Last Updated: October 15, 2021
For good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties hereby agree as follows:
1. DEFINITIONS. In addition to capitalized terms that are otherwise defined herein, the following capitalized terms shall have the meanings set forth in this Section 1.
“Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
“Authorized Users” means individuals who are authorized by Client to use the Subscription Services, for whom subscriptions to the Subscription Services have been purchased, and who have been supplied user identifications and passwords by Client. Authorized Users may include but are not limited to Client’s Members, employees, consultants or contractors.
“Confidential Information” means any material, data or information relating to a Party’s software, inventions, processes, formulas, technologies, designs, drawings, research, development, products, product plans, services, customers, customer lists, member lists, member contact information, Client programs, donor information, donor lists, markets, marketing plans, financial statements, or other business information, trade secrets or intellectual property that such disclosing Party treats as proprietary or confidential, and is marked as “confidential” or “proprietary” or that, given the circumstances, should be reasonably apparent that such information is of a confidential or proprietary nature. Without limiting the foregoing, (i) the Personify Software and all IP Rights associated therewith shall constitute Confidential Information of Personify, (ii) Client Data shall constitute Confidential Information of Client and (iii) all software and any databases (including any data models, structures, non-Client specific data and Client specific data and aggregated statistical data contained therein) disclosed by a Party shall constitute Confidential Information of the disclosing Party.
“Client” has the meaning set forth the first paragraph of this Agreement and includes the subsidiaries, chapters and non-independent Affiliates.
“Client Data” means any data, regardless of whether in printed or electronic form, that is (i) provided to Personify by Client in order for Personify to perform its obligations under this Agreement, (ii) otherwise obtained by Personify in the course of performing services,
(iii) provided to Personify by Authorized Users, or (iv) derived from Client’s use of the Subscription Services.
“Documentation” means the technical documentation provided by Personify to Client in connection with the Subscription Services, expressed in any medium or format.
“Effective Date” means, for this Agreement the date specified in the first paragraph, and for any Order Form or Statement of Work or other document executed in connection with this Agreement, the date that the individual document has been executed by both Parties (which is the latter date if executed by the Parties on different dates).
“IP Rights” means any and all intellectual property rights of any type, recognized in any country or jurisdiction throughout the world, now or hereafter existing, and whether or not perfected, filed or recorded, including without limitation, all: (i) inventions, including patents, patent applications and statutory invention registrations or certificates of invention, and any divisions, continuations, renewals or re-issuances of any of the foregoing; (ii) trademarks, service marks, domain names, trade dress, logos, and other brand source distinctions;
(iii) copyrights and works of authorship, or (iv) trade secrets and know-how.
“Member” means a member of Client’s association or organization that is authorized by Client to access and use the Subscription Services.
“Order Form(s)” means one or more ordering documents for purchases of Subscription Services that are executed by Client and Personify from time to time under this Agreement. By entering into an Order Form hereunder, an Affiliate of Client agrees to be bound by the terms of this Agreement as if it were an original party hereto. Order Forms are incorporated herein by reference.
“Personify Software” means Personify’s proprietary software application(s) that are made available to Client as a subscription service (e.g. a software-as-a-service) under this Agreement.
“Professional Services” means, in each instance, the implementation, integration, customization, training, consulting or other professional services provided by Personify pursuant to a SOW under this Agreement.
“Statement of Work” or “SOW” means one or more ordering documents for purchases of Professional Services that are executed by Client and Personify from time to time under this Agreement. Each SOW shall contain, at a minimum, the following information: (i) the scope of the Professional Services to be provided; (ii) applicable rates and fees; (iii) responsibilities and dependencies of each Party; (iv) agreed upon Work Product and specific deliverables, if any; and (v) signatures of authorized representative of both Parties. By entering into an SOW hereunder, an Affiliate of Client agrees to be bound by the terms of this Agreement as if it were an original party hereto. SOWs are incorporated herein by reference.
“Subscription Services” means the online, Web-based applications and platform provided by Personify as described in the Documentation, that are ordered by Client or Client’s Affiliates under an Order Form but excluding Third-Party Applications and Professional Services.
“Subscription Term” means the period of time from the start date to the end date specified in each Order Form for each subscription purchased thereunder. Each renewal of a subscription, whether automatic or in writing, shall constitute a new Subscription Term.
“Technology” means all software, designs, formulas, algorithms, processes, and programs that are owned by Personify or its licensors and that are used to provide the Subscription Services and any Website.
“Third-Party Applications” means software products that are provided by third parties but may be configured to interoperate with the Subscription Services, Technology and Website.
“Website” means any website that is developed by Personify for Client’s benefit.
“Work Product” means any expression of Personify’s findings, developments, inventions, analyses, conclusions, opinions, recommendations, ideas, techniques, designs, programs, enhancements, modifications, interfaces, source code, object code and other technical information resulting from the performance of Professional Services, support services, or any other services performed for the benefit of Client.
2. SUBSCRIPTION SERVICES
2.1 Provision of Subscription Services. Personify shall make the Subscription Services available to Client pursuant to this Agreement and the applicable Order Forms during each Subscription Term, subject to Client’s timely payment of all applicable Personify may provide the Subscription Services and host the Technology and Website on its own infrastructure or using a third party cloud computing services provider. Client’s purchases of Subscription Services are neither contingent on the delivery of any future functionality or features nor dependent on any oral or written public comments made by Personify regarding future functionality or features. Personify may, in its sole discretion, modify, enhance and/or expand the Subscription Services at no additional cost to Client. Personify may also modify, enhance or expand the Subscription Services by providing additional features or functionality, which may, but are not required to be, added by Client to this Agreement at additional cost. Such additional cost features and functionality may be added by mutual written agreement of the Parties.
2.2 Subscriptions. Unless otherwise specified in the applicable Order Form, (a) Subscription Services are purchased as Authorized User subscriptions, (b) additional Authorized User subscriptions may be purchased during the Subscription Term by signing an additional Order Form and paying the additional fees for such additional Authorized User subscriptions, prorated for the portion of that Subscription Term remaining at the time the Subscriptions are added and (c) the added Authorized User subscriptions shall terminate on the same date as the underlying subscriptions.
2.3 Usage Limits. The Subscription Services are subject to usage limits that are specified in the Order Forms. Unless otherwise specified in the applicable Order Form: (a) a quantity in an Order Form refers to Authorized Users, and the Subscription Services may not be accessed by more than that number of Authorized Users: (b) an Authorized User’s password may not be shared with any other individual; and (c) an Authorized User identification may be reassigned to a new individual replacing one who no longer requires ongoing use of the Subscription Services.
2.4 License Grant. Subject to Client’s compliance with all of the terms and conditions of this Agreement, Personify hereby grants Client a limited, revocable, non-exclusive, non-transferable right to access/use the Technology and the Website(s), solely in connection with Client’s use of the Subscription Services under this Agreement.
2.5 Compliance. Client shall maintain books and records sufficient to permit Personify or an independent auditor retained by Personify to verify Client’s compliance with the terms and requirements of this Agreement. During the term of this Agreement and for a period of one (1) year following its termination or expiration, Personify has the right to audit Client’s use of the Subscription Services to verify compliance with this Agreement. Any such audit will be performed with reasonable advance written notice Client, during Client’s normal business hours and in a manner not disruptive to Client’s operations. In the event that any audit reveals any non- compliance, including but not limited to underpayment of fees, Client shall promptly cure the non-compliance, pay Personify any shortfall (at Personify’s then current list price) and, if such shortfall exceeds 10% in any one-year period, reimburse Personify the reasonable costs of such audit. This Section 2.5 does not limit any other rights and remedies that Personify may have.
