Terms of Service

Master Service Agreement

Version 1.4 Dec 27, 2023       View Previous Versions

Notice: The latest version of the Terms of Service shall apply to all renewing Subscriptions unless the Subscription Order Form excludes any changes to the Terms of Service upon renewal. Existing subscriptions will follow their original Terms of Service until their next renewal date.

1. Scope

1.1 Terms and Conditions. This Master Service Agreement (the “MSA”) effective on Dec 27, 2023 and the applicable Product Addendum, as published on https://www.id123.io/terms/idcs-product-addendum/, sets forth the terms and conditions applicable to the licensing of the Product(s) from ID123 Inc. (the “Service Provider”) by the Party subscribing to the license (“Client”) after the effective date. The offer of the Product licenses pursuant to this Agreement, and Client’s purchase of the corresponding Subscription, constitutes each Party’s respective acceptance of this MSA with the Product Addendum and their entry into this Agreement (defined below).  Unless defined elsewhere in this MSA, terms in initial capital letters have the meanings set forth in Section 13. Client and the Service Provider may be referred to collectively as the “Parties” or individually as a “Party”.

1.2 Product Subscription. The Service Provider will fulfill the Subscription to Client based on the pricing and term referenced in the Subscription Pricing Schedule of an applicable Product Addendum. A Subscription, as described in the applicable Product Addendum and the corresponding purchase transaction, shall be for a license to use the Product deployed as a Cloud Service hosted in the Service Provider’s Computing Environment. Additional information concerning the Subscription and other services offered shall be referenced in the Product Addendum.

1.3 Agreement. Each Subscription is subject to and governed by this MSA, the Product Addendum with a Subscription Pricing Schedule attached or referenced, a Data Processing Addendum, a Paid Service Level Agreement(“SLA”) if applicable, and any amendments to any of the foregoing as may be agreed in writing upon by the Parties, which together constitute the agreement between Client and the Service Provider (the “Agreement”). Each Subscription is a separate Agreement between Client and the Service Provider. In the event of any conflict between the terms and conditions of the various components of this Agreement, the following order of precedence will apply: (a) a Data Processing Addendum; (b) an amendment agreed upon by the Parties; (c) a Product Addendum; (d) and this MSA.

2. Licensed Product

2.1 Grant of License

2.1.1 ID123 Inc. hereby grants to Client and each Affiliate of Client who purchases a Subscription under this Agreement during the Term of each Subscription, subject to Section 2.1.2, a nonexclusive, worldwide (subject to Section 12.4), non-transferable (except in connection with an assignment permitted under Section 12.2), non-terminable (except as provided in Section 10) license to use the Product described in the Product Addendum(“Licensed Product”), to access and use the Product via the Cloud Service and to allow its Users to access and use the Product through the Cloud Service, in accordance with this Agreement and the usage purchased in the Product Subscription.

2.1.2 Client and each Affiliate with a Product Subscription under this Agreement may use the Licensed Product only in support of its operations or those of its Affiliates’ business or organization, in connection with Client’s and its Affiliates’ products and service (but, for clarity, not as a stand-alone product or service resold or aggregated by Client or a Affiliate) and/or in connection with Client’s and its Affiliates’ interactions with Users.

2.1.3 Client may make a reasonable number of copies of the Documentation necessary to use the Licensed Product in accordance with the rights granted under this Agreement, provided that Client does not remove any proprietary legends and other notices from such copies. The Service Provider retains all rights not expressly granted to Client under this Agreement.

2.2 Affiliates and Contractors. With respect to Affiliates and Contractors that Client allows to use the Licensed Product under this Agreement: (a) Client remains responsible for all obligations hereunder arising in connection with such Affiliate’s or Contractor’s use of the Licensed Product; and (b) Client agrees to be directly liable for any act or omission by such Affiliate or Contractor to the same degree as if the act or omission were performed by Client such that a breach by an Affiliate or a Contractor of the provisions of this Agreement will be deemed to be a breach by Client. The performance of any act or omission under this Agreement by an Affiliate or a Contractor for, by or through Client will be deemed the act or omission of Client.

2.3 Restrictions.

2.3.1 Except as expressly permitted by this Agreement, Client will not (and will not allow any anyone else to):

(i) Reverse engineer, decompile, or attempt to discover any source code or underlying ideas or algorithms of the Licensed Product or Product, except to the extent that such activity is expressly permitted by Applicable Laws;

(ii) Provide, sell, transfer, sublicense, lend, distribute, rent, or otherwise allow others to access or use the Licensed Product;

(iii) Remove any proprietary notices or labels from the Licensed Product;

(iv) Copy, modify, or create derivative works of the Licensed Product;

(v) Conduct security or vulnerability tests on, interfere with the operation of, cause performance degradation of, or circumvent access restrictions of the Licensed Product;

(vi) Access accounts, information, data, or portions of the Licensed Product to which Client does not have explicit authorization;

(vii) Use the Licensed Product to develop a competing service or product;

(viii) Use the Licensed Product for any activity that violates Applicable Laws;

(ix) Use the Licensed Product to obtain unauthorized access to anyone else’s networks or equipment;

(x) Upload, submit, or otherwise make available to the Licensed Product any Client Content to which Client and Users do not have the proper rights.

2.4 No Additional Terms. No shrink-wrap, click-acceptance, third party integration, purchase order or other terms and conditions outside this Agreement provided by Client will be binding on the Service Provider unless agreed in writing as an amendment to this Agreement. Any such Additional Terms will be of no force or effect and will be deemed rejected in their entirety.

3. Services

3.1 Cloud Service. The Service Provider will provide the Licensed Product to Client as a Cloud Service in accordance with the Product Addendum promptly following purchase of the Subscription and continuing until termination of the Subscription in accordance with Section 10. The Service Provider will provide Client all access credentials necessary to access and use of the Licensed Product via the Cloud Service as set forth in the Product Addendum. Client may use the Licensed Product from the Cloud Service and use the credentials to access and use the Licensed Product only in accordance with the Product Addendum and only if Client complies with the terms herein.

3.2 Support Services. The Service Provider will make available to Client Documentation concerning the use and operation of the Licensed Product, and the Service Provider will provide Support Services to Client as described, incorporated or referenced in the Product Addendum.

3.3 Hosting. Client acknowledges that the Service Provider uses a Cloud Infrastructure Provider for the processing and hosting of the Cloud Service provided pursuant to this Agreement. Client consents to the storage of Client Data in the Cloud Infrastructure Provider Region offered by the Service Provider and to its use of Cloud Infrastructure Provider’s infrastructure and services to process Client Data and provide the Service Provider’s Cloud Service.

3.4 Service Level. During the Term of this Agreement, the Service Provider commits to maintaining the Cloud Service so that it performs as specified in this Agreement at a minimum (hereafter “Basic Service Level”) 99.9% of time each calendar month (on a 24x7x365 basis) excluding scheduled maintenance, unscheduled emergency maintenance, or for reasons beyond the Service Provider’s reasonable control (hereafter “Availability”). Notwithstanding any provisions of this Agreement to the contrary, Client may terminate this Agreement if the Cloud Services Availability falls below the 95% three (3) or more times at any time during each Term. Client may subscribe to maintenance notifications emails from the Service Provider which will inform Client of scheduled service disruptions before they occur. Client and ay Affiliate with a Subscription to the Licensed Product under this Agreement may also subscribe to a paid Service Level Agreement (“SLA”) and if the Cloud Service does not meet the SLA level subscribed to, the Service Provider will provide the remedies outlined in the SLA in lieu of the remedies provided in this Section 3.4.

3.5 User Accounts. Client is responsible for all actions of their Users accounts and for each Users compliance with this Agreement. Client must require their Users to protect the confidentiality of their passwords and login credentials. Client will promptly notify the Service Provider if it suspects or knows of any fraudulent activity with its accounts, passwords, or credentials, or if they become compromised.

3.6 Enhancements. Service Provider shall make no changes to the Product during the Term which will diminish the utility of the Licensed Product for Client’s authorized use. Notwithstanding the foregoing, the Service Provider may make any change or enhancement to the Product to prevent service interruptions, enhance the quality or delivery of the Product or Service, so that it is non-infringing a patent, or as required to ensure compliance with any Applicable Laws or security obligations.

