This SaaS Subscription Agreement (the "Agreement") is entered into by and between Jedify Inc., a Delaware company, having its principal place of business in 1000 N. West St. Wilmington Delaware 19801 (the "Company"), and the legal entity identified in the purchase order executed between the Parties (the "Customer", and "Purchase Order") effective as of the date set forth in the Purchase Order (the "Effective Date"). Each of the Company and the Customer shall be referred as a "Party", and together, the "Parties".
BY EXECUTING THE PURCHASE ORDER OR OTHERWISE DOWNLOADING, INSTALLING, OPERATING OR USING THE PLATFORM (AS DEFINED BELOW), THE CUSTOMER EXPRESSLY AND EXPLICITLY ACCEPTS THIS AGREEMENT AND AGREES TO BE BOUND BY ITS TERMS AND CONDITIONS.
WHEREAS, the Company is the developer and proprietor of certain Artificial Intelligence ("AI") based business intelligence software platform, intended to provide insights and analytics derived from existing databases, which is offer on a software-as-a-service (SaaS) basis. The Company's software and platform, including any software code, dashboard, algorithms, utility, application programming interfaces, tools, reports and analytics capabilities and any service provided via the platform shall be collectively referred to herein as the "Platform";
WHEREAS the Customer wishes to obtain a subscription to access and use the Platform on a SaaS basis and for its internal business needs; and
WHEREAS the Company agrees to grant the Customer the right and license to access and use the Platform, all subject to the terms of this Agreement.
NOW, THEREFORE, the Parties desire to set forth herein their agreements with respect thereto and agree as follows:
1.1. License. Subject to the terms of this Agreement and the Purchase Order, the Company hereby grants to Customer, and Customer hereby accepts, a limited, personal, non-exclusive, non-sublicensable, non-transferable and revocable (in accordance with the terms of this Agreement) right to access and use the Platform, during the Term (as defined below) and solely for Customer's internal business purposes, all in accordance with and subject to the terms set forth in this Agreement. Access to the Platform will be granted by remote means on a Software-as-a-Service (SaaS) basis. It is hereby clarified that the Customer is not granted any rights in respect to the source code or executable code of the Platform and/or any API included therein.
1.2. Documentation. Jedify may make available certain Documentation (which shall be considered part of Jedify's Confidential Information (as defined below)) to the Customer to be used by the Customer solely in connection with the Customer's use of the Platform during the Term.
"Documentation" means Jedify's standard user documentation and manuals, whether in hard copy, or in any electronic form or other media, describing the use, features and operation of the Services. Unless context otherwise requires, the term "Platform" shall include the Documentation.
1.3. Purchase Order; Use limitations. The Purchase Order forms an integral part of this Agreement and its terms are incorporated herein by reference. The Platform being licensed to Customer and which may be used by Customer during the Term and the quantities, type, and any other applicable information regarding any restrictions on the Platform, or other licensing information, is as set forth in this Agreement and/or any applicable Purchase Order. The Customer's usage of the Platform is subject to usage limits, including, for example, the number of permitted queries/Permitted Users specified in the Purchase Order, if any. Unless otherwise specified, a quantity in a Purchase Order refers to queries/Permitted Users, and the Platform may not be accessed by more than that number of Permitted Users or used for more queries as set forth in the Purchase Order. If the Customer exceeds a contractual usage limit, the Customer will execute an additional Purchase Order for additional quantities and pay any invoice for excess usage in accordance with the payment terms and pricing set forth in this Agreement and any Purchase Order. The Customer agrees that the proper use of the Platform may require compatible hardware, internet access, and certain software, as further described in the Documentation provided by Jedify. Purchase Order and any amendment thereof shall only take effect if executed in writing by both Parties.
1.4. Use by Affiliates. If the Purchase Order explicitly provides Customer the right to allow Customer Affiliate to access and use the Platform, Customer shall: (i) provide each such Affiliate with a copy of this Agreement; (ii) ensure that each such Affiliate complies with the terms and conditions therein; and (iii) be responsible for any breach of these terms and conditions by any such Affiliate. "Affiliate" means any entity that Controls, is Controlled by, or is under common Control with you, where "Control" means ownership, directly or indirectly, of 50% or more of the voting interest.
1.5. Updates. The Company is not obliged to provide the Customer with any update, upgrade, new version and/or additional features of the Platform that may be released by the Company during the Term and such may be subject to additional fees. For the avoidance of doubt, the provisions of this Agreement shall apply to any such update, upgrade, new version and/or additional features of the Platform.
1.6. Changes to the Platform. Jedify may change the Platform's layout, form and design and the availability of certain content, functions or features from time to time without notice; provided, however, that Jedify will notify the Customer of any material changes to the Platform which are likely to affect its ability to use the Platform. The Customer hereby agrees and acknowledges that Jedify is not responsible for any errors or malfunctions that may occur in connection with the performance of such changes.
1.7. Lawful Use. The Customer hereby declares and agrees that it shall only use the Platform in a manner that complies with all applicable laws in the jurisdiction in which Customer uses the Platform, including, but not limited to, applicable restrictions concerning the protection of privacy and intellectual property including copyrights and any other intellectual property rights.
1.8. Implementation. To the extent expressly identified in the Purchase Order, Jedify will provide services to integrate the Platform with the Customer's existing Third Party Services (as defined below) and other computer systems ("Implementation Services"). Customer agrees to cooperate with Jedify in connection with Jedify's provision of Implementation Services and to provide all necessary information, access and assistance to facilitate the Implementation Services. The Customer shall be responsible for all out-of-pocket expenses associated with Implementation Services, to the extent expressly set forth in the Purchase Order. Additional Implementation Services beyond those expressly set forth in the Purchase Order may incur additional costs.
