Webinar with Forrester on steps to automate compliance with PrivacyOpsRegister Now
Effective as of October 1, 2019
THIS CUSTOMER AGREEMENT AND ITS CORRESPONDING ORDER FORM(S) (COLLECTIVELY REFERRED TO AS THIS "AGREEMENT") GOVERN CUSTOMER’S USE OF SECURITI, INC.’S ("SECURITI") SECURITI PRODUCT (DEFINED BELOW). PLEASE READ THE TERMS AND CONDITIONS OF THIS AGREEMENT CAREFULLY BEFORE USING THE SECURITI PRODUCT. BY EXECUTING AN ORDER FORM FOR THE SECURITI PRODUCT EITHER DIRECTLY OR INDIRECTLY, OR BY ACCEPTING THIS AGREEMENT BY ANY ONLINE OR DIGITAL PROCESS, CUSTOMER HEREBY ACCEPTS THE TERMS AND CONDITIONS SET OUT BELOW. THE INDIVIDUAL ACCEPTING THIS AGREEMENT HEREBY REPRESENTS THAT SUCH INDIVIDUAL IS AN AUTHORIZED REPRESENTATIVE OF THE CUSTOMER LISTED ON AN ORDER FORM AND IS AUTHORIZED TO OBLIGATE SUCH CUSTOMER TO ALL TERMS AND CONDITIONS IN THIS AGREEMENT, AND SUCH INDIVIDUAL ACKNOWLEDGES THAT SECURITI RELIES ON SUCH REPRESENTATION IN ENTERING INTO THIS AGREEMENT. SECURITI MAY MODIFY THIS AGREEMENT FROM TIME TO TIME, AND CHANGES TO THIS AGREEMENT WILL BE POSTED ON THE SECURITI WEBSITE AND REVISIONS WILL BE INDICATED BY VERSION DATE. CUSTOMER AGREES TO BE BOUND TO ANY CHANGES TO THIS AGREEMENT WHEN CUSTOMER USES THE SECURITI PRODUCT AFTER ANY SUCH MODIFICATION BECOMES EFFECTIVE. MODIFICATIONS TO THIS AGREEMENT WILL BECOME EFFECTIVE UPON THE RENEWAL OF AN ORDER FORM. THE "EFFECTIVE DATE" OF THIS AGREEMENT IS THE DATE THIS AGREEMENT IS ACCEPTED BY CUSTOMER
Securiti is the developer of PRIVACI.ai, the PrivacyOps platform with multiple modules to assist with compliance for privacy regulations. Customer desires to use certain functions of the Securiti Product to enhance its privacy practices.
The following terms, when used in this Agreement will have the following meanings:
"Affiliates" means an entity that directly or indirectly Controls, is Controlled by, or is under common Control with another entity, so long as such Control exists. For the purposes of this definition, "Control" means beneficial ownership of 50% or more of the voting power or equity in an entity.
"Authorized Users" means the employees, contractors and service providers of Customer or its Affiliates who are authorized to access and use the Securiti Product on behalf of Customer and its Affiliates.
"Confidential Information" means any information or data disclosed by either party that is marked or otherwise designated as confidential or proprietary or that should otherwise be reasonably understood to be confidential in light of the nature of the information and the circumstances surrounding disclosure. However, "Confidential Information" will not include any information which (a) is in the public domain through no fault of receiving party; (b) was properly known to receiving party, without restriction, prior to disclosure by the disclosing party; (c) was properly disclosed to receiving party, without restriction, by another person with the legal authority to do so; or (d) is independently developed by the receiving party without use of or reference to the disclosing party’s Confidential Information. Customer Data and any data or information that identifies Customer’s business or business practices (e.g., number of Customer Data records, number of consumer requests or responses processed) is the Confidential Information of Customer.
"Documentation" means the printed and digital instructions, on-line help files, technical documentation and user manuals made available by Securiti for the Securiti Product.
