CROSSLEAD SAAS AGREEMENT
LAST UPDATED: FEBRUARY 20TH, 2019
This SAAS AGREEMENT (the “Agreement”) forms a contract between the client signing an Order Form or Statement of Work (“Company”) and CrossLead, Inc. (“CrossLead”) (each sometimes referred to as a “Party” and collectively, the “Parties”), and governs the relationship between the Parties with respect to the SaaS Services and Consulting Services offered by CrossLead. By signing an Order Form or Statement of Work, and/or accessing or using CrossLead Platform, the Company agrees to be bound by the terms of this Agreement. COMPANY SHOULD NOT ACCESS AND/OR USE CROSSLEAD PLATFORM IF COMPANY DOES NOT AGREE WITH ALL OF THE PROVISIONS OF THIS AGREEMENT.
1. MODIFICATIONS TO THIS AGREEMENT.
1.1 CrossLead reserves the right to revise this Agreement from time to time. CrossLead will date and post the most current version of this Agreement on the CrossLead website located at www.crosslead.com (the “Site”). Any changes will be effective upon posting the revised version of the Agreement (or such later effective date as may be indicated at the top of the revised Agreement). Company’s continued access or use of any portion of the SaaS Services constitutes Company’s acceptance of such changes. If Company does not agree to any of the changes, Company must cease use of the SaaS Services and contact CrossLead immediately at firstname.lastname@example.org.
2. ACCESS AND USE
2.1 Orders. The Company will be able to order access to one or more CrossLead Modules of the software collectively known as “CrossLead Platform” through the website located at https://platform.crosslead.com (“CrossLead Platform”), (as set forth in an Order Form, the “SaaS Services”). The specific CrossLead Modules that will be made available to Company will be set forth in one or more Order Forms executed by the Parties from time to time during the Term. The Parties shall negotiate and sign each Order Form separately. Each Order Form shall set out a description of the applicable CrossLead Module to be provided by CrossLead and the costs associated with such CrossLead Module. Each Order Form shall be incorporated in this Agreement by reference.
2.2 Provision of Access. Subject to the terms and conditions contained in this Agreement, CrossLead hereby grants to Company and its Authorized Users a non-exclusive, non-transferable right to access the features and functions of the applicable CrossLead Module set forth in the applicable Order Form during the Term set forth on the Order Form for the number of Authorized Users set forth on the Order Form up to the Service Limits. Unless otherwise set forth in an Order Form, each Authorized User will have access to a maximum of three (3) gigabytes (“GB”). In the event an Authorized User exceeds the maximum GB allowed under this Agreement or an Order Form if different, the Company will have seven (7) days to reduce the amount of storage to the applicable limits, or Company will be charged $.05 per GB per month in excess of the applicable limits. On or as soon as reasonably practicable after the Effective Date, CrossLead shall provide to Company the necessary passwords, security protocols and policies and network links or connections and Access Protocols to allow Company and its Authorized Users to access the CrossLead Module. Company and any Authorized User may only use the CrossLead Module in accordance with the Access Protocols.
2.3 Usage Restrictions. Company will not (a) decompile, disassemble, reverse engineer or otherwise attempt to obtain or perceive the source code from which any software component of the CrossLead Modules is compiled or interpreted, and Company acknowledges that nothing in this Agreement will be construed to grant Company any right to obtain or use such code; or (b) allow third parties other than Authorized Users to gain access to the CrossLead Modules. Company will ensure that its use of the CrossLead Modules complies with all applicable laws, statutes, regulations or rules.
2.4 Retained Rights; Ownership.
(a) Ownership and Use of Company Data. Company retains all right, title and interest in and to the Company Data, and CrossLead acknowledges that it neither owns nor acquires any additional rights in and to the Company Data not expressly granted by this Agreement. CrossLead further acknowledges that Company retains the right to use the Company Data for any purpose in Company’s sole discretion. Subject to the foregoing, Company hereby grants to CrossLead a non-exclusive, non-transferable right and license to use the Company Data during the Term for the limited purposes of performing CrossLead’s obligations under this Agreement. Company further grants CrossLead the right to create anonymous profiles and derivative insights based on the Company Data (the “Insights”) that it may use as part of the CrossLead Modules for Company and other customers of CrossLead; provided, however, that such Insights do not disclose any Company Confidential Information or otherwise disclose the identity of Company.
(b) Ownership of CrossLead Module. Subject to the rights granted in this Agreement, CrossLead retains all right, title and interest in and to the CrossLead Modules and the Insights, and Company acknowledges that it neither owns nor acquires any additional rights in and to the foregoing not expressly granted by this Agreement or any licenses to the software used to provide the CrossLead Modules. Company further acknowledges that CrossLead retains the right to use the foregoing for any purpose in CrossLead’s sole discretion.
(c) Feedback. Company may provide CrossLead with feedback, comments and recommendations regarding the functionality and performance of the CrossLead SaaS Services, including, without limitation, identifying potential errors and improvements (collectively, the “Feedback”). CrossLead (and its partners and suppliers) shall have the unrestricted right to use the Feedback provided by Company to CrossLead in connection with the CrossLead SaaS Services or this Agreement at its sole discretion, including to improve or enhance the CrossLead SaaS Services and other CrossLead (or its partners’ and suppliers’) products, and, accordingly, CrossLead (and its partners and suppliers) shall have a non-exclusive, perpetual, irrevocable, royalty-free, worldwide right and license to use, reproduce, disclose, sublicense, distribute, modify, and otherwise exploit such Feedback without restriction.
2.5 Support and Consulting.
(a) Support. Subject to the terms and conditions of this Agreement, CrossLead shall exercise commercially reasonable efforts to provide Technical Assistance for the use of the CrossLead Module to Eligible Support Recipients during CrossLead’s ordinary and customary business hours in accordance with its standard policies and procedures.
(b) Eligible Support Recipients. CrossLead shall have no obligation to provide Technical Assistance, by any means, to any entity or individual other than Eligible Support Recipients. Company can designate up to two (2) persons, which designees shall be eligible to receive Technical Assistance from CrossLead (“Eligible Support Recipients”). Such designees may be changed at any time by written notice.
(c) Access. As a condition of CrossLead’s obligations under Section 2.5(a), Company shall provide such information and/or access to Company resources as CrossLead may reasonably require in order to provide Technical Assistance under this Agreement. CrossLead shall be excused from any non-performance of its obligations hereunder to the extent any such non-performance is attributable to Company’s failure to perform its obligations under this Section 2.5(c).
(d) Means of Access to Technical Assistance. Eligible Support Recipients shall be permitted to request Technical Assistance (i) by telephoning CrossLead at such telephone number as CrossLead may specify for such purposes from time to time; or (ii) by directing electronic mail requests therefore to CrossLead at the electronic mail address as CrossLead may specify for such purposes from time to time.
(e) Consulting. Company will be able to order certain consulting services related to Company’s use of the CrossLead Modules pursuant to a written statement of work executed by the Parties (each, a “Statement of Work” and such services, the “Consulting Services”). Such Statement of Work shall set out a description of the applicable Consulting Services to be provided by CrossLead and the costs associated with such services, as well as any additional terms that will govern the Consulting Services. Any such additional terms shall apply only to the Consulting Services and shall not affect the terms of this Agreement, or any terms governing Company’s use of the CrossLead Modules. Each Statement of Work shall be attached to this Agreement and incorporated in this Agreement by reference.
3. COMPANY RESPONSIBILITIES.
3.1 Authorized Users Access to CrossLead Modules. Company may permit any Authorized Users to access and use the features and functions of the CrossLead Modules as contemplated by this Agreement. Company will be responsible for all actions or omissions of its Authorized Users. Authorized User IDs cannot be shared or used by more than one Authorized User at a time. Company shall use commercially reasonable efforts to prevent unauthorized access to, or use of, the CrossLead Modules, and notify CrossLead promptly of any such unauthorized use known to Company. Company acknowledges and agrees that it may need certain networking capabilities, bandwidth and hardware to use the CrossLead Modules. Company is solely responsible for all hardware, software and bandwidth required to reach the CrossLead systems to gain access to the CrossLead Modules.
3.2 Company Responsibility for Data and Security. Company and its Authorized Users shall have access to the Company Data and shall be responsible for all changes to and/or deletions of Company Data and the security of all passwords and other Access Protocols required in order to access the CrossLead Module. Company shall have the ability to export Company Data out of the CrossLead Module and is encouraged to make its own back-ups of the Company Data. Company shall have the sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Company Data. Company acknowledges and agrees that, except as otherwise agreed between the Parties to this Agreement or in a separate written agreement, CrossLead will have no obligation to back-up Company Data, nor will CrossLead have any liability for any loss or corruption of Company Data, nor will CrossLead have any obligation under this Agreement to retain any Company Data after the expiration or termination of the Term.
3.3 Service Rules and Guidelines. Company and all Authorized Users shall use the CrossLead Module solely for its internal purposes as contemplated by this Agreement and shall not use the SaaS Service to: (a) transmit material containing software viruses or other harmful or deleterious computer code, files, scripts, agents, or programs; (b) interfere with or disrupt the integrity or performance of the CrossLead Module or the data contained therein; (c) attempt to gain unauthorized access to the CrossLead Module computer systems or networks related to the CrossLead Modules; or (d) interfere with another user’s use and enjoyment of the CrossLead Modules.
3.4 Collection of Company Data. Company shall be responsible for obtaining any and all consents necessary to allow for the collection of Company Data under this Agreement and the processing of the Company Data by CrossLead. Company hereby represents and warrants that the collection and transmission of the Company Data to CrossLead as contemplated by this Agreement as well as the processing of such Company Data in conformance with the terms of this Agreement complies in all respects with all applicable laws, rules and regulations that apply to the Company and its employees.
