Master Service Agreement
OUR COMMITMENT TO EXCELLENCE
Last Updated: November 7, 2019
This End User Subscription Agreement (the “Agreement”) is a binding agreement between the Customer listed on the applicable Order (hereinafter “Customer,” “You” or “Your”) and V3 Cybersecurity, Inc., (hereinafter, “V3,” “We,” or “Us”) and governs Your purchase, access, and use of all V3 SaaS, Software, Hardware, DS, and Support Services, including all Upgrades, and Evaluation Products (as applicable) (in each case, as defined below, and collectively, “Products”) and the provision of any services as further described in the applicable Order (such services together with the Products, collectively, the “Services”) now or hereinafter developed by V3.
IF YOU HAVE ARRIVED AT THIS PAGE DURING THE PROCESS OF INSTALLING, DOWNLOADING, ACCESSING, OR DEPLOYING A PRODUCT, YOU ACKNOWLEDGE AND AGREE THAT BY PROCEEDING WITH THE INSTALLATION, DOWNLOAD, ACCESS, DEPLOYMENT, OR USE OF THE PRODUCT, YOU AGREE TO BE BOUND BY THE TERMS AND CONDITIONS IN THIS AGREEMENT. IF YOU DO NOT UNCONDITIONALLY AGREE TO THE FOREGOING, DISCONTINUE THE INSTALLATION, DOWNLOAD, ACCESS, DEPLOYMENT, OR USE. IF YOU PROCEED WITH INSTALLATION, DOWNLOAD, ACCESS, DEPLOYMENT, OR USE, YOU REPRESENT AND WARRANT THAT YOU ARE AUTHORIZED TO ENTER INTO THIS AGREEMENT ON BEHALF OF AND TO BIND THE CUSTOMER TO THE TERMS HEREOF.
If You receive access to or use of Products for proof of concept, beta testing, interactive demo, or other similar evaluative purposes (the “Evaluation Products”), then You may only use the Evaluation Products for Your own internal evaluation purposes for a period defined by V3 from the effective date of Your access to the Evaluation Products. You and V3 may, upon mutual written agreement, extend the Evaluation Period. Immediately upon expiration of the Evaluation Period, You must delete all Software and other components (including Documentation) related to the Evaluation Products. Your continued use of any Evaluation Product following expiration of the Evaluation Period constitutes Your Agreement to the terms herein with respect to use of such Evaluation Product(s) and You shall be charged for such continued use at V3’s then-current list price for such Evaluation Product(s). If you are evaluating SaaS, You acknowledge that V3 reserves the right to disable access to the SaaS automatically at the end of the Evaluation Period, without notice to You. At the end of the Evaluation Period, Customer Data will be deleted pursuant to V3’s data retention policy, unless otherwise agreed to by the parties. If You are participating in an interactive demo, You agree that You will receive one instance of the SaaS which is shared with other prospective V3 customers and users. For any Evaluation Products, only Sections 4, 5.4, 6, 9, 10, 11, 12, and the applicable Definitions in Section 1 of this Agreement shall apply.
This Agreement may be periodically updated and the current version will be posted at www.v3cybersecurity.com/subscription. Your continued use of the Products after a revised Agreement has been posted constitutes your acceptance of its terms.
1.1 “Affiliate” means, with respect to a party, any entity which directly or indirectly Controls, is Controlled by, or is under common Control with such party. “Control” means 50% or greater voting power, or otherwise having the power to govern the financial and the operating policies or to appoint the management of an organization.
1.2 “Aggregated Data” means Customer Data (i) anonymized, and not identifiable to any person or entity, (ii) combined with the data of other customers or additional data sources, and (iii) presented in a manner from which Customer’s or Customer Users’ identity may not be derived.
1.3 “Customer Data” means all data or information submitted by or on behalf of Customer to the Products.
1.4 “Customer User” means an employee, agent, contractor, or other third party authorized by Customer and/or its Affiliates to access, use, download, deploy, or install the Products.
1.5 “DS” means the deployment services provided to Customer, as further described in the Product Sheets.
1.6 “Documentation” means the documentation and usage guides for the Products, as updated from time to time by V3.
1.7 “Fees” means any fees paid or to be paid for Products under an Order.
1.8 “Force Majeure Event” means an event which is unforeseeable, beyond the control of the party affected, and cannot be remedied by the exercise of reasonable diligence, including without limitation: acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes, computer, telecommunications, Internet service provider or hosting facility failures or delays involving hardware, software or power systems not within V3’s possession or reasonable control and denial of service attacks.