3.7 Professional Services. The Service Provider shall provide Professional Services as a paid service described in a statement of work(“SOW”) if agreed by the Parties. The procurement of Professional Services will set forth: (a) the Professional Services to be performed, (b) any specifications or other requirements, (c) applicable fees, (d) any assumptions or conditions and (e) and any other terms mutually agreed upon by the parties. The Service Provider will retain all right, title and interest in and to the Professional Services performed on its Licensed Product (including any and all intellectual, property rights therein) and Client will retain all right, title and interest in and to the Client Data, the Professional Services performed on its Client Data and/or all derivative works thereof. Clients usage rights to the results of such Professional Services shall be the same as the rights granted under the Agreement with respect to the Service to which such Professional Services pertains.

4. Proprietary Rights

4.1 Licensed Product. Subject to the licenses granted herein, the Service Provider will retain all right, title and interest it may have in and to the Licensed Product, including all Proprietary Rights therein whether developed before or after the Effective Date. Nothing in this Agreement will be construed or interpreted as granting to Client any rights of ownership or any other Proprietary Rights in or to the Licensed Product or any Proprietary Rights therein.

4.2 Feedback. Client or Client’s Affiliates may, at its option, provide suggestions, ideas, enhancement requests, recommendations or feedback regarding the Licensed Product or Support Services (“Feedback”), provided however, that Feedback does not include any Proprietary Rights of Client or Client’s Affiliates or any Client Data or Client Materials. The Service Provider may use and incorporate Feedback in it’s products and services without compensation or accounting to Client, provided that neither the Service Provider nor its use of the Feedback identifies Client as the source of such Feedback. Feedback is not confidential to Client. Client will have no obligation to provide Feedback, and all Feedback is provided by Client “as is” and without warranty of any kind.

5. Warranties

5.1 Licensed Product. The Service Provider represents and warrants that:

(a) The Product will conform, in all material respects, to the Product Addendum and Documentation during the Term of the Subscription.

(b) It will use industry standard practices designed to detect and protect the Product against all applicable vulnerabilities which pose a risk to the Licensed Product and any viruses, “Trojan horses”, “worms”, spyware, adware, or other harmful code designed or used for unauthorized access to or use, disclosure, modification, or destruction of information within the Product, or interference with or harm to the operation of the Product or any systems, networks, or data. This includes regularly scanning the Product for malware and other security vulnerabilities with up-to-date scanning software.

(c) The Licensed Product, and Client’s use thereof as permitted under this Agreement, will not be subject to any license or other terms that require any Client Data, Client Materials, or any software, documentation, information, or other materials integrated, networked, or used by Client with the Product, in whole or in part, to be disclosed or distributed in source form, licensed for the purpose of making derivative works, or redistributable.

5.2 Support Services. The Service Provider represents and warrants that any Support Services will be performed in a professional manner with a level of care, skill, and diligence performed by experienced and knowledgeable professionals in the performance of similar services and in accordance with the Product Addendum and Documentation.

5.3 Remedies. If any Product or Service fails to conform to the foregoing warranties, the Service Provider will promptly, at its expense, correct the Product and re-perform Services as necessary to conform to the warranties. If the Service Provider does not correct the Product or re-perform Services to conform to the warranties within a reasonable time, not to exceed 30 days (the “Cure Period”), as Client’s sole remedy and the Service Provider’s exclusive liability (without affecting any other rights or remedies available to Client provided in Section 9) Client may, for a period of 30 days following the conclusion of the Cure Period, elect to terminate the Subscription and this Agreement without further liability. Upon such termination, Service Provider will provide Client with a refund of any Fees prepaid to Service Provider, prorated for the portion of the Subscription unused at the time Client reported the breach of warranty to Service Provider, as well as, if applicable, any service credits available under this Agreement.

5.4 Warranty Exclusions. The Service Provider will have no liability or obligation with respect to any warranty to the extent the breach of such warranty is as a direct result of any:

(a) Use of the Product by Client in violation of this Agreement or applicable Law;

(b) Modifications to the Licensed Product not provided by the Service Provider or its Personnel;

(c) Use of the Product by Client in combination with third-party equipment not sold or third-party software not licensed to Client by the Service Provider under this Agreement;

(d) Use by Client of the Product in conflict with the Product Addendum and applicable Documentation, to the extent that such nonconformity would not have occurred without such non-conforming use by Client.

5.5 Compliance with Laws. Each Party represents and warrants that it will comply with all Applicable Laws in its performance under this Agreement. Any collection, use, storage, processing or transfer of Personal Data by the Service Provider will be undertaken at the instruction of Client and Client shall only provide instruction in compliance with all Applicable Laws including without limitation all Data Protection Laws and Regulations governing the collection, maintenance, transmission, dissemination, use and destruction of Personal Data.

5.6 Power and Authority. Each Party represents and warrants that:

(a) It has full power and authority to enter into and perform this Agreement and that the execution and delivery of this Agreement have been duly authorized.

(b) This Agreement and such Party’s performance hereunder will not breach any other agreement to which the Party is a party or is bound or violates any obligation owed by such Party to any third party.

(c ) It has all the rights in relation to the Product, Services and Documentation that are necessary to grant all the rights that it purports to grant under, and in accordance with, the terms of this Agreement.

5.7 Disclaimer. EXCEPT FOR THE WARRANTIES SPECIFIED IN THIS AGREEMENT, NEITHER PARTY MAKES ANY WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, REGARDING THE LICENSED PRODUCT, SERVICES, CLIENT MATERIALS AND CLIENT DATA, AND EACH PARTY HEREBY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. Service Provider does not warrant: (a) that the Licensed Product will meet Client’s requirements; or (b) that the operation of the Product will be uninterrupted or error free.

5.8 Additional Warranties. Service Provider warrants and represents that:

(a) Service Provider has and will maintain all necessary licenses, consents, and permissions necessary for the performance of its obligations under this Agreement during the Term.

(b) The Licensed Product and the Services will comply with all applicable terms and conditions of the Third Party Services listed in the Product Addendum, to the extent such terms and conditions are necessary for the performance of Service Providers obligations herein.

6. Confidentiality

6.1 Confidential Information.Confidential Information” means any nonpublic information directly or indirectly disclosed by either Party (the “Disclosing Party”) to the other Party (the “Receiving Party”) or accessible to the Receiving Party pursuant to this Agreement that is designated as confidential or that, given the nature of the information or the circumstances surrounding its disclosure, reasonably should be considered as confidential, including without limitation technical data, trade secrets, know-how, research, inventions, processes, designs, drawings, strategic roadmaps, product plans, product designs and architecture, security information, marketing plans, pricing and cost information, marketing and promotional activities, business plans, customer and supplier information, employee and User information, business and marketing plans, and business processes, and other technical, financial or business information, and any third party information that the Disclosing Party is required to maintain as confidential. Confidential Information will not, however, include any information which: (a) was publicly known or made generally available to the public prior to the time of disclosure; (b) becomes publicly known or made generally available after disclosure through no fault of the Receiving Party; (c) is in the possession of the Receiving Party, without restriction as to use or disclosure, at the time of disclosure by the Disclosing Party; (d) was lawfully received, without restriction as to use or disclosure, from a third party (who does not have an obligation of confidentiality or restriction on use itself); or (e) is developed by the Receiving Party independently from this Agreement and without use of or reference to the Disclosing Party’s Confidential Information or Proprietary Rights. Except for rights expressly granted in this Agreement, each Party reserves all rights in and to its Confidential Information.

6.2 Confidential Obligations. The Parties will maintain as confidential and will avoid disclosure and unauthorized use of Confidential Information of the other Party using such precautions and with the same degree of care that a prudent person would exercise to protect its own confidential information of a like nature, and to prevent the unauthorized, negligent, or inadvertent use, disclosure, or publication thereof or access thereto. Each Party may only disclose the other Party’s Confidential Information to those of its employees, officers, representatives, contractors, subcontractors and advisers (“Representatives”) who need to know such Confidential Information for the Permitted Purpose, provided that: (a) it informs such Representatives of the confidential nature of the Confidential Information before disclosure; and (b) it procures that its Representatives shall, in relation to any Confidential Information disclosed to them, comply with the obligations set out in this clause as if they were a party to this Agreement, and at all times, it is liable for the failure of any Representatives to comply with the obligations set out in this Section 6. Except as necessary for the proper use of the Product, the exercise of a Party’s rights under this Agreement, performance of a Party’s obligations under this Agreement or as otherwise permitted under this Agreement, neither Party will use Confidential Information of the other Party for any purpose except in fulfilling its obligations or exercising its rights under this Agreement. Each Party will promptly notify the other Party if it becomes aware of any unauthorized use or disclosure of the other Party’s Confidential Information, and reasonably cooperate with the other Party in attempts to limit disclosure.