4. FEES AND EXPENSES; PAYMENTS.
4.1 Fees. Company will pay to CrossLead, without offset or deduction, all fees required by a particular Order Form and/or Statement of Work (collectively, the “Fees”). In addition, Company shall reimburse CrossLead for all reasonable costs and expenses (including travel, lodging and out-of-pocket expenses) incurred in connection with the performance or provision of the services (“Expenses”). All Fees will be billed and paid in U.S. dollars. CrossLead shall submit a written invoice to Company for Fees, Expenses and any applicable taxes permitted under Section 4.3 to be paid by Company hereunder. Except as may be otherwise set forth in the applicable Order Form and/or Statement of Work, Company shall pay CrossLead within thirty (30) days of the date of receipt of the invoice via electronic transfer to the bank account specified by CrossLead. Invoices submitted by CrossLead in the form of electronic mail shall be deemed received by Company on the date of the electronic mail.
4.2 Price Escalations. The prices set forth in each Order Form for the provision of the CrossLead Module(s) under this Agreement will be adjusted upon each anniversary of the Effective Date to the list price in effect at the time of the renewal; but, in no event, will the annual fee charged to Company increase by more than seven percent (7%) over the cost for the then-existing Term.
4.3 Taxes. Fees invoiced hereunder do not and will not include any taxes levied by or due to any duly authorized taxing authority. Company will pay all applicable taxes and other government charges, if any, however designated, derived from or imposed on the transactions contemplated hereby, including sales, value-added, use, transfer, withholding, privilege, excise and other taxes and duties, except for taxes based on CrossLead’s income.
4.4 Disputed Fees. In the event that Company reasonably and in good faith disputes any invoice, Company shall notify CrossLead in writing within five (5) business days of the date of receipt of the applicable invoice. Company shall pay reasonable expenses and outside attorneys’ fees that CrossLead incurs in collecting late payments that are not disputed in good faith. Late payments that are not disputed in good faith bear interest at the rate of 1.5% per month (or the highest rate permitted by law, if less). If Company fails to pay any amounts invoiced by CrossLead (other than amounts disputed in good faith) by the applicable payment due date, CrossLead shall have the right, in its discretion, to suspend access to the CrossLead Module(s) and any Technical Assistance on notice to Company until such time that payment is received.
5. REPRESENTATIONS AND WARRANTIES.
5.1 Reciprocal Representations and Warranties. Each Party hereby represents and warrants that it is duly authorized to enter into this Agreement and to make the commitments and grant the rights set forth in this Agreement.
5.2 Representations of CrossLead. CrossLead represents and warrants that it will provide the CrossLead Module(s) and perform its other obligations under this Agreement in a professional and workmanlike manner substantially consistent with general industry standards. CrossLead further warrants, for the benefit of Company only, that the CrossLead Module will conform in all material respects to the standard user documentation for such CrossLead Module provided to Company by CrossLead (the “Documentation”) for a period of thirty (30) days after CrossLead first makes the CrossLead Module available to Company, provided that such warranty will not apply to failures to conform to the Documentation to the extent such failures arise, in whole or in part, from (i) any use of the CrossLead Module other than in accordance with the Documentation, or (ii) any combination of the CrossLead Module with software, hardware or other technology not provided by CrossLead under this Agreement.
6. DISCLAIMERS, EXCLUSIONS AND LIMITATIONS OF LIABILITY.
6.1 Internet Delays. CROSSLEAD'S SERVICES MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS. CROSSLEAD IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGE RESULTING FROM SUCH PROBLEMS.
6.2 Disclaimer. EXCEPT AS EXPRESSLY REPRESENTED OR WARRANTED IN SECTION 5, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE CROSSLEAD MODULES, THE DOCUMENTATION, AND ALL SERVICES PERFORMED BY CROSSLEAD ARE PROVIDED “AS IS,” AND CROSSLEAD DISCLAIMS ANY AND ALL OTHER PROMISES, REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, SYSTEM INTEGRATION AND/OR DATA ACCURACY. CROSSLEAD DOES NOT WARRANT THAT THE CROSSLEAD MODULES OR ANY OTHER SERVICES PROVIDED BY CROSSLEAD WILL MEET COMPANY’S REQUIREMENTS OR THAT THE OPERATION OF THE CROSSLEAD MODULES WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ALL ERRORS WILL BE CORRECTED.
6.3 Limitation of Liability. EXCEPT FOR LIABILITY RESULTING FROM BREACH OF SECTION 8 (CONFIDENTIALITY) OR OBLIGATIONS ARISING UNDER SECTION 7 (INDEMNIFICATION), AND NOTWITHSTANDING ANYTHING IN THIS AGREEMENT (INCLUDING ANY ORDER FORM AND/OR STATEMENT OF WORK) TO THE CONTRARY, (I) IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER FOR CONSEQUENTIAL, SPECIAL, INDIRECT, INCIDENTAL, OR PUNITIVE DAMAGES OR LOSS OF PROFITS OR REVENUES ARISING OUT OF THE PERFORMANCE OF THIS AGREEMENT, AND, (II) AS BETWEEN THE PARTIES, NEITHER PARTY’S LIABILITY IN CONNECTION WITH THIS AGREEMENT SHALL EXCEED THE AGGREGATE AMOUNT PAID BY COMPANY UNDER THE APPLICABLE ORDER FORM OR STATEMENT OF WORK FOR THE SERVICES GIVING RISE TO THE LIABILITY.
7.1 Reciprocal Indemnification by Parties. Each Party shall indemnify, hold harmless and, unless otherwise directed by the other Party, defend, the other Party and its affiliates, directors, officers, employees and agents (collectively, the “Indemnified Party”) from and against any and all third-party suits, actions, claims and resulting liabilities, losses, damages, judgments, payments, penalties, fines, fees, costs and expenses (including reasonable attorneys’ fees) awarded to the third party (collectively, “Liabilities”) arising from any third-party claim relating to or based on the gross negligence or intentional misconduct of the indemnifying Party, its affiliates, officers, directors, employees and agents in connection with this Agreement, provided that the indemnifying Party shall not be responsible for Liabilities resulting from the gross negligence or intentional misconduct of the Indemnified Party, and the Indemnified Party promptly notifies the indemnifying Party in writing of the claim, cooperates with the indemnifying Party, and allows the indemnifying Party sole authority to control the defense and settlement of such claim.
7.2 Indemnification by CrossLead. CrossLead agrees to indemnify, defend and hold harmless Company from and against any and all losses, liabilities, costs (including reasonable attorneys’ fees) or damages resulting from any claim by any third party that a CrossLead Module and/or the Documentation infringes such third party’s U.S. patents issued as of the Effective Date, or infringes or misappropriates, as applicable, such third party’s copyrights or trade secret rights under applicable laws of any jurisdiction within the United States of America, provided that Company promptly notifies CrossLead in writing of the claim, cooperates with CrossLead, and allows CrossLead sole authority to control the defense and settlement of such claim. If such a claim is made or appears possible, Company agrees to permit CrossLead, at CrossLead’s sole discretion, to enable it to continue to use the CrossLead Module or the Documentation, as applicable, or to modify or replace any such infringing material to make it non-infringing. If CrossLead determines that none of these alternatives is reasonably available, Company shall, upon written request from CrossLead, cease use of, and, if applicable, return, such materials as are the subject of the infringement claim. This Section 7 shall not apply if the alleged infringement arises, in whole or in part, from (i) modification of the CrossLead Module or the Documentation by Company, or (ii) combination, operation or use of the CrossLead Module with other software, hardware or technology not provided by CrossLead, or (iii) related to the Company Data.
8.1 Treatment of Confidential Information. Each Party hereby acknowledges that during the performance of this Agreement it may learn, receive or otherwise have access to Confidential Information (as defined herein) of the other Party. Each Party shall exercise the same degree of care to keep confidential any Confidential Information of the other Party as such Party exercises to keep confidential such Party’s own information of like nature, but in no event less than a reasonable standard of care, and each Party and its affiliates and its and their respective employees, independent contractors, representatives and other agents shall not disclose, use, publish or otherwise reveal, directly or indirectly through any third party, any Confidential Information of the other Party to any third party or to any of such Party’s employees or agents that do not have a need to know such Confidential Information for the purpose of exercising such Party’s rights or performing such Party’s obligations under this Agreement.
8.2 Definition of Confidential Information. “Confidential Information” means any confidential or proprietary information or data of a Party or its affiliates (or its or their customers or licensees or third-party contractors), whether oral or in writing, that are designated as confidential or would reasonably be understood to be confidential and proprietary, including technical, marketing, sales, operating, performance, cost, know-how, research and development, business and process information, computer programming techniques, protected health information, nonpublic personal financial information, personal data, and all record-bearing media containing or disclosing such information or techniques.
8.3 Exceptions to Confidential Information. Confidential Information shall not include information that (a) is now generally known or available or which, hereafter through no act or failure to act on the part of the receiving Party, becomes generally known or available; (b) is rightfully known to the receiving Party on a non-confidential basis at the time of receiving such information; (c) is furnished to the receiving Party by a third party without restriction on disclosure and without the receiving Party having actual notice or reason to know that the third party lacks authority to so furnish the information; or (d) is independently developed by the receiving Party without reference to the Confidential Information of the other Party. A receiving Party may disclose any Confidential Information that is required to be disclosed by operation of law or by an instrumentality of the government, including any court, tribunal or administrative agency; provided that, to the extent permitted under applicable law, the receiving Party shall notify the other Party prior to such disclosure (and if reasonably requested by the other Party and at the other Party’s cost) shall assist the Party in seeking to obtain a protective order or to otherwise minimize the extent of such disclosure.