1.9. Services. Unless explicitly stated herein and/or in the Purchase Order, the Company is under no obligation to provide support, professional services, training, maintenance, modifications or customizations of the Platform under this Agreement.
1.10. Account. An account will be created in connection with Customer's use of the Platform (the "Account"), to be accessed and/or used solely by Customer's employees or service providers who are explicitly authorized by Customer to use the Platform (each, a "Permitted User"). Customer hereby acknowledges and agrees: (i) to keep, and ensure that the Permitted Users keep the Account login details and passwords secured at all times, and otherwise comply with the terms of this Agreement; (ii) to remain solely responsible and liable for the activity that occurs in the Account and for any breach of this Agreement by a Permitted User; and (iii) to promptly notify Company in writing if Customer becomes aware of any unauthorized access or use of the Account or the Platform.
1.11. Prohibited Uses. Except as expressly permitted herein, without the prior written consent of Company, Customer must not, and shall not allow any Permitted User or any other third party to, directly or indirectly: (i) modify, incorporate into or with other software, or create a derivative work of any part of the Platform; (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with or to anyone else; (iii) copy, distribute or reproduce the Platform for the benefit of third parties; (iv) disclose the results of any testing or benchmarking of the Platform to any third party, or use such results for Customer's own competing software development activities or use the Platform in order to build or support, and/or assist a third party in building or supporting, products or services which are competitive to Company's business; (v) modify, disassemble, decompile, reverse engineer, revise or enhance the Platform or attempt to discover the Platform's source code or the underlying ideas or algorithms of the Platform; (vi) use the Platform and/or Output Data (as defined below) in a manner that violates or infringes any rights of any third party, including but not limited to, right of privacy, proprietary rights or intellectual property rights of any third parties including without limitation copyright, trademarks, designs, patents and trade secrets; (vii) remove or otherwise modify any of the Company's trademarks, logos, copyrights, notices or other proprietary notices or indicia, if any, fixed, incorporated, included or attached to the Platform nor copy any local agent, documentation or any written materials accompanying the Platform; (ix) use the Platform for any purpose other than for the purpose for which the Platform is designated for or other than in compliance with the terms of this Agreement; (x) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce limitations on the use of the Platform; (xi) use any automated means to access the Platform; (xii) integrate the Platform (or any part thereof) into Customer's hardware or systems other than as instructed by the Company; (xiii) ship, transfer, or export the Platform into any country, or make available or use the Platform in any manner, prohibited by applicable laws (including without limitation export control laws, as applicable); (xiv) violate or abuse log-in and/or password protections governing access to the Platform; (xv) allow any third party other than the Permitted Users to use the Platform; (xvi) access, store, distribute, or transmit during the course of its use of the Platform any malicious code (i.e., software viruses, Trojan horses, worms, malware or other computer instructions, devices, or techniques that erase data or programming, infect, disrupt, damage, disable, or shut down a computer system or any component of such computer system), or unlawful, threatening, obscene or infringing material; (xvii) use Output Data to develop models that compete with the Platform and/or the Company; (xviii) perform penetration tests of the Platform; (xix) use the Platform and/or Output Data in any other unlawful manner.
2.1. Third Party Services. Operation of the Platform may require integration with the Customer's accounts on third-party service providers' software and platforms (collectively, "Third Party Services"). The Customer is solely responsible for the Third Party Services (including all APIs to which it grants access to the Company) and the Company disclaims any responsibility and liability with respect thereto, including the Customer's use of Third Party Services and their integration with the Platform. The Customer hereby grant the Company a limited, non-exclusive, royalty-free, and worldwide license, during the Term, to integrate the Platform with such Third Party Services, to retrieve Customer Data (as defined below) therefrom and interact and use such Third Party Services, as necessary to operate the Platform. The Customer warrants that: (a) it is duly entitled to grant the license to the Third Party Services and applicable and APIs; (b) the Third Party Services and applicable and APIs shall not knowingly contain any type of computer virus or any other component that may disrupt, modify, delete, harm or otherwise impede the operation of the Platform and/or Company's systems; and that (c) the Third Party Services and applicable APIs do not and will not infringe, misappropriate or violate any Intellectual Property Rights and any other rights of any third party. The Company does not guarantee that the Platform will support all Third Party Services and/or database systems and/or computer systems, except as expressly set forth in the Documentation.
2.2. Customer Data. The operation of the Platform requires the Company to monitor, analyze and process certain data from the Customer's systems and Third Party Service accounts (collectively, "Customer Data"), in order to provide the services offered via the Platform. As between the Company and the Customer, the Intellectual Property Rights (as such term is defined below) and all other right, title and interest of any nature in and to the Customer Data shall remain the exclusive property of Customer. The Company shall be considered granted a non-exclusive, sub-licensable (solely to Company's Affiliates and vendors), royalty-free and fully paid-up license to use the Customer Data for the purpose of operating the Platform, performance of the Company's obligations under this Agreement, to meet its legal requirements and as otherwise permitted under this Agreement. The Customer shall have sole responsibility for the accuracy, quality and legality of the Customer Data and the means by which Customer acquired such Customer Data. Customer represents and warrants that the Customer Data has been collected, processed and transferred to the Company in accordance with applicable laws.
2.3. Personal Data. To the extent that Customer Data includes 'personal data', as such term (or its equivalent) is defined under applicable data protection and privacy laws, and to the extent mandated by such laws, the Parties hereby enter into the data processing addendum, attached hereto as Exhibit A (the "DPA").