6.3 Compelled Disclosure. A Receiving Party may disclose Confidential Information to the extent required by law, including regulatory requirements, discovery request, subpoena, court order or governmental action, provided that it will give reasonable prior notice to the extent permitted by Applicable Law (and where prior notice is not permitted by applicable Law, notice will be given as soon as the Receiving Party is legally permitted) to the Disclosing Party to permit the Disclosing Party to intervene and to request protective orders or confidential treatment therefor or other appropriate remedy regarding such disclosure. Disclosure of any Confidential Information pursuant to any legal requirement will not be deemed to render it non-confidential, and the Receiving Party’s obligations with respect to Confidential Information of the Disclosing Party will not be changed or lessened by virtue of any such disclosure. Notwithstanding any provisions herein, if Client is a government agency or entity, Client will comply with all Laws applicable to it with respect to disclosure of public information.

6.4 Bribery. A Party subject to anti-bribery laws may, provided it has reasonable grounds to believe that the other Party is involved in activity that may constitute the criminal offense of Bribery, disclose applicable Confidential Information only to the extent necessary to inform the applicable Regulator’s Office of the alleged Bribery without first informing the other Party of such disclosure.

7. Service Obligations and Responsibilities

7.1 Acceptable Use; Restrictions on Sensitive Information.

7.1.1 Client will not intentionally use the Product or Cloud Service to: (a) store, download or transmit infringing or illegal content, or any viruses, “Trojan horses” or other harmful code; (b) engage in phishing, spamming (meaning the unsolicited sending of any electronic communications without the implied or express consent of the recipient), denial-of-service attacks or fraudulent or illegal activity; (c) interfere with or disrupt the integrity or performance of the Product or data contained therein or on the Service Provider’s system or network or circumvent the security features of the Product; or (d) perform penetration testing, vulnerability testing or other security testing on the Product or otherwise attempt to gain unauthorized access to the Product or any of the Service Provider’s systems or networks.

7.1.2 Sensitive Data. Client may not use the Cloud Services to store or process Sensitive Data, unless the Service Provider has specifically purchased a Cloud Service Subscription designed to be used with Sensitive Data. For the purposes of this Agreement, “Sensitive Data” means:

(1) Special categories of data enumerated in applicable Data Protection Laws, including European Union Regulation 2016/679, Article 9(1) or any successor legislation;

(2) Patient, medical, or other protected health information regulated by the Health Insurance Portability and Accountability Act (as amended and supplemented) (“HIPAA”);

(3) Credit, debit, or other payment card data, including bank account numbers (except for Client’s own payment card data to make payments to the Service Provider);

(4) Social security numbers, driver’s license numbers, or other government identification numbers;

Service Provider shall have no additional responsibility for the storage of Sensitive Data where the Cloud Service Subscription is not designed and approved to store such Sensitive Data.

7.1.3 The Service Provider may suspend Client’s or a User’s right to access or use any portion or all of the Cloud Service immediately upon notice to Client (a) if the Service Provider, after reasonable due diligence given the nature and severity of the issue, reasonably determines that: (i) Client or a User’s misuse of the Cloud Service poses a material risk to the security or operation of the Service Provider’s systems, the Cloud Service or the systems or data of any other customer, or (ii) Client or a User’s use of the Cloud Service violates this Section 7.1 or is illegal or fraudulent; or (b) Client fails to pay any undisputed Fees within 30 days after notice of past due amounts in accordance with section 12. To the extent reasonably practicable, the Service Provider will limit the suspension of the Cloud Service pursuant to subsection (a) as needed to mitigate the applicable risk. The Service Provider will promptly restore the Cloud Service to Client upon resolution of the issue and/or payment of the outstanding amounts (as applicable).

7.2 Client Data and Client Materials

7.2.1 Client is and will continue to be the sole and exclusive licensee, permitted user or owner of and will retain all right, title and interest it may have in and to the Client Materials, Client Data and other Confidential Information of Client, including all Proprietary Rights therein. Nothing in this Agreement will be construed or interpreted as granting to the Service Provider any rights of ownership or any other Proprietary Rights in or to the Client Data, Client Materials or Confidential Information of Client.

7.2.2 Client will obtain all necessary consents, authorizations and rights and provide all necessary notices and disclosures in order to provide Client Data to the Service Provider and for the Service Provider to use Client Data in the performance of its obligations in accordance with the terms and condition of this Agreement, including any access or transmission to third parties with whom Client shares or permits access to Client Data.

7.2.3 The Parties agree that Client Data and Client Materials are Confidential Information of Client. Client hereby grants to the Service Provider a nonexclusive, nontransferable (except in connection with an assignment permitted under Section 12.2), revocable license, under all Proprietary Rights, to reproduce and use Client Materials and Client Data solely for the purpose of, and to the extent necessary for, performing the Service Provider’s obligations under this Agreement. In no event will the Service Provider access, use or disclose to any third party any Client Data or any Client Materials for any purpose whatsoever other than as necessary for the purpose of providing the Product and Services to Client and performing its obligations under this Agreement. The Service Provider will not aggregate, anonymize or create any data derivatives of Client Data other than as necessary to provide the Licensed Product and Services and to perform its obligations in accordance with the terms and conditions of this Agreement.

7.2.4 During the Term, Client will have the right to review and delete the Client Data made accessible in the Licensed Product’s user interfaces, or upon request for Professional Services receive an export specific Client Data, including any derivatives of Client Data which may not be accessible in the Licensed Product’s user interfaces. The Client will be able to request the deletion of any Client Data with the exception of any Client Data contained in certain logs and encrypted backups which are deleted automatically based on the Service Provider data retention policy to conform with Applicable Law.

7.3 System Data. To the extent that System Data identifies or permits, alone or in conjunction with other data, identification, association, or correlation of or with Client, its Affiliates, Users, customers, suppliers or other persons interacting with Client and its Affiliates through the Licensed Product, or any Confidential Information of Client or any device used to access or use the Licensed Product as originating through or interacting with Client or its Affiliates (“Identifiable System Data”), the Service Provider may only collect and use Identifiable System Data internally to administer, provide and improve the Product and Services in accordance with this Agreement. Without limiting the generality of the foregoing, the Service Provider shall only process Identifiable System Data as a Data Processor, Service Provider, or equivalent, as such terms are defined in the applicable Data Protection Law.

7.4 Use of Other Data. Nothing in this Agreement will restrict: (a) Service Provider’s use of it’s System Data or data derived from System Data that does not include any Proprietary Rights of Client and does not identify or permit, alone or in conjunction with other data, identification, association, or correlation of or with (i) Client, its Affiliates, Users, customers, suppliers or other persons interacting with Client and its Affiliates using the Product through the Cloud Service or any Confidential Information of Client disclosed to Service Provider, or (ii) any device (e.g. computer, mobile telephone, or browser) used to access or use the Product as originating through Client or its Affiliates or interacting with Client or its Affiliates; or (b) either Party’s use of any data, records, files, content or other information related to any third party that is collected, received, stored or maintained by a Party independently from this Agreement.

7.5 Security. The Service Provider warrants and represents to Client that it shall, consistent with industry standard practices, implement and maintain a security program: (a) to maintain the security and confidentiality of Client Data; and (b) to maintain the availability and integrity of Client Data and to protect Client Data from known or reasonably anticipated threats or hazards to its security, including accidental loss, unauthorized use, access, alteration or disclosure.

7.5.1 Security Program. The Service Provider warrants and represents to Client that it’s information security program will include (a) appropriate administrative controls, such as communication of applicable information security policies and information security and confidentiality training; (b) physical security of facilities where Client Data is processed or stored, including locked doors and keys/key cards to access such facilities; (c) controls to limit access to the Service Provider’s systems and Client Data, including a password policy for Personnel that access Client Data; and (d) regular testing and evaluation of the effectiveness of the security program.

7.5.2 Systems Access. The Service Provider warrants and represents to Client that it will (a) safeguard Client Data in a controlled environment consistent with industry standards; (b) establish, maintain and enforce the security access principles of “segregation of duties” and “least privilege” with respect to Client Data; (c) maintain a list of systems where Client Data is processed and stored and maintain a list of Personnel who have access to those systems; (d) have in place industry standard policies and processes to limit access to Client Data, including a requirement that a unique individual user-id will be used for each User that accesses Client Data and user ids must not be shared; and (e) require that all Personnel use strong passwords.

7.5.3. Data Storage. The Service Provider warrants and represents to Client that it will implement and maintain (a) logical separation of Client Data from the Service Provider’s data and third party data; (b) encryption of Client Data at rest and in transit to or from computing environments owned or operated by or for the Service Provider to support the Cloud Service using industry standard encryption methods; and (c) specific controls to ensure that the Service Provider has and enforces two-factor authentication for any and all remote connection to the Service Provider systems that access Client Data.

7.5.4 Data Destruction. Without prejudice to Section 7.2.4, the Service Provider represents and warrants that it will not retain Client Data for longer than commercially required to full its obligations under this Agreement after the expiration or termination of the MSA, except as provided in the Agreement or by Law. All Client Data deleted by the Service Provider will be securely and permanently deleted in accordance with industry standards related to data destruction and media sanitation.

7.5.5 Logging. The Service Provider will maintain certain logs and records for industry standard retention periods which enable the Service Provider to audit each User’s access to Client Data, including (i) logging successful and unsuccessful sign-on attempts and (ii) audit trails that capture certain activity and actions performed within the Licensed Product during a User’s session..

7.5.6 Personnel. Access to Client Data will be restricted to authorized Personnel and provided only on a need to know basis. Personnel having access to Client Data will be bound by a written agreement with the Service Provider with requirements and restrictions no less than those set forth herein. Each Personnel must pass a background check consistent with industry standards before having access to Client Data. Personnel who fail to adhere to applicable information security policies will be subject to disciplinary process. The Service Provider will provide information security and confidentiality training to all Personnel authorized by the Service Provider to have access to Client Data. Such training will be: (i) consistent with industry standards; (ii) designed, at a minimum, to educate all such Personnel on maintaining the security, confidentiality and integrity of Client Data; and (iii) be provided no less than annually. The Service Provider will have in place a process by which Authorized Personnel and other User accounts are created and deleted in a secure and timely fashion.

7.5.7 Business Continuity. The Service Provider will maintain plans and risk controls, consistent with industry standards, for continuity of its performance under this Agreement (“Business Continuity Plan”), which will include safeguards to resume the Cloud Service within a specified time, and recover and make available Client Data with not more than a specified period of data loss after any significant interruption or impairment of operation of the Cloud Service. The Service Provider will implement back up procedures as necessary to accomplish its specified recovery point objective. The Service Provider will review its Business Continuity Plan on a regular basis and update it in response to changes within its company and industry standards.

7.5.8 Reports, Risk Assessments and Audits. The Service Provider will have retention policies for reports, logs, audit trails and any other related documentation in accordance with industry standards. Subject to the Fees set forth in an the Product Addendum, Subscription, or Professional Service, whichever applicable, and upon request by Client, the Service Provider will complete and respond to Client’s reasonable security questionnaires and/or self-assessment security compliance reviews and will cooperate with and provide Client’s third party auditor with access to, and the right to inspect and audit, all records and systems relating to (i) the collection, processing, or transfers of data relating to Client Data and (ii) the information security program used by the Service Provider to secure Client Data. The Service Provider will conduct regular industry-standard penetration testing or other appropriate security testing and security assessments that verify its security program. The Service Provider will remedy material issues identified from the testing and audits in a timely manner.

7.6 Data Protection Legislation.

7.6.1 Each Party shall comply with all applicable Data Protection Laws and any implementations of such Laws in relation to its performance under this Agreement. The Parties acknowledge and agree that they will consider in good faith implementing any codes of practice and best practice guidance issued by relevant authorities as they apply to applicable country-specific Data Protection Laws or their implementations.

7.6.2 Without limiting the generality of the foregoing, the Service Provider and Client shall agree to the terms and conditions of the attached Data Processing Addendum. Client represents and warrants it will not transfer Personal Data to Service Provider under this Agreement unless such transfer is in full compliance with all applicable Data Protection Laws and will be responsible for the liabilities related to such transfer due to its own act or omission or to the extent such transfer continues after becoming notified by the Service Provider of it’s material non-conformance.

7.6.3 Service Provider represents and warrants that the Product complies with all Applicable Data Protection and Privacy Laws and contains all functionality to enable Client to use the Product in compliance with Client’s obligations under the Data Protection Laws and Regulations (as defined in the Data Processing Addendum) and the Privacy and Electronic Communications Regulations and any laws or regulations implementing Privacy and Electronic Communications Regulations (including any judicial or administrative interpretation of any of the same and any guidance, guidelines, codes of practice, approved codes of conduct or approved certification mechanisms issued from time to time).

7.6.4 Without limiting the generality of Section 7.6.1, if the Clients use of the Licensed Product becomes, or in either Parties opinion is likely to become in violation of the Data Processing Addendum or Section 7.6.3 that would prohibit or interfere with Client’s use of the Licensed Product under this Agreement, then Service Provider will at its option either: (a) modify or replace the affected Licensed Product at its sole expense so that the modified or replacement Licensed Product is longer at risk of being in violation with an applicable Data Protection Law and is reasonably comparable in functionality, interoperability, and levels of performance; or (b) notify Client of it cannot accomplish Section 7.6.3(a) in a commercially reasonable manner and offer Client new Product Addendum and/or Subscription pricing reflecting either the increased costs of compliance or the decreased functionality, interoperability, or level of performance, whichever applicable. If, in such circumstances, the Parties cannot not successfully accomplish any of the foregoing actions on a commercially reasonable basis, either Party may terminate this Agreement for cause with 30 days’ notice, in which case Service Provider will refund to Client any fees prepaid to Service Provider by Client prorated for the unused portion of the Subscription.

7.7 Remedies. Each Party agrees that in the event of a breach or threatened breach of this Section 7, the non-breaching Party will be entitled to injunctive relief against the breaching Party in addition to any other remedies to which the non-breaching Party may be entitled.

7.8 Data Security Breach Notification.

7.8.1 The Service Provider will notify Client promptly (but in any event no more than 24 hours) upon discovery and verification of any data security breach involving Client Data transferred to or processed by the Service Provider or the Cloud Service (“Security Incident”), and will cooperate with Client in every reasonable way to prevent any further compromise, unauthorized use or disclosure. The Service Provider will document the responsive actions taken in connection with any Security Incident, and conduct a post-incident review of actions taken to make changes in business practices relating to its security program. The Service Provider will provide Client with regular updates regarding the internal investigation of each Security Incident, and upon request the Service Provider will provide summary information to Client.

7.8.2 Service Provider will be responsible for its costs related to or arising from investigating and responding to each Security Incident unless such Security Incident resulted from Client, an Affiliate’s or a Representative’s actions, inaction, instructions, compromise, disclosure, misconfiguration or misuse the Licensed Products or Cloud Service for which Client will be responsible for all costs of investigation, response and other cooperation requested and provided to Client as a Professional Service. The Service Provider will reasonably cooperate with Client in complying with its obligations under Applicable Law pertaining to responding to a Security Incident.

7.8.3 The Service Provider’s obligation to report or respond to a Security Incident under this Section is not an acknowledgement by the Service Provider of any fault or liability with respect to the Security Incident. Client must notify Service Provider promptly about any possible misuse of its accounts or authentication credentials or any security incident related to its use of the Cloud Service and Service Provider is not liable for any losses, damages or improper processing of Client Data resulting therefrom. Client shall be liable to Service Provider for any losses, damages or costs incurred due to a Security Incident solely resulting from Client, its Affiliates and Representatives own actions, inactions, instructions, compromise, disclosure, misconfiguration or misuse of the Licensed Products.

7.8.4 The Service Provider will cooperate in any reasonable investigation of a Security Incident by Client if required by Law.

8. Limitations of Liability

8.1 Disclaimer; General Cap. IN NO EVENT WILL (a) EITHER PARTY BE LIABLE FOR ANY INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING BUT NOT LIMITED TO COSTS OF REPLACEMENT GOODS OR SERVICES, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND (b) SUBJECT TO SECTIONS 8.2, 8.3 AND 8.4, NEITHER PARTY’S AGGREGATE LIABILITY UNDER THIS AGREEMENT, WHETHER SUCH DAMAGES ARE BASED IN CONTRACT, TORT OR OTHER LEGAL THEORY, SHALL EXCEED THE FEES AND OTHER AMOUNTS PAID AND REQUIRED TO BE PAID UNDER THIS AGREEMENT IN THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO THE DAMAGES.

8.2 Exception for Willful Misconduct or Fraud. NOTHING IN THIS AGREEMENT LIMITS ANY LIABILITY FOR WILLFUL MISCONDUCT OR FOR ANY LIABILITY WHICH CANNOT LEGALLY BE LIMITED, INCLUDING BUT NOT LIMITED TO LIABILITY FOR: (A) DEATH OR PERSONAL INJURY CAUSED BY NEGLIGENCE; (B) FRAUD, FRAUDULENT MISREPRESENTATION.

8.3 Exception for Certain Liabilities. THE AGGREGATE LIMITATIONS ON LIABILITY SET FORTH IN SECTIONS 8.1(b) WILL NOT APPLY TO THE OBLIGATIONS OF THE SERVICE PROVIDER UNDER SECTION 9.1 OR THE OBLIGATIONS OF THE CLIENT UNDER SECTION 9.2, AND EITHER PARTY’S OBLIGATIONS UNDER SECTION 6, SECTION 7.6, and SECTION 7.8.

8.4 Special Cap for Security Breach.

8.4.1 THE AGGREGATE LIMITATIONS ON LIABILITY SET FORTH IN SECTIONS 8.1 (b) WILL NOT APPLY TO, AND INSTEAD SECTION 8.4.2 WILL APPLY TO CLIENT’S OUT-OF-POCKET, REASONABLE AND DOCUMENTED COSTS OF INVESTIGATION, NOTIFICATION, REMEDIATION AND MITIGATION SPECIFIED IN SECTION 9.5 DUE TO A SECURITY INCIDENT RESULTING SOLELY FROM BREACH OF THE SERVICE PROVIDER’S OBLIGATIONS UNDER THIS AGREEMENT OR A VIOLATION BY THE SERVICE PROVIDER OF DATA PROTECTION LAWS ABSENT THE INSTRUCTION OF THE CLIENT.

8.4.2 THE SERVICE PROVIDER’S AGGREGATE LIABILITY UNDER SECTION 8.4.1 ABOVE, WHETHER SUCH DAMAGES ARE BASED IN CONTRACT, TORT OR OTHER LEGAL THEORY, WILL NOT EXCEED (IN LIEU OF AND NOT IN ADDITION TO THE AMOUNT SET FORTH IN SECTION 8.1) THREE TIMES THE FEES PAID UNDER THIS AGREEMENT IN THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO THE DAMAGES.

9. Indemnification

9.1 Service Provider Indemnity. The Service Provider will, at its expense, indemnify, defend and hold harmless Client and its Affiliates and their respective officers, directors, employees, agents and Representatives (collectively “Client Indemnified Parties”) from and against any and all claims, actions, proceedings and suits brought by a third party (including government investigations), (“Claims”) o the extent arising out of or alleging of any of the following: (a) infringement, misappropriation or violation of any Proprietary Rights by the Licensed Product by Client which Service Provider permitted to be used by Client under this Agreement; and (b) any unauthorized access, use or disclosure of Client Data resulting solely from breach of the Service Provider’s obligations under the this Agreement (save to the extent such breach is caused by an act or omission of Client) or (c) a willful violation by the Service Provider of Data Protection Laws absent the instruction by Client. Without limitation to the foregoing, the Service Provider will pay all damages and amounts finally awarded by a court of competent jurisdiction or agreed upon in settlement (as set forth in Section 9.3 below) and any government fines and penalties assessed against Client in any such Claims.

9.2 Client Indemnity. Client will, at its expense, indemnify, defend and hold harmless Service Provider and its Affiliates and their respective officers, directors, employees, agents and Representatives (collectively “Service Provider Indemnified Parties”) from and against any and all reasonable Claims to the extent arising out of or alleging of any of the following: (a) infringement, misappropriation or violation of any Proprietary Rights by Service which Client permitted to be used by Service Provider under this Agreement; and (b) any unauthorized or unlawful receipt, processing, transmission or storage of Client Data by the Service Provider in the performance of its obligations as permitted under this Agreement resulting from breach of Client’s obligations under Section 7.2.2, Section 7.6.2 or Section 5.5(save to the extent such breach is caused by an act or omission of Service Provider). Client will pay all costs, damages and amounts finally awarded by a court of competent jurisdiction or agreed upon in settlement (as set forth in Section 9.3 below) and any government fines and penalties assessed against Service Provider in any such Claims.

9.3 Process. Each party seeking indemnification pursuant to this Section 9 (each, an “Indemnified Party” and collectively, the “Indemnified Parties”) will give the other Party (the “Indemnifying Party”) prompt notice of each Claim for which it seeks indemnification, provided that failure or delay in providing such notice will not release the Indemnifying Party from any obligations hereunder except to the extent that the Indemnifying Party is prejudiced by such failure. The Indemnified Parties will give the Indemnifying Party their reasonable cooperation in the defense of each Claim for which indemnity is sought, at the Indemnifying Party’s request and expense. The Indemnifying Party will keep the Indemnified Parties informed of the status of each Claim. An Indemnified Party may participate in the defense of a Claim at its own expense. The Indemnifying Party will control the defense or settlement of the Claim, provided that the Indemnifying Party, without the Indemnified Parties’ prior written consent will not enter into any settlement that; (i) includes any admission of guilt or wrongdoing by any Indemnified Party; (ii) imposes any financial obligations on any Indemnified Party that Indemnified Party is not obligated to pay under this Section 9; (iii) imposes any non-monetary obligations on any Indemnified Party; and (iv) does not include a full and unconditional release of any Indemnified Parties. The Indemnifying Party will ensure that any settlement into which it enters for any Claim is made confidential, except where not permitted by Applicable Law.

9.4 Infringement Remedy. In addition to the Service Provider’s obligations under Section 9.1, if the Product or other Licensed Product is held, or in the Service Provider’s opinion is likely to be held, to infringe, misappropriate or violate any Proprietary Rights, or, if based on any claimed infringement, misappropriation or violation of Proprietary Rights, an injunction is obtained, or in the Service Provider’s opinion an injunction is likely to be obtained, that would prohibit or interfere with Client’s use of the Licensed Product under this Agreement, then the Service Provider will at its option and expense either: (a) procure for Client the right to continue using the affected Licensed Product in accordance with the license granted under this Agreement; or (b) modify or replace the affected Licensed Product so that the modified or replacement Licensed Product are reasonably comparable in functionality, interoperability with other software and systems, and levels of security and performance and do not infringe, misappropriate or violate any third-party Proprietary Rights. If, in such circumstances, the Service Provider cannot not successfully accomplish any of the foregoing actions on a commercially reasonable basis, the Service Provider will notify Client and either Party may terminate the Subscription and this Agreement, in which case the Service Provider will refund to Client any fees prepaid to the Service Provider by Client prorated for the unused portion of the Subscription. For clarity, the Service Provider’s indemnification and defense obligations under this Section include infringement Claims based on use of the Licensed Product by Client Indemnified Parties following an initial infringement Claim except that, if the Service Provider responds to an infringement Claim by accomplishing the solution in (b), the Service Provider will have no obligation to defend and indemnify Client for infringement Claims arising from Client’s use after giving notice to Client of the accomplishment of (b) of the infringing Licensed Product for which the Service Provider provided modified or replacement Licensed Product and a reasonable time to implement the modified or replacement Licensed Product.

9.5 Security Breach Remedy. In addition to the Service Provider’s obligations under Section 9.1, in the event of any Security Incident resulting solely from breach of the Service Provider’s obligations under this Agreement or the violation by the Service Provider of Data Protection Laws absent the instruction by Client, Service Provider will pay the applicable government fines and penalties and other reasonable and documented out-of-pocket costs directly incurred by Client, for (a) investigating and responding to the Security Incident; (b) providing notification to affected individuals, applicable government and relevant industry regulatory agencies required by law; (c) providing credit monitoring and/or identity theft services to affected individuals required by law; and (d) applicable mitigation or remediation costs required by regulatory agencies to be undertaken within the Licensed Product as the result of such Security Incident.

9.6 Limitations.

9.6.1 The Service Provider will have no liability or obligation under this Section 9 with respect to any infringement Claim to the extent solely attributable to any: (a) modifications to the Licensed Product not performed or on behalf of the Service Provider or its Personnel; (b) use of the Product by Client in combination with third-party products, services, equipment, content, code, or software not provided by the Service Provider at the instruction of Client where the alleged violation, infringement or misappropriation would not have occurred but solely for such combination at the instruction of the Client; (c) use of the Licensed Product by Client in breach of this Agreement; or (d) acts or omissions of the indemnified party, including willful patent infringement.

9.6.2 Client will have no liability or obligation under this Section 9 with respect to any infringement Claim to the extent solely attributable to any: (a) modifications to the Client Materials or Client Data not provided or authorized by Client or its Personnel; or (b) use of the Client Materials or Client Data by the Service Provider that is not permitted under this Agreement.

9.6.3 This Section 9 states the entire liability of the Service Provider with respect to infringement, misappropriation or violation of Proprietary Rights of third parties by any Licensed Product or any part thereof or by any use thereof by Client, and this Section 9 states the entire liability of Client with respect to infringement, misappropriation or violation of Proprietary Rights of third parties by any Client Materials, Client Data or any part thereof or by any use, receipt, storage or processing thereof by the Service Provider.

10. Term and Termination

10.1 Term. This Agreement will start on the Subscription Start Date of each Client Subscription and continue in full force and effect until the Client Subscription has ended(the “Initial Term”), unless terminated earlier by either Party as provided in this Agreement. This Agreement will renew for additional renewal Terms (the “Renewal Term”) with each Client Subscription renewal unless one party gives notice of non-renewal to the other party subject to the terms herein.

10.2 Termination for cause. Either party may terminate this Agreement if the other party (a) fails to cure a material breach of the Agreement within 30 days after receiving notice of the breach; (b) materially breaches the Agreement in a manner that cannot be cured; (c) dissolves or stops conducting business without a successor; (d) makes an assignment for the benefit of creditors; or (e) becomes the debtor in insolvency, receivership, or bankruptcy proceedings that continue for more than 60 days. In addition, either party may terminate an affected Subscription if a Force Majeure Event prevents the Product from materially operating for 30 or more consecutive days, and the Service Provider will pay to Client a prorated refund of prepaid fees for the remainder of the Term. A party must notify the other of its reason for termination. Termination by the Service Provider pursuant to this Section does not prejudice Client’s right, and the Service Provider’s obligation, to extract or assist with the retrieval or deletion of Client Data as set forth in Section 10.3.2 following such termination.

10.3 Effect of Termination.

10.3.1 Upon termination or expiration of a Subscription, subject to section 10.1, Client’s right to use the Product licensed under such Subscription will terminate, and Client’s access to the Product and Services provided under such Subscription may be disabled. Termination or expiration of any Subscription purchased by Client from the Service Provider will not terminate or modify any other Subscription purchased by Client from the Service Provider. Upon termination of this Agreement, all Client’s Subscriptions under this Agreement will immediately terminate.

10.3.2 Client shall extract or request Service Provider to extract all Client Data made available in the Cloud Service prior to the termination or expiration of any Subscription to Licensed Product subject to Section 7.2.4. Within 30 days following the termination or expiration of any Subscription to Licensed Product on Client’s written request for Professional Services, the Service Provider will extract and return copies for Client all Client Data remaining in the Cloud Service. The Service Provider will assist Client, as reasonably requested by Client, in validating whether the retrieval or deletion was successful. Client Data shall be provided in a standard non-proprietary CSV formatted file. Following delivery to Client of the Client Data and Client’s confirmation thereof, or Client’s retrieval or deletion of Client Data and the Service Provider’s validation thereof or expiration of the applicable period, whichever is soonest, the Service Provider may, and within 30 days thereafter will, permanently delete and remove Client Data (if any) and will, upon Client’s request, certify to such deletion and removal to Client in writing through email. If the Service Provider is not able to delete any portion of the Client Data or Client Confidential Information, it will remain subject to the confidentiality, privacy and data security terms of this Agreement and shall not be used by the Service Provider for any purposes whatsoever.

10.3.3 Sections 4 (Proprietary Rights), 6 (Confidentiality), 7.2.1 (Client Data and Client Materials), 8 (Limitations of Liability), 9 (Indemnification), 10.3 (Effect of Termination), 11 (Insurance), 12.3(Tax), 13(General) and 14 (Definitions), together with all other provisions of this Agreement that may reasonably be interpreted or construed as surviving expiration or termination, will survive the expiration or termination of this Agreement for any reason; but the nonuse and non-disclosure obligations of Section 6 will expire five years following the expiration or termination of this Agreement, except with respect to, and for as long as, any Confidential Information constitutes a trade secret.

10.3.4 The Service Provider will submit invoices for all known outstanding Fees accrued upon termination and any Fees which may accrue thereafter in accordance with 10.2 or 10.3 (as applicable and in accordance with Section 12 (Payment & Taxes).

10.3.5 Each Party as Recipient will return or destroy Discloser’s Confidential Information in its possession or control.

10.3.6 Unless this Agreement is terminated for cause, Client shall transition to a replacement provider of similar services prior to the termination or expiration of this Agreement. Upon termination or expiration of the Agreement for cause, Service Provider shall offer Client it’s Professional Services, at the request of Client, to support the migration to a replacement provider (of services similar to the Services) to the extent such support does not disclose and/or transfer any Proprietary Information or Confidential Information of Service Provider.

11. Insurance

11.1 Coverages. The Service Provider will at its own cost and expense, obtain and maintain the following insurance coverage during the Term of this Agreement and for one year after:

11.1.1 Commercial General Liability insurance, including all major coverage categories, including premises-operations, property damage, products/completed operations, contractual liability, personal and advertising injury with limits of at least $1,000,000 per occurrence and $2,000,000 in general annual aggregate, and $4,000,000 products/completed operations annual aggregate;

11.1.2 Professional Liability insurance, in an amount of at least $2,000,000 per occurrence covering liabilities for financial loss resulting or arising from actual or alleged acts, errors or omissions by Service Provider including its Personnel in rendering Services in connection with this Agreement including actual or alleged acts, errors or omissions in rendering computer or information technology Services, proprietary rights infringement(excluding Patent infringement), data damage/destruction/corruption, failure to protect privacy, unauthorized access, unauthorized use, virus, and

11.1.3 Cyber Liability or Technology Errors and Omissions, with limits of at least $1,000,000 each claim and $2,000,000 in annual aggregate, providing for protection against liability for: (a) system attacks; (b) denial or loss of service attacks; (c) spread of malicious software code; (d) unauthorized access and use of computer systems; (e) liability arising from loss or disclosure of personal or corporate confidential data; (f) cyber extortion; (g) breach response and management coverage; (h) business interruption; (i) invasion of privacy; and (j) defense of any regulatory action involving a breach of Data Protection Law.

12. Payment and Taxes

12.1 Fees and Invoices. Unless otherwise noted, all Fees are quoted in U.S. Dollars and are exclusive of taxes. Except as detailed in this Agreement, Fees are non-refundable. The Service Provider will send invoices for Fees applicable to the Product Subscription and related usage once per Invoice Period in advance starting on the Subscription Start Date. Any Fees or credits incurred subsequent to sending each invoice will be included in the next invoice. Professional Services invoices may be sent separately during performance of the Professional Services. Invoices will be sent by email to the billing contact information supplied during Product registration and can be updated from time to time by Client.

12.2 Payment. Unless otherwise noted, Client will pay the Service Provider the Fees and any applicable taxes in each invoice in the currency quoted. If no currency is defined, the currency shall be U.S. Dollars. If the Service Provider is provided credit card information to make Payments for Fees incurred by Client, Client authorizes the Service Provider to charge the credit card for undisputed Fees as they are invoiced. If Client makes payment by ACH or international wire, the Client is responsible to pay the wire transfer fees or currency conversion fees.

12.3 Taxes. Client and the Service Provider are each responsible for taxes on their own income and employees, Client is responsible for paying all sales, use, GST, VAT, or other taxes associated with their Subscription. If the Service Provider has the legal obligation to pay or collect Taxes for which Client is subject to, the Service Provider will invoice Client and Client will pay the invoice tax amount unless a valid tax exemption certificate authorized by the appropriate taxing authority is provided.

12.4. Pricing Changes. Pricing under this Agreement is subject to change upon each Renewal Term with thirty (30) days advance written notice to Client. Any pricing marked “Subject to change” in an applicable Quote, Product Addendum or Order Form is subject to change at any time with thirty (30) days’ advance written notice. Should such changes be unacceptable to Client after receiving written notice from the Service Provider, Client may terminate the affected Subscription subject to the terms of this Agreement. Upon such termination, the Service Provider will provide a refund of the applicable Fees prepaid to the Service Provider, prorated for the portion of the Subscription unused until the termination date.

12.5 Payment Dispute. If Client has a good-faith disagreement about the amounts charged on an invoice, Client must notify the Service Provider about the dispute during the Payment Period for the invoice and must pay all undisputed amounts on time. The Parties will work together to resolve the dispute within 15 days after the end of the Payment Period. If no resolution is agreed, each Party may pursue any remedies available under the Agreement or Applicable Laws.

13. General

13.1 Applicable Law. This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) will be governed by and interpreted according to the laws of the Commonwealth of Massachusetts. Each Party irrevocably agrees that any legal action or proceeding relating to this Agreement will be instituted solely in the state and federal courts located in Boston, Massachusetts. Each Party irrevocably agrees to the jurisdiction of such courts, and each Party waives any objection that it may have to the laying of the venue of any such action or proceeding in the manner provided in this Section. The Parties agree that the United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement.

13.2 Assignment. Neither Party may assign or transfer this Agreement or any rights or delegate any duties herein without the prior written consent of the other Party, which will not be reasonably withheld, delayed or conditioned. Notwithstanding the foregoing, and without gaining the other Party’s written consent, the Service Provider may assign this Agreement, in its entirety, and delegate its obligations to its Affiliates or to any entity acquiring all or substantially all of the assets related to the Licensed Product, whether by sale of assets, sale of stock, merger or otherwise and Client may assign this Agreement, in its entirety, to any Affiliates or entity acquiring all or substantially all of its assets related to Client’s account or the Client’s entire business, whether by sale of assets, sale of stock, merger or otherwise. Any attempted assignment, transfer or delegation in contravention of this Section will be null and void. This Agreement will inure to the benefit of the Parties hereto and their permitted successors and assigns.

13.3 Entire Agreement. This Agreement constitutes the entire agreement between the Parties relating to the subject matter hereof, and there are no other representations, understandings or agreements between the Parties relating to the subject matter hereof. This Agreement is solely between Client and the Service Provider. The terms and conditions of this Agreement will not be changed, amended, modified or waived during each Term unless such change, amendment, modification or waiver is in writing and signed by authorized representatives of the Parties. NEITHER PARTY WILL BE BOUND BY, AND EACH SPECIFICALLY OBJECTS TO, ANY PROVISION THAT IS DIFFERENT FROM OR IN ADDITION TO THIS AGREEMENT (WHETHER PROFFERED ORALLY OR IN ANY QUOTATION, PURCHASE ORDER, INVOICE, SHIPPING DOCUMENT, ONLINE TERMS AND CONDITIONS, ACCEPTANCE, CONFIRMATION, CORRESPONDENCE, OR OTHERWISE), UNLESS SUCH PROVISION IS SPECIFICALLY AGREED TO IN WRITING SIGNED BY BOTH PARTIES.

13.4 Export Laws. Each Party will comply with all applicable customs and export control laws and regulations of the United States and/or such other country, in the case of Client, where Client or its Users use the Product or Services, and in the case of the Service Provider, where the Service Provider provides the Product or Services. Each Party certifies that it and its Personnel are not on any of the relevant U.S. Government Lists of prohibited persons, including but not limited to the Treasury Department’s List of Specially Designated Nationals and the Commerce Department’s list of Denied Persons. Neither Party will export, re-export, ship, or otherwise transfer the Licensed Product, Services or Client Data to any country subject to an embargo or other sanction by the United States or other applicable jurisdiction.

13.5 Force Majeure. Neither Party will be liable hereunder for any failure or delay in the performance of its obligations in whole or in part, on account of riots, fire, flood, earthquake, explosion, epidemics, war, strike or labor disputes (not involving the Party claiming force majeure), embargo, civil or military authority, act of God, governmental action or other causes beyond its reasonable control and without the fault or negligence of such Party or its Personnel and such failure or delay could not have been prevented or circumvented by the non-performing Party through the use of alternate sourcing, workaround plans or other reasonable precautions (a “Force Majeure Event”). If a Force Majeure Event continues for more than 30 days for any Subscription, Client may cancel the unperformed portion of the Subscription and receive a pro rata refund of any fees prepaid by Client to the Service Provider for such unperformed portion.

13.6 Government Rights. As defined in FARS §2.101, the Product and Documentation are “commercial items” and according to DFARS §252.227 and 7014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation”. Consistent with FARS §12.212 and DFARS §227.7202, any use, modification, reproduction, release, performance, display or discourse of such commercial software or commercial software documentation by the U.S. government will be governed solely by the terms of this Agreement and will be prohibited except to the extent expressly permitted by the terms of this Agreement.

13.7 Headings. The headings throughout this Agreement are for reference purposes only, and the words contained therein will in no way be held to explain, modify, amplify or aid in the interpretation, construction or meaning of the provisions of this Agreement.

13.8 No Third-Party Beneficiaries. Except as specified in Section 9 with respect to Client Indemnified Parties and the Service Provider Indemnified Parties, nothing express or implied in this Agreement is intended to confer, nor will anything herein confer, upon any person other than the Parties and the respective successors or assigns of the Parties, any rights, remedies, obligations or liabilities whatsoever.

13.9 Notices. To be effective, notice under this Agreement must be given in writing. Each Party consents to receiving electronic communications and notifications from the other Party in connection with this Agreement. Each Party agrees that it may receive notices from the other Party regarding this Agreement: (a) by email to the email address designated by such Party as a notice address for the Agreement; (b) by personal delivery; (c) by registered or certified mail, return receipt requested; or (d) by nationally recognized courier service. Any notice shall be deemed to have been received: (a) if sent by email, at the time of transmission, or, if this time falls outside of Business Hours, when Business Hours resume; (b) if delivered by personal delivery, at the time the notice is left at the proper address; (c) if sent by registered or certified mail, return receipt requested, at 10.00 am on the second Business Day after posting. This clause does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.

13.10 Nonwaiver. Any failure or delay by either Party to exercise or partially exercise any right, power or privilege under this Agreement will not be deemed a waiver of any such right, power or privilege under this Agreement. No waiver by either Party of a breach of any term, provision or condition of this Agreement by the other Party will constitute a waiver of any succeeding breach of the same or any other provision hereof. No such waiver will be valid unless executed in writing by the Party making the waiver.

13.11 Publicity. Neither Party will issue any publicity materials or press releases that refer to the other Party or its Affiliates, or use any trade name, trademark, service mark or logo of the other Party or its Affiliates in any advertising, promotions or otherwise, without the other Party’s prior written consent.

13.12 Relationship of Parties. The relationship of the Parties will be that of independent contractors, and nothing contained in this Agreement will create or imply an agency relationship between Client and the Service Provider, nor will this Agreement be deemed to constitute a joint venture or partnership or the relationship of employer and employee between Client and the Service Provider. Each Party assumes sole and full responsibility for its acts and the acts of its Personnel. Neither Party will have the authority to make commitments or enter into contracts on behalf of, bind, or otherwise oblige the other Party.

13.13 Sever-ability. If any term or condition of this Agreement is to any extent held invalid or unenforceable by a court of competent jurisdiction, the remainder of this Agreement will not be affected thereby, and each term and condition will be valid and enforceable to the fullest extent permitted by law.

13.14 Subcontracting. The Service Provider may use Subcontractors in its performance under this Agreement, provided that: (a) the Service Provider remains responsible for all its duties and obligations hereunder and the use of any Subcontractor will not relieve or reduce any liability of the Service Provider or cause any loss of warranty under this Agreement; (b) the Service Provider agrees to be directly liable for any act or omission by such Subcontractor to the same degree as if the act or omission were performed by the Service Provider such that a breach by a Subcontractor of the provisions of this Agreement will be deemed to be a breach by the Service Provider. The performance of any act or omission under this Agreement by a Subcontractor for, by or through the Service Provider will be deemed the act or omission of the Service Provider. Upon request, the Service Provider will identify to Client any Subcontractors who have access to Client Data performing under this Agreement and such other information reasonably requested by Client about such subcontracting. Client shall have the right to have removed from the provision of the Licensed Product hereunder, any of Service Provider subcontractor who has access to Client Data subject to the Client providing Service Provider reasonable advance notice in writing (email to suffice) and agreeing to prepay the Service Provider the any and all costs associated with finding, supporting and maintaining an acceptable replacement.

13.15 Counterparts. This Agreement may be executed in any number of counterparts and by the parties hereto in separate counterparts, each of which when so executed shall be deemed to be an original and all of which taken together shall constitute one and the same agreement. Executed signature pages of this Agreement sent by facsimile or transmitted electronically in Portable Document Format (PDF), or signature pages executed and transmitted electronically via digital signature, shall be treated as originals, fully binding and with full legal force and effect, and the Parties waive any rights they may have to object to such treatment, provided that this treatment shall be without prejudice to the obligation of the parties to exchange original counterparts as quickly as practicable after execution of this Agreement if requested by either Party. This Agreement will become effective as of the date when all parties have signed and dated it.

14. Definitions

14.1 “Affiliate” means, with respect to any entity, any other entity that controls, is controlled by, or under common control with such entity. The terms “controls,” “controlled by,” and “under common control with” mean the ownership of at least fifty percent (50%) of the equity or beneficial interests of the entity or the right to vote for or appoint a majority of the board of directors or other governing body of such entity, and any other entity with respect to which Client or any of its Affiliates has management or operational responsibility (even though Client or such Affiliate may own less than fifty percent (50%) of the equity of such entity).

14.2 “Applicable Laws” means all applicable international, national, state and local laws, ordinances, rules, regulations and orders, as amended from time to time.

14.3 “Cloud Provider” means the Amazon Web Services(“AWS”) local entity in each Cloud Provider Region operated by AWS and the Oracle Cloud Infrastructure(OCI) local entity in each Cloud Provider Regions operated by OCI.

14.4 “Cloud Provider Region” means the region name defined by the Cloud Provider representing the geographic region and/or country where their data center is located.

14.5 “Business Hours” means the hours of 9:30am to 6:00pm on any Business day.

14.6 “Business Day” means a day on which banks are open for business, not being a Saturday or a Sunday..

14.7 “Client Data” means all data, records, files, information or content, including text, sound, video, and images, that is (a) input or uploaded by Client or its Users to or collected, received, transmitted, processed, or stored by Client or its Users using the Product or Cloud Service in connection with this Agreement including Personal Data, or (b) provided by Client to ID123 Inc. in connection with this Agreement through a means other than using the Product or Cloud Service(whether stored within the Licensed Product or elsewhere), or (c) generated or derived from (a) or (b).

14.8 “Client Materials” means any property, items or materials and any Proprietary Rights therein, including Client Data, furnished by Client to the Service Provider for the Service Provider’s use in the performance of its obligations under this Agreement.

14.9 “Cloud Service” means access and use of the Product, or a component of a Product, as deployed and hosted in the Service Provider’s Computing Environment, and any software and other technology provided or made accessible by the Service Provider in connection therewith (and not as a separate product or service) that Client is required or has the option to use in order to access and use the Product.

14.10 “Contractor” means any third party contractor of Client or other third party performing services for Client, including outsourcing suppliers.

14.11 “Computing Environment” means the computing infrastructure and systems used to provide the Product via Cloud Service.

14.12 “Controller” means the entity that determines the purposes and means of the processing of Personal Data. “Controller” includes equivalent terms in other Data Protection Law, such as the CCPA-defined term “Business” or “Third Party,” as context requires.

14.13 “Data Protection Law” means all data protection and privacy laws applicable to the processing of Personal Data under the Agreement, including Regulation 2016/679 (General Data Protection Regulation) (“GDPR”), the European Union (Withdrawal) Act 2018 and the Data Protection Act 2018 in the UK (“UK GDPR”) and the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais) (“LGPD”) and Cal. Civ. Code 1798.100 et seq. (California Consumer Privacy Act) (“CCPA”).

14.14 “Documentation” means the user guides, manuals, instructions, specifications, notes, documentation, printed updates, “read-me” files, release notes and other materials related to the Product, its use, operation or maintenance, together with all enhancements, modifications, derivative works, and amendments to those documents, that the Service Provider provides under this Agreement.

14.15 “Fees” means the price for the Product and the Cloud Service as defined in the Wallet Platform Subscription Fees table of the Product Addendum.

14.16 “International Data Transfer Mechanism” means the special protections that some jurisdictions require two or more parties that transfer information across international borders to adopt to make the transfer lawful. “Transfer,” in the context of an International Data Transfer Mechanism, means to disclose or move personal data from a storage location in one jurisdiction to another, or to permit a party in one jurisdiction to access Personal Data that the other party stores in another jurisdiction that requires an International Data Transfer Mechanism.

14.17 “Licensed Product” means the Product, Documentation and any other items, materials or deliverables that the Service Provider provides, or is obligated to provide, as part of a Subscription.

14.18 “Personal Data” means information the Client Data that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a data subject. “Personal Data” includes equivalent terms in other Data Protection Law, such as the CCPA-defined term “Personal Information,” as context requires, to the extent such information forms part of the Client Data.

14.19 “Personal Data Breach” means a confirmed breach of security of the Services that caused an accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, or an event that qualifies as a reportable data breach under Applicable Law.

14.20 “Personnel” means a Party or its Affiliates directors, officers, employees, non-employee workers, agents, auditors, consultants, contractors, subcontractors and any other person performing services on behalf of such Party (but excludes the other Party and any of the foregoing of the other Party).

14.21 “Privacy and Security Terms” means Section 7.5, the attached Data Processing Addendum (if applicable), and any other terms and conditions regarding the privacy and security of data agreed upon by the parties that are a part of this Agreement, whether in an addendum or amendment to this MSA.

14.22 “Product Addendum” means the description of Product and other product information offered by the Service Provider, including Support Services and policies and procedures incorporated or referenced in the product information.

14.23 “Processor” means an entity that processes personal data on behalf of another entity. “Processor” includes equivalent terms in other Data Protection Law, such as the CCPA-defined term “Service Provider,” as context requires.

14.24 “Product” means the computer software and any associated data, content and/or services identified in the applicable Product Addendum that the Service Provider provides or is obligated to provide as part of a Subscription, including any patches, bug fixes, corrections, remediation of security vulnerabilities, updates, upgrades, modifications, enhancements, derivative works, new releases and new versions of the foregoing that the Service Provider provides, or is obligated to provide, as part of the Subscription.

14.25 “Proprietary Rights” means all intellectual property and proprietary rights throughout the world, whether now known or hereinafter discovered or invented(together with any renewals, extensions or revivals, , including, without limitation, all: (a) patents and patent applications; (b) copyrights, neighboring rights and mask work rights; (c) trade secrets; (d) trademarks, trade names, service marks and logos; (e) rights in data and databases; (f) registered designs or unregistered design rights in the UK; and (g) analogous rights throughout the world.

14.26 “Sensitive Data” means the following types and categories of data: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic data; biometric data; data concerning health, including protected health information governed by the Health Insurance Portability and Accountability Act; data concerning a natural person’s sex life or sexual orientation; government identification numbers (e.g., SSNs, driver’s license); payment card information; nonpublic personal information governed by the Gramm-Leach-Bliley Act; an unencrypted identifier in combination with a password or other access code that would permit access to a data subject’s account; and precise geolocation.

14.27 “Services” means all services and tasks that the Service Provider provides or is obligated to provide under this Agreement, including without limitation the Cloud Services and the Support Services.

14.28 “Subcontractor” means any third party subcontractor or other third party to whom the Service Provider delegates any of its duties and obligations under this Agreement.

14.29 “Sub-processors” means third parties authorized under this Agreement to access and process Personal Data in order to provide parts of the Business Services.

14.30 “Subscription” means a Product subscription for a specific features, integrations, usage pricing and use capacity purchased by Client and fulfilled by the Service Provider for the licensing and provision of Product provided as a Cloud Service in the Service Provider’s Computing Environment.

14.31 “Support Services” means the support and maintenance services for the Product that the Service Provider provides, or is obligated to provide, as described in the Product Addendum.

14.32 “System Data” means data and data elements (other than Client Data) collected by the Product, Cloud Service or the Computer Environment of the Service Provider regarding configuration, environment, usage, performance, vulnerabilities and security of the Product or Cloud Service that may be used to generate logs, statistics and reports regarding performance, availability, integrity and security of the Product or Cloud Service.

14.33 “Third Party Services” means any third-party products, platforms, services, equipment, content, code, or software that are used in combination with a Licensed Product.

14.34 “User” means any person or software program or computer systems authorized by Client or any of its Affiliates to access and use the Product as permitted under this Agreement, including Contractors of Client or its Affiliates.