3. GENERAL RESTRICTIONS AND LIMITATIONS ON SUBSCRIPTION SERVICES
3.1 Personify Responsibilities. As part of the Subscription Services, Personify will (a) provide Client with Personify’s standard support for the Subscription Services at no additional charge, and/or upgraded support if purchased for an additional fee, and (b) use commercially reasonable efforts to make the Subscription Services available 24 hours a day, 7 days a week, except for any unavailability caused by circumstances beyond Personify’s reasonable control, including, for example, an act of God, act of government, flood, fire, earthquake, civil unrest, act of terror, strike or other labor problem (other than one involving Personify’s employees), Internet service provider failure or delay, failure or delay of service from any third party cloud computing services provider, or denial of service attack. Personify will provide support services and service level commitments in accordance with its standard policies, as in effect from time-to-time, which are available at Personify’s web site and will be provided on request. Personify reserves the right to modify its maintenance and support services documentation from time-to-time and, other than immaterial changes and corrections, will give Client reasonable notice of modifications thereto.
3.3 Restrictions. Client will not, directly or indirectly, do any of the following: (a) make any Subscription Services available to, or use any Subscription Services for the benefit of, anyone other than Client or its Authorized Users; (b) sell, resell, license, sublicense, distribute, rent or lease any Subscription Service, or include any Subscription Services in a service bureau or outsourcing offering; (c) use the Subscription Services to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights; (d) use the Subscription Services to store or transmit code, files, scripts, agents or programs intended to do harm (including, for example, viruses, worms, time bombs and Trojan horses); (e) interfere with or disrupt the integrity or performance of any Subscription Services or third-party data contained therein; (f) attempt to gain unauthorized access to any Subscription Services or the Technology; (g) permit direct or indirect access to or use of any Subscription Services or Technology in a way that circumvents a contractual usage limit, (h) copy any part, feature, function or user interface of the Subscription Services; (i) access any Subscription Services or Technology in order to build a competitive product or service; or (j) reverse engineer, disassemble or decompile any portion of the Technology.
3.4 Client Data. The Subscription Services can be used to access and process Client Data in order to generate reports, analyses, documents, and/or results. If Client chooses to save such output, it will be saved as Client Data in Client’s account. Upon any termination, Personify will make all Customer Data available to Customer for electronic retrieval for a period of sixty (60) days, but thereafter Personify may, but is not obligated to, delete stored Customer Data. Personify will not access Client Data except in accordance with (a) the licenses granted to Personify in Section 7.3 (Client Data; License); or (b) Section 6.4 (Compelled Disclosure).
4. PROFESSIONAL SERVICES
4.1 Professional Services. The Parties may, but are under no obligation to, enter one or more SOWs for Professional Services to be performed by Personify. No Professional Services shall be furnished to Client by virtue of this Agreement alone, but shall require the execution of a SOW by both Parties.
4.2 Scope Modifications. Client may at any time request a modification to the Professional Services to be performed pursuant to any particular SOW by making a written request to Personify specifying the desired modifications. Personify shall submit an estimate of the cost for such modifications and a revised estimate of the time for performance pursuant to the SOW. Modifications in any SOW shall become effective only when a written change request is executed by authorized representatives of both Parties.
4.3 Personify Personnel. Personify shall be responsible for securing, managing, scheduling, coordinating and supervising Personify personnel, including its subcontractors, performing the Professional Services. Personify will designate a Personify project manager in each SOW who will be responsible for coordinating Personify’s provision of Professional Services under such SOW. Personify shall have the right to remove or replace any personnel providing Professional Services with similarly skilled personnel. Personify shall provide reasonable notice to Client of any change in personnel providing Professional Services. Personify may, in its sole discretion, subcontract or delegate any work under any SOW to any third party without Client’s prior written consent, provided that, Personify shall remain responsible for the performance, acts and omissions of any such subcontractors. Client may request that Personify remove or replace Personify personnel if Client believes, in Client’s reasonable discretion, that such personnel’s involvement is inappropriate, unsafe or detrimental to the delivery of the Professional Services. In the event such a request is made, any project timelines shall automatically extend by the amount of time required to replace said personnel and assimilate them into the project.
4.4 Cooperation. Client shall perform its obligations as set forth in the applicable SOW, as well as the following obligations: (a) designate and provide one Client project manager who will be responsible for coordinating the Client obligations under a SOW; (b) provide sufficient, qualified, knowledgeable personnel capable of: (i) performing Client obligations set forth in each SOW; (ii) making timely decisions necessary to move the Professional Services forward; and (iii) participating in the project and assisting Personify in rendering the Professional Services; and (c) in the case of on-site Professional Services, provide Personify with reasonable access to Client’s facilities during Client’s normal business hours and otherwise as reasonably requested by Personify, including such working space as Personify may reasonably request. Client acknowledges and agrees that the performance by Client of its obligations is material to Personify’s ability to commence, proceed with and complete the Professional Services. In the event Client does not perform Client obligations in a timely manner, Personify may take any action as set forth in the applicable SOW, or terminate the applicable SOW in accordance with this Agreement.
5. FEES AND PAYMENTS
5.1 Fees. Client agrees to pay Personify the fees and other amounts set forth on all applicable Order Forms and SOWs. Except as otherwise specified in an Order Form, (a) fees for Subscription Services are based on Subscription Services purchased and not actual usage, (b) payment obligations are non-cancellable and fees paid are non-refundable, and (c) quantities purchased cannot be decreased during the relevant Subscription Term. Except as otherwise specified in an SOW, fees for any and all Professional Services shall be based on then-current hourly rates.
5.2 Payment Terms. Unless otherwise specified in the applicable Order Form for SOW, all undisputed fees and other amounts due under this Agreement shall be due payable net thirty (30) calendar days after date of receipt by Client of the applicable invoice. Personify may charge a late charge equal to the lesser of (a) one percent (1%) per month or (b) the maximum amount allowed by applicable law, on any outstanding past due balance that is not the subject of a good faith dispute.
5.3 Taxes. Client will, within thirty (30) days of the Effective Date of this Agreement, provide Personify with applicable sales tax exemption certificate(s). Unless the applicable tax-exempt certificate is provided, Client shall be responsible for, all taxes, duties, and assessments imposed on Client in connection with fees paid under the provisions of this Agreement, including without limitation, all sales, use, excise or other taxes and duties, and Personify will include all such taxes, duties and assessments on each applicable invoice.
5.4 Expenses. Client shall reimburse Personify for any reasonable, actual out-of-pocket expenses incurred and approved by Client, including travel expenses and related costs, incurred by Personify employees and subcontractors, provided that such expense and costs are consistent with Client’s own travel policies and approved in advance by Client.
5.5 Client Information. Client will provide complete and accurate billing and contact information to Personify and promptly notify Personify of any changes to such information.
5.6 Disputed Charges. Client must notify Personify in writing of any dispute or disagreement with invoiced charges within thirty (30) calendar days after the date of receipt of the applicable invoice by Client. Absent such notice, Client shall be deemed to have agreed to the charges as invoiced.
5.7 Suspension. If any amount owing by Client under this Agreement is thirty (30) or more days past due, Personify may, without limiting its other rights and remedies, accelerate Client’s unpaid fee obligations under this Agreement so that all such obligations become immediately due and payable, and suspend the Subscription Services and/or Professional Services to Client until such amounts are paid in full. Personify will give Client at least ten (10) days’ prior notice that Client’s account is overdue before implementing any such suspension.
6. CONFIDENTIAL INFORMATION
6.1 Access. The Parties acknowledge that during the performance of this Agreement, each Party will have access to certain Confidential Information of the other Party or Confidential Information of third parties that the disclosing Party is required to maintain as confidential.