1.9 “Intellectual Property Rights” means copyrights (including, without limitation, the exclusive right to use, reproduce, modify, distribute, publicly display and publicly perform the copyrighted work), trademark rights (including, without limitation, trade names, trademarks, service marks, and trade dress), patent rights (including, without limitation, the exclusive right to make, use and sell), trade secrets, moral rights, right of publicity, authors’ rights, contract and licensing rights, goodwill and all other intellectual property rights as may exist now and/or hereafter come into existence and all renewals and extensions thereof, regardless of whether such rights arise under the law of the United States or any other state, country or jurisdiction.
1.10 “Order” means a written order form/sales proposal, purchase order, or similar ordering document for Products submitted to, and approved, by V3 and/or Partner.
1.11 “Partner” means the V3 approved partner authorized by V3 to resell or otherwise provide Products to end user customers.
1.12 “Product Sheets” means the V3 materials available at www.v3cybersecurity.com that provide Product descriptions, service levels, and terms applicable to specific Products.
1.13 “SaaS” means the subscription cloud-based service provided by V3 for the Subscription Term set forth in the Order, or as further described in the Product Sheets.
1.14 “Software” means any V3 software, utility, tool or other computer or program code, in object (binary) or source-code form provided, directly or indirectly to Customer as well as any copies (whether complete or partial) made by or on Customer’s behalf, as further described in the Product Sheets. The term “Software” also includes any updates, upgrades or other new features, functionality or enhancements to the Software made available directly or indirectly to Customer.
1.15 “Subscription Term” means, collectively, the Initial Subscription Term and all Renewal Subscription Terms.
1.16 “Support Services” means the support services provided by V3 with respect to each applicable Product, including Services as described at www.v3cybersecurity.com.
1.17 “Upgrades” means all cloudwide modifications, enhancements and corrections to the Products made by V3 including corrections of failures to conform to or to operate in accordance with the Documentation; temporary and permanent error corrections delivered as part of the Support Services and all additions, updates, new versions and releases, and new features, and changes made by V3 in response to legal, technological or other developments. For clarity, “Upgrades” does not include any additional features or enhancements made available to customers by V3 for an additional cost.
1.18 “V3 Materials” means all V3 proprietary materials, including the Documentation, and Intellectual Property Rights embodied in the Products and Documentation, V3’s processes and methods, and/or materials distributed by V3 during any presentations, proof of concepts, or demonstrations of V3 Products.
- Customer and/or Customer Affiliates may purchase Products through an Order. All Orders shall be governed by the terms and conditions in this Agreement regarding Customer’s and its Affiliates’ access and use of the Products. For clarity, V3 will not be obligated to provide any Products to Customer or its Affiliate(s) until V3 receives a valid Order for such Products, executed by Customer. Customer and any Customer Affiliate agrees that its purchase of any Products is neither contingent upon the delivery of any future functionality or features nor dependent upon any oral or written public comments made by V3 with respect to any future functionality or features.
- Customer agrees to pay to V3 the Fees as agreed to in the applicable Order within [30 days] of receipt by Customer of applicable invoice. Customer shall be responsible for the payment of all taxes associated with Customer’s purchase of the relevant Products together with any fees, duties, or other amounts, however designated, including value added and withholding taxes which are levied or based upon such charges, or upon this Agreement. If any tax for which Customer is responsible hereunder is paid by V3, Customer will reimburse V3 upon V3’s request therefor.
- INTELLECTUAL PROPERTY; RESTRICTIONS; AND GUIDELINES
4.1 Ownership and Intellectual Property Rights
4.1.1 V3. All rights, title and interest in and to the Products, V3 Materials and any and all Feedback (as defined below) belong exclusively to V3 and its licensors. No rights are granted to Customer other than as expressly set forth in this Agreement.
4.1.2 Customer. All rights, title and interest in and to the Customer Data, including all Intellectual Property Rights inherent therein, belong exclusively to Customer. No rights are granted to V3 other than as expressly set forth in this Agreement.