"Order Form" means an order form, quote or other similar document that sets forth the specific Securiti Product and pricing therefor, and that references this Agreement and is mutually executed by the parties.
"Professional Services" means any implementation, training, configuration, consulting, data migration, conversion, integration setup, or other services provided by Securiti to Customer, as set forth in an Order Form.
"Securiti Product" means the web-based application, as well as certain downloadable components that must deployed within Customer’s environment, made available to Customer by Securiti via a subscription. Securiti will host and operate such web-based application on computer servers accessible by Customer over the Internet. "Securiti Product" excludes any Customer Data contained or processed therein.
Subject to the terms and conditions of this Agreement and the Service Level Agreement (SLA) attached in Exhibit A, Securiti will make certain functions of the Securiti Product available to Customer pursuant to this Agreement and the applicable Order Form, and hereby grants Customer a non-exclusive right to access and use the Securiti Product for its privacy compliance purposes. Customer may extend the rights granted herein to its Affiliates, provided that it will ensure their compliance with this Agreement and be responsible for their acts and omissions hereunder, in each case as if they were Customer hereunder. Customer hereby grants to Securiti a royalty-free, worldwide, non-exclusive, fully paid-up license to use the Customer Data (as defined below) in order to perform and provide the Securiti Product and Professional Services for the benefit of Customer or for the purpose of enhancing product or services in accordance with the terms of this Agreement.
(a) Securiti will maintain a security program materially in accordance with industry standards that is designed to reasonably (i) ensure the security and integrity of Customer data uploaded by, or on behalf of, Customer to the Securiti Product ("Customer Data"); (ii) protect against threats or hazards to the security or integrity of Customer Data; and (iii) prevent unauthorized access to Customer Data. Securiti’s security safeguards include measures for preventing access, use, modification or disclosure of Customer Data by Securiti personnel except (a) to provide the Securiti Product and prevent or address service or technical problems, (b) as required by applicable law, or (c) as Customer expressly permits in writing or under this Agreement. Securiti will comply with the Security Exhibit attached hereto as Exhibit B, and will provide to Customer, upon request, Securiti’s most recently completed Service Organization Control 2 (SOC2) audit reports or industry-standard successor report ("Controls Reports"). Securiti will not materially diminish the protections provided in this Section during the term of this Agreement.
(b) To the extent that Securiti processes any Personal Data (as defined in the DPA referenced below) contained in Customer Data that is subject to the GDPR (as defined in the DPA), on Customer’s behalf, in the provision of the Securiti Product, Customer shall download and execute Securiti’s Data Processing Agreement ("DPA") which DPA shall be deemed attached to and a part of this Agreement.
(a) The rights granted herein are subject to the following restrictions. Customer will not directly or indirectly:
reverse engineer, decompile, disassemble, modify, create derivative works of or otherwise create, attempt to create or derive, or permit or assist any third party to create or derive, the source code underlying the Securiti Product;
(b) attempt to probe, scan or test the vulnerability of the Securiti Product, breach the security or authentication measures of the Securiti Product without proper authorization or wilfully render any part of the Securiti Product unusable;
(c) use or access the Securiti Product to develop a product or service that is competitive with Securiti’s products or engage in competitive analysis or benchmarking;
(d) transfer, distribute, resell, lease, license, or assign the Securiti Product or otherwise offer the Securiti Product on a standalone basis; or
(e) otherwise use the Securiti Product outside the scope expressly permitted hereunder and in the applicable Order Form.
Customer may permit its Authorized Users to use the Securiti Product and such access rights shall not be shared with any third parties other than Authorized Users. The number of Authorized Users accessing the Securiti Product shall not exceed the maximum number of Authorized Users specified in the Order Form.
(a) Customer may permit its Authorized Users to use the Securiti Product and such access rights shall not be shared with any third parties other than Authorized Users. The number of Authorized Users accessing the Securiti Product shall not exceed the maximum number of Authorized Users specified in the Order Form.