2.4. Results.
2.4.1. The Platform is intended to produce certain responses and outputs based on processing of the Customer Data, including without limitation analytics, warnings, indications and reports (collectively, "Output Data"). The Customer hereby agrees and acknowledges that: (a) the Output Data is based on the processing of Customer Data by AI technologies, and as such, taking into account the nature of AI and machine learning, use of the Platform may, in some situations, result in Output Data that does not accurately reflect the Customer's intended output or needs; and (b) due to the nature of our Platform and AI generally, Output Data may not be unique and other users of our Platform may receive similar output from our Platform (for the avoidance of doubt, Customer Data shall only be used for the benefit of the Customer and shall not be provided or processed for the benefit of any other client of the Company). The Intellectual Property Rights (as such term is defined below) and all other right, title and interest of any nature in and to the Output Data which is based on, or derived from, the Customer Data shall remain the exclusive property of Customer.
2.4.2. The Customer is solely and exclusively responsible for: (i) determining whether its use of the Platform (and primarily any use of AI technologies) is consistent with its own internal standards, policies and laws applicable to the Customer; (ii) determining whether and which individuals within the Customer's organization should be provided with notice of use of Platform (as an AI based product) and implications of relying on the Output Data; (iii) implementing appropriate human oversight of use of the Platform and the Output Data, including evaluation of Output Data for accuracy and appropriateness for the Customer's needs and expectations and addressing the findings specified in Output Data, including without limitation determining which actions are appropriate in light thereof; (iv) all actions it takes based on Output Data; and (v) taking appropriate precautions when using Output Data for any decisions that could have a legal or material impact on a natural person, and in this respect the Customer agrees not to rely solely upon the Platform and/or the Output Data for any decisions that may have consequential impact on an individual, including but not limited to legal standing, financial implications, human rights and/or physical or psychological harm. The Customer agrees and acknowledges that the Company is not responsible or liable for the Customer's use or reliance on the Output Data and that the Company expressly disclaims any liability with respect to the Customer's use of the Output Data.
2.5. Analytics and Machine Learning. The Company may collect, disclose, publish and use in any other manner anonymous information which is derived from the use of the Platform and/or the Customer Data and/or Output Data (i.e., non-identifiable information, aggregated and analytics information that does not identify an individual person) (collectively, "Analytics Information"), in order to provide and improve the Company's Platform and for R&D purposes, provided that the Analytics Information cannot identify, at all times, any individual and/or the Customer. The Company is and shall remain the sole owner of the Analytics Information. Notwithstanding, the Company may use Customer Data and Output Data to provide, maintain, develop, and improve the Platform, including for machine learning purposes and to train the Platform's AI models.
2.6. LLM. Jedify uses third party Large Language Models services (collectively "LLM Services(s)") to provide the services via the Platform. The Customer agrees and acknowledges that: (a) LLM Services may not be available in all jurisdictions worldwide, and therefore access to the Platform may be restricted in certain countries which are not supported by the LLM Services, resulting in inability to use the Platform. The Company shall not be liable for the Customer's inability to use the Platform for said reason; and (b) any Customer Data and Output Data will ultimately be processed by a third party LLM Services provider. LLM providers shall not use Customer Data and/or Output Data to train any AI model and/or for its own purposes.
3.1. Fees. The Customer shall pay all fees specified in the relevant Purchase Order and such fees are payable in USD and are non-refundable. Unless explicitly stated in the Purchase Order, all amounts invoiced hereunder are due and payable within thirty (30) days of the date of the invoice.
3.2. Payment Terms. Any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (i) the rate of one and a half percent (1.5%) per month; or (ii) the highest amount permitted by applicable law. All amounts payable under this Agreement are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties. All taxes, withholdings and duties of any kind payable with respect to Customer's use of the Platform under this Agreement, other than taxes based on Company's net income, shall be borne and paid by Customer.
4.1. The Platform. The Platform is not for sale and is and shall remain Company's sole property. All right, title, and interest, including any Intellectual Property Rights evidenced by or embodied in, attached, connected, and/or related to the Platform and any and all derivative works, improvements, enhancements, updates, upgrades and customizations thereof or thereto are and shall remain owned solely by the Company or its licensors. This Agreement does not convey to Customer any interest in or to the Platform but only, as aforesaid, a limited revocable right to use the Platform, in accordance with the terms of this Agreement, and nothing herein constitutes a waiver of the Company's Intellectual Property Rights under any law.
"Intellectual Property Rights" means: (i) patents and patent applications throughout the world, including all reissues, divisions, continuations, continuations-in-part, extensions, renewals, and re-examinations of any of the foregoing, all whether or not registered or capable of being registered; (ii) common law and statutory trade secrets and all other confidential or proprietary or useful information that has independent value, and all know-how, in each case whether or not reduced to a writing or other tangible form; (iii) all copyrights, whether arising under statutory or common law, whether registered or not; (iv) all trademarks, trade names, corporate names, company names, trade styles, service marks, certification marks, collective marks, logos, and other source of business identifiers, whether registered or not; (v) moral rights in those jurisdictions where such rights are recognized; (vi) any rights in source code, object code, mask works, databases, algorithms, formulae and processes; and (vii) all other intellectual property and proprietary rights, and all rights corresponding to the foregoing throughout the world.