6.2 Mutual Obligations. Except as may be expressly set forth in this Agreement, each Party that receives Confidential Information of the other Party agrees during the term of this Agreement and thereafter, to: (a) use the Confidential Information only for the purposes of performing this Agreement; (b) hold the Confidential Information of the other Party in confidence and restrict it from dissemination to, and use by, any third party; (c) protect the confidentiality of the other Party’s Confidential Information using the same degree of care, but no less than reasonable degree of care, as the receiving Party uses to protect its own Confidential Information; (d) not create any derivative work from Confidential Information of the other Party; and (e) restrict access to the Confidential Information of the other Party to such of its personnel, subcontractors, and/or consultants who have a need to have access to such Confidential Information, who have been advised of the confidential nature of such information, and who have agreed in writing to terms no less protective than the terms set forth in this Agreement with respect to the treatment of such Confidential Information.
6.3 Confidentiality Exceptions. Section 6.2 shall not apply to Confidential Information that is: (a) publicly available or in the public domain at the time disclosed; (b) publicly available, becomes publicly available or enters the public domain through no fault of the recipient; (c) rightfully communicated to the recipient by persons not bound by confidentiality obligations with respect thereto; (d) already in the recipient’s possession free of any confidentiality obligations with respect thereto at the time of disclosure; (e) independently developed by the recipient without use of or reference to the disclosing Party’s Confidential Information and by employees or other authorized agents of the receiving Party who have not been exposed to the disclosing Party’s Confidential Information; or (f) approved for release or disclosure in writing by the disclosing Party.
6.4 Compelled Disclosure. Notwithstanding the foregoing, each Party may disclose Confidential Information of the other Party to the limited extent required to: (a) comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable law, provided that the Party making the disclosure pursuant to the order shall, to the extent allowed by law, first have given written notice to the other Party and made a reasonable effort to obtain a protective order; or (b) establish a Party’s rights under this Agreement, including to make such court filings as it may be required to do.
6.5 Equitable Relief. The Parties acknowledge and agree that money damages would not be a sufficient remedy for breaches of this Section 6, and that each Party may seek injunctive relief, specific performance, or other equitable relief as a remedy for any such breach.
7. INTELLECTUAL PROPERTY/PROPRIETARY RIGHTS
7.1 Personify. Personify and its licensors own all right, title and interest, including all IP Rights, in and to all Personify Confidential Information, the Technology and the Personify Software, including, without limitation, all modifications, improvements, upgrades, derivative works, and feedback related thereto, and any third party software provided by Personify, and all software, associated documentation, hardware, materials, information, processes or subject matter that is proprietary to Personify and is provided under this Agreement. Personify expressly reserves all rights not expressly granted to Client under this Agreement and all executed Order Forms and SOWs. Client shall not knowingly engage in any act or omission that would impair the IP Rights of Personify or its licensors. In no event shall Client obtain any ownership rights in or to the Confidential Information of Personify, the Personify Software or any IP Rights of Personify.
7.2 Client. Client and its licensors own all right, title and interest, including all IP Rights, in and to the Client Data and all Confidential Information disclosed by Client. Personify shall not knowingly engage in any act or omission that would impair Client’s IP Rights or Confidential Information. In no event shall Personify obtain any ownership rights in or to the Confidential Information of Client, the Client Data or Client’s IP Rights.
7.3 Client Data; License. As between Personify and Client, Client exclusively owns all rights, title, and interest in and to all of the Client Data. Client hereby grants Personify a worldwide, limited-term license to host, copy, transmit and display Client Data, as necessary for Personify to provide the Subscription Services in accordance with this Agreement. Subject to the limited licenses granted herein, Personify acquires no right, title or interest from Client under this Agreement in or to Client Data. Client hereby grants to Personify a perpetual, non-exclusive, royalty-free license to (a) use Client Data in order to provide, monitor and improve the Subscription Services to Client and (b) use all of Client Data that is anonymous and does not personally identify Client, an Authorized User or Member for statistical, analytical and other aggregate use.
7.4 Content; License. Client represents and warrants to Personify that it owns all right, title and interest in, or otherwise have full and sufficient authority to use in the manner contemplated by this Agreement, any content furnished by Client to Personify for incorporation into the Website or the Subscription Services. Client hereby grants Personify a limited, non-exclusive, royalty-free license to use such content in the manner contemplated by this Agreement.
7.5 Suggestions. Client hereby grants Personify a royalty-free, worldwide, transferable, sublicenseable, irrevocable, perpetual license to use or incorporate into the Subscription Services and/or Technology any suggestions, enhancement requests, recommendations, correction or other feedback provided by Client, including Authorized Users, relating to the functionality and/or operation of the Subscription Services and/or Technology.
7.6 Work Product.
7.6.1. Unless otherwise specified in the applicable Statement of Work, all Work Product created under this Agreement, including all IP Rights related thereto, shall be owned by Personify.
7.6.2. All Work Product created under this Agreement that is owned by Personify and is made available to Client to enable Client’s use of the Subscription Services pursuant to the terms of this Agreement. Personify hereby grants Client a worldwide, non-exclusive, non- transferrable, non-sublicensable right and license to use the Work Product, solely in connection with Client’s use of the Subscription Services.
7.6.3. Unless otherwise specified in the applicable SOW, to the extent Client acquires any rights in the Work Product, Client hereby assigns such rights to Personify. Client shall give Personify all reasonable assistance and execute all documents necessary to assist or enable Personify to perfect, preserve, register and/or record such assignment and Personify’s rights in any Work Product.
8. REPRESENTATIONS AND WARRANTIES
8.1 General. Each Party represents and warrants to the other that it has full power and authority to enter into and perform this Agreement, and that the execution and performance of this Agreement does not and shall not violate any other contract, obligation, or instrument to which it is a party, or which is binding upon it, including any confidentiality obligations.
8.2 Subscription Services Warranties. Personify warrants that: (a) the Subscription Services shall perform materially in accordance with the Documentation and (b) subject to Section 8.3 (Third-Party Applications), the functionality of the Subscription Services will not be materially decreased during a Subscription Term. For any breach of either such warranty, Client’s exclusive remedy shall be as provided in Section 11.5 (Termination for Breach). Client acknowledges that availability of the Subscription Services depends upon the availability of the Internet and any third-party cloud computing services provider and that Personify has no control over such availability. Accordingly, Personify makes no representations, warranties, or covenants regarding the availability of the Subscription Services to the extent that such availability depends upon the availability of the Internet or any third-party cloud computing services provider.
8.3 Third Party Applications. The Subscription Services have been built as a software-as-a-service on a cloud-computing platform. The Subscription Services are designed to work with the cloud-computing platform and with certain other Third-Party Applications. Client’s use of Third-Party Applications is governed entirely by the terms of Client’s agreement with the relevant third party. Nothing in this Agreement creates any rights or obligations on the part of Personify with respect to such Third-Party Applications nor should this Agreement be construed as creating any rights or obligations on the part of any third party providing Third-Party Applications with respect to the Subscription Services provided by Personify.
8.4 Professional Services Warranty; Exclusive Remedy. Personify warrants the Professional Services performed hereunder will be performed in a professional and workmanlike manner, using sound principles, accepted industry practices and competent personnel (“Professional Services Warranty”). The Professional Services Warranty shall not apply if the Work Product is implemented, customized, modified, enhanced or altered by Client or any third party that is not specifically retained by Personify as a contractor for such Client’s sole and exclusive remedy, and Personify’s sole obligation, in the event of a breach of the Professional Services Warranty is for Personify, at its expense, to re-perform the Professional Services which were not as warranted, provided Personify has received notice from Client within thirty (30) calendar days of the completion of the Professional Services that Client alleges were not performed consistent with the Professional Services Warranty. NOTWITHSTANDING ANYTHING IN THIS AGREEMENT TO THE CONTRARY, THIS SECTION 8.4 SETS FORTH PERSONIFY’S SOLE AND EXCLUSIVE REMEDY FOR ANY BREACH OF THE PROFESSIONAL SERVICES WARRANTY.