8.4 Use of Name. Each Party grants the other Party the limited right to use its name and logo to identify it as a customer or service provider, as applicable. Neither Party shall make any other use of the other Party’s name, or disclose the terms of this Agreement, without the other Party’s written consent.
8.5 Satisfaction Surveys. From time to time, CrossLead may ask Company's Authorized Users or employees previously chosen by Company to take part in CrossLead services and/or events to provide feedback regarding their level of satisfaction with the CrossLead SaaS Services and/or Consulting Services via emails and/or electronic surveys. Company hereby grants CrossLead the right to send such emails and surveys provided that CrossLead does not disclose Company's employees as participants in the surveys without Company's written consent.
9. TERM AND TERMINATION.
9.1 Term. This Agreement will remain in full force and effect while Company is authorized to use the CrossLead Platform.
9.2 Termination for Breach. Either Party may, at its option, terminate this Agreement, or as applicable, an individual Order Form or Statement of Work, in the event of a material breach by the other Party. Such termination may be effected only through a written notice to the breaching Party, specifically identifying the breach or breaches on which such notice of termination is based. The breaching Party will have a right to cure such breach or breaches within thirty (30) days of receipt of such notice, and this Agreement, or the applicable Order Form or Statement of Work will terminate in the event that such cure is not made within such thirty (30)-day period.
9.3 Termination for Convenience. Company may terminate any Order Form or Statement of Work at any time, for any reason or no reason upon thirty (30) days’ written notice to CrossLead.
9.4 Termination upon Bankruptcy or Insolvency. Either Party may, at its option, terminate any Order Form or Statement of Work immediately upon written notice to the other Party, in the event (a) that the other Party becomes insolvent or unable to pay its debts when due; (b) the other Party files a petition in bankruptcy, reorganization or similar proceeding, or, if filed against, such petition is not removed within ninety (90) days after such filing; (c) the other Party discontinues its business; or (d) a receiver is appointed or there is an assignment for the benefit of such other Party’s creditors.
9.5 Effect of Termination. Upon any termination of any Order Form or Statement of Work, Company will (a) immediately discontinue all use of the CrossLead Modules and any CrossLead Confidential Information; and (b) promptly pay to CrossLead all amounts due and payable under this Agreement, including all Expenses incurred by CrossLead prior to the effective date of termination that have been committed or incurred in accordance with the terms of this Agreement or the applicable Order Form and/or Statement of Work.
9.6 Survival. The provisions of Sections 2.4, 3.4, 6, 7, 8, 9.5, 9.6, and 11 will survive the termination of this Agreement.
9.7 Suspension of Service. If Company fails to pay undisputed amounts in accordance with the terms and conditions hereof and the Order Form and/or Statement of Work, CrossLead shall have the right, in addition to any of its other rights or remedies, to suspend the SaaS Service or Consulting Service, without liability to Company until such amounts are paid in full.
10. DEFINITIONS. Certain capitalized terms, not defined above, have the meanings set forth below.
10.1 “Access Protocols” will mean the passwords, access codes, technical specifications, connectivity standards or protocols, or other relevant procedures, as may be necessary to allow Company or any Authorized Users to access the CrossLead Module.
10.2 “Authorized User” will mean any individual who is an employee of Company, authorized, by virtue of such individual’s relationship to, or permissions from, Company, to access the CrossLead Module pursuant to Company’s rights under this Agreement.
10.3 “Company Data” will mean the data, media and content provided by Company through the CrossLead Modules or as part of any configuration or implementation services, including, but not limited to, calendar data, Company survey data and recordings or Company employee interviews.
10.4 “CrossLead Module” shall mean features and functions of a specific module of CrossLead Platform ordered by Company through an Order Form and provided by CrossLead by means of access to the CrossLead websites, solely to the extent set forth and further described in, and as limited by, the Order Forms executed by the Parties.
10.5 “Order Form” shall mean a document signed by both Parties identifying a given type of CrossLead Module to be made available by CrossLead pursuant to this Agreement. Each Order Form shall be agreed upon by the Parties as set forth in Section 2.1.
10.6 “Service Limit” shall mean CrossLead’s standard service limitations related to particular CrossLead Module(s) as set forth in CrossLead’s standard policies provided to Company from-time-to-time or as otherwise identified in an Order Form. For example, there are Service Limits on records, storage of Company Data, etc.
10.7 “Technical Assistance” shall mean the provision of responses by CrossLead personnel to questions from Eligible Support Recipients related to use of the CrossLead Module, including basic instruction or tutorial assistance regarding the features and functions of the CrossLead Module.
11.1 Non-Competition. Notwithstanding anything in this Agreement to the contrary, (a) in no event shall CrossLead be restricted from providing services that are competitive with, or similar to, the services, for any third party; and (b) for the avoidance of doubt, CrossLead shall be free to use the general knowledge, skills and experience of its personnel, and any ideas, concepts, know-how, and techniques and other intellectual property rights that are acquired or used pursuant to this Agreement; in each case provided that CrossLead does not use any Confidential Information of the Company in breach of the terms of this Agreement.
11.2 Assignment. Neither Party may assign or otherwise transfer this Agreement or any of its rights and obligations hereunder without the prior written consent of the other Party; provided, however, that either Party may assign or otherwise transfer this Agreement, upon notice to the other Party but without the other Party’s consent, (i) to an affiliate, or (ii) to an entity that purchases all or substantially all of such Party’s business or assets to which this Agreement relates; further provided that the assignee or transferee is capable of fulfilling the obligations of the assigning or transferring Party under this Agreement. Any purported assignment or transfer in contravention of this Section 11.2 shall be null and void.
11.3 Contractor Relationship. CrossLead and its employees and agents shall perform the services under this Agreement as independent contractors. Nothing in this Agreement is intended or shall be construed to create a partnership, joint venture, or employer-employee relationship between Company and CrossLead or any of its employees or agents.
11.4 Subcontractor. CrossLead may perform all or any part of the services using one or more consultants or subcontractors, provided that CrossLead shall remain responsible for the performance of the services in accordance with the terms of this Agreement.
11.5 Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware without giving effect to the principles of conflict of law.
11.6 Severability. If any provision in this Agreement is found by a court of competent jurisdiction to be invalid or unenforceable to any extent, such finding shall not affect the other provisions of this Agreement and the invalid or unenforceable provision shall be deemed modified so that it is valid and enforceable to the maximum extent permitted by applicable law.
11.7 Complete Agreement. This Agreement, together with all Order Forms and Statements of Work attached hereto, represents the entire agreement between Company and CrossLead with respect to matters covered herein and supersedes all previous representations, proposals, or agreements, whether written or oral. To the extent there is a conflict between this Agreement and any Order Form or Statement of Work, the terms of this Agreement shall control unless the Order Form or Statement of Work expressly states the Parties’ intent to modify the terms of this Agreement with respect to that Order Form or Statement of Work.
11.8 U.S. Government End-Users. The software components that constitute the CrossLead Module are “commercial items” as that term is defined at 48 C.F.R. 2.101, consisting of “commercial computer software” and “commercial computer software documentation” as such terms are used in 48 C.F.R. 12.212. Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4, all U.S. Government end users acquire the CrossLead Module and the Documentation with only those rights set forth therein.
11.9 Force Majeure. Except with respect to Company’s payment obligations and each Party’s obligations under Section 8 (Confidentiality), neither Party shall be liable for failure to perform obligations under this Agreement if the failure results from an act of God, the act of a national, federal, state or local government authority, fire, explosion, accident, industrial dispute, or any other catastrophic or other similar event beyond such Party’s reasonable control (collectively, “Force Majeure”). If CrossLead is affected by an event of Force Majeure, upon giving prompt notice to Company, CrossLead shall be excused from performance hereunder on a day to day basis to the extent of the prevention, restriction or interference resulting from such Force Majeure.
11.10 Conflict Resolution. Except where injunctive relief is sought for breach of Section 2.4 (Ownership) or Section 8 (Confidentiality) or in order to comply with deadlines under applicable law, neither Party shall commence a legal action or proceedings with respect to any dispute, controversy, or claim arising out of or relating to this Agreement (including any Order Form or Statement of Work) unless and until, after applicable notice and opportunity to cure, senior executives for both Parties have met and discussed the matter in order to consider informal and amicable means of resolution and either such meeting failed to occur within fifteen (15) business days after receipt of written request therefor or the meeting did not produce a mutually satisfactory resolution of the matter.
11.11 Injunctive Relief. If either Party seeks injunctive relief for breach of Section 2.4 (Ownership) or Section 8 (Confidentiality), such Party may seek temporary and/or permanent injunctive relief without the necessity of proving actual damages or posting a bond.
11.12 Notices. Any notice required to be given by either Party under this Agreement shall be in writing and either (a) sent to the mailing address of the other Party as set forth on the applicable Order Form or Statement of Work (or such other address as such Party may specify in a notice to the other Party pursuant to this Section 11.12), or (b) sent by electronic mail to the electronic mail address associated with the Company’s license if to Company, or to email@example.com if to CrossLead. If delivered to a mailing address, such notice shall be deemed to have been given upon (i) actual receipt, (ii) the expiration of the fifth business day after being deposited in the United States mails, postage prepaid, or (iii) the next business day following deposit with an internationally recognized overnight delivery service (e.g., Federal Express). If delivered by electronic mail, any such notice shall be considered to have been given on the delivery date and at the time reflected by the time stamp.
11.13 No Waiver. No waiver or modification of any right or remedy under this Agreement or of any provision hereof shall be effective unless it is stated in writing and signed by the Parties and no effective waiver of any right, remedy or provision of this Agreement shall be deemed a waiver of any other, whether of a like or different character.