4.2. Third Party Software Components. The Platform may include third party software that is subject to open source licenses ("Third Party Components"). A list of Third Party Components is available in the Platform or its Documentation and will be updated from time to time. The Customer's right to use such Third Party Components as part of the Platform is subject to any applicable acknowledgements and license terms accompanying such Third Party Components. If there is a conflict between the licensing terms of such Third Party Components and this Agreement, the licensing terms of the Third Party Components shall prevail in connection with the related Third Party Components. Such Third Party Components are provided on an "AS IS" basis without any warranty of any kind and shall be subject to any and all limitations and conditions required by such third parties. Under no circumstances shall the Platform or any portion thereof (except for the Third Party Components contained therein) be deemed "open source" or "publicly available" software. The licenses of certain Third Party Components may require the provision of the source code of these Third Party Components, and Customer may seek a complete machine-readable copy of their corresponding source code, by contacting the Company.
4.3. Feedback. If Customer contacts Company with feedback data (e.g., questions, comments, suggestions or the like) regarding the Platform (collectively, "Feedback"), such Feedback shall be deemed non-confidential, and the Company shall have a non-exclusive, royalty-free, worldwide, perpetual license to use or incorporate such Feedback into the Platform and/or other current or future products or services of the Company (without the Customer's approval and without further compensation to the Customer), provided that such Feedback is used on an anonymous basis and does not identify the Customer.
Each Party may have access to certain non-public and/or proprietary information of the other Party, in any form or media, including (without limitation) confidential trade secrets and other information related to the products, software, technology, data, know-how, or business of the other Party, whether written or oral, and any other information that a reasonable person or entity should have reason to believe is proprietary, confidential, or competitively sensitive (the "Confidential Information"). Each Party shall take reasonable measures, at least as protective as those taken to protect its own confidential information, but in no event less than reasonable care, to protect the other Party's Confidential Information from disclosure to a third party. Neither Party shall use or disclose the Confidential Information of the other Party except as expressly permitted under this Agreement or by applicable law. For the avoidance of doubt, a recipient Party may disclose the other Party's Confidential Information to its officers, employees, services providers or advisors solely on a "need to know" basis, and provided that they are bound by similar nondisclosure obligations as those of this Agreement. All right, title and interest in and to Confidential Information are and shall remain the sole and exclusive property of its disclosing Party.
Customer agrees that the Company may identify Customer as a user of the Platform and use Customer's trademark and/or logo (i) in sales presentations, promotional/marketing materials, and press releases, and (ii) in order to develop a brief customer profile for use by Company on Company's website or social media accounts for promotional purposes.
7.1. Each Party represents and warrants (a) that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; and (b) that the execution and performance of this Agreement will not conflict with any obligations it has towards third parties, or violate any provision of any applicable law. The Customer further represents and warrants that: (i) it will use the Platform in compliance with any applicable laws; and (ii) it obtained all applicable governmental permits or certifications which may be required for its use of the Platform.
7.2. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM (INCLUDING ANY OUTPUT DATA AND ANY SERVICES OFFERED VIA THE PLATFORM) AND ANY SERVICES PROVIDED HEREUNDER (INCLUDING IMPLEMENTATION SERVICES) ARE PROVIDED ON AN "AS IS" BASIS. IN ADDITION TO OTHER DISCLAIMERS CONTAINED IN THIS AGREEMENT, THE COMPANY DOES NOT WARRANT THAT THE PLATFORM (INCLUDING THE OUTPUT DATA) AND ANY SERVICES PROVIDED HEREUNDER WILL MEET CUSTOMER'S REQUIREMENTS, THAT THE PLATFORM'S OPERATION WILL BE SECURED AT ALL TIMES, UNINTERRUPTED, ERROR-FREE, FALSE-POSITIVES FREE, FREE OF VIRUSES, BUGS, WORMS, OTHER HARMFUL COMPONENTS OR OTHER SOFTWARE LIMITATIONS, AND THE COMPANY EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. WITHOUT DEROGATING FROM THE FOREGOING, COMPANY SHALL NOT BE RESPONSIBLE FOR CUSTOMER'S DETERMINATION WHETHER TO ACT ON THE BASIS OF ANY OUTPUT DATA AND FOR ANY OUTCOMES OF SUCH DECISION.
7.3. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, THE COMPANY, ITS EMPLOYEES, CONTRACTORS, AGENTS, DIRECTORS, SHAREHOLDERS, LICENSORS, SUPPLIERS, AFFILIATES, DISTRIBUTORS AND RESELLERS (COLLECTIVELY, "COMPANY'S REPRESENTATIVES") SHALL NOT BE LIABLE WHETHER UNDER CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, TO CUSTOMER OR ANY THIRD PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES OF ANY KIND (INCLUDING BUT NOT LIMITED TO, ANY LOSS OR DAMAGE TO BUSINESS EARNINGS, LOST PROFITS OR GOODWILL), SUFFERED BY ANY PERSON, ARISING FROM, RELATED TO, AND/OR CONNECTED TO, THIS AGREEMENT (INCLUDING THE DPA), ANY USE OF OR INABILITY TO USE THE PLATFORM AND/OR THE OUTPUT DATA AND/OR AND ANY SERVICES PROVIDED HEREUNDER, EVEN IF THE COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
7.4. IN ANY CASE, WITHOUT LIMITING THE GENERALITY OF THE FOREGOING AND TO THE MAXIMUM EXTENT LEGALLY PERMISSIBLE, THE COMPANY AND THE COMPANY'S REPRESENTATIVES' TOTAL AGGREGATE LIABILITY FOR ALL DAMAGES OR LOSSES WHATSOEVER ARISING HEREUNDER (INCLUDING THE DPA) OR IN CONNECTION WITH THE CUSTOMER'S USE OR INABILITY TO USE THE PLATFORM AND/OR THE OUTPUT DATA SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, THE TOTAL AMOUNTS ACTUALLY PAID TO COMPANY UNDER THE APPLICABLE PURCHASE ORDER IN THE SIX (6) MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO SUCH CLAIM. INASMUCH AS SOME JURISDICTIONS DO NOT ALLOW EXCLUSIONS OR LIMITATIONS AS SET FORTH HEREIN, THE FULL EXTENT OF THE ABOVE EXCLUSIONS AND LIMITATIONS MAY NOT APPLY. THE FOREGOING LIMITATION SET FORTH IN THIS SECTION 11.2 SHALL NOT APPLY TO LIABILITIES ARISING FROM BODILY INJURIES AND THE COMPANY'S WILLFUL MISCONDUCT OR FRAUD.