4.2 Use and Restrictions. Customer agrees that it shall: (i) use the Products solely for its internal business purposes; (ii) only permit access to the Products by Customer Users; and (iii) comply with all Documentation provided by V3. Customer shall not (and will not allow any third party to): (i) modify, copy, display, republish or create derivative works based on the Products or V3 Materials; (ii) reverse engineer the Products; (iii) access the Products in order to build a competitive product or service, or copy any ideas, features, functions or graphics of the Products; (iv) use the Products to send spam or otherwise duplicative or unsolicited messages in violation of any applicable laws and/or regulations; (v) use the Products to send infringing, obscene, threatening, libelous, or otherwise unlawful material; (vi) use the Products to access blocked services in violation of any applicable laws and/or regulations; (vii) upload to the Products or use the Products to send or store viruses, worms, time bombs, Trojan horses or other harmful or malicious code, files, scripts, agents or programs; (viii) use the Products to run automated queries to external websites (as the website may blacklist V3 IPs for all of its customers); (ix) interfere with or disrupt the integrity or performance of the Products or the data contained therein; (x) attempt to gain unauthorized access to the Products or its related systems or networks; (xi) remove or alter any trademark, logo, copyright or other proprietary notices, legends, symbols or labels in the Products; (xii) perform penetration or load testing on the Products or V3’s cloud without the prior written consent of V3; (xiii) without the express prior written consent of V3, conduct any public benchmarking or comparative study or analysis involving the Products; and (xiv) access or use the Products from an embargoed nation, or denied party, in violation of U.S. trade and economic sanctions.
4.3 Customer Guidelines and Responsibilities. Customer agrees and understands that (i) it is solely responsible for all activity of Customer Users and for Customer Users’ compliance with this Agreement; (ii) it shall: (a) have sole responsibility for the accuracy, quality, integrity, legality, reliability and appropriateness of all Customer Data; (b) prevent unauthorized access to, or use of, the Products, and notify V3 promptly of any such unauthorized access or use; and (c) comply with all applicable laws and/or regulations in using the Products; (iii) the Products do not include Customer’s connection to the Internet or any equipment or third party licenses necessary for Customer to use the Products, which shall be Customer’s sole responsibility; (iv) it is responsible for supplying V3 with any technical data and other information and authorizations that V3 may reasonably request to allow V3 to provide the Products to Customer; and (v) V3 shall have the right to (a) use or act upon any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by Customer relating to the Products (collectively “Feedback”); (b) utilize information collected regarding Customer’s use of the Products for the purposes of (1) maintaining, improving and/or analyzing the SaaS, including providing advanced analytics and reporting to Customer, (2) complying with all legal or contractual requirements, and/or (3) making malicious or unwanted content anonymously available to its licensors for the purpose of further developing and enhancing the Products; and (c) develop and commercialize benchmarks and measures based on Aggregated Data. The foregoing shall in no way limit V3’s confidentiality and security obligations set forth in this Agreement.
4.4 V3’s Guidelines and Responsibilities.
4.4.1 V3 shall (i) process, use, and/or access Customer Data in accordance with the terms herein only for the purpose of providing the Products to Customer; and (ii) maintain reasonable and appropriate physical, organizational, administrative, and technical safeguards designed to protect Customer Data from loss, misuse, unauthorized access, disclosure, alteration and destruction.
4.4.2 Provided that Customer promptly notifies V3 of a defect in the applicable Product, V3 shall provide Support Services, as necessary and in accordance with the applicable Order. V3 will provide a remedy in the form of a workaround, or deploy another version of the Product that includes a bug fix for the applicable defect. Customer agrees to provide information reasonably necessary to understand and resolve the incident, which may include log files, configuration files and/or error messages. V3 has no obligation to provide Support Services where such Support Services are requested or otherwise required as a result of any act or omission of Customer and which is not attributable to V3 or its authorized agents, including, but not limited to, Customer’s failure to implement any applicable Upgrades.
4.4.3 V3 may process and store Customer Data in the European Economic Area (the “EEA”), the United States and in other countries and territories; however, Customer may choose during the deployment process to store its logs in either (i) the United States or (ii) the European Union and Switzerland. To facilitate its global operations, V3 may transfer and access Customer Data from around the world, including from other countries in which V3 has operations. V3 reserves the right to manage bandwidth or route traffic across the Internet in a commercially optimal way, provided such actions do not compromise V3’s obligations under this Agreement.