(b) Customer will (i) be responsible for all use of the Securiti Product under its account by parties other than Securiti and its Affiliates (whether or not authorized), (ii) use commercially reasonable efforts to prevent unauthorized access to or use of the Securiti Product and notify Securiti promptly of any such unauthorized access or use and (iii) be responsible for obtaining and maintaining any equipment, software and ancillary services needed to connect to, access or otherwise use the Securiti Product, in each case as set forth in the Documentation. Customer will be solely responsible for its failure to maintain such equipment, software and services, and Securiti will have no liability for such failure (including under any service level agreement, if applicable).
(c) Customer understands that the Securiti Product provides a platform whereby Customer is able to manage personal data, including, without limitation, the Customer Data, that may be governed by U.S., General Data Protection Regulation ("GDPR"), and foreign data protection and privacy laws (the "Applicable Laws"). The Applicable Laws regulate personal data in terms of collection, retention and transfer of such information. Customer acknowledges that under Applicable Laws, Customer assumes full responsibility as the controller of such data. The Securiti Product contains tools and functions that allow the Securiti Product to be configured by Customer as necessary for its compliance with Applicable Laws. Accordingly, Customer assumes the responsibility as the controller of personal data that may be collected and reside in the Securiti Product to ensure that the Securiti Product is configured by Customer to comply with any and all Applicable Laws in terms of all transparency-related obligations (including, without limitation, displaying any and all relevant and required privacy notices or policies) and shall have any and all required legal bases in order to collect, process and transfer to Securiti the Customer Data (including, without limitation, personal data) and to authorize the processing by Securiti of the personal data and any other applicable requirements. For avoidance of doubt, it is Customer’s responsibility to confer as needed with legal counsel to confirm and maintain compliance by Customer with Applicable Laws.
Securiti may, from time to time, implement enhancements, upgrades, updates, improvements, modifications, extensions and other changes to the Securiti Product. Securiti shall provide Customer with access to all such changes to the specific Securiti Product subscribed to by Customer in an existing Order Form without separate charge.
Securiti agrees to comply with the Service Level Agreement attached hereto as Exhibit A.
Customer will pay Securiti the fees set forth in an Order Form. Except as otherwise specified herein or in any applicable Order Form, (a) fees are quoted and payable in United States dollars and (b) payment obligations are non-cancelable and non-pro-ratable for partial months, and fees paid are non-refundable, except as otherwise expressly provided herein. Customer is not liable for any expenses incurred by Securiti (including travel, meals and hotels) except as otherwise pre-approved in writing by Customer.
Securiti may suspend access to the Securiti Product immediately upon notice to Customer if Customer fails to pay any non-disputed amounts hereunder at least thirty (30) days past the applicable due date.
All amounts payable hereunder are exclusive of any sales, use and other taxes or duties, however designated (collectively "Taxes"). Customer will be solely responsible for payment of all Taxes, except for those taxes based on the income of Securiti. Customer will not withhold any taxes from any amounts due to Securiti, provided that if Customer is required by law to withhold any taxes then the invoiced amount shall be deemed increased so that the amount payable by Customer after such withholding equals the invoiced amount.
As between the parties, Securiti exclusively owns all right, title and interest in and to the Securiti Product (including any Securiti Product trademarks), and Securiti’s Confidential Information, including all System Data."System Data" means anonymized user and other data collected by Securiti regarding the Securiti Product that may be used to generate logs, statistics and reports regarding performance, availability, integrity and security of the Securiti Product. Customer exclusively owns all right, title and interest in and to the Customer Data and Customer’s Confidential Information.
Customer may from time to time provide Securiti suggestions or comments for enhancements or improvements, new features or functionality or other feedback with respect to the Securiti Product. Securiti will have full discretion to determine whether or not to proceed with the development of any requested enhancements, new features or functionality. Securiti will have the full, unencumbered right, without any obligation to compensate or reimburse Customer, to use, incorporate and otherwise fully exercise and exploit any such feedback in connection with its products and services.