7.5. The Customer agrees to defend, indemnify and hold harmless the Company and Company's Representatives from and against any and all claims, damages, obligations, losses, liabilities, costs, debts, and expenses (including but not limited to attorney's fees) arising from: (i) the Customer's breach of applicable law, its warranties, obligations and undertakings under this Agreement; and (ii) a third party claim, suit or proceeding alleging that the use of the Customer Data and/or Third Party Services within the scope of this Agreement infringes, or may infringe, any right of any third party.
8.1. Term. This Agreement shall enter into force and effect on the Effective Date and shall remain in full force and effect for an initial term set forth in the Purchase Order (the "Initial Term"). Unless expressly set forth in the Purchase Order, following the Initial Term, this Agreement will automatically be renewed, for successive terms equivalent to the period in the Initial Term (each, a "Renewal Term", and together with the Initial Term, the "Term"), unless: (i) terminated by a Party upon written notice to the other Party at least thirty (30) days prior to the commencement of any Renewal Term, or (ii) this Agreement is terminated in accordance with Section 8.2 below. The Company may modify the fees due for the Customer's use of the Platform, upon the commencement of each Renewal Term, provided that it provides the Customer with written notice of such change, at least sixty (60) days prior to the commencement of the relevant Renewal Term. If the Customer continues to use the Platform past any renewal date, then Customer shall be deemed to have renewed the Agreement for the following Renewal Term at the rates applicable for said Renewal Term.
8.2. Termination.
8.2.1. Material Breach. Either Party may terminate this Agreement with immediate effect if the other Party materially breaches this Agreement and such breach remains uncured (to the extent that the breach can be cured) thirty (30) days after having received written notice thereof; except that the curing period for non-payment shall be ten (10) days following said notice.
8.2.2. Distress Event. In the event that either Party becomes liquidated, dissolved, bankrupt or insolvent, whether voluntarily or involuntarily, or shall take any action to be so declared, and such event is not cancelled within 30 days, the other Party shall have the right to immediately terminate this Agreement.
8.2.3. Effects of termination. Upon termination or expiration of this Agreement: (i) the rights and licenses granted to Customer under this Agreement shall expire, and Customer shall discontinue all further use of the Platform; (ii) Customer shall immediately permanently delete all copies of the Documentation provided by the Company (if any) in Customer's possession or control; (iii) the receiving Party shall immediately return and/or permanently delete (as instructed by the disclosing Party) the Confidential Information, other than Confidential Information that the recipient is required to retain by law, regulation or governmental order; and (iv) any sums paid by the Customer until the date of termination are non-refundable, and Customer shall not be relieved of its duty to discharge in full all due sums owed by the Customer to Company under this Agreement until the date of termination or expiration hereof, which sums shall become immediately due and payable on the date of termination or expiration of the Agreement. The provisions of this Agreement that, by their nature and content, must survive the termination of this Agreement in order to achieve the fundamental purposes of this Agreement shall so survive. Termination of this Agreement shall not limit either Party from pursuing any other remedies available to it under applicable law.
The Platform may be subject to United States and other jurisdictions' export control and economic sanctions laws and other foreign trade controls. Each Party agrees to comply with applicable laws in connection with its performance hereunder, including without limitation, applicable U.S. and foreign export controls, economic sanctions, and other trade controls and shall not provide access to the Platform to any user in an embargoed nation, including without limitation, Cuba, Iran, North Korea, Syria, Crimea Region of Ukraine, Russia, Lebanon or any other country/region that becomes an embargoed nation.
This Agreement represents the complete agreement concerning the subject matter hereof and shall supersede any and all prior agreements and understandings relating thereto. This Agreement may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party. Notwithstanding the foregoing, the Company may assign this Agreement without the consent of the Customer in connection with any merger (by operation of law or otherwise), consolidation, reorganization, change in control or sale of all or substantially all of its assets related to this Agreement or similar transaction. This Agreement shall be governed by and construed under the laws of the State of Delaware, US without reference to principles and laws relating to the conflict of laws. The competent courts located in Delaware shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Company will not be liable for any delay or failure to provide the Platform resulting from circumstances or causes beyond the reasonable control of the Company (i.e., force majeure events). This Agreement may be executed in electronic counterparts, each of which counterpart, when so executed and delivered, shall be deemed to be an original and all of which counterparts, taken together, shall constitute but one and the same agreement.
BY EXECUTING A PURCHASE ORDER, YOU WARRANT THAT (A) YOU HAVE READ AND REVIEWED THIS AGREEMENT IN ITS ENTIRETY, (B) YOU AGREE TO BE BOUND BY THIS AGREEMENT, (C) THE INDIVIDUAL EXECUTING THE PURCHASE ORDER HAS THE POWER, AUTHORITY AND LEGAL RIGHT TO ENTER INTO THIS AGREEMENT ON BEHALF OF HIS/HER ORGANIZATION, AND (D) THIS AGREEMENT CONSTITUTES BINDING AND ENFORCEABLE OBLIGATIONS ON YOUR ORGANIZATION'S BEHALF.