4.4.4 V3 reserves the right to suspend Customer’s access to or download of Products in the event Customer’s use of the Products represents an imminent threat to V3’s network, or if so directed by a court of competent jurisdiction or in accordance with applicable law. In such cases, V3 will (i) suspend such Products only to the extent reasonably necessary to prevent any harm to V3’s network; (ii) use reasonable efforts to promptly contact Customer and give Customer the opportunity to change the configuration of its server(s) accordingly and/or work with Customer to promptly resolve the issues causing the suspension of such Products; and (iii) reinstate any suspended Products immediately after any issue is abated.
- REPRESENTATIONS AND WARRANTIES
5.1 Mutual. Each party represents and warrants to the other party that (i) it has, and will maintain throughout the Subscription Term, the legal power and authority to enter into this Agreement, and (ii) it will comply with all applicable laws, statutes, ordinances, and regulations (including without limitation any relevant data protection or privacy laws) in fulfilling its respective obligations under the Agreement.
5.2 By Customer. Customer further represents and warrants to V3 that all Customer Data is correct, accurate, complete and shall remain current at all times, and V3’s access to and use thereof in connection with V3’s provisions of Services hereunder will not infringe upon, misappropriate or otherwise violate the intellectual or any other rights of any third party.
5.3 By V3. V3 warrants that the Services will be performed in a professional manner in accordance with industry standards for like services.
5.4 Disclaimer of Warranties. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH HEREIN, ALL PRODUCTS ARE PROVIDED ON AN “AS IS” BASIS WITHOUT ANY WARRANTY WHATSOEVER. V3 EXPRESSLY DISCLAIMS, TO THE MAXIMUM EXTENT PERMISSIBLE UNDER APPLICABLE LAW, ALL WARRANTIES, EXPRESS, IMPLIED AND STATUTORY, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, NONINFRINGEMENT, OR ARISING FROM COURSE OF PERFORMANCE, DEALING, USAGE OR TRADE. V3 ALSO MAKES NO WARRANTY REGARDING NONINTERRUPTION OF USE OR FREEDOM FROM BUGS, AND MAKES NO WARRANTY THAT PRODUCTS WILL BE ERROR-FREE.
- CONFIDENTIAL INFORMATION
6.1 Definition of Confidential Information. As used herein, “Confidential Information” means all confidential and proprietary information of a party (“Disclosing Party”) disclosed to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information or the circumstances of disclosure, including the terms and conditions of this Agreement (including pricing and other terms reflected in all Orders hereunder), the Customer Data, the Products, the V3 Materials, V3’s security information and reports, and each party’s respective business and marketing plans, technology and technical information, product designs, and business processes. The obligations in this section shall not apply to any information that: (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party; (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party and without an obligation of confidentiality; (iii) was independently developed by the Receiving Party without the use of or reference to the Confidential Information of the Disclosing Party; or (iv) is lawfully received from a third party without breach of any obligation owed to the Disclosing Party and without an obligation of confidentiality.
6.2 Obligations. The Receiving Party shall not disclose or use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, except with the Disclosing Party’s prior written consent. Either party may disclose Confidential Information to its personnel, auditors, legal representatives and accountants, provided that such disclosure is made on a “need to know” basis only and provided, further that such recipients are bound by obligations of confidentiality no less restrictive than those set forth herein.
6.3 Protection. The Receiving Party will use at least the same level of care to prevent unauthorized use of the Confidential Information as it uses for its own confidential and proprietary information of like kind, but in no event less than a reasonable degree of care.
6.4 Compelled Disclosure. If the Receiving Party is compelled by applicable law or regulation or compulsion of other proper judicial or other legal process to disclose Confidential Information of the Disclosing Party, the Receiving Party shall provide prompt notice of the same prior to such required disclosure such that the Disclosing Party may seek a protective order or other appropriate remedy to safeguard, restrict and/or limit the disclosure of such Confidential Information.
6.5 Remedies. If the Receiving Party discloses or uses (or threatens to disclose or use) any Confidential Information of the Disclosing Party in breach of the confidentiality protections hereunder, the Disclosing Party shall have the right, in addition to any other remedies available to it, to seek injunctive relief to enjoin such acts or seek a protective order regarding such acts.
- TERM AND TERMINATION
7.1. Order Term. The Subscription Term will begin on the start date set forth in an Order and will continue for the period of time stated in the Order (“Initial Subscription Term”). Prior to the end of the Initial Subscription Term, the parties will work together to agree on the length and pricing for a renewal term (“Renewal Subscription Term”); otherwise, Customer’s subscription will terminate at the end of the Initial Subscription Term (or the then-applicable Renewal Subscription Term).