11.14 Interpretation. Captions included in this Agreement are for convenience only and are not to be used for purposes of interpretation of this Agreement. The Parties agree that this Agreement shall be fairly interpreted in accordance with its terms without any strict construction in favor of or against either Party, and that ambiguities shall not be interpreted against the drafting Party. The words “including” and “includes” when used herein, shall be deemed in each case to be followed by the words “without limitation”; and the words “hereof,” “herein,” and “hereunder” and words of similar import when used in this Agreement shall refer to this Agreement as a whole and not to any particular provision of this Agreement. Whenever the context may require, the singular form of nouns and pronouns shall include the plural, and vice versa.
CROSSLEAD DATA PROTECTION ADDENDUM
This Data Protection Addendum, including its appendices, (the “Addendum”) is entered into by Company and CrossLead. The Addendum, supplements and forms part of the Agreement and shall apply to the processing of Personal Data (as defined below) to the extent that European Data Protection Legislation applies to such processing. Capitalized terms used but not defined herein shall have the meaning given to them in the Agreement.
For purposes of this Addendum, the terms below shall have the meanings set forth below. Capitalized terms that are used but not otherwise defined in this Addendum shall have the meanings given in the Agreement.
1.1 “Addendum Effective Date” means the date on which the parties agreed to this Addendum.
1.2 “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity, where “control” refers to the power to direct or cause the direction of the subject entity, whether through ownership of voting securities, by contract or otherwise.
1.3 “EEA” means the European Economic Area.
1.4 “EU” means the European Union.
1.5 “European Data Protection Legislation” means the GDPR and other data protection laws of the EU, its Member States, Switzerland, Iceland, Liechtenstein, Norway and the United Kingdom, in each case, applicable to the processing of Personal Data under the Agreement.
1.6 “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
1.7 “Information Security Incident” means a breach of CrossLead’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data in CrossLead’s possession, custody or control. “Information Security Incidents” do not include unsuccessful attempts or activities that do not compromise the security of Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, or other network attacks on firewalls or networked systems.
1.8 “Model Contract Clauses” means the standard data protection clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR and set forth in Annex 3.
1.9 “Personal Data” means the personal data as defined in GDPR that (a) Company makes available to CrossLead for the purpose of providing the Services and (b) is described in Annex 1-A.
1.10 “Security Documentation” means Annex 2 describing the Security Measures and any other documents and information made available by CrossLead under Section 5.4 (Reviews and Audits of Compliance).
1.11 “Security Measures” has the meaning given in Section 5.1.1 (CrossLead’s Security Measures).
1.12 “Subprocessors” means third parties authorized under this Addendum to process Personal Data in relation to the Services.
1.13 “Term” means the period from the Addendum Effective Date until the end of CrossLead’s provision of the Services.
1.14 “Third Party Subprocessors” has the meaning given in Section 9 (Subprocessors).
1.15 “Transfer Solution” means the Model Contract Clauses or another solution that enables the lawful transfer of personal data to a third country in accordance with Article 45 or 46 of the GDPR.
1.16 The terms “data subject”, “processing”, “controller”, “processor” and “supervisory authority” as used in this Addendum have the meanings given in the GDPR, and the terms “data importer” and “data exporter” have the meanings given in the Model Contract Clauses.
2. Duration of Addendum
This Addendum will take effect on the Addendum Effective Date and, notwithstanding the expiration of the Term, will remain in effect until, and automatically expire upon, CrossLead’s deletion of all Personal Data.
3. Processing of Data
3.1 Roles and Regulatory Compliance; Authorization.
(a) Processor and Controller Responsibilities. The parties acknowledge and agree that:
(i) the subject matter and details of the processing are described in Annex 1;
(ii) CrossLead is a processor of that Personal Data under European Data Protection Legislation;
(iii) Company is a controller of that Personal Data under European Data Protection Legislation; and
(iv) each party will comply with the obligations applicable to it in such role under the European Data Protection Legislation with respect to the processing of that Personal Data.
(b) Company Responsibilities. Company represents and warrants that (a) Company has established or ensured that another party has established a legal basis for CrossLead’s processing of Personal Data contemplated by this Addendum; (b) all notices have been given to, and obtained consents and rights have been obtained from, the relevant data subjects and any other party as may be required under applicable law (including European Data Protection Legislation) for such processing; and (c) Personal Data does not and will not contain special categories of data as described in Article 9(1) of GDPR.
3.2 Scope of Processing.
(a) Company’s Instructions. By entering into this Addendum, Company instructs CrossLead to process Personal Data (a) to provide the Services; (b) as authorized by the Agreement, including this Addendum; and (c) as further documented in any other written instructions given by Company and acknowledged in writing by CrossLead as constituting instructions for purposes of this Addendum.
(b) CrossLead’s Compliance with Instructions. CrossLead will only process Personal Data in accordance with Company’s instructions described in Section 3.2.1 unless European Data Protection Legislation requires otherwise, in which case CrossLead will notify Company (unless that law prohibits CrossLead from doing so on important grounds of public interest).
4. Data Deletion
4.1 Deletion on Termination. On expiry of the Term, Company instructs CrossLead to delete all Personal Data from CrossLead’s systems as soon as reasonably practicable, unless applicable law requires otherwise and further retention of such Personal Data is permitted under applicable European Data Protection Legislation.
5. Data Security
5.1 CrossLead Security Measures, Controls and Assistance.
(a) CrossLead Security Measures. CrossLead will implement and maintain technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data as described in Annex 2 (the “Security Measures”).
(b) Security Compliance by CrossLead Staff. CrossLead will grant access to Personal Data only to employees, contractors and Subprocessors who need such access for the scope of their performance, and are subject to appropriate confidentiality arrangements.
(c) CrossLead Security Assistance. CrossLead will (taking into account the nature of the processing of Personal Data and the information available to CrossLead) provide Company with reasonable assistance necessary for Company to comply with its obligations in respect of Personal Data under European Data Protection Legislation, including Articles 32 to 34 (inclusive) of the GDPR, by:
(i) implementing and maintaining the Security Measures in accordance with Section 5.1.1 (CrossLead’s Security Measures);
(ii) complying with the terms of Section 5.2 (Information Security Incidents); and
(iii) providing Company with the Security Documentation.
5.2 Information Security Incidents
(a) Information Security Incident Notification. If CrossLead becomes aware of an Information Security Incident, CrossLead will: (a) notify Company of the Information Security Incident without undue delay after becoming aware of the Information Security Incident; and (b) take reasonable steps to identify the cause of such Information Security Incident, minimize harm and prevent a recurrence.
(b) Details of Information Security Incident. Notifications made pursuant to this Section 5.2 (Information Security Incidents) will describe, to the extent possible, details of the Information Security Incident, including steps taken to mitigate the potential risks and steps CrossLead recommends Company take to address the Information Security Incident.
(c) No Acknowledgement of Fault by CrossLead. CrossLead’s notification of or response to an Information Security Incident under this Section 5.2 (Information Security Incidents) will not be construed as an acknowledgement by CrossLead of any fault or liability with respect to the Information Security Incident.
5.3 Company’s Security Responsibilities and Assessment.
(a) Company’s Security Responsibilities. Company agrees that, without limitation of CrossLead’s obligations under Section 5.1 (CrossLead’s Security Measures, Controls and Assistance) and Section 5.2 (Information Security Incidents):
(i) Company is solely responsible for its use of the Services, including:
(1) making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of the Personal Data;
(2) securing the account authentication credentials, systems and devices Company uses to access the Services;
(3) securing Company’s systems and devices that CrossLead uses to provide the Services; and
(4) backing up its Personal Data; and
(ii) CrossLead has no obligation to protect Personal Data that Company elects to store or transfer outside of CrossLead’s and its Subprocessors’ systems.
(b) Company’s Security Assessment.
(i) Company is solely responsible for reviewing the Security Documentation and evaluating for itself whether the Services, the Security Measures and CrossLead’s commitments under this Section 5 (Data Security) will meet Company’s needs, including with respect to any security obligations of Company under the European Data Protection Legislation.
(ii) Company acknowledges and agrees that (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Personal Data as well as the risks to individuals) the Security Measures implemented and maintained by CrossLead as set out in Section 5.1.1 (CrossLead’s Security Measures) provide a level of security appropriate to the risk in respect of the Personal Data.
5.4 Reviews and Audits of Compliance
(a) Company may audit CrossLead’s compliance with its obligations under this Addendum up to once per year and on such other occasions as may be required by European Data Protection Legislation, including where mandated by Company’s supervisory authority. CrossLead will contribute to such audits by providing Company or Company’s supervisory authority with the information and assistance reasonably necessary to conduct the audit.
(b) If a third party is to conduct the audit, CrossLead may object to the auditor if the auditor is, in CrossLead’s reasonable opinion, not independent, a competitor of CrossLead, or otherwise manifestly unsuitable. Such objection by CrossLead will require Company to appoint another auditor or conduct the audit itself.
(c) To request an audit, Company must submit a detailed proposed audit plan to CrossLead at least two weeks in advance of the proposed audit date and any third party auditor must sign a customary non-disclosure agreement mutually acceptable to the parties (such acceptance not to be unreasonably withheld) providing for the confidential treatment of all information exchanged in connection with the audit and any reports regarding the results or findings thereof. The proposed audit plan must describe the proposed scope, duration, and start date of the audit. CrossLead will review the proposed audit plan and provide Company with any concerns or questions (for example, any request for information that could compromise CrossLead security, privacy, employment or other relevant policies). CrossLead will work cooperatively with Company to agree on a final audit plan. Nothing in this Section 5.4 shall require CrossLead to breach any duties of confidentiality.