8.5 Disclaimers. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN THIS SECTION 8, PERSONIFY MAKES NO OTHER REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHER EXPRESS, IMPLIED OR STATUTORY, AND PERSONIFY EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES OF ANY KIND, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON- INFRINGEMENT. NO WARRANTY IS MADE BY PERSONIFY ON THE BASIS OF TRADE USAGE OR COURSE OF DEALING. PERSONIFY DOES NOT WARRANT THAT THE SUBSCRIPTION SERVICES, TECHNOLOGY, WEBSITE OR ANY OTHER INFORMATION, MATERIALS, OR SERVICES PROVIDED UNDER THIS AGREEMENT WILL MEET CLIENT’S REQUIREMENTS OR THAT THE OPERATION THEREOF WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ALL ERRORS WILL BE CORRECTED.
9. LIMITATIONS OF LIABILITY
9.1. EXCEPT FOR DAMAGES ARISING OUT OF (I) A PARTY’S BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREUNDER, (II) A PARTY’S MISAPPROPRIATION OF THE OTHER PARTY’S IP RIGHTS, OR (iii) WHERE A CLAIM RESULTS FROM INTENTIONAL MISCONDUCT OR GROSS NEGLIGENCE, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INCIDENTAL, INDIRECT, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, REGARDLESS OF THE NATURE OF THE CLAIM, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, COSTS OF DELAY, ANY FAILURE OF DELIVERY, BUSINESS INTERRUPTION, OR COSTS OF LOST OR DAMAGED DATA OR DOCUMENTATION, EVEN IF THE PARTY FROM WHOM SUCH DAMAGES ARE SOUGHT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION UPON DAMAGES AND CLAIMS IS INTENDED TO APPLY WITHOUT REGARD TO WHETHER OTHER PROVISIONS OF THIS AGREEMENT HAVE BEEN BREACHED.
9.2. EXCEPT FOR DAMAGES ARISING OUT OF (I) A PARTY’S BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREUNDER, (II) A PARTY’S MISAPPROPRIATION OF THE OTHER PARTY’S IP RIGHTS, OR (iii) WHERE A CLAIM RESULTS FROM INTENTIONAL MISCONDUCT OR GROSS NEGLIGENCE, EACH PARTY’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, REGARDLESS OF THE FORM OF ACTION, SHALL NEVER EXCEED THE TOTAL AMOUNT PAID BY CLIENT TO PERSONIFY UNDER THIS AGREEMENT DURING THE TWELVE MONTHS IMMEDIATELY BEFORE ANY EVENT GIVING RISE TO A CLAIM BY THE OTHER PARTY HEREUNDER. EACH PARTY HEREBY RELEASES THE OTHER PARTY FROM ALL OBLIGATIONS, LIABILITY, CLAIMS, OR DEMANDS IN EXCESS OF THIS LIMITATION.
9.3. Essential Basis. The disclaimers, exclusions and limitations of liability set forth in this Agreement form an essential basis of the bargain between the Parties, and, absent any of such disclaimers, exclusions or limitations of liability, the provisions of this Agreement, including, without limitation, the economic terms, would be substantially different.
10.1. Infringement Claim.
10.1.1. Personify shall indemnify, defend and hold harmless Client from and against all losses, liabilities, damages, claims, costs and reasonable expenses (including reasonable attorneys’ fees) arising out of or related to a third party claim that Client’s use of, or access to, the Subscription Services, Personify Software or Technology infringes a United States patent, copyright or trademark or misappropriates any third party trade secrets (an “Infringement Claim”); provided that, Client must give Personify: (a) prompt written notice of such claim; (b) authority to control and direct the defense and/or settlement of such claim; and (c) such information and assistance as Personify may reasonably request, at Personify’s expense, in connection with such defense and/or settlement. Notwithstanding the foregoing, Personify shall not, without the prior written consent of Client, settle any third-party claim against Client unless (x) such settlement completely and forever releases Client with respect thereto or (y) does not involve any financial obligation on the part of Client. In any action for which Personify provides defense on behalf of Client, Client may participate in such defense at its own expense by counsel of its choice.
10.1.2. Upon the occurrence of any Infringement Claim for which indemnity is or may be due under this Section 10.1, or in the event that Personify believes that such a claim is likely, (Personify will, at its option: (a) appropriately modify the Subscription Services, Personify Software or Technology to be non-infringing, or substitute functionally equivalent software or services; (b) obtain a license to the applicable third-party intellectual property rights; or (c) if the remedies set forth in clauses (a) and (b) above are not commercially feasible, as determined by Personify in its sole discretion, Personify may terminate this Agreement on written notice to Client and refund any pre-paid fees for services that have not been provided. THE PROVISIONS OF THIS SECTION 10.1 STATES THE SOLE, EXCLUSIVE, AND ENTIRE LIABILITY OF PERSONIFY TO CLIENT, AND IS CLIENT’S SOLE REMEDY, WITH RESPECT TO ANY INFRINGEMENT CLAIM.
10.2. Mutual Indemnity. Each Party (“Indemnifying Party”) shall indemnify, defend and hold harmless the other Party and its officers, directors, shareholders, members, managers, employees, agents and Affiliates (each, an “Indemnified Party”) against any claim, including costs and reasonable attorney’s fees, in which the Indemnified Party is named as a result of the grossly negligent or intentional acts or omissions of the Indemnifying Party, its employees or agents, while performing its obligations pursuant to this Agreement or any SOW, which result in death, personal injury or property damage. The Indemnified Party must give the Indemnifying Party: (a) prompt written notice of such claim; (b) authority to control and direct the defense and/or settlement of such claim; and (c) such information and assistance as the Indemnifying Party may reasonably request, at the Indemnifying Party’s expense, in connection with such defense and/ or settlement. Notwithstanding the foregoing, the Indemnifying Party shall not, without the prior written consent of the Indemnified Party, settle any third-party claim against the Indemnified Party unless (x) such settlement completely and forever releases the Indemnified Party with respect thereto or (y) does not involve any financial obligation on the part of the Indemnified Party. In any action for which the Indemnifying Party provides defense on behalf of the Indemnified Party, the Indemnified Party may participate in such defense at its own expense by counsel of its choice.
11. TERM AND TERMINATION
11.1. Agreement. This Agreement shall become effective upon the Effective Date hereof and shall continue in effect until it is earlier terminated in accordance with this Section 11.
11.2. Term of Purchased Subscriptions. Each Subscription Term shall be as specified in the applicable Order Form. Unless otherwise specified in the applicable Order Form, subscriptions to Subscription Services will automatically renew for additional periods equal to the expiring Subscription Term, unless either Party gives the other Party written notice of non-renewal at least sixty (60) days before the end of the expiring Subscription Term. The pricing for any automatic renewal term will be the same as that during the immediately prior Subscription Term unless Personify has given Client written notice of a price increase at least seventy (70) days before the end of the expiring Subscription Term, in which case the price increase will be effective upon renewal.
11.3. Term of Statements of Work. Unless otherwise stated in the applicable SOW, the term of each SOW shall last until performance thereunder is completed.