7.2 Termination for Material Breach. Either party may terminate this Agreement and any Order (i) if the other party breaches any terms and conditions of this Agreement and does not cure such breach within 30 days of receipt of notice of such breach; or (ii) if the other party becomes the subject of a petition in bankruptcy or any proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors.
7.3 Effect of Termination. The following provisions shall survive the termination of this Agreement and all Orders: Section 3 (Payment), Section 4 (Intellectual Property; Restrictions; and Guidelines), Section 5.4 (Disclaimer of Warranties), Section 6 (Confidential Information), Section 7.3 (Effect of Termination), Section 8 (Indemnity), Section 9 (Limitation of Liability), Section 10 (Processing of Personal Data), Section 11 (Export Compliance and Commercial Item Software), and Section 12 (General Provisions).
8.1 V3 will indemnify, defend and hold Customer harmless, from and against any claim against Customer by reason of Customer’s use of the Products as permitted hereunder, brought by a third party alleging that the Products or V3 Materials infringe or misappropriate a third party’s Intellectual Property Rights. V3 shall, at its expense, defend such claim and pay damages finally awarded against Customer in connection therewith, including the reasonable fees and expenses of the attorneys engaged by V3 for such defense. If the Products, or parts thereof, become, or in V3’s opinion may become, the subject of an infringement claim, V3 may, at its option: (i) procure for Customer the right to continue using the Products as set forth herein; (ii) replace or modify the Products to make it non-infringing; or (iii) if options (i) or (ii) are not commercially and reasonably practicable as determined by V3, terminate this Agreement and the applicable Order and refund Customer, on a pro-rated basis, any pre-paid Fees for the corresponding unused portion of the Subscription Term. V3 will have no liability or obligation under this section with respect to any claim if such claim is caused in whole or in part by (1) Customer’s use of a Product not in accordance with the Documentation; (2) modification of a Product by anyone other than V3; or (3) the combination, operation, or use of any Product with other hardware or software not provided by V3 where the Products would not by itself be infringing. THIS SECTION 8.1 STATES V3’S ENTIRE LIABILITY AND CUSTOMER’S SOLE REMEDY WITH RESPECT TO ANY INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS BY THE PRODUCTS OR V3 MATERIALS.
8.2 Customer will indemnify, defend and hold V3 harmless against any claim brought by a third party against V3 arising from or related to Customer’s (i) use of the Products in any manner other than as expressly permitted hereunder, and (ii) violation of applicable law. Customer shall not settle any claim against V3 without V3’s prior written consent.
8.3 The indemnification obligations in this section shall be subject to the indemnified party: (i) promptly notifying the indemnifying party in writing upon receiving notice of any threat or claim of such action; (ii) giving the indemnifying party exclusive control and authority over the defense and/or settlement of such claim (provided any such settlement unconditionally releases the indemnified party of all liability); and (iii) providing reasonable assistance requested by the indemnifying party, at the indemnifying party’s expense.
- LIMITATION OF LIABILITY
9.1 Waiver of Consequential Damages. IN NO EVENT WILL V3 BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY DAMAGES OF ANY KIND, OR ANY LOST PROFITS OR LOST SAVINGS, HOWEVER CAUSED, WHETHER FOR BREACH OR REPUDIATION OF CONTRACT, TORT, BREACH OF WARRANTY, NEGLIGENCE, OR OTHERWISE, WHETHER OR NOT SUCH PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES.
9.2 Limitation of Monetary Damages. V3’S TOTAL LIABILITY ARISING OUT OF THIS AGREEMENT AND ANY ORDER SHALL BE LIMITED TO THE TOTAL FEES RECEIVED BY V3 FOR THE RELEVANT ORDER DURING THE 12 MONTHS IMMEDIATELY PRECEDING THE FIRST OCCURRENCE OF THE EVENT(S) GIVING RISE TO SUCH LIABILITY.
9.3 Applicability. THE LIMITATIONS AND EXCLUSIONS CONTAINED HEREIN WILL APPLY TO THE MAXIMUM EXTENT NOT PROHIBITED UNDER APPLICABLE LAW.