This Data Processing Addendum ("DPA") is an agreement between and the legal entity identified in the purchase order executed between the Parties ("Customer" or "Data Controller") and Jedify Inc. ("Company" or "Data Processor"). The Parties agree that this DPA shall be added as an addendum to the Services Agreement executed between the Parties, according to which the Company shall provide to the Customer certain data processing services, as described therein (respectively, the "Services" and the "Services Agreement"). Data Controller and Data Processor shall be collectively referred to as the "Parties", and each a "Party".
In this DPA, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:
1.1. "Affiliate(s)" means an entity that owns or controls, is owned or controlled by or is or under common control or ownership of either Party, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise;
1.2. "Applicable Laws" means any applicable law, including Data Protection Laws, to which Data Processor is subject with respect to any Personal Data;
1.3. "Data Protection Laws" means all applicable data privacy and data protection laws, rules and regulations, including, but not be limited to, and as applicable, the EU General Data Protection Regulation 2016/679 ("GDPR") and its respective national implementing legislations, in each case, as amended, adopted, or superseded from time to time;
1.4. "EEA" means the European Economic Area;
1.5. "Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject") (an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person), which is Processed by Data Processor or any of Data Processor's Sub-processors on behalf of Data Controller as part of the performance of the Services under the Services Agreement;
1.6. "Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;
1.7. "Processing" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
1.8. "Standard Contractual Clauses" means the standard contractual clauses for processors annexed to the European Commission's Decision (EU) 2021/914 of 4 June 2021, as may be amended, superseded or replaced;
1.9. "Sub-processor" means any third party (but excluding any personnel member of Data Processor) appointed by or on behalf of Data Processor to Process Personal Data for the benefit of Data Controller as part of the performance of the Services under the Services Agreement;
1.10. "Supervisory Authority" means (a) an independent public authority which is established by a Member State of the European Economic Area pursuant to Article 51 of the GDPR; and (b) any similar regulatory authority responsible for the enforcement of Data Protection Laws; and
1.11. "Term" shall have the meaning ascribed to it under Section 11 below.
2.1. Data Processor, and any person acting under its authority, will carry out the Personal Data Processing activities, including with regard to transfers of Personal Data to a third country or an international organisation, only for the following purposes: (i) to provide the Services, in accordance with the Services Agreement and other reasonable documented instructions provided by the Data Controller, where such instructions are consistent with the terms of the Services Agreement (collectively, the "Instruction(s)"); (ii) as permitted under this DPA; and (iii) as required under Applicable Law, in which case Data Processor shall, to the extent permitted by Applicable Law, inform Data Controller of such legally required Processing of Personal Data, unless that law prohibits such information on important grounds of public interest.
2.2. Data Controller instructs Data Processor (and authorises Data Processor to instruct each of its Sub-processors) to process the Personal Data, as reasonably necessary for the provision of the Services and in accordance with the Services Agreement and this DPA. Additional instructions outside the scope of this DPA and the Services Agreement require prior written agreement between Data Controller and Data Processor and will include any additional fees that may be payable by the Data Controller to the Data Processor for carrying out such instructions.
2.3. Data Controller hereby acknowledges that as part of the provision of the Services hereunder, Data Processor may collect, disclose, publish, share and otherwise use fully anonymized, de-identified and de-identifiable data, including statistical data, analytics, trends and other aggregated data which derives from the Personal Data Processed by the Data Processor as part of the provision of the Services, all as required for the Data Processor's legitimate purposes, including without limitation in order to provide, maintain, operate and improve the Services and for research purposes. Data Processor agrees not to use said anonymized data in a form that identifies the Customer or any Data Subject. The Data Controller hereby agrees and acknowledges that such processing activities (including the anonymization and de-identification of Personal Data) will not be considered as performed outside the scope of the Instructions provided by the Data Controller hereunder.
2.4. Data Processor will notify Data Controller if Data Processor is of the opinion that a written Instruction received from Data Controller is in violation of Applicable Law and/or in violation of contractual duties under the Services Agreement.
2.5. Data Controller shall have sole responsibility for the accuracy, quality and legality of the Personal Data and the means by which Data Controller acquired the Personal Data. Data Controller warrants and undertakes that the Personal Data have been collected, Processed and transferred to the Data Processor in accordance with the laws applicable to Data Controller, including, if required by applicable Data Protection Laws, that Data Controller has received all required consents from the applicable Data Subjects for the Processing carried out by the Data Processor under this DPA and that the Data Subjects have been informed that their Personal Data could be transmitted to a third country outside of their jurisdiction (including, where applicable, outside the EEA).
2.6. Exhibit 1 of this DPA sets forth certain information regarding Data Processor's Processing activities of the Personal Data, as required by Article 28(3) of the GDPR and other applicable Data Protection Laws.
3.1. Data Processor shall promptly notify Data Controller if Data Processor receives a request from a Data Subject to exercise the Data Subject's rights under Data Protection Laws, including without limitation the right of access, rectification, restriction of Processing, erasure, data portability, object to the Processing, or its right not to be subject to an automated individual decision making ("Data Subject Request"), and shall not respond to such request without Data Controller's prior written consent, except to confirm that such request relates to Data Controller.
3.2. Taking into account the nature of the Processing, Data Processor shall assist the Data Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Data Controller's obligation to respond to any Data Subject Request and agrees to provide reasonable assistance and comply with reasonable instructions from Data Controller related to any Data Subject Request.