11.4. Termination on Expiration of Subscription Terms and SOWs. Upon expiration or termination of any and all Subscription Terms and SOWs executed under Agreement, either Party may terminate this Agreement by giving not less than thirty (30) days written notice to the other Party.
11.5. Termination for Breach. Either Party may terminate this Agreement, or any Order Form or SOW executed under this Agreement, in the event of a material breach by the other Party. Such termination may be effected only through a written notice to the breaching Party; specifically identifying the breach on which such notice of termination is based. The breaching Party will have a right to cure such breach within sixty (60) calendar days of receipt of such notice (ten (10) calendar days in the case of non-payment). The non-breaching Party may terminate this Agreement, or any Order Form or SOW executed under this Agreement, in the event that such cure is not made within such sixty (60)-day period (or ten (10)-day period in the case of non-payment).
11.6. Bankruptcy. This Agreement, or any Order Form or SOW executed under this Agreement, may be terminated immediately by a Party through written notice if the other Party ceases to carry on business as a going concern, becomes the object of the institution of voluntary or involuntary proceedings in bankruptcy or liquidation, or a receiver is appointed with respect to a substantial part of its assets.
11.7. Termination of Individual Order Forms or SOWs. In the event a Party terminates any individual Order Form or SOW in accordance with Sections 11.5 or 11.6, this Agreement (including any other Order Forms or SOWs) shall remain in full force and effect in accordance with its terms.
11.8. Accrued Obligations. Termination of this Agreement and/or any particular Order Form or SOW shall not release either Party from any liability which, at the time of termination, has already accrued or which thereafter may accrue with respect to any act or omission before termination, or from any obligation which is expressly stated in this Agreement and/or any applicable Order Form or SOW to survive termination.
11.9. Cumulative Remedies. Termination of this Agreement and/or any applicable Order Form or SOW, regardless of cause or nature, shall be without prejudice to any other rights or remedies of the Parties and shall be without liability for any loss or damage occasioned thereby.
11.10. Effect of Termination. Upon any termination of this Agreement, Client shall immediately discontinue all use of the Subscription Services and promptly pay to Personify all amounts due and payable under this Agreement. In addition, each Party shall: (a) immediately discontinue all use of the other Party’s Confidential Information; (b) at the option of the disclosing Party, either return or destroy all Confidential Information of the disclosing Party in its possession; and (c) delete the disclosing Party’s Confidential Information from its computer storage or any other media, except for archival copies which may be retained and shall be destroyed in accordance with the party’s Record retention policy. Any such retained copies shall remain subject to Section 6 (Confidentiality). Each Party will, on request from the disclosing Party, provide the disclosing Party with an written certification of compliance with this Section 11.10 signed by an officer.
11.11. Survival of Obligations. The provisions of Sections 2.5, 5, 6, 7 (excluding Section 7.3 and 7.4), 8.5, 9, 10, 11.8 thru 11.11 and 12, as well as Client’s obligations to pay any amounts due and outstanding hereunder, shall survive termination or expiration of this Agreement.
12.1 Applicable Law; Venue and Jurisdiction. This Agreement shall be governed by and construed in accordance with the laws of the State of Texas, without giving effect to its rules regarding conflicts of laws. THE PARTIES AGREE THAT ANY AND ALL CAUSES OF ACTION BETWEEN THE PARTIES ARISING FROM OR IN RELATION TO THIS AGREEMENT SHALL BE BROUGHT EXCLUSIVELY IN THE STATE AND FEDERAL COURTS LOCATED WITHIN THE STATE OF TEXAS.
12.2 Order of Precedence. In the event of a conflict between this Agreement and any Order Form, SOW or other document referencing this Agreement that is executed by both Parties, this Agreement shall govern, except to the extent that the applicable Order Form, SOW or other executed document expressly states the intent of the Parties to supersede or change one or more provisions in this Agreement and clearly identifies the provision(s) to be superseded or changed. This Agreement, including each Order Form or SOW, shall prevail over any different, conflicting, inconsistent or additional terms contained in any purchase order or like document issued by Client.
12.3. Export Compliance. Each Party shall comply with the export laws and regulations of the United States and other applicable jurisdictions in providing and using the Subscription Services. Without limiting the foregoing, (a) each Party represents that it is not named on any U.S. government list of persons or entities prohibited from receiving exports and (b) Client shall not permit Authorized Users to access or use the Subscription Services in violation of any U.S. export embargo, prohibition, or restriction.
12.4. Force Majeure. Either Party shall be excused from performance of its obligations under this Agreement if such a failure to perform results from compliance with any requirement of applicable law, acts of god, fire, strike, embargo, terrorist attack, war, insurrection or riot or other causes beyond the reasonable control of such Party. Any delay resulting from any of such causes shall extend performance accordingly or excuse performance, in whole or in part, as may be reasonable under the circumstances.
12.5. Notices. Any notice required or permitted under the terms of this Agreement or required by law must be in writing and must be: (a) delivered in person; (b) sent by registered mail, return receipt requested; or (c) sent overnight using an overnight air courier. Notices will be considered to have been given at the time of actual delivery if delivered in person, three (3) business days after posting if sent by mail, or one (1) day after delivery to an overnight air courier service. All such notices shall be sent to each Party at its address specified on the signature page of this Agreement, or addressed to such other address as that Party may have given by written notice in accordance with this provision.
12.6. Assignment. Neither Party shall assign its rights or delegate its obligations under this Agreement without the other Party’s prior written consent, and, absent such consent, any purported assignment or delegation shall be null, void and of no effect. Notwithstanding the foregoing, either Party may assign this Agreement, without requiring such prior consent, in connection with a merger or sale of all or substantially all of its assets, provided that the assignee agrees in writing to assume the assignor’s obligations under this Agreement. This Agreement shall be binding upon and inure to the benefit of Personify and Client and their successors and permitted assigns.
12.7. Client Attribution; Marketing. Each Party may use and display the other Party’s name, logo, and success stories in its marketing materials. In addition, the Technology may include product attribution in a form similar to a hyperlink “Powered by Personify”. Upon Client’s prior written approval, Personify may issue a press release announcing Client’s selection of Personify’s product and services and/or Client’s successful deployment of the Personify products and services. Client agrees to have an authorized Client representative provide a quote for these press releases. Personify may refer to Client in its marketing and promotional materials, verbally and/or in writing, provided Client has provided its approval prior to publication thereof.
12.8. Independent Contractors. The Parties are acting as independent contractors in making and performing this Agreement. The relationship arising from this Agreement does not constitute or create any partnership, joint venture, employment relationship or franchise between the Parties.
12.9. Amendment. No amendment to this Agreement or any Order Form or SOW shall be valid unless it is made in writing and is signed by the authorized representatives of both Parties.
12.10. Waiver. No waiver under this Agreement shall be valid or binding unless set forth in writing and duly executed by the Party against whom enforcement of such waiver is sought. Any such waiver shall constitute a waiver only with respect to the specific matter described therein and shall in no way impair the rights of the Party granting such waiver in any other respect or at any other time. Any delay or forbearance by either Party in exercising any right hereunder shall not be deemed a waiver of that right.
12.11. Severability. If any provision of this Agreement is invalid or unenforceable for any reason in any jurisdiction, such provision shall be construed to have been adjusted to the minimum extent necessary to cure such invalidity or unenforceability. The invalidity or unenforceability of one or more of the provisions contained in this Agreement shall not have the effect of rendering any such provision invalid or unenforceable in any other case, circumstance or jurisdiction, or of rendering any other provisions of this Agreement invalid or unenforceable whatsoever.
12.12. No Third Party Beneficiaries. The Parties acknowledge that the covenants set forth in this Agreement are intended solely for the benefit of the Parties, their successors and permitted assigns. Nothing herein, whether express or implied, shall confer upon any person or entity, other than the Parties, their successors and permitted assigns, any legal or equitable right whatsoever to enforce any provision of this Agreement.
12.13. Counterparts. This Agreement and any Order Form, SOW or other document executed in connection herewith may be executed in any number of counterparts, each of which when so executed shall be deemed to be an original and all of which when taken together shall constitute one Agreement.
12.14. Headings. The headings in this Agreement are inserted merely for the purpose of convenience and shall not affect the meaning or interpretation of this Agreement.
12.15. Entire Agreement. This Agreement (together with all Order Forms and SOWs) sets forth the entire agreement and understanding between the Parties hereto with respect to the subject matter hereof and, except as specifically provided herein, supersedes and merges all prior oral and written agreements, discussions and understandings between the Parties with respect to the subject matter hereof.
12.16. No Solicitation. Each Party agrees that during the term of this Agreement, and for a period of one (1) year after the termination or expiration of this Agreement, it shall not offer employment or engagement (whether as an employee, independent contractor or consultant) to any employee or consultant of the other Party without the prior written consent of the other Party. In the event a Party offers employment or engagement (whether as an employee, independent contractor or consultant) to an employee or consultant of the other Party it shall pay to other Party an amount equal to one (1) year’s salary of such employee or consultant as to help offset costs the other Party will incur to replace the employee and provide training to the new employee(s). Neither Party shall be in breach of this Section 12.16 if it can show by written records that there was no solicitation of employment or engagement (whether as an employee, independent contractor or consultant) and the person hired or engaged responded to a job posting or general advertisement (for example, through online job postings) that was publicly available and placed in connection with an open position.
Appendix A – Data Protection Addendum
Addendum to Main Agreement between:
A. Personify, Inc. (“Personify”); and
B. “Client,” the legal entity that executes one or more Order Forms and/or Statements of Work in connection with receiving Subscription Services from Personify.
Client and Personify may be referred to individually as a “Party” and collectively as the “Parties.”
D. Under applicable data protection laws and regulations, including but not limited to the European Union (“EU”) General Data Protection Regulation 2016/679 and the legislation implementing the GDPR into law in the United Kingdom (“UK”), including the Data Protection Act 2018 as amended (“GDPR”) and the California Consumer Privacy Act (“CCPA”), certain data protection and privacy obligations either must or should be addressed in contracts between companies and their service providers;
E. To help ensure compliance with legal developments relating to lawful mechanisms for cross-border data transfers, Personify is incorporating certain standard contractual clauses into its data processing contracts; and
F. To meet their respective obligations to each other under applicable data protection and privacy laws, the Parties are entering into this Data Protection Addendum to the Main Agreement (“Addendum”).
It is agreed as follows:
1. Amendment to Main Agreement/Order of Precedence. This Addendum is an amendment to, not in substitution of, the Main Agreement. All provisions set forth in the Main Agreement will remain in full force and effect as long as they do not conflict with this Addendum. To the extent that any terms set forth in this Addendum conflict with any other agreement, including but not limited to the Main Agreement or any prior-entered Data Processing/Protection Agreement/Addendum, the terms of this Addendum shall take precedence over any conflicting terms in any other agreement, unless the Parties explicitly agree otherwise in writing.
2. Effective Date and Term. This Addendum will be effective beginning on the date of signing by the Parties, and will remain effective for as long as the Main Agreement is in effect and Personify and any Sub-Processor to which Personify has disclosed any Client Personal Data retains any Client Personal Data. Additionally, as further addressed in the Survival provision in this Addendum, certain provisions of this Addendum will remain in effect even after the Main Agreement is no longer in effect.
3.1. For purposes of this Addendum, the following terms will have the following meanings:
3.1.1. Client: The legal entity that contracts to receive Services from Personify by entering into the Main Agreement.
3.1.2. Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
3.1.3. Data Subject: An identified or identifiable natural person whose Personal Data is being Processed. The term “Data Subject” includes “consumers,” as that term is defined under the CCPA.
3.1.4. Personal Data: Any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. Personal Data includes “personal information,” as that term is defined under the CCPA. Under the CCPA, personal information broadly includes any information that can identify, relate to, describe, be associated with, or be reasonably capable of being associated with a particular consumer or household.
3.1.5. Personal Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.
3.1.6. Processing: Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
3.1.7. Processor: A natural or legal person, public authority, agency, or other body which Processes Personal Data on behalf of the Controller.
3.1.8. Restricted Transfer: means a transfer of Personal Data to a country other than the country of origin which is not subject to an adequacy determination by the authorities competent for the country of origin.
3.1.9. Standard Contractual Clauses (EU/EEA) means the standard contractual clauses for the transfer of Personal Data to Processors established in third countries which do not ensure an adequate level of data protection the Standard Contractual Clauses (MODULE TWO: Transfer controller to processor), dated 4 June 2021, for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, as described in Article 46 of the GDPR and approved by European Commission Implementing Decision (EU) 2021/91.
3.1.10. Standard Contractual Clauses (UK) means the Standard Contractual Clauses (Processors), dated 5 February 2010, for the transfer of Personal Data to Processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR, approved by European Commission Decision 2010/87/EU and recognized by the regulatory or supervisory authorities of the United Kingdom for use in connection with data transfers from the United Kingdom.
3.1.11. Sub-Processor: A Sub-Processor retained by a Processor to assist with Processing activities.
3.2. Any capitalized data protection terms used but not defined in this Addendum will have the meaning ascribed to them by applicable data protection law.
4. Personal Data Protection and Privacy.
4.1. General Data Protection and Privacy Obligations.
4.1.1. Legal Obligations. In connection with fulfilling their respective obligations under the Main Agreement (the “Services”), Personify and Client agree to comply with all applicable provisions of the GDPR, the CCPA, and the Swiss data protection law, and also with all applicable provisions of all other applicable data protection laws and regulations. The Parties will not, under any circumstances, provide less protection to Personal Data than is required by all applicable laws, regulations, directives, rules, standards, and frameworks.
4.1.2. Details of Processing. Pursuant to Article 28 of the GDPR, the details of the processing including the subject matter and duration of Processing, nature and purpose of Processing, categories of Data Subjects, and categories of Personal Data are incorporated into this Addendum and attached hereto as Exhibit A to this Addendum.
4.2. Client’s Obligations and Authorization.
4.2.1. Controller Responsibilities. Client is the Controller of all Personal Data provided to Personify, and Personify is the Processor of such Personal Data. Client is and shall remain responsible for compliance with all requirements imposed on Controllers, including but not limited to (a) confirming the lawful basis for all processing activities conducted by Personify on Client’s behalf; and (b) obtaining consent from data subjects, where required.
4.2.2. Data Minimization. Client agrees to limit any Personal Data it transfers to Personify, or to which Personify is otherwise given access for processing to only the Personal Data needed by Personify to fulfill its obligations under the Main Agreement and this Addendum.
4.2.3. Authorization to Process and Transfer. Client authorizes Personify to collect and process the Personal Data needed to perform the Services for which Client is contracting with Personify in the Main Agreement. Where required, Client authorizes the transfer, processing and storage of Personal Data outside the UK and/or European Economic Area (EEA) in order to fulfill the purpose of the Services.
4.2.4. Authorization to Engage Sub-Processors. Client agrees that Personify may engage third-party Sub-Processors to Process Personal Data on Personify’s behalf to fulfill the purpose of the Services. Client authorizes Personify to engage all Sub-Processors appearing on Personify’s Sub-Processor List link:
https://personifycommunity.atlassian.net/servicedesk/customer/portal/2/user/login?destination=portal%2F2%2Farticle%2F1791393793 as of the Effective Date of the Main Agreement (“Sub-Processor List”). Client agrees that Personify may inform Client of its intent to engage new Sub-Processors. Client further agrees that Personify may engage such new Sub-Processors unless Client chooses to exercise its right to object to any such new Sub-Processors by providing Personify with a written notice of Client’s objection. Such notice should include an explanation of the grounds for objecting to the use of such new Sub-Processor so Personify has an opportunity to re-evaluate any such new Sub-Processor based on Client’s asserted concerns. In the event that Client objects to such Sub-Processor and Personify is unable to address Client’s concerns in a manner acceptable to Client, Client may terminate the affected Services in accordance with the procedure for termination set forth in the Main Agreement.
4.3. Personify’s Personal Data Obligations and Restrictions.
4.3.1. Processing Restrictions. Personify will process Personal Data on Client’s behalf only for the limited and specified purposes set forth in the Main Agreement, the Exhibits and Appendices to this Addendum, and/or as set forth in any other written instructions received from Client. Personify will promptly inform Client if, in Personify’s opinion, an instruction from Client violates the GDPR or other Member State data protection provisions.
4.3.2. Access Limitations and Confidentiality Obligations. Personify will limit access to Personal Data to only those individuals with a need to know and have access to such Personal Data for purposes of fulfilling the Main Agreement and complying with applicable laws. Personify will take reasonable steps to ensure the reliability of all such individuals, and will impose confidentiality obligations upon any employee, agent, or Sub-Processors that is authorized to access or otherwise Process Personal Data.
4.3.3. Notification Obligations.After becoming aware of any Personal Data Breach involving Personal Data received from Client or collected on Client’s behalf, Personify will notify Client without undue delay.
4.3.4. Data Security Obligations. Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Personify has implemented and shall maintain appropriate technical and organizational security measures to help ensure a level of security that is appropriate in light of the risks presented by the processing, in particular risks of accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to EU Personal Data transmitted, stored, or otherwise processed in accordance with Article 32 of the GDPR.
4.3.5. Restrictions on Engaging Sub-Processors. Personify will abide by the requirements set forth in the GDPR for the appointment of Sub-Processors, including entering into written agreements with each Sub-Processor that contain reasonable provisions relating to the implementation of appropriate technical and organizational measures in compliance with the GDPR. Personify has provided Client with a list of its current Sub-Processors, and Client has provided Personify with general authorization to engage such Sub-Processors. Personify will provide Client with advance notice of any intended changes to the Sub-Processor List that involve the addition or replacement of any Sub-Processors. If Client reasonably objects to any new Sub-Processor in accordance with any instructions set forth in such notice, Personify will seek to address Client’s concerns with such Sub-Processor. If Personify is unable to address Client’s concerns in a manner acceptable to Client and Client continues to object to such Sub-Processor, Personify agrees that Client may terminate the affected Services in accordance with the procedure for termination set forth in the Main Agreement. If any Personify Sub-Processor fails to fulfill its data protection obligations, Personify will remain liable to Client for the performance of such Sub-Processor’s obligations in connection with providing Services under the Main Agreement.
4.3.6. Responding to Data Subject Requests.
184.108.40.206. Taking into account the nature of the Processing, Personify will implement appropriate technical and organizational measures to assist Client in responding to Data Subject requests to exercise their Data Subject rights with respect to EU Personal Data being Processed by Personify.
220.127.116.11. The Parties agree that Client (as the Controller) has the obligation to respond to Data Subject requests in compliance with the GDPR (i.e., in an appropriate and timely fashion). If Client wishes and directs Personify to respond to a Data Subject request, Client agrees to provide such direction within three (3) business days after receiving the Data Subject request.
4.3.7. Obligations in Event of Personal Data Breach.Should either Party become aware of any Personal Data Breach involving Personal Data received from Client or collected on Client’s behalf, that Party will notify the other Party without undue delay.
4.3.8. Assistance with Client’s GDPR Obligations. Upon Client’s written request, Personify will assist Client in complying with its GDPR obligations, including the security of processing, notification of a Personal Data Breach, data protection impact assessments, and prior consultations.
4.3.9. Verification of Processor’s Compliance. Upon Client’s written request, Personify will provide Client with information needed to demonstrate compliance with the obligations of Article 28 of the GDPR, and will permit and contribute to audits, including inspections, conducted by Client or another auditor mandated by Client. Personify reserves the right to charge reasonable fees for any excessive amount of the time that may be required to participate in audits and inspections required by the Client.
4.3.10. Disposition or Return of Personal Data. Unless Client has provided a written request to return Client Personal Data, Personify will (and will take steps to help ensure that any and all Sub-Processors will) delete all copies of EU Personal Data after the end of the provision of Services unless EU or Member State law requires storage of EU Personal Data.
4.4. Cross Border Data Transfers.
4.4.1. Necessary Transfers. To provide the Services outlined in the Main Agreement, it may be necessary for Client to transfer Personal Data from the EU, UK and/or Switzerland (collectively, “EU/UK/Swiss Personal Data”) to Personify in the United States and/or for Personify to transfer EU/UK/Swiss Personal Data to locations that have not been deemed by the European Commission to provide an adequate level of data protection (collectively, “Necessary Transfers”).
4.4.2. Transfer Authorization. Client hereby authorizes Personify to make Necessary Transfers of EU/UK/Swiss Personal Data. This Addendum constitutes Client’s written authorization of such Necessary Transfers.
4.4.3. Adequate Safeguards. To provide adequate safeguards for Necessary Transfers of EU/UK/Swiss Personal Data, the Parties agree to rely on the lawful transfer mechanisms.
4.4.4. EU GDPR Transfers. With respect to Restricted Transfers from the EEA, Switzerland, or similar countries, effective from the commencement of the relevant Restricted Transfer, Client and Personify hereby enter into, and incorporate into this Data Processing Addendum by reference, the Standard Contractual Clauses (EU/EEA) in respect of any Restricted Transfer (or onward transfer) or Personal Data by or on behalf of the Client to Personify from: (1) the EEA, (2) Switzerland, or (3) any country in which the competent authorities have approved the use of the Standard Contractual Clauses (EU/EEA) and where such Restricted Transfer (or onward transfer) would otherwise be prohibited by applicable laws (or by the terms of data transfer agreements put in place to address applicable laws). In respect of any such Restricted Transfer (or onward transfer), the Standard Contractual Clauses (EU/EEA) shall be deemed complete as follows:
18.104.22.168. In Clause 7, the optional docking clause will not apply;
22.214.171.124. In Clause 9(a), Option 2 will apply, and the time period for prior notice of additions or replacements of Personify Sub-Processors shall be thirty (30) days;
126.96.36.199. In Clause 11, the optional language will not apply;
188.8.131.52. In Clause 17, Option 1 will apply, and the Standard Contractual Clauses (EU/EEA) will be governed by the law of the Member State in which the data exporter is established.
184.108.40.206. As per Clause 18(b), disputes shall be resolved before the courts of the Member State in which the data exporter is established.
220.127.116.11. Annex 1 to Standard Contractual (EU/EEA) shall be deemed to be pre-populated with the Processing Details in Exhibit A and Appendix 1 hereto; and
18.104.22.168. Annex 2 to the Standard Contractual Clauses (EU/EEA) shall be deemed to be pre-populated with the Security Measures set forth in Appendix 2 hereto.
4.4.5. Restricted Transfers from the United Kingdom. With respect to Restricted Transfers from the UK, effective from the commencement of the relevant Restricted Transfer, Client and Personify hereby enter into, and incorporate into this Data Processing Addendum by reference, the Standard Contractual Clauses (UK) in respect of any Restricted Transfer (or onward transfer) of Personal Data by or on behalf of Client to Personify from the UK. In respect of any such Restricted Transfer (or onward transfer), the Standard Contractual Clauses (UK) shall be deemed complete as follows:
22.214.171.124. Appendix 1 to the Standard Contractual Clauses (UK) shall be deemed to be pre-populated with the Processing Details in Exhibit A and Appendix 1 hereto; and
126.96.36.199. Appendix 2 to the Standard Contractual Clauses (UK) shall be deemed to be pre-populated with the Security Measures set forth in Appendix 2 hereto.
4.4.6. If at any time the UK Government approves the Standard Contractual Clauses (EU/EEA) for use, the provisions of the Standard Contractual Clauses (EU/EEA) shall apply in place of the Standard Contractual Clauses (UK), subject to the terms set forth in section 4.4.4. shall apply, as applicable, and any modifications to the Standard Contractual Clauses (EU/EEA) required by the UK privacy laws (and subject to the governing law being English law, the competent courts being the English courts and the competent supervisory authority being the Information Commissioner’s Office).
4.4.7. In the event of a conflict between (i) the Agreement, and (ii) the Standard Contractual Clauses (EU/EEA) or the Standard Contractual Clauses (UK), the latter shall prevail.
4.4.8. If, at any point during the Term, changes in applicable laws require amendments to this Data Processing Addendum in order to ensure the lawful transfer of Personal Data, Client and Personify will cooperate in good faith to implement such amendments without undue delay.
5. CCPA Compliance.
5.1. For purposes of this Section, the terms “Service Provider,” “Business Purpose,” “Commercial Purpose,” “Collect,” and “Sell” shall have the meanings set forth in the California Consumer Privacy Act (“CCPA”).
5.2. Service Provider Obligations and Restrictions. The Parties agree that Personify is a Service Provider to Client with respect to Personal Data Processed by Personify.
5.2.1. As a Service Provider, Personify will:
188.8.131.52. Implement and maintain reasonable security procedures and practices appropriate to the nature of the Personal Data it Processes as set forth in the Data Security Obligations Section of this Addendum.
184.108.40.206. Apply its obligations regarding Data Subject requests, as set forth in the Responding to Data Subject Requests Section of this Addendum, to Data Subject requests submitted under the CCPA.
5.2.2. As a Service Provider, Personify will not retain, use, sell, or disclose Personal Data outside of the direct business relationship between the Parties except under the following limited circumstances:
220.127.116.11. To perform Services on behalf of Client for a Business Purpose as specified in the Main Agreement, the Exhibits and Appendices to this Addendum, and any other written agreements into which the Parties enter.
18.104.22.168. To retain and employ a Sub-Processor that meets the requirements for a Service Provider under the CCPA.
22.214.171.124. For internal use by Personify to build or improve the quality of its Services, provided that the use does not include building or modifying household or consumer profiles, or correcting or augmenting data acquired from another source.
126.96.36.199. To detect data security incidents, or protect against fraudulent or illegal activity.
188.8.131.52. To collect, use, retain, sell, or disclose Personal Data that is deidentified or aggregated information.
184.108.40.206. As otherwise required by applicable law, including: (a) compliance with federal, state, or local laws; (b) compliance with civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; (c) cooperating with law enforcement agencies concerning conduct or activity that Personify reasonably and in good faith believes may violate federal, state, or local law; (d) exercising or defending legal claims and as otherwise permitted by applicable law.
6. Compliance with Other Applicable Data Protection and Privacy Laws and Regulations. The Parties agree to comply with all applicable data protection, privacy, and data breach notification laws, regulations, and standards from the effective date of this Addendum until all Processing activities covered by the Main Agreement and this Addendum have ceased and until all Client Personal Data has either been completely, permanently, and securely disposed of or securely transferred back to Client.
7. Right to Terminate Agreement. In the event of any breach of this Addendum by Client, Personify has the right to terminate the Main Agreement without penalty to Personify upon written notice to Client.
8. Severability. If any provision of this Addendum is, to any extent, invalid or unenforceable, all other provisions of the Addendum will remain in full force and effect. To the extent permitted and possible, the invalid or unenforceable provision will be deemed replaced by a term that is valid and enforceable and that comes closest to expressing the intention of such invalid or unenforceable term. If this is not permissible or not possible, then the Addendum will be construed as if the invalid or unenforceable provision were not included in the Addendum.
9. No Limitation on Personify’s Rights or Remedies. Nothing in this Addendum will limit Personify’s rights or remedies under the Main Agreement or at law.
10. Governing Laws/Jurisdiction. The Parties to this Addendum submit to the choice of jurisdiction set forth in the Main Agreement with respect to any disputes or claims arising under this Addendum unless otherwise required under applicable law. The Parties further stipulate that any and all disputes concerning the construction and interpretation of this Addendum and/or the Parties’ obligations under this Addendum will be handled in accordance with pertinent provisions governing disputes or claims that are set forth in the Main Agreement.
11. Incorporation into Main Agreement. This Addendum, after being duly executed by the Parties, is incorporated into the Main Agreement between Personify and Client, and made an integral part thereof.
12. Survival. All provisions of this Addendum, that by their own express terms or nature and context are intended to survive the termination or expiration of the Main Agreement shall survive.
List of Schedules to this Addendum:
- Exhibit A to Data Protection Addendum (Details of Processing)
- Appendix 1 to Standard Contractual Clauses
- Appendix 2 to Standard Contractual Clauses
Exhibit A to Data Protection Addendum
(Details of Processing)
Subject Matter and Duration of Processing:
The subject matter and duration of the Processing of EU Personal Data are set forth in the Main Agreement and the Exhibits and Appendices to this Addendum.
Nature and Purpose of Processing:
Personify may obtain Personal Data during its provision of the Services and in the development, testing, hosting, and maintenance of software and related services, which include the following tools:
- Discussion forums
- Group-specific collaboration
- Peer-to-peer networking and communication
- Multimedia file and other content sharing
- Event calendars
- Email communication
- Other online tools to facilitate networking and collaboration
Categories of Data Subjects:
- Client Staff
- Client Members and/or Client Customers or Constituents
- Employees, consultants, independent contractors, agents, and non-employee workers
Categories of Personal Data:
- Contact Information (g., name, organization and title, phone number, email address, physical address)
- Communication Information (g., discussion board posts, comments, and other communications sent between parties through Personify, Inc. services)
- Site Usage and Location Information (g., IP address, geographic location of device, browser type and language, device model, hardware and operating system, user behavior (e.g., time of visits, page views (e.g., links clicked), features used, frequency of use))
- Special Categories of Personal Data (g., photo, age, ethnicity, education, sex/gender, registrations, memberships, employment history, economic data)
to the Standard Contractual Clauses
This Appendix forms part of the Clauses.
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix
The data exporter is:
The legal entity identified as “Client” in the Main Agreement
The data importer is:
The personal data transferred concern the following categories of data subjects:
The categories of data subjects are listed in Exhibit A to this Addendum.
Categories of data
The personal data transferred concern the following categories of data:
The categories of personal data transferred are listed in Exhibit A to this Addendum.
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data:
The categories of personal data transferred are listed in Exhibit A to this Addendum.
The personal data transferred will be subject to the following basic processing activities:
The data importer will process personal data as necessary to perform the Services described in the Main Agreement and in the Exhibits and Appendices to this Addendum.
to the Standard Contractual Clauses
This Appendix forms part of the Clauses.
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
The undersigned data importer implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including, among other things, as appropriate:
- The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- The ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
- And a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.