- PROCESSING OF PERSONAL DATA
10.1 General. The terms of this Article 10 will apply to V3’s processing of Personal Data and Personal Information (collectively “Personal Data”), but, only to the extent that such Applicable Law(s) (as defined herein) apply to such processing. Capitalized terms in this Article 10 which are not otherwise defined herein, shall have the meaning ascribed to them in the Applicable Law. For the purposes of this Article 10, “Applicable Laws” means any applicable law governing the privacy, data protection, confidentiality, information security, availability and integrity, or the handling or processing of personal data, including, but not limited, to EU General Data Protection Regulation 2016/679 (“GDPR”) and the California Consumer Privacy Act. “Model Clauses” means the processor standard contractual clauses approved by the EU Commission for the Transfer of Personal Data to Processors established in Third Countries under the EU Data Protection Laws, as amended, replaced, or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR, and shall apply only to the extent that the data processed in the Personal Data relates to any individual residing in an EU Member State is transferred outside of the EU.
10.2 Categories of Personal Data & Data Subjects. In order to provide the Services, Customer hereby authorizes and requests that V3 process Personal Data, including, [ad exchange ID, IP addresses, device user agent strings (containing detail of the browser and operating system used), host, path and query information related to a URL and additional data passed to V3’s application programming interface, in each case, related to Customer’s end users, which such processing may take place where V3 or its third-party Sub-Processors operate facilities.
10.3 Customer’s Instructions. Customer may provide instructions in writing to V3 in addition to those specified herein with regard to processing of Personal Data. V3 shall promptly respond to and comply with any request or instructions from Customer regarding the collection, use, processing and disclosure of Personal Data, which request may require V3 to:
- Identify all Personal Data it has collected about Customer’s and/or its end user(s);
- Identify all Personal Data that is sold or otherwise disclosed to any other party, including the identity of such other party;
- Effectuate all opt-outs by Customer’s end users relating to the sale of their Personal Data or provision of their Personal Information to others for marketing purposes; and
- Comply with all requests that any end users’ Personal Data be deleted.
The parties will negotiate in good faith with respect to any other change in the Services and/or Fees resulting from any additional instructions.
10.4 Roles and Restrictions on Processing of Personal Data. Customer will at all times (i) remain the Controller of Personal Data pursuant to Applicable Law; (ii) determine the purposes and means of its processing of Personal Data; and (iii) comply with the obligations applicable to it pursuant to all Applicable Laws regarding the processing of Personal Data, including, without limitation, establishing a legal basis for processing of Personal Data and with respect to the transfer and provision of Personal Data to V3 for processing hereunder.
V3 is a Processor with respect to its processing of Personal Data hereunder. V3 will process Personal Data solely as set forth in this Agreement, and will not otherwise (i) process Personal Data for purposes other than those set forth in this Agreement or as otherwise instructed by Customer in writing in accordance with Section 10.3 herein and only to the extent necessary to perform its obligations hereunder, or (ii) disclose such Personal Data to third parties other than Affiliates or third party Sub-Processors as permitted or required by Applicable Law or as otherwise provided herein. V3 will comply with the obligations applicable to it pursuant to all Applicable Law regarding the processing of Personal Data.
10.5 Rights of Data Subjects. V3 will follow Customer’s detailed written instructions to meet its obligations pursuant to Applicable Law to respond to Data Subject requests to access, delete, release, correct, or block access to Personal Data held in V3’s information technology environment. Customer agrees to pay V3’s reasonable out-of-pocket costs and expenses and standard hourly fees that may be associated with V3’s performance of any such access, deletion, release, correction, or blocking of access to Personal Data on Customer’s behalf. V3 will promptly pass on to Customer any requests of an individual Data Subject to access, delete, release, correct, or block Personal Data processed by V3 in connection with the terms set forth herein and shall not respond to any such request without Customer’s prior written consent. V3 shall assist Customer to fulfill the rights of the Data Subjects and respond to any such request; provided, however, that V3 will not be responsible for responding directly to the request, unless otherwise required by Applicable Law.
10.6 Cross Border and Onward Data Transfers. V3 treats all Personal Data in a manner consistent with the requirements set forth herein in all locations globally. Transfers of Personal Data originating from the EEA or Switzerland to Affiliates or third party Sub-Processors located in countries outside the EEA or Switzerland that have not received a binding adequacy decision by the European Commission or by a competent national data protection authority, are subject to (i) the terms of the Model Clauses; or (ii) other appropriate transfer mechanisms pursuant to Applicable Law. The terms of this Article 10 shall be read in conjunction with the Model Clauses or other appropriate transfer mechanisms.
Transfers of Personal Data originating from other locations globally to Affiliates or third party Sub-Processors are subject to (i) for Affiliates, the terms of an intra-company data processing and transfer agreement entered into between V3 and the Affiliates incorporating data security requirements consistent with those set forth herein; and (ii) for third party Sub-Processors, the terms of the relevant third party Sub-Processor agreement between V3 and the third party Sub-processor, incorporating data security requirements consistent with those set forth herein.
10.7 Affiliates and Third-Party Sub-Processors. Some or all of V3’s obligations under the Agreement may be performed by Affiliates and third-party Sub-Processors. V3 maintains a list of Affiliates and Third-Party Sub-Processors that may process Personal Data. V3 will provide a copy of that list to Customer upon request.
V3 shall ensure that Affiliates and third-party Sub-Processors will be required to abide by substantially the same obligations as V3 under this Article 10 as applicable to their processing of Personal Data. You may request that V3 audit a third-party Sub-Processor or provide confirmation that such an audit has occurred (or, where available, obtain or assist Customer in obtaining a third-party audit report concerning the third-party Sub-Processor’s operations) to ensure compliance with such obligations.
V3 remains responsible at all times for compliance with the terms of this Article 10 by Affiliates and the performance of third-party Sub-Processors. Customer consents to V3’s use of Affiliates and third-party Sub-Processors as set forth herein in accordance with the terms of Section 10.6 and Section 10.7.
10.8 Technical and Organizational Measures. V3 has implemented and will maintain all appropriate technical and organizational security measures and other data protection requirements to protect Personal Data against accidental or unauthorized loss, destruction, alteration, disclosure, or access, and against all other unlawful forms of processing.
10.9 Incident Management and Breach Notification. V3 evaluates and responds to incidents that create suspicion of or indicate a Personal Data Breach. V3 shall comply with all notification and mitigation requirements in accordance with Applicable Laws.
- EXPORT COMPLIANCE AND COMMERCIAL ITEM SOFTWARE
11.1 Export Compliance. The Products and other software or components of the Products which V3 may provide or make available to Customer may be subject to United States export control and economic sanctions laws and other foreign trade controls. Customer agrees to comply with applicable laws in connection with its performance hereunder, including without limitation, applicable U.S. and foreign export controls, economic sanctions, and other trade controls.
11.2 Commercial Item Software. The Products and Documentation are “commercial items”, “commercial computer software” and “commercial computer software documentation,” pursuant to DFAR section 227.7202 and FAR section 12.212, as applicable. All Products and V3 Materials are and were developed solely at private expense. Any use, modification, reproduction, release, performance, display or disclosure of the Products, V3 Materials and Documentation by the United States Government shall be governed solely by this Agreement and shall be prohibited except to the extent expressly permitted by this Agreement.
- GENERAL PROVISIONS
12.1 Relationship of the Parties. The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties.
12.2 Notices. All notices required to be sent hereunder shall be in writing, addressed to receiving party’s current business contact, if known, with a cc: to the Legal Department of the receiving party, and sent to the party’s address as listed in the Order, or as updated by either party by written notice. Notices shall be effective upon receipt and shall be deemed to be received as follows: (i) if personally delivered by courier, when delivered; or (ii) if mailed by first class mail, or the local equivalent, on the fifth business day after posting with the proper address.
12.3 Waiver and Cumulative Remedies. No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right. Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity.
12.4 Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in full force and effect.
12.5 Assignment. Customer may not assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of V3 (not to be unreasonably withheld), except that Customer may assign this Agreement in its entirety, without the consent of V3, to (i) an Affiliate; or (ii) in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets not involving a direct competitor of V3. Any attempt by Customer to assign its rights or obligations under this Agreement in breach of this section shall be void and of no effect. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors and permitted assigns.
12.6 Governing Law. This Agreement and any disputes arising out of or related hereto shall be governed by and construed in accordance with the laws of the State of Florida, without giving effect to its conflicts of laws rules, the United Nations Convention on the International Sale of Goods, or the Uniform Computer Information Transactions Act.
12.7 Force Majeure. Neither party shall be liable for delay or non-performance of its obligations hereunder (or part thereof) if the cause of delay or non-performance is due to a Force Majeure Event. The party affected shall be relieved from its obligations (or part thereof) for the duration of the Force Majeure Event. The party affected shall promptly notify the other party and make reasonable efforts to mitigate the effects of the Force Majeure Event.