3.3. Supervising Authorities. Data Processor shall provide reasonable assistance to Data Controller with any data protection impact assessments, and prior consultations with Supervising Authorities, as required by article 35 and 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to the Processing of Personal Data by Data Processor and all by taking into account the nature of the Processing and information available to the Data Processor. Data Controller acknowledges and agrees that assistance with data protection impact assessments and prior consultations by Data Processor may result in additional fees (which will be notified to Data Controller in advance).
4.1. Data Processor shall treat Personal Data as confidential information and will not disclose, make available or transfer the Personal Data to any third party, other than as permitted under this DPA.
4.2. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Data Processor has implemented, and will maintain, adequate technical and organizational security measures in order to ensure a level of security of the Personal Data appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR, and those measures stipulated in Exhibit 2 of this DPA. The technical and organizational security measures are aimed at protecting Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access and against all other unlawful forms of Processing.
4.3. The technical and organizational security measures implemented by the Data Processor are subject to technical progress and development, and Data Processor may update or modify the technical and organizational security measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Services.
5.1. Data Processor shall notify Data Controller without undue delay, and in any case within forty-eight (48) hours, after becoming aware of a Personal Data Breach affecting the Personal Data.
5.2. Data Processor shall provide Data Controller with sufficient information to allow Data Controller to meet any obligations to report or inform Supervising Authorities and/or Data Subjects of the Personal Data Breach under the Data Protection Laws, taking into account the nature of Processing and the information available to Data Processor, including with the following information: (a) a description of the nature of the Personal Data Breach, including the categories and approximate number of both Data Subjects and Personal Data records concerned; (b) the likely consequences of the Personal Data Breach; and (c) a description of the measures taken, or proposed to be taken, to address the Personal Data Breach, including measures to mitigate its possible adverse effects. To the extent Data Processor does not have full information about the Personal Data Breach at the time of the initial notification, Data Processor shall provide an initial notification and then supplement that with additional information as it becomes available.
6.1. During the Term, Data Processor shall keep records of its Processing activities in accordance with applicable Data Protection Laws.
6.2. During the Term and upon request, Data Processor shall make available to Data Controller all information reasonably necessary to demonstrate compliance with the obligations laid down in applicable Data Protection Laws this DPA and allow for and contribute to audits, including inspections, conducted by Data Controller or another auditor mandated by Data Controller, all at Data Controller's sole expense and only in order to ensure Data Processor's compliance with the obligations laid down in applicable Data Protection Laws and this DPA. If and to the extent Data Controller engages third parties to conduct the audit, such third parties must be bound to strict confidentiality obligations. Notwithstanding the above, Data Controller shall only be entitled to conduct such inspection during business hours and no more than once during one calendar year, provided that Data Controller shall be entitled to conduct such inspection at any time if it reasonably suspects Data Processor to be in material breach of its obligations under this DPA and that nothing in this Section shall limit the timing and scope of any audit required to be conducted by applicable Data Protection Laws.
6.3. Data Controller shall provide Data Processor reasonable prior written notice of any audit or inspection to be conducted under this Section and shall avoid (and ensure that each of its auditors avoids) causing any damage, injury or disruption to Data Processor's premises, equipment, personnel and business while its personnel are on those premises in the course of such audit or inspection.
6.4. It is agreed that a copy of this DPA may be forwarded to the relevant Supervisory Authority, if required under applicable Data Protection Laws. Furthermore, the Parties agree that such authority has the right to conduct an audit of the Parties with respect to the subject matter of this DPA.
6.5. Nothing in this DPA will require Data Processor either to disclose to Data Controller (and/or its authorized auditors), or provide access to: (i) any data of any other customer of Data Processor; (ii) Data Processor's internal accounting or financial information; (iii) any trade secret of Data Processor; or (iv) any information that, in Data Processor's sole discretion, could compromise the security of any of Data Processor's systems or premises or cause Data Processor to breach obligations under any Applicable Law or its obligations to any third party.
7.1. Data Controller hereby (i) grants Data Processor a general authorization to engage (and permits each Sub-processor appointed in accordance with this Section to engage) Sub-processors for the purpose of providing the Services; (ii) agrees that Affiliates of Data Processor may be used as Sub-processors; and (iii) confirms that Data Processor may continue to use those Sub-processors already engaged by Data Processor as of the Effective Date of this DPA, which are detailed in Exhibit 1 ("Existing Sub-processors").
7.2. Data Processor can at any time and without justification appoint a new Sub-processor, provided that prior to engaging any Sub-processor:
7.3. Data Processor will provide a fourteen (14) days' prior notice to Data Controller regarding the engagement of a new Sub-processor, and the Data Controller does not reasonably object to such changes within that timeframe under legitimate and documented grounds. If Data Controller's objection to an engagement of a Sub-processor is legitimate, Data Processor shall either refrain from using such Sub-processor in the context of the Processing of Personal Data, or shall notify Data Controller that it is unable to provide the Services without the use of such Sub-processor and therefore it will suspend or restrict the Services (or an applicable part thereof) with immediate effect.
7.4. Data Processor ensures that it has in place a sub-processing agreement between Data Processor and the Sub-processor, that is no less protective with respect to Data Controller's interest and protection of Personal Data than this DPA. Upon Data Controller's request, Data Processor shall provide Data Controller with an updated list of Sub-processors.
7.5. Where the Sub-processor fails to fulfil its personal data protection obligations with respect to the Personal Data, Data Processor shall remain fully liable to Data Controller for the performance of that Sub-processor's obligations.