(d) If the controls or measures to be assessed in the requested audit are addressed in an SSAE 16/ISAE 3402 Type 2, ISO, NIST or similar audit report performed by a qualified third party auditor within twelve (12) months of Company’s audit request and CrossLead has confirmed there are no known material changes in the controls audited. Company agrees to accept such report in lieu of requesting an audit of such controls or measures.
(e) The audit must be conducted during regular business hours, subject to the agreed final audit plan and CrossLead’s safety, security or other relevant policies, and may not unreasonably interfere with CrossLead business activities.
(f) Company will promptly notify CrossLead of any non-compliance discovered during the course of an audit and provide CrossLead any audit reports generated in connection with any audit under this Section 5.4, unless prohibited by European Data Protection Legislation or otherwise instructed by a supervisory authority. Company may use the audit reports only for the purposes of meeting Company’s regulatory audit requirements and/or confirming compliance with the requirements of this Addendum.
(g) Any audits are at Company’s expense. Company shall reimburse CrossLead for any time expended by CrossLead or its Third Party Subprocessors in connection with any audits or inspections under this Section 5.4 at CrossLead’s then-current professional services rates, which shall be made available to Company upon request. Company will be responsible for any fees charged by any auditor appointed by Company to execute any such audit. Nothing in this Addendum shall be construed to require CrossLead to furnish more information about its Third Party Subprocessors in a connection with such audits than such Third Party Subprocessors make generally available to their customers.
6. Impact Assessments and Consultations
CrossLead will (taking into account the nature of the processing and the information available to CrossLead) reasonably assist Company in complying with its obligations under European Data Protection Legislation in respect of data protection impact assessments and prior consultation, including, if applicable, Company’s obligations pursuant to Articles 35 and 36 of the GDPR, by (a) making available for review copies of the Security Documentation or other documentation describing relevant aspects of CrossLead’s information security program and the security measures applied in connection therewith; and (b) providing the other information contained in the Agreement including this Addendum.
7. Data Subject Rights
7.1 Company’s Responsibility for Requests. During the Term, if CrossLead receives any request from a data subject in relation to the data subject’s Personal Data, CrossLead will advise the data subject to submit their request to Company and Company will be responsible for responding to any such request.
7.2 CrossLead’s Data Subject Request Assistance. CrossLead will (taking into account the nature of the processing of Personal Data) provide Company with self-service functionality through the Services or other reasonable assistance as necessary for Company to perform its obligation under European Data Protection Legislation to respond to requests by data subjects, including if applicable, Company’s obligation to respond to requests for exercising the data subject’s rights set out in Chapter III of the GDPR. Company shall reimburse CrossLead for any such assistance beyond providing self-service features included as part of the Services at CrossLead’s then-current professional services rates, which shall be made available to Company upon request.
8. Data Transfers
8.1 Data Storage and Processing Facilities. CrossLead may, subject to Section 8.2 (Transfers of Data Out of the EEA), store and process Personal Data in the United States or anywhere CrossLead or its Subprocessors maintains facilities.
8.2 Transfers of Data Out of the EEA.
(a) CrossLead’s Transfer Obligations. If Company is established in the EEA and CrossLead’s processing of Personal Data involves transfers of Personal Data out of the EEA to CrossLead in a country not deemed by the European Commission to have adequate data protection, and the European Data Protection Legislation applies to such transfer, such transfer will be governed by the Model Contract Clauses. For the purposes of the Model Contract Clauses, Company and CrossLead agree that (a) Company will act as the data exporter on its own behalf and on behalf of any of its Affiliates established in the EEA which are parties to the Agreement and (b) CrossLead will act as the data importer.
(b) Model Contract Clauses Administration. The parties agree that (a) upon data exporter’s request under the Model Contract Clauses, data importer will provide the copies of the Subprocessor agreements that must be sent by the data importer to the data exporter pursuant to Clause 5(j) of the Standard Contract Clauses, and that data importer may remove or redact all commercial information or clauses unrelated the Model Contract Clauses or their equivalent beforehand; (b) the audits described in Clause 5(f) and Clause 12(2) of the Standard Contract Clauses shall be performed in accordance with Section 5.4 of this Addendum; (c) Company’s authorizations in Section 9.1 will constitute Company’s prior written consent to the subcontracting by CrossLead of the processing of Personal Data if such consent is required under Clause 5(h) of the Model Contract Clauses; and (d) certification of deletion of Personal Data as described in Clause 12(1) of the Model Contract Clauses shall be provided only upon Company’s request.
(c) Company’s Transfer Obligations. Company agrees that CrossLead may elect in its own discretion to use a Transfer Solution other than the Model Contract Clauses and that upon receipt of written notice of such election and the effectiveness of such other Transfer Solution, the Model Contract Clauses entered pursuant to Section 8.2.1 shall automatically terminate and become void. Company will take such action (which may include execution of documents) reasonably required by CrossLead to give full effect to such other Transfer Solution.
9.1 Consent to Subprocessor Engagement. Company specifically authorizes the engagement of CrossLead’s Affiliates as Subprocessors. In addition, Company generally authorizes the engagement of any other third parties as Subprocessors (“Third Party Subprocessors”).
9.2 Information about Subprocessors. CrossLead will provide Company with information about Subprocessors, including their functions and locations, upon Company’s request
9.3 Requirements for Subprocessor Engagement. When engaging any Subprocessor, CrossLead will enter into a written contract with such Subprocessor containing data protection obligations not less protective than those in this Addendum with respect to Personal Data to the extent applicable to the nature of the services provided by such Subprocessor. CrossLead shall be liable for all obligations subcontracted to, and all acts and omissions of, the Subprocessor.
9.4 Opportunity to Object to Subprocessor Changes. When any new Third Party Subprocessor is engaged during the Term, CrossLead will notify Company of the engagement (including the name and location of the relevant Subprocessor and the activities it will perform) by providing an updated list of Subprocessors at www.crosslead.com. If Company objects to such engagement in a written notice to CrossLead within 15 days of being informed thereof on reasonable grounds relating to the protection of Personal Data, Company and CrossLead will work together in good faith to find a mutually acceptable resolution to address such objection. If the parties are unable to reach a mutually acceptable resolution within a reasonable timeframe, Company may, as its sole and exclusive remedy, terminate the Agreement by providing written notice to CrossLead.
Notwithstanding anything to the contrary in the Agreement, any notices required or permitted to be given by CrossLead to Company may be given (a) in accordance with the notice clause of the Agreement; (b) to CrossLead’s primary points of contact with Company; and/or (c) to any email provided by Company for the purpose of providing it with Service-related communications or alerts. Company is solely responsible for ensuring that such email addresses are valid.
11. Effect of These Terms
Except as expressly modified by the Addendum, the terms of the Agreement remain in full force and effect. To the extent of any conflict between this Addendum and the remaining terms of the Agreement, this Addendum will govern.
Subject Matter and Details of the Data Processing
Subject Matter - CrossLead’s provision of the Services to Company.
Duration of the Processing - From commencement of the Term until deletion of all Personal Data by CrossLead in accordance with the Agreement.
Nature and Purpose of the Processing - CrossLead will process Personal Data for the purposes of providing the Services to Company in accordance with the Agreement.
Categories of Personal Data - Personal Data relating to the data subjects provided to CrossLead in connection with the Services, by Company as described in more detail in the Agreement.
Data Subjects - Data subjects include the users about whom CrossLead Processes data in connection with the Services as described in more detail in the Agreement.
As from the Addendum Effective Date, CrossLead will implement and maintain the Security Measures set out in this Annex 2.
1. Organizational management and dedicated staff responsible for the development, implementation and maintenance of CrossLead’s information security program.
2. Audit and risk assessment procedures for the purposes of periodic review and assessment of risks to CrossLead’s organisation, monitoring and maintaining compliance with CrossLead’s policies and procedures, and reporting the condition of its information security and compliance to internal senior management.
3. Data security controls which include at a minimum, but may not be limited to, logical segregation of data, restricted access and monitoring, and utilization of commercially available and industry standard encryption technologies for Personal Data that is:
a. transmitted over public networks (i.e. the Internet) or when transmitted wirelessly; or
b. at rest or stored on portable or removable media (i.e. laptop computers, CD/DVD, USB drives, back-up tapes).
4. Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g. granting access on a need-to-know basis, use of unique IDs and passwords for all users, periodic review and revoking/changing access when employment terminates or changes in job functions occur).
5. Password controls designed to manage and control password strength, expiration and usage including prohibiting users from sharing passwords and requiring that CrossLead passwords that are assigned to its employees: (i) be at least eight (8) characters in length, (ii) not be stored in readable format on CrossLead’s computer systems; (iii) must be changed every four (4) months; and must have defined complexity.
6. Physical and environmental security of data center, server room facilities and other areas containing Personal Data designed to: (i) protect information assets from unauthorized physical access, (ii) manage, monitor and log movement of persons into and out of CrossLead facilities, and (iii) guard against environmental hazards such as heat, fire and water damage.
7. Change management procedures and tracking mechanisms designed to test, approve and monitor all changes to CrossLead’s technology and information assets.
8. Incident / problem management procedures design to allow CrossLead to investigate, respond to, mitigate and notify of events related to CrossLead’s technology and information assets.
9. Network security controls that provide for the use of enterprise firewalls, and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.
10. Vulnerability assessment and threat protection technologies and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.
11. Business resiliency/continuity and disaster recovery procedures designed to maintain service and/or recovery from foreseeable emergency situations or disasters.
CrossLead may update or modify such Security Measures from time to time provided that such updates and modifications do not materially decrease the overall security of the Services.
Model Contract Clauses
STANDARD CONTRACTUAL CLAUSES (PROCESSORS)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.
Name of the data exporting organization: The legal entity defined as data exporter in the Data Protection Addendum entered into between the parties.
(the data exporter)
Name of the data importing organization: CrossLead, Inc.
Address: 1445 New York Avenue, NW, First Floor, Washington, DC 20005
(the data importer)
each a “party”; together “the parties”.
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
For the purposes of the Clauses:
'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
'the data exporter' means the controller who transfers the personal data;
'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
'technical and organizational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
2. Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
3. Third-party beneficiary clause
3.1 The data subject can enforce against the data exporter this Clause, Clauses 4(b) to (i), Clauses 5(a) to (e), and (g) to (j), Clauses 6.1 and 6.2, Clause 7, Clause 8.2, and Clauses 9 to 12 as third-party beneficiary.
3.2 The data subject can enforce against the data importer this Clause, Clauses 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8.2, and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
3.3 The data subject can enforce against the subprocessor this Clause, Clauses 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8.2, and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
3.4 The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
4. Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures specified in Appendix 2;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8.3 to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clauses 4(a) to (i).
5. Obligations of the data importer
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organizational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorized access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
6.1 The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
6.2 If a data subject is not able to bring a claim for compensation in accordance with Clause 6.1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
6.3 The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
6.4 If a data subject is not able to bring a claim against the data exporter or the data importer referred to in Clauses 6.1 and 6.2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
7. Mediation and jurisdiction
7.1 The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.
7.2 The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
8. Cooperation with supervisory authorities
8.1 The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
8.2 The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
8.3 The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer or any subprocessor, pursuant to Clause 8.2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).
9. Governing Law
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
10. Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
11.1 The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfill its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.
11.2 The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in Clause 6.1 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
11.3 The provisions relating to data protection aspects for subprocessing of the contract referred to in Clause 11.1 shall be governed by the law of the Member State in which the data exporter is established.
11.4 The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.
12. Obligation after the termination of personal data processing services
12.1 The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
12.2 The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in Clause 12.1.
Appendix 1 to the Standard Contractual Clauses
Annex 1 of the Data Protection Addendum to which these Standard Contractual Clauses are attached is hereby incorporated by reference.
Appendix 2 to the Standard Contractual Clauses
Annex 2 of the Data Protection Addendum to which these Standard Contractual Clauses are attached is hereby incorporated by reference.
LAST UPDATED: NOVEMBER 2018
THESE TERMS SET FORTH THE LEGALLY BINDING TERMS AND CONDITIONS THAT GOVERN YOUR USE OF THE CROSSLEAD PLATFORM. BY ACCESSING OR USING THE CROSSLEAD PLATFORM, YOU ARE ACCEPTING THESE TERMS (ON BEHALF OF YOURSELF OR THE ENTITY THAT YOU REPRESENT), AND YOU REPRESENT AND WARRANT THAT YOU HAVE THE RIGHT, AUTHORITY, AND CAPACITY TO ENTER INTO THESE TERMS (ON BEHALF OF YOURSELF OR THE ENTITY THAT YOU REPRESENT). YOU MAY NOT ACCESS OR USE THE CROSSLEAD PLATFORM OR ACCEPT THE TERMS IF YOU ARE NOT AT LEAST 18 YEARS OLD. IF YOU DO NOT AGREE WITH ALL OF THE PROVISIONS OF THESE TERMS, DO NOT ACCESS AND/OR USE THE CROSSLEAD PLATFORM.
FOR USERS OUTSIDE THE EUROPEAN UNION ("EU"): THESE TERMS REQURE THE USE OF ARBITRATION ON AN INDIVIDUAL BASIS TO RESOLVE DISPUTES, RATHER THAN JURY TRIALS OR CLASS ACTIONS, AND ALSO LIMIT THE REMEDIES AVAILABLE TO YOU IN THE EVENT OF A DISPUTE.
THESE TERMS MAY BE SUPERSEDED BY AN AGREEMENT YOUR COMPANY MAY HAVE WITH US. IF SO, TO THE EXTENT OF A CONFLICT BETWEEN THESE TERMS AND ANY WRITTEN AGREEMENT BETWEEN CROSSLEAD AND YOUR EMPLOYER FOR THE USE OF THE CROSSLEAD PLATFORM, THE TERMS OF SUCH WRITTEN AGREEMENT SHALL TAKE PRECEDENCE.
1.1 Account Creation. In order to use the CrossLead Platform, you must register for an account (“Account”) and provide certain information about yourself as prompted by the account registration form. You represent and warrant that: (a) all required registration information you submit is truthful and accurate; (b) you will maintain the accuracy of such information. You may delete your Account at any time, for any reason, by following the instructions on the CrossLead Platform. We may suspend or terminate your Account in accordance with these Terms.
1.2 Account Responsibilities. You are responsible for maintaining the confidentiality of your Account login information and are fully responsible for all activities that occur under your Account. You agree to immediately notify us of any unauthorized use, or suspected unauthorized use of your Account, or any other breach of security. We cannot and will not be liable for any loss or damage arising from your failure to comply with the above requirements.
2. ACCESS TO THE CROSSLEAD PLATFORM
2.1 Access Rights. Upon your acceptance of these Terms during the creation of your account and the payment of the applicable fees (if any), you will be permitted to access the features and functions of the CrossLead Platform, which includes CrossLead’s proprietary software applications for the creation of CrossLead reports, insights, and visualizations. You may access and make use of the online features of the CrossLead Platform solely during the term of these Terms and in accordance with the provisions of these Terms. Such term will be for a period of thirty (30) days or as otherwise agreed to in writing by you and CrossLead. Access to the CrossLead Platform will allow you to create and view unique reports, insights, and visualizations of User Content, but you will not be able to use them outside of the CrossLead Platform or export them from the CrossLead Platform. However, you will be able to print the reports, insights, and visualizations that you have created.
2.2 Certain Restrictions. The rights granted to you in these Terms are subject to the following restrictions: (a) you shall not license, sell, rent, lease, transfer, assign, distribute, host, or otherwise commercially exploit the CrossLead Platform, whether in whole or in part, or any content displayed on the CrossLead Platform; (b) except to the extent permitted by applicable law, you shall not modify, make derivative works of, disassemble, reverse compile or reverse engineer any part of the CrossLead Platform; (c) you shall not access the CrossLead Platform in order to build a similar or competitive web product, or service; and (d) except as expressly stated herein, no part of the CrossLead Platform may be copied, reproduced, distributed, republished, downloaded, displayed, posted or transmitted in any form or by any means. Unless otherwise indicated, any future release, update, or other addition to functionality of the CrossLead Platform shall be subject to these Terms. All copyright and other proprietary notices on the CrossLead Platform (or on any content displayed on the CrossLead Platform) must be retained on all copies thereof.
2.3 Modification. We reserve the right, at any time, to modify, suspend, or discontinue the CrossLead Platform (in whole or in part) with or without notice to you. You agree that we will not be liable to you or to any third party for any modification, suspension, or discontinuation of the CrossLead Platform or any part thereof.
2.4 No Support or Maintenance. You acknowledge and agree that we will have no obligation to provide you with any support or maintenance in connection with the CrossLead Platform.
2.5 Ownership. Excluding any User Content that you may provide (defined below), you acknowledge that all the intellectual property rights, including copyrights, patents, trademarks, and trade secrets, in the CrossLead Platform and its content are owned by us or our suppliers. Neither these Terms (nor your access to the CrossLead Platform) transfers to you or any third party any rights, title or interest in or to such intellectual property rights, except for the limited access rights expressly set forth in Section 2.1. We reserve all rights not granted in these Terms. There are no implied licenses granted under these Terms.
3. USER CONTENT
3.1 User Content. “User Content” means any and all information and content that a user submits to, or uses with, the CrossLead Platform. You are solely responsible for your User Content. You assume all risks associated with use of your User Content, including any reliance on its accuracy, completeness or usefulness by others, or any disclosure of your User Content that personally identifies you or any third party. You hereby represent and warrant that your User Content does not violate our Acceptable Use Policy (defined in Section 3.3). You may not represent or imply to others that your User Content is in any way provided, sponsored or endorsed by us. Because you alone are responsible for your User Content, you may expose yourself to liability if, for example, your User Content violates the Acceptable Use Policy. We are not obligated to backup any User Content, and your User Content may be deleted at any time without prior notice.
3.2 License. You hereby grant (and you represent and warrant that you have the right to grant) to us a royalty-free and fully paid, worldwide license to reproduce, display and perform, prepare derivative works of and otherwise use your User Content as part of your use of the CrossLead Platform.
3.3 Acceptable Use Policy. The following terms constitute our “Acceptable Use Policy”:
(a) You agree not to use the CrossLead Platform to collect, upload, transmit, display, or distribute any User Content (i) that violates any third-party right, including any copyright, trademark, patent, trade secret, moral right, privacy right, right of publicity, or any other intellectual property or proprietary right; (ii) that is unlawful, harassing, abusive, tortious, threatening, harmful, invasive of another’s privacy, vulgar, defamatory, false, intentionally misleading, trade libelous, pornographic, obscene, patently offensive, promotes racism, bigotry, hatred, or physical harm of any kind against any group or individual or is otherwise objectionable; (iii) that is harmful to minors in any way; or (iv) that is in violation of any law, regulation, or obligations or restrictions imposed by any third party.
(b) In addition, you agree not to: (i) upload, transmit, or distribute to or through the CrossLead Platform any computer viruses, worms, or any software intended to damage or alter a computer system or data; (ii) interfere with, disrupt, or create an undue burden on servers or networks connected to the CrossLead Platform, or violate the regulations, policies or procedures of such networks; (iii) attempt to gain unauthorized access to the CrossLead Platform (or to other computer systems or networks connected to or used together with the
CrossLead Platform), whether through password mining or any other means; (iv) harass or interfere with any other user’s use and enjoyment of the CrossLead Platform; or (v) use software or automated agents or scripts to produce multiple accounts on the CrossLead Platform, or to generate automated searches, requests, or queries to (or to strip, scrape, or mine data from) the CrossLead Platform.
3.4 Enforcement. We reserve the right (but have no obligation) to review any User Content, and to investigate and/or take appropriate action against you in our sole discretion if you violate the Acceptable Use Policy or any other provision of these Terms or otherwise create liability for us or any other person. Such action may include removing or modifying your User Content, terminating your Account in accordance with these Terms, and/or reporting you to law enforcement authorities.
3.5 Feedback. If you provide us with any feedback or suggestions regarding the CrossLead Platform (“Feedback”), you hereby assign to us all rights in such Feedback and agree that we shall have the right to use and fully exploit such Feedback and related information in any manner it deems appropriate. We will treat any Feedback you provide to us as non-confidential and non-proprietary. You agree that you will not submit to us as Feedback any information or ideas that you consider to be confidential or proprietary.
4. INDEMNIFICATION. You agree to indemnify and hold us (and our officers, employees, and agents) harmless, including costs and attorneys’ fees, from any claim or demand made by any third party due to or arising out of (a) your use of the CrossLead Platform, (b) your violation of these Terms, (c) your violation of applicable laws or regulations or (d) your User Content. We reserve the right, at your expense, to assume the exclusive defense and control of any matter for which you are required to indemnify us, and you agree to cooperate with our defense of these claims. You agree not to settle any matter without our prior written consent. We will use reasonable efforts to notify you of any such claim, action or proceeding upon becoming aware of it.
THE CROSSLEAD PLATFORM IS PROVIDED ON AN “AS-IS” AND “AS AVAILABLE” BASIS, AND CROSSLEAD (AND OUR SUPPLIERS) EXPRESSLY DISCLAIM ANY AND ALL WARRANTIES AND CONDITIONS OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING ALL WARRANTIES OR CONDITIONS OF MERCHANTABILITY OR SATISFACTORY QUALITY FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET ENJOYMENT, ACCURACY, OR NON-INFRINGEMENT. WE (AND OUR SUPPLIERS) MAKE NO WARRANTY THAT THE CROSSLEAD PLATFORM WILL MEET YOUR REQUIREMENTS, WILL BE AVAILABLE ON AN UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE BASIS, OR WILL BE ACCURATE, RELIABLE, FREE OF VIRUSES OR OTHER HARMFUL CODE, COMPLETE, LEGAL, OR SAFE. IF APPLICABLE LAW REQUIRES ANY WARRANTIES WITH RESPECT TO THE CROSSLEAD PLATFORM, ALL SUCH WARRANTIES ARE LIMITED IN DURATION TO NINETY (90) DAYS FROM THE DATE OF FIRST USE.
SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. SOME JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, SO THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
6. LIMITATION ON LIABILITY
TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL CROSSLEAD (OR OUR SUPPLIERS) BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY LOST PROFITS, LOST DATA, COSTS OF PROCUREMENT OF SUBSTITUTE PRODUCTS, OR ANY INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, SPECIAL OR PUNITIVE DAMAGES ARISING FROM OR RELATING TO THESE TERMS OR YOUR USE OF, OR INABILITY TO USE, THE CROSSLEAD PLATFORM, EVEN IF CROSSLEAD HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. ACCESS TO, AND USE OF, THE CROSSLEAD PLATFORM IS AT YOUR OWN DISCRETION AND RISK, AND YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR DEVICE OR COMPUTER SYSTEM, OR LOSS OF DATA RESULTING THEREFROM.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED HEREIN, OUR LIABILITY TO YOU FOR ANY DAMAGES ARISING FROM OR RELATED TO THESE TERMS (FOR ANY CAUSE WHATSOEVER AND REGARDLESS OF THE FORM OF THE ACTION), WILL AT ALL TIMES BE LIMITED TO A MAXIMUM OF FIFTY US DOLLARS (U.S. $50.00). THE EXISTENCE OF MORE THAN ONE CLAIM WILL NOT ENLARGE THIS LIMIT. YOU AGREE THAT OUR SUPPLIERS WILL HAVE NO LIABILITY OF ANY KIND ARISING FROM OR RELATING TO THESE TERMS.
SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU.
7. TERM AND TERMINATION. Subject to this Section, these Terms will remain in full force and effect while you use the CrossLead Platform. We may suspend or terminate your rights to use the CrossLead Platform (including your Account) at any time for any reason at our sole discretion, including for any use of the CrossLead Platform in violation of these Terms. Upon termination of your rights under these Terms, your Account and right to access and use the CrossLead Platform will terminate immediately. You understand that any termination of your Account may involve deletion of your User Content associated with your Account from our live databases. We will not have any liability whatsoever to you for any termination of your rights under these Terms, including for termination of your Account or deletion of your User Content. Even after your rights under these Terms are terminated, the following provisions of these Terms will remain in effect: Sections 2.2 through 2.5, Section 3, and Sections 4 through 8.
8.1 Changes. These Terms are subject to occasional revision, and if we make any substantial changes, we may notify you by sending you an e-mail to the last e-mail address you provided to us (if any), and/or by prominently posting notice of the changes on our CrossLead Platform. You are responsible for providing us with your most current e-mail address. In the event that the last e-mail address that you have provided us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the e-mail containing such notice will nonetheless constitute effective notice of the changes described in the notice. Any changes to these Terms will be effective upon the earlier of thirty (30) calendar days following our dispatch of an e-mail notice to you (if applicable) or thirty (30) calendar days following our posting of notice of the changes on our CrossLead Platform. These changes will be effective immediately for new users of our CrossLead Platform. Continued use of our CrossLead Platform following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.
8.2 Dispute Resolution for Non-EU Residents. Please read this Arbitration Agreement carefully. It is part of your contract with us and affects your rights. It contains procedures for MANDATORY BINDING ARBITRATION AND A CLASS ACTION WAIVER.
(a) Applicability of Arbitration Agreement. All claims and disputes (excluding claims for injunctive or other equitable relief as set forth below) in connection with the Terms or the use of any product or service provided by us that cannot be resolved informally or in small claims court shall be resolved by binding arbitration on an individual basis under the terms of this Arbitration Agreement. Unless otherwise agreed to, all arbitration proceedings shall be held in English. This Arbitration Agreement applies to you and CrossLead, and to any subsidiaries, affiliates, agents, employees, predecessors in interest, successors, and assigns, as well as all authorized or unauthorized users or beneficiaries of services or goods provided under the Terms.
(b) Notice Requirement and Informal Dispute Resolution. Before either party may seek arbitration, the party must first send to the other party a written Notice of Dispute (“Notice”) describing the nature and basis of the claim or dispute, and the requested relief. A Notice to CrossLead should be sent to: 1445 New York Avenue NW, First Floor, Washington, DC 20005. After the Notice is received, you and CrossLead may attempt to resolve the claim or dispute informally. If you and CrossLead do not resolve the claim or dispute within thirty (30) days after the Notice is received, either party may begin an arbitration proceeding. The amount of any settlement
offer made by any party may not be disclosed to the arbitrator until after the arbitrator has determined the amount of the award, if any, to which either party is entitled.
(c) Arbitration Rules. Arbitration shall be initiated through the American Arbitration Association (“AAA”), an established alternative dispute resolution provider (“ADR Provider”) that offers arbitration as set forth in this section. If AAA is not available to arbitrate, the parties shall agree to select an alternative ADR Provider. The rules of the ADR Provider shall govern all aspects of the arbitration, including but not limited to the method of initiating and/or demanding arbitration, except to the extent such rules are in conflict with the Terms. The AAA Consumer Arbitration Rules (“Arbitration Rules”) governing the arbitration are available online at www.adr.org or by calling the AAA at 1-800-778-7879. The arbitration shall be conducted by a single, neutral arbitrator. Any claims or disputes where the total amount of the award sought is less than Ten Thousand U.S. Dollars (US $10,000.00) may be resolved through binding non-appearance-based arbitration, at the option of the party seeking relief. For claims or disputes where the total amount of the award sought is Ten Thousand U.S. Dollars (US $10,000.00) or more, the right to a hearing will be determined by the Arbitration Rules. Any hearing will be held in a location within 100 miles of your residence, unless you reside outside of the United States, and unless the parties agree otherwise. If you reside outside of the U.S., the arbitrator shall give the parties reasonable notice of the date, time and place of any oral hearings. Any judgment on the award rendered by the arbitrator may be entered in any court of competent jurisdiction. If the arbitrator grants you an award that is greater than the last settlement offer that we made to you prior to the initiation of arbitration, we will pay you the greater of the award or $2,500.00. Each party shall bear its own costs (including attorney’s fees) and disbursements arising out of the arbitration and shall pay an equal share of the fees and costs of the ADR Provider.
(d) Additional Rules for Non-Appearance Based Arbitration. If non-appearance based arbitration is elected, the arbitration shall be conducted by telephone, online and/or based solely on written submissions; the specific manner shall be chosen by the party initiating the arbitration. The arbitration shall not involve any personal appearance by the parties or witnesses unless otherwise agreed by the parties.
(e) Time Limits. If you or CrossLead pursues arbitration, the arbitration action must be initiated and/or demanded within the statute of limitations (i.e., the legal deadline for filing a claim) and within any deadline imposed under the AAA Rules for the pertinent claim.
(f) Authority of Arbitrator. If arbitration is initiated, the arbitrator will decide the rights and liabilities, if any, of you and CrossLead, and the dispute will not be consolidated with any other matters or joined with any other cases or parties. The arbitrator shall have the authority to grant motions dispositive of all or part of any claim. The arbitrator shall have the authority to award monetary damages, and to grant any non-monetary remedy or relief available to an individual under applicable law, the AAA Rules, and the Terms. The arbitrator shall issue a written award and statement of decision describing the essential findings and conclusions on which the award is based, including the calculation of any damages awarded. The arbitrator has the same authority to award relief on an individual basis that a judge in a court of law would have. The award of the arbitrator is final and binding upon you and us.