Each party agrees that it will use the Confidential Information of the other party solely in accordance with the provisions of this Agreement and it will not disclose, or permit to be disclosed, the same directly or indirectly, to any third party without the other party’s prior written consent, except as otherwise expressly permitted hereunder. However, either party may disclose Confidential Information (a) to its employees, officers, directors, attorneys, auditors, financial advisors and other representatives who have a need to know and are legally bound to keep such information confidential by confidentiality obligations consistent with those of this Agreement; and (b) as required by law (in which case the receiving party will provide the disclosing party with prior written notification thereof, will provide the disclosing party with the opportunity to contest such disclosure, and will use its reasonable efforts to minimize such disclosure to the extent permitted by applicable law). Neither party will disclose the terms of this Agreement to any third party, except that either party may confidentially disclose such terms to actual or potential lenders, investors or acquirers. Each party agrees to exercise due care in protecting the Confidential Information from unauthorized use and disclosure. In the event of actual or threatened breach of the provisions of this Section or the restrictions in Section 2.3 hereof, the non-breaching party will be entitled to seek immediate injunctive and other equitable relief, without waiving any other rights or remedies available to it. Each party will promptly notify the other in writing if it becomes aware of any violations of the confidentiality obligations set forth in this Agreement.
Both parties. Each party warrants that it has the authority to enter into this Agreement and, in connection with its performance of this Agreement, shall comply with all laws and regulations applicable to such party.
Securiti warrants that the Securiti Products will (i) substantially meet the requirements described in the relevant Order Form during the term of the Order Form consistent with prevailing industry standards, (ii) will substantially conform with the Documentation, and (iii) be free of viruses, malware, malicious code, time bombs, Trojan horses, back doors, drop dead devices, worms, self-replicating or other code of any kind that when used in Customer’s network environment, may alter, destroy, inhibit, disable, or disable or discontinue effective use of the Customer’s systems. The functionality of the Securiti Products ordered will not be decreased during the term of this Agreement. Securiti will perform any Professional Services in a professional and workmanlike manner. For a material breach of the foregoing express warranties contained this Section 5.2, Customer’s exclusive remedy shall be the re-performance of the deficient Securiti Product or Professional Services or, if Securiti cannot re-perform such deficient Securiti Product or Professional Services as warranted, Customer shall be entitled to terminate this Agreement for breach, any Order Form or applicable portion of the Order Form covering such Securiti Product or Professional Services in accordance with Section 8.2 and recover a pro-rata portion of the fees paid to Securiti for such deficient Securiti Product or Professional Services.
Customer warrants that it has all rights necessary to provide any information, data or other materials that it provides hereunder, and to permit Securiti to use the same as contemplated hereunder.