Data Controller hereby authorizes Data Processor to transfer the Personal Data across international borders, including without limitation from the EEA, Switzerland, and/or the United Kingdom to the United States, provided that in each case such transfer complies with applicable Data Protection Laws and that the Data Processor has put in place the necessary safeguards, as required by applicable Data Protection Laws, to facilitate such transfer. Without derogating from the generality of the foregoing, the Data Processor warrants that where Personal Data is transferred outside of the EEA, and to the extent required under the Data Protection Laws, it will execute the Standard Contractual Clauses with the recipient of the Personal Data being transferred, unless the processing takes place in a third country or territory recognised by the EU Commission to have an adequate level of protection.
Data Processor will be responsible for using qualified personnel with data protection training to provide the Services and ensure that Data Processor's access to the Personal Data is limited only to those personnel who require such access to perform the Services. Data Processor shall obligate its personnel to Process the relevant Personal Data only in accordance with this DPA. Data Processor will further ensure that its personnel authorised to Process the Personal Data on its behalf: (i) will do so only on a need-to-know basis; and (ii) have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality, and that they will keep confidential and will not make available any Personal Data to any third party, other than as permitted herein.
Within thirty (30) calendar days following the termination of the Services Agreement and/or this DPA, Data Processor will delete and instruct its Sub-processors to delete, all existing copies of the Personal Data which are in its possession, unless instructed by the Data Controller, by way of a prior written notice, to return such data, in which case the Data Processor shall return a copy of the Personal Data to the Data Controller and delete all remaining copies of the Personal Data which are in its possession. Notwithstanding the foregoing, Data Processor may retain the Personal Data, to the extent required by Applicable Laws and only to the extent and for such period as required by Applicable Laws and always provided that Data Processor shall ensure the confidentiality of all such Personal Data and shall ensure that such Personal Data is only Processed as necessary for the purpose(s) specified in the Applicable Laws requiring its storage and for no other purpose.
This DPA shall become effective upon execution or acceptance of the Services Agreement ("Effective Date") and shall remain in full force until the later of the date when Data Processor ceases to Process the Personal Data or termination of the Services Agreement (the "Term"). All provisions of this DPA, which by their language or nature should survive the termination of this DPA, will survive the termination of this DPA.
Each Party's liability arising out of or related to this DPA, whether in contract, tort or under any other theory of liability, is subject to the 'Limitation of Liability' section of the Services Agreement governing the Services.
The Parties may amend this DPA from time to time by mutual agreement of both Parties, and subject to compliance with any required obligations under applicable Data Protection Laws.
(i) This DPA represents the complete agreement concerning the subject matter hereof; (ii) except where explicitly agreed otherwise in writing by the Parties, in the event of inconsistencies between the provisions of this DPA and any other agreements between the Parties, including the Services Agreement and any other agreements which may be entered into or purported to be entered into after the date of this DPA, the provisions of this DPA shall prevail; (iii) the Parties to this DPA hereby agree to the governing law and the choice of jurisdiction stipulated in the Services Agreement with respect to any disputes or claims arising under this DPA; (iv) nothing in this DPA reduces either Party's obligations under the Services Agreement in relation to the protection of Personal Data; and (v) should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (a) amended as necessary to ensure its validity and enforceability, while preserving the Parties' intentions as closely as possible or, if this is not possible, (b) construed in a manner as if the invalid or unenforceable part had never been contained therein.
BY EXECUTING A PURCHASE ORDER, YOU WARRANT THAT (A) YOU HAVE READ AND REVIEWED THIS DPA IN ITS ENTIRETY, (B) YOU AGREE TO BE BOUND BY THIS DPA, (C) THE INDIVIDUAL EXECUTING THE PURCHASE ORDER HAS THE POWER, AUTHORITY AND LEGAL RIGHT TO ENTER INTO THIS DPA ON BEHALF OF HIS/HER ORGANIZATION, AND (D) THIS DPA CONSTITUTES BINDING AND ENFORCEABLE OBLIGATIONS ON YOUR ORGANIZATION'S BEHALF.
EXHIBIT 1
DETAILS OF PROCESSING OF PERSONAL DATA
EXHIBIT 2
TECHNICAL AND ORGANIZATIONAL MEASURES
Description of the technical and organizational security measures implemented by Data Processor according to Section 5 of the DPA:
Data Processor implements suitable measures in order to prevent unauthorized persons from gaining access to the data processing equipment (namely telephones, database and application servers and related hardware) where the Personal Data are processed or used. This is accomplished by:
Data Processor implements suitable measures in order to prevent its data processing systems from being used by unauthorized persons. This is accomplished by:
Data Processor commits that the persons entitled to use its data processing systems are only able to access the data within the scope and to the extent covered by their respective access permission (authorization) and that Personal Data cannot be read, copied or modified or removed without authorization. This is accomplished by:
Data Processor implements suitable measures in order to prevent the Personal Data from being read, copied, altered or deleted by unauthorized parties during the transmission thereof or during the transport of the data media. This is accomplished by:
Data Processor implements suitable measures in order to ensure that it is possible to check and establish whether and by whom Personal Data have been input into data processing systems or removed. This is accomplished by:
Data Processor implements suitable measures in order to ensure that the Personal Data are processed strictly in accordance with the Instructions of Data Controller. This is accomplished by:
Data Processor implements suitable measures in order to ensure that Personal Data are protected from accidental destruction or loss and the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident. This is accomplished by:
Data Processor implements suitable measures in order to ensure that data collected for different purposes can be processed separately. This is accomplished by:
9.1 Data Processor implements suitable measures in order to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and the Services and the pseudonymisation and encryption of Personal Data. This is accomplished by:
9.2 Data Processor also implements a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing. This is accomplished by: