Processing, Transcend shall (at Customer's request and expense) provide reasonable cooperation to assist Customer with responding to any requests from individuals or applicable data protection authorities relating to the Processing of Customer Personal Data under the Principal Agreements.
e. Audits. The parties agree that the following shall apply to audits described in Clause 5(f), Clause 11 and Clause 12(2) of the Standard Contractual Clauses and UK IDTA: Upon Customer’s request, and subject to the confidentiality obligations set forth in the Principal Agreements or otherwise agreed by the parties, Transcend shall make available to Customer (or to an independent, third-party auditor of Customer that is not a competitor of Transcend) information regarding Transcend’s compliance with the obligations set forth in this Addendum. Customer shall promptly notify Transcend with information regarding any non-compliance discovered during the course of an audit.
f. Assessments: Transcend undertakes applicable transfer impact assessments with respect to the transfer of Customer Personal Data outside of the EEA and UK. Additionally, Transcend shall provide reasonable assistance to Customer with any data protection impact assessments, and prior consultations with the data protection authorities, that Customer reasonably considers to be required of any by Articles 35 or 36 of the GDPR or equivalent provisions of any other applicable Data Protection Laws, in each case, solely in relation to Processing of Customer Personal Data by Transcend, and taking into account the nature of the Processing and information available to Transcend.
9. RETURN OR DELETION OF DATA
Consistent with the Principal Agreements, Transcend will return or delete all Customer Personal Data following the termination of the Agreement, unless such Customer Personal Data is required to be maintained by Data Protection Laws, in which case it shall be held in accordance with the terms of this Addendum.
10. GENERAL TERMS
a. Severance. If a provision is found unenforceable the remaining provisions of this Addendum will remain in full effect and an enforceable term will be substituted reflecting the parties’ intent as closely as possible.
b. Remedies. Any claim or remedies Customer may have against Transcend, any of its Affiliates and their respective employees, agents and Subprocessors arising under or in connection with this Addendum including but not limited to: (i) for breach of this Addendum; (ii) as a result of fines (administrative, regulatory or otherwise) imposed upon Customer; and (iii) under applicable Data Protection Laws, including any claims relating to damages paid to a Data Subject, will be subject to the limitation of liability provisions that are set forth under the Principal Agreements.
c. Law Enforcement Requests. Transcend will not disclose or provide access to any Customer Personal Data Processed by Transcend under this Addendum to a law enforcement agency, unless required by law. If a law enforcement agency contacts Transcend with a demand for Customer Personal Data, Transcend will attempt to redirect the law enforcement agency to request that data directly from Customer. If Transcend is compelled to disclose or provide access to any Customer Personal Data Processed under this Addendum to the law enforcement agency, Transcend will promptly notify Customer and provide a copy of the demand unless legally prohibited from doing so.
d. Claims and Enforcement. Any claims against Transcend or its Affiliates under this Addendum shall be brought solely against the entity that is a party to the Principal Agreements. In no event shall any party limit its liability with respect to any individual's data protection rights under this Addendum or otherwise. No one other than a party to this Addendum, and their successors and permitted assignees, shall have any right to enforce any of its terms.
e. Effective Date and Termination. This Addendum shall be deemed effective as of the later of (i) the effective date of the Principal Agreements or (ii) the effective date of this Addendum, if executed separately. This Addendum shall terminate simultaneously and automatically with the termination of the Principal Agreements. Notwithstanding expiration or termination of the Principal Agreements, this Addendum will remain in effect until, and will automatically expire upon, deletion of all Customer Personal Data by Transcend as described in this Addendum.
f. Complete Agreement. The Principal Agreements and this Addendum constitute the entire and exclusive agreement between Customer and Transcend with respect to the Services and the subject matter of this Addendum, and supersede and replace any other agreements, terms and conditions applicable to such subject matter.
[End of Page]
Exhibit 1 to Transcend Data Processing Addendum
Details of Processing – Customer Personal Data
Subject matter and duration of the Processing of Customer Personal Data:
The subject matter of the Processing of the Customer Personal Data is set out in the Principal Agreements (including all applicable attachments); namely – for Transcend to provide the relevant Services. The duration of the Processing of Customer Personal Data shall be for the Term of the Principal Agreements.
The nature and purpose of the Processing of Customer Personal Data:
The nature and purpose of the Processing of the Customer Personal Data are set out in the Principal Agreements and include:
1. Provision of the relevant Services;
2. Delivering any additional services, including providing technical support; and
3. Ongoing improvement by Transcend of the relevant Services.
The categories of Data Subject to whom the Customer Personal Data relates:
In general, the categories of Data Subjects may include Customer’s end users, employees, contractors, customers, vendors and other affiliated entities or third parties; provided, however, Customer acknowledges and agrees that Customer elects the categories of Data Subjects to whom the Customer Personal Data relates in Customer’s sole discretion.
The types of Customer Personal Data to be Processed:
In general, the types of Customer Personal Data to be Processed under the Principal Agreements may include data uploaded to the Services by Customer, including without limitation, Customer’s end users, employees, contractors, customers, vendors and other affiliated entities or third parties and their names, physical addresses, email addresses, IP addresses and device identifiers; provided however, Customer acknowledges and agrees that Customer elects the types of Customer Personal Data to be Processed in Customer’s sole discretion.
Exhibit 2 to the Transcend Data Processing Addendum
Data Security Schedule
This Data Security Schedule (“Schedule”) sets forth the technical and organizational measures that Transcend and Customer will maintain in order to protect the security of Customer Personal Data during the Term of the applicable Principal Agreements. In the event of an inconsistency between the terms of the Principal Agreements and the terms of this Schedule, this Schedule will govern. All capitalized terms used but not defined herein have the meanings ascribed to them in the Principal Agreements or in the Transcend Data Processing Addendum (“Addendum”).
Transcend will:
● Ensure that Customer Personal Data can be accessed only by authorized Transcend personnel for the purposes set forth in Exhibit 1 of the Data Processing Addendum.
● Take reasonable measures to prevent unauthorized access to Customer Personal Data through the use of appropriate physical and logical (passwords) entry controls, securing areas for data processing, and implementing procedures for monitoring the use of data processing facilities.
● Account for all the risks that are presented by processing Customer Personal Data— for example, from accidental or unlawful destruction, loss, or alteration; or unauthorized or unlawful storage, processing, access or disclosure of Customer Personal Data.
● Encrypt Customer Personal Data, where appropriate.
● Maintain the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
● Maintain the ability to restore the availability and access to Customer Personal Data in a timely manner in the event of a physical or technical incident.
● Implement a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of Customer Personal Data.
● Provide training to Transcend personnel to ensure ongoing capabilities to carry out the security measures established in this Schedule.
Customer will:
Before providing any Customer Data (as defined in the Principal Agreements) to Transcend in connection with the Services, Customer is responsible for: (i) making an independent determination as to whether the Services meet Customer’s requirements, taking into account the type of Customer Data; and (ii) implementing access control functionalities within the Services to protect Customer Data.
Exhibit 3 to the Transcend Data Processing Addendum
Subprocessors
Name, Description of Subprocessing, Location
Amazon Web Services, Inc., Cloud Hosting Services, Analytics, United States
Google LLC, Authorization Services, Analytics, United States
Microsoft Corporation, Authorization Services, United States
Cloudflare, Inc., Cloud Hosting Services, Analytics, United States
Supabase, Inc., Database Services, United States