(g) Waiver of Jury Trial. THE PARTIES HEREBY WAIVE THEIR CONSTITUTIONAL AND STATUTORY RIGHTS TO GO TO COURT AND HAVE A TRIAL IN FRONT OF A JUDGE OR A JURY, instead electing that all claims and disputes shall be resolved by arbitration under this Arbitration Agreement. Arbitration procedures are typically more limited, more efficient and less costly than rules applicable in a court and are subject to very limited review by a court. In the event any litigation should arise between you and us in any state or federal court in a suit to vacate or enforce an arbitration award or otherwise, YOU AND CROSSLEAD WAIVE ALL RIGHTS TO A JURY TRIAL, instead electing that the dispute be resolved by a judge.
(h) Waiver of Class or Consolidated Actions. ALL CLAIMS AND DISPUTES WITHIN THE SCOPE OF THIS ARBITRATION AGREEMENT MUST BE ARBITRATED OR LITIGATED ON AN INDIVIDUAL BASIS AND NOT ON A CLASS BASIS, AND CLAIMS OF MORE THAN ONE CUSTOMER OR USER CANNOT BE ARBITRATED OR LITIGATED JOINLY OR CONSOLIDATED WITH THOSE OF ANY OTHER CUSTOMER OR USER.
(i) Confidentiality. All aspects of the arbitration proceeding, including but not limited to the award of the arbitrator and compliance therewith, shall be strictly confidential. The parties agree to maintain confidentiality unless otherwise required by law. This paragraph shall not prevent a party from submitting to a court of law any information necessary to enforce these Terms, to enforce an arbitration award, or to seek injunctive or equitable relief.
(j) Severability. If any part or parts of this Arbitration Agreement are found under the law to be invalid or unenforceable by a court of competent jurisdiction, then such specific part or parts shall be of no force and effect and shall be severed and the remainder of the Arbitration Agreement and the Terms shall continue in full force and effect.
(k) Right to Waive. Any or all of the rights and limitations set forth in this Arbitration Agreement may be waived by the party against whom the claim is asserted. Such waiver shall not waive or affect any other portion of this Arbitration Agreement.
(l) Survival of Agreement. This Arbitration Agreement will survive the termination of your relationship with us.
(m) Small Claims Court. Notwithstanding the foregoing, either you or we may bring an individual action in small claims court.
(n) Emergency Equitable Relief. Notwithstanding the foregoing, either party may seek emergency equitable relief before a state or federal court in order to maintain the status quo pending arbitration. A request for interim measures shall not be deemed a waiver of any other rights or obligations under this Arbitration Agreement.
(o) Claims Not Subject to Arbitration. Notwithstanding the foregoing, claims of defamation, violation of the Computer Fraud and Abuse Act, and infringement or misappropriation of the other party’s patent, copyright, trademark or trade secrets shall not be subject to this Arbitration Agreement.
(p) Courts. In any circumstances where the foregoing Arbitration Agreement permits the parties to litigate in court, the parties hereby agree to submit to the personal jurisdiction of the courts located within the District of Columbia, for such purpose
8.3 Dispute Resolution for EU Residents. If you are resident in the EU, these Terms shall be governed by the laws of the EU country in which you live. You may therefore bring a claim to enforce your consumer protection rights in connection with these Terms in the courts of such EU country.
8.4 Export. The CrossLead Platform may be subject to U.S. export control laws and may be subject to export or import regulations in other countries. You agree not to export, reexport, or transfer, directly or indirectly, any U.S. technical data acquired from us, or any products utilizing such data, in violation of the United States export laws or regulations.
8.5 Electronic Communications. The communications between you and us use electronic means, whether you use the CrossLead Platform or send us emails, or whether we posts notices on the CrossLead Platform or communicates with you via email. For contractual purposes, you (a) consent to receive communications from us in an electronic form; and (b) agree that all terms and conditions, agreements, notices, disclosures, and other communications that we provide to you electronically satisfy any legal requirement that such communications would satisfy if it were be in a hardcopy writing. The foregoing does not affect your non-waivable rights.
8.6 Entire Terms. These Terms constitute the entire agreement between you and us regarding the use of the CrossLead Platform. Our failure to exercise or enforce any right or provision of these Terms shall not operate as a waiver of such right or provision. The section titles in these Terms are for convenience only and have no legal or contractual effect. The word “including” means “including without limitation”. If any provision of these Terms is, for any reason, held to be invalid or unenforceable, the other provisions of these Terms will be unimpaired and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law. These Terms, and your rights and obligations herein, may not be assigned, subcontracted, delegated, or otherwise transferred by you without our prior written consent, and any attempted assignment,
subcontract, delegation, or transfer in violation of the foregoing will be null and void. We may freely assign these Terms. The terms and conditions set forth in these Terms shall be binding upon assignees.
8.7 Copyright/Trademark Information. Copyright © 2018 CrossLead, Inc. All rights reserved. All trademarks, logos and service marks (“Marks”) displayed on the CrossLead Platform are our property or the property of other third parties. You are not permitted to use these Marks without our prior written consent or the consent of such third party which may own the Marks.
8.8 Contact Information:
Address: 1445 New York Avenue NW, First Floor Washington, DC 20005
Effective as of August 17, 2018.
Table of Contents
Personal Information We Collect
How We Use Your Personal Information
How We Share Your Personal Information
Cookies and Similar Technologies
Other Important Privacy Information
How to Contact Us
Notice to European Users
Personal Information We Collect
Information you give us. Personal information you may provide through the Sites or otherwise communicate to us includes:
- Registration and contact information. We collect information about you when you use the Sites or register or attend conferences at which we are present. This information may include your first and last name, email and mailing addresses, phone number and company name.
- Correspondence. We may collect information about you when you request information from us or otherwise correspond with us.
To provide the Sites. We use your personal information:
- to provide, operate and improve the Sites;
- to communicate with you, including by sending you announcements, updates, security alerts, and support and administrative messages through, for example, email, Intercom, and Pendo;
- to better understand your needs and interests, and personalize your experience with the Sites; and
- to respond to your requests, questions and feedback.
For research and development. We use information automatically collected and other information to analyze trends, administer the Sites, analyze users’ movements around our Sites, gather demographic information about our user base as a whole, improve the Sites and develop new products and services.
To send you marketing communications. We may send you newsletters or other marketing communications, but you may opt out of receiving them as described in the ‘Opt out of marketing’ section below.
To create anonymous data. We may create aggregated and other anonymous data from our users’ information. We make personal information into anonymous data by removing information that makes the data personally identifiable. We may use this anonymous data and share it with third parties to understand and improve our Sites and for other lawful business purposes.
For compliance with law. We may use your personal information as we believe appropriate to (a) comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; and (b) where permitted by law in connection with a legal investigation.
With your consent. In some cases we may ask for your consent to collect, use or share your personal information, such as when required by law or our agreements with third parties.
How We Share your Personal Information
We do not share your personal information with third parties without your consent, except in the following circumstances:
Service providers. We may share your personal information with third party companies and individuals as needed for them to provide us with services that help us with our business activities and operate the Sites (such as customer support, hosting and storage, website analytics, email delivery, marketing/advertising, database management services and legal and other professional advice). These third parties will be given limited access to your personal information that is reasonably necessary for them to provide their services.
For legal reasons. We may disclose your personal information as we believe appropriate to government or law enforcement officials or private parties for the purposes described above under the following sections: for compliance, fraud prevention and safety and for compliance with law.
Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business deal (or potential business deal) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.
Opt out of marketing. You may opt out of marketing-related emails by following the unsubscribe instructions in the email. You may continue to receive service-related and other non-marketing emails.
Cookies and Similar Technologies
Other Important Privacy Information
Third party sites and services. The Sites may contain links to other websites and services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. We do not control third party websites, applications or services, and are not responsible for their actions. Other websites and services follow different rules regarding their collection, use and sharing of your personal information. We encourage you to read their privacy policies to learn more.
Security. The security of your personal information is important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the absolute security of your personal information.
International data use. We are headquartered in the United States and have service providers in other countries, and your personal information may be collected, used and stored in the United States or other locations outside of your home country. Privacy laws in the locations where we handle your personal information may not be as protective as the privacy laws in your home country.
Children. The Sites are not directed at, and we do not knowingly collect personal information from, anyone under the age of 16. If we learn that we have collected personal information from a child under age 16, we will attempt to delete that information as soon as possible.
How to Contact Us
1445 New York Avenue,
NW First Floor
Washington, DC 20005
Notice to European Users
The following applies to individuals in the European Economic Area.
Legal bases for processing. The legal bases of our processing of your personal information are described in the table below. Please reference the How We Use Your Personal Information section above for more detail on the processing purposes listed below. If you have questions about the legal basis of how we process your personal information, contact us at firstname.lastname@example.org
To provide the Sites
For research and development
To create anonymous data
For compliance, fraud prevention and safety
For compliance with law
Processing is necessary to comply with our legal obligations.
With your consent
Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated when it is collected.
This sharing constitutes our legitimate interests, and in some cases may be necessary to comply with our legal obligations.
We retain personal information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested; to comply with applicable legal, tax or accounting requirements; to establish or defend legal claims; or for fraud prevention). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
You may submit these requests by email to email@example.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
Cross-Border Data Transfer
If we transfer your personal information from the European Economic Area to a country outside of it and are required to apply additional safeguards to your personal information under European data protection legislation, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.