EXCEPT AS EXPRESSLY SET FORTH HEREIN, SECURITI DISCLAIMS ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, TITLE, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMER ACKNOWLEDGES THAT THE SECURITI PRODUCT IS INTENDED ONLY TO AUGMENT CUSTOMER’S PRIVACY PRACTICES, BUT NOT REPLACE, LEGAL AND OTHER PROFESSIONAL ADVISORS. CUSTOMER IS A DATA CONTROLLER, RESPONSIBLE FOR WHICH DATA IT COLLECTS, AND IS RESPONSIBLE FOR ITS OWN PRIVACY POLICIES. EXCEPT AS EXPRESSLY SET FORTH HEREIN, SECURITI DOES NOT WARRANT THAT ACCESS TO THE SECURITI PRODUCTS WILL BE UNINTERRUPTED OR ERROR-FREE, THAT ALL DEFECTS AND ERRORS IN THE SECURITI PRODUCTS WILL BE CORRECTED, OR THAT THE SECURITI PRODUCTS AND SERVICES WILL MEET CUSTOMER’S PARTICULAR REQUIREMENTS OR EXPECTATIONS. SECURITI SHALL NOT BE LIABLE OR RESPONSIBLE FOR ANY DELAYS, INTERRUPTIONS, SERVICE FAILURES, AND ANY OTHER PROBLEMS ARISING FROM CUSTOMER’S USE OF THE INTERNET, ELECTRONIC COMMUNICATIONS OR ANY OTHER SYSTEMS. CUSTOMER ACKNOWLEDGES THAT IT MAY HAVE ACCESS TO CERTAIN SECURITY ASSESSMENT TEMPLATES PROVIDED BY THIRD PARTIES, AND SECURITI MAKES NO REPRESENTATIONS, WARRANTIES OR OTHER COMMITMENTS WITH RESPECT SUCH TEMPLATES OR THE ACCURACY OF INFORMATION PROVIDED THEREIN. THE PROVISIONS OF THIS SECTION ALLOCATE THE RISKS UNDER THIS AGREEMENT BETWEEN SECURITI AND CUSTOMER. SECURITI’S PRICING REFLECTS THIS ALLOCATION OF RISK AND THE LIMITED WARRANTIES SPECIFIED HEREIN.
Securiti will defend Customer against any claim, demand, suit, or proceeding made or brought against Customer by a third party ("Claim") (i) alleging that the use of the Securiti Product as permitted hereunder infringes or misappropriates a United States patent, copyright or trade secret or trademark of any third party, or (ii) arising out of any use or disclosure of Customer Data by Securiti in breach of this Agreement and in respect of each Claim described in (i) and (ii) above, Securiti will indemnify Customer for any liabilities, awards, penalties or costs (including reasonable attorneys' fees) in connection with any such Claim ("Costs"); provided that (a) Customer will promptly notify Securiti of such Claim (provided that the failure to provide such notice shall not relieve Securiti of its indemnification obligations except to the extent of any material prejudice directly resulting from such failure), (b) Securiti will have the sole and exclusive authority to defend and/or settle any such Claim (provided that Securiti may not settle any Claim without Customer’s prior written consent, which will not be unreasonably withheld, unless it unconditionally releases Customer of all related liability) and (c) Customer reasonably cooperates with Securiti in connection therewith. If the use of the Securiti Product by Customer has become, or in Securiti’s opinion is likely to become, the subject of any claim of infringement, Securiti may at its option and expense (i) procure for Customer the right to continue using and receiving the Securiti Product as set forth hereunder; (ii) replace or modify the Securiti Product to make it non-infringing (with comparable functionality); or (iii) if the options in clauses (i) or (ii) are determined by Securiti to not be reasonably practicable, terminate this Agreement and provide refund of any prepaid unused fees corresponding to the terminated portion of the applicable subscription term. Securiti will have no liability or obligation with respect to any Claim to the extent such Claim results from (A) compliance with designs, guidelines, plans or specifications provided by Customer, or the use or inclusion of Customer Data; (B) use of the Securiti Product by Customer not in accordance with this Agreement or in violation of any applicable law; (C) modification of the Securiti Product by any party other than Securiti without Securiti’s express consent; (D) Customer Confidential Information or (E) the combination, operation or use of the Securiti Product with other applications, portions of applications, product(s) or services in a manner not reasonably required where the Securiti Product would not by itself be infringing (clauses (A) through (E), "Excluded Claims"). This Section states Securiti’s sole and exclusive liability and obligation, and Customer’s exclusive remedy, for any claim of any nature related to infringement or misappropriation of intellectual property.
Customer will defend Securiti against any Claim made or brought against Securiti by a third party arising out of the Excluded Claims, and Customer will indemnify Securiti for any Costs in connection with any such Claim; provided that (a) Securiti will promptly notify Customer of such Claim (provided that the failure to provide such notice shall not relieve Customer of its indemnification obligations except to the extent of any material prejudice directly resulting from such failure), (b) Customer will have the sole and exclusive authority to defend and/or settle any such Claim (provided that Customer may not settle any Claim without Securiti’s prior written consent, which will not be unreasonably withheld, unless it unconditionally releases Securiti of all liability) and (c) Securiti reasonably cooperates with Customer in connection therewith.
UNDER NO LEGAL THEORY, WHETHER IN TORT, CONTRACT, OR OTHERWISE, WILL EITHER PARTY OR ITS AFFILIATES, OR THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, AGENTS OR CONTRACTORS, BE LIABLE TO THE OTHER UNDER THIS AGREEMENT FOR (A) ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES OF ANY CHARACTER, INCLUDING DAMAGES FOR LOSS OF GOODWILL, LOST PROFITS, LOST SALES OR BUSINESS, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, LOST CONTENT OR DATA, EVEN IF A REPRESENTATIVE OF SUCH PARTY HAS BEEN ADVISED, KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES, OR (B) EXCLUDING CUSTOMER’S PAYMENT OBLIGATIONS, ANY DIRECT DAMAGES, COSTS, OR LIABILITIES IN EXCESS OF THE AMOUNTS PAID BY CUSTOMER UNDER THE APPLICABLE ORDER FORM DURING THE TWELVE (12) MONTHS PRECEDING THE INCIDENT OR CLAIM.
The term of this Agreement will commence on the Effective Date and continue until terminated as set forth below. The initial term of each Order Form will begin on the Order Form effective date of such Order Form and will continue for the subscription term set forth therein. Except as set forth in such Order Form, the term of such Order Form will automatically renew for successive renewal terms equal to the length of the initial term of such Order Form, unless either party provides the other party with written notice of non-renewal at least thirty (30) days prior to the end of the then-current term.
Each party may terminate this Agreement upon written notice to the other party if there are no Order Forms then in effect. Each party may also terminate this Agreement or the applicable Order Form upon written notice in the event (a) the other party commits any material breach of this Agreement or the applicable Order Form and fails to remedy such breach within thirty (30) days after written notice of such breach or (b) subject to applicable law, upon the other party’s liquidation, commencement of dissolution proceedings or assignment of substantially all its assets for the benefit of creditors, or if the other party become the subject of bankruptcy or similar proceeding that is not dismissed within sixty (60) days.
Upon any termination or expiration of this Agreement: (i) Securiti will terminate Customer’s access to the Securiti Product and will cease providing such services; (ii) Customer shall immediately cease any and all use of and access to any Securiti Products; and (iii) each party hereunder shall return to the other party any and all Confidential Information of the other party in its possession. Termination shall not relieve Customer of the obligation to pay Securiti the fees agreed in an Order Form.
Upon termination of this Agreement all rights and obligations will immediately terminate except that any terms or conditions that by their nature should survive such termination will survive, including the restrictions in Section 2.3 hereof, and terms and conditions relating to proprietary rights and confidentiality, payment, disclaimers, indemnification, limitations of liability and termination and the general provisions below.
Each party will comply with the export laws and regulations of the United States, European Union and other applicable jurisdictions in providing and using the Securiti Product.
Customer agrees that Securiti may refer to Customer’s name and trademarks in Securiti’s marketing materials and website and case studies, provided Customer is allowed to review such use prior to publication. Securiti will not refer to Customer or its business in a press release without Customer’s prior written consent. In addition, Customer agrees to become part of Securiti’s reference program by working with a representative from Securiti’s marketing team to develop a customer profile for use on Securiti’s website. The profile will include a quote from an executive of Customer and Customer’s logo.
Neither party hereto may assign or otherwise transfer this Agreement, in whole or in part, without the other party’s prior written consent, except that either party may assign this Agreement without consent to a successor to all or substantially all of its assets or business related to this Agreement. Any attempted assignment, delegation, or transfer by either party in violation hereof will be null and void. Subject to the foregoing, this Agreement will be binding on the parties and their successors and assigns.
No amendment or modification to this Agreement, nor any waiver of any rights hereunder, will be effective unless assented to in writing by both parties, or in a manner otherwise set forth in this Agreement. Any such waiver will be only to the specific provision and under the specific circumstances for which it was given, and will not apply with respect to any repeated or continued violation of the same provision or any other provision. Failure or delay by either party to enforce any provision of this Agreement will not be deemed a waiver of future enforcement of that or any other provision.
Nothing contained herein will in any way constitute any association, partnership, agency, employment or joint venture between the parties hereto, or be construed to evidence the intention of the parties to establish any such relationship. Neither party will have the authority to obligate or bind the other in any manner, and nothing herein contained will give rise or is intended to give rise to any rights of any kind to any third parties.
If a court of competent jurisdiction determines that any provision of this Agreement is invalid, illegal, or otherwise unenforceable, such provision will be enforced as nearly as possible in accordance with the stated intention of the parties, while the remainder of this Agreement will remain in full force and effect and bind the parties according to its terms.
This Agreement will be governed by the laws of the State of California, exclusive of its rules governing choice of law and conflict of laws. The parties agree to submit to the exclusive jurisdiction of (i) the state courts located in Santa Clara County in the State of California and (ii) the federal courts located in the Northern District of California, with respect to disputes hereunder. This Agreement will not be governed by the United Nations Convention on Contracts for the International Sale of Goods or by Uniform Computer Information Transactions Act (UCITA).
Any notice required or permitted to be given hereunder will be given in writing by personal delivery, certified mail, return receipt requested, by overnight delivery, or by email or fax. Notices will be deemed given upon verifiable receipt
This Agreement comprises the entire agreement between Customer and Securiti with respect to its subject matter, and supersedes all prior and contemporaneous proposals, statements, sales materials or presentations and agreements (oral and written). No oral or written information or advice given by Securiti, its agents or employees will create a warranty or in any way increase the scope of the warranties in this Agreement.
Neither Party will be deemed in breach hereunder for any cessation, interruption or delay in the performance of its obligations due to causes beyond its reasonable control ("Force Majeure Event"), including earthquake, flood, or other natural disaster, act of god, labor controversy, civil disturbance, terrorism, war (whether or not officially declared), cyber-attacks (e.g., denial of service attacks), or the inability to obtain sufficient supplies, transportation, or other essential commodity or service required in the conduct of its business, or any change in or the adoption of any law, regulation, judgment or decree.
For purposes hereof, "including" means "including without limitation".
To the extent hosted and operated by or on behalf of Securiti, the Securiti Product will be Available 99.5% of the time, measured on a calendar monthly basis (the "Availability Commitment"). "Availability" means that the Securiti Product is available for use by Customer. Availability measures will not include downtime resulting from:
The Availability Commitment does not apply to any downtime of the Securiti Product that results from:
Securiti will provide Customer with reports on Availability upon request.
If Securiti fails to achieve the above Availability Commitment for the Securiti Product, Customer may claim a credit as provided below.
|PERCENTAGE AVAILABILITY PER MONT||CREDIT|
Customer will not be entitled to a credit if it is in breach of its Agreement with Securiti, including payment obligations. To receive a credit, a Customer must file a claim for such credit within fifteen (15) days following the end of the month in which the Availability Commitment was not met by contacting Securiti at firstname.lastname@example.org (or by opening a customer support ticket at https://app.securiti.ai/#/customer-support) with a complete description of the downtime, how Customer was adversely affected, and for how long.
The credit remedy set forth in this Service Level Agreement is Customer’s sole and exclusive remedy for the unavailability of the Securiti Product; provided that Customer shall have the right to terminate this Agreement if Securiti fails to achieve an Availability Commitment of 92% or better in three consecutive months; provided further that notwithstanding anything to the contrary in the Agreement, Customer shall have no payment obligations for services to be performed following such termination.
Securiti live technical support business hours will start at 9:00 am Pacific Time and run until 5:00 pm Pacific Time on weekdays (excluding holidays). Technical support can be contacted via email at email@example.com or by opening a customer support ticket at https://app.securiti.ai/#/customer-support.
|firstname.lastname@example.org||Open a support ticket at https://app.securiti.ai/#/customer-support|
Live technical support will not be available on Christmas Day (December 25) and New Year’s Day (January 1). Limited technical support will be available during the hours listed above during Securiti holidays. The current Securiti holidays are set forth below:
Customer Technical Contact(s): As designated by Customer
Initial privileged customer support accounts will be created for the customer contacts listed above. Additional privileged customer support accounts may be created based on a documented authorization request from a designated customer contact above or by Customer directly.
Securiti maintains a comprehensive, written information security program that contains administrative, technical, and physical safeguards that are appropriate to (a) the size, scope and type of Securiti’s business; (b) the type of information that Securiti will store; and (c) the need for security and confidentiality of such information.
Securiti’s security program includes:
A mandatory security awareness and training program for all members of Securiti’s workforce (including management), which includes:
Controls that provide reasonable assurance that access to physical servers at the production data center, if applicable, is limited to properly authorized individuals and that environmental controls are established to detect, prevent and control destruction due to environmental extremes. These controls are implemented by Amazon Web Services (AWS) and they are listed here: https://aws.amazon.com/compliance/data-center/controls/. Specific to Securiti:
A security incident response plan that includes procedures to be followed in the event of any Security Breach. Such procedures include:
Policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, pandemic flu, and natural disaster) that could damage Customer Data or production systems that contain Customer Data. Such procedures include:
Hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic information.
Policies and procedures to ensure the confidentiality, integrity, and availability of Customer Data and protect it from disclosure, improper alteration, or destruction.
Security measures to guard against unauthorized access to Customer Data that is being transmitted over a public electronic communications network or stored electronically. Such measures include requiring encryption of any Customer Data stored on desktops, laptops or other removable storage devices.
Policies and procedures regarding the secure disposal of tangible property containing Customer Data, taking into account available technology so that Customer Data cannot be practicably read or reconstructed.
Assigning responsibility for the development, implementation, and maintenance of Securiti’s security program, including:
Regularly testing the key controls, systems and procedures of its information security program to validate that they are properly implemented and effective in addressing the threats and risks identified. Where applicable, such testing includes:
Network and systems monitoring, including error logs on servers, disks and security events for any potential problems. Such monitoring includes:
Maintaining policies and procedures for managing changes Securiti makes to production systems, applications, and databases. Such policies and procedures include:
Monitoring, evaluating, and adjusting, as appropriate, the security program in light of:
Ensuring that all laptop and desktop computing devices utilized by Securiti and any subcontractors when accessing Customer Data:
"Security Breach" means any security incident if there is a reason to believe Customer Data has been or may have been accessed by an unauthorized party.
At all times Securiti accesses, processes or stores Customer Data, Securiti will maintain: Errors & Omissions/Professional Liability /Cyber Insurance, in an amount not less than $3,000,000 per claim and annual aggregate, covering all acts, errors, omissions, negligence, and including infringement of intellectual property (except patent and trade secret) in the performance of services for Customer or on behalf of Customer hereunder. Securiti’s policy will provide for Data Security & Privacy "Cyber" coverage (including coverage for unauthorized access and use, failure of security, breach of confidential information, of privacy perils, as well as breach mitigation costs and regulatory coverage). Such insurance shall be maintained in force at all times during the term of the Agreement and for a period of two years thereafter for services completed during the term of the Agreement. Customer shall be given at least 30 days’ notice of the cancellation or expiration of the aforementioned insurance for any reason.