CROSSLEAD SAAS AGREEMENT

LAST UPDATED: FEBRUARY 20TH, 2019

This SAAS AGREEMENT (the “Agreement”) forms a contract between the client signing an Order Form or Statement of Work (“Company”) and CrossLead, Inc. (“CrossLead”) (each sometimes referred to as a “Party” and collectively, the “Parties”), and governs the relationship between the Parties with respect to the SaaS Services and Consulting Services offered by CrossLead. By signing an Order Form or Statement of Work, and/or accessing or using CrossLead Platform, the Company agrees to be bound by the terms of this Agreement. COMPANY SHOULD NOT ACCESS AND/OR USE CROSSLEAD PLATFORM IF COMPANY DOES NOT AGREE WITH ALL OF THE PROVISIONS OF THIS AGREEMENT.

1. MODIFICATIONS TO THIS AGREEMENT.

1.1 CrossLead reserves the right to revise this Agreement from time to time. CrossLead will date and post the most current version of this Agreement on the CrossLead website located at www.crosslead.com (the “Site”). Any changes will be effective upon posting the revised version of the Agreement (or such later effective date as may be indicated at the top of the revised Agreement). Company’s continued access or use of any portion of the SaaS Services constitutes Company’s acceptance of such changes. If Company does not agree to any of the changes, Company must cease use of the SaaS Services and contact CrossLead immediately at legal@crosslead.com.

2. ACCESS AND USE

2.1 Orders. The Company will be able to order access to one or more CrossLead Modules of the software collectively known as “CrossLead Platform” through the website located at https://platform.crosslead.com (“CrossLead Platform”), (as set forth in an Order Form, the “SaaS Services”). The specific CrossLead Modules that will be made available to Company will be set forth in one or more Order Forms executed by the Parties from time to time during the Term. The Parties shall negotiate and sign each Order Form separately. Each Order Form shall set out a description of the applicable CrossLead Module to be provided by CrossLead and the costs associated with such CrossLead Module. Each Order Form shall be incorporated in this Agreement by reference.

2.2 Provision of Access. Subject to the terms and conditions contained in this Agreement, CrossLead hereby grants to Company and its Authorized Users a non-exclusive, non-transferable right to access the features and functions of the applicable CrossLead Module set forth in the applicable Order Form during the Term set forth on the Order Form for the number of Authorized Users set forth on the Order Form up to the Service Limits. Unless otherwise set forth in an Order Form, each Authorized User will have access to a maximum of three (3) gigabytes (“GB”). In the event an Authorized User exceeds the maximum GB allowed under this Agreement or an Order Form if different, the Company will have seven (7) days to reduce the amount of storage to the applicable limits, or Company will be charged $.05 per GB per month in excess of the applicable limits. On or as soon as reasonably practicable after the Effective Date, CrossLead shall provide to Company the necessary passwords, security protocols and policies and network links or connections and Access Protocols to allow Company and its Authorized Users to access the CrossLead Module. Company and any Authorized User may only use the CrossLead Module in accordance with the Access Protocols.

2.3 Usage Restrictions. Company will not (a) decompile, disassemble, reverse engineer or otherwise attempt to obtain or perceive the source code from which any software component of the CrossLead Modules is compiled or interpreted, and Company acknowledges that nothing in this Agreement will be construed to grant Company any right to obtain or use such code; or (b) allow third parties other than Authorized Users to gain access to the CrossLead Modules. Company will ensure that its use of the CrossLead Modules complies with all applicable laws, statutes, regulations or rules.

2.4 Retained Rights; Ownership.

(a) Ownership and Use of Company Data. Company retains all right, title and interest in and to the Company Data, and CrossLead acknowledges that it neither owns nor acquires any additional rights in and to the Company Data not expressly granted by this Agreement. CrossLead further acknowledges that Company retains the right to use the Company Data for any purpose in Company’s sole discretion. Subject to the foregoing, Company hereby grants to CrossLead a non-exclusive, non-transferable right and license to use the Company Data during the Term for the limited purposes of performing CrossLead’s obligations under this Agreement. Company further grants CrossLead the right to create anonymous profiles and derivative insights based on the Company Data (the “Insights”) that it may use as part of the CrossLead Modules for Company and other customers of CrossLead; provided, however, that such Insights do not disclose any Company Confidential Information or otherwise disclose the identity of Company.

(b) Ownership of CrossLead Module. Subject to the rights granted in this Agreement, CrossLead retains all right, title and interest in and to the CrossLead Modules and the Insights, and Company acknowledges that it neither owns nor acquires any additional rights in and to the foregoing not expressly granted by this Agreement or any licenses to the software used to provide the CrossLead Modules. Company further acknowledges that CrossLead retains the right to use the foregoing for any purpose in CrossLead’s sole discretion.

(c) Feedback. Company may provide CrossLead with feedback, comments and recommendations regarding the functionality and performance of the CrossLead SaaS Services, including, without limitation, identifying potential errors and improvements (collectively, the “Feedback”). CrossLead (and its partners and suppliers) shall have the unrestricted right to use the Feedback provided by Company to CrossLead in connection with the CrossLead SaaS Services or this Agreement at its sole discretion, including to improve or enhance the CrossLead SaaS Services and other CrossLead (or its partners’ and suppliers’) products, and, accordingly, CrossLead (and its partners and suppliers) shall have a non-exclusive, perpetual, irrevocable, royalty-free, worldwide right and license to use, reproduce, disclose, sublicense, distribute, modify, and otherwise exploit such Feedback without restriction.

2.5 Support and Consulting.

(a) Support. Subject to the terms and conditions of this Agreement, CrossLead shall exercise commercially reasonable efforts to provide Technical Assistance for the use of the CrossLead Module to Eligible Support Recipients during CrossLead’s ordinary and customary business hours in accordance with its standard policies and procedures.

(b) Eligible Support Recipients. CrossLead shall have no obligation to provide Technical Assistance, by any means, to any entity or individual other than Eligible Support Recipients. Company can designate up to two (2) persons, which designees shall be eligible to receive Technical Assistance from CrossLead (“Eligible Support Recipients”). Such designees may be changed at any time by written notice.

(c) Access. As a condition of CrossLead’s obligations under Section 2.5(a), Company shall provide such information and/or access to Company resources as CrossLead may reasonably require in order to provide Technical Assistance under this Agreement. CrossLead shall be excused from any non-performance of its obligations hereunder to the extent any such non-performance is attributable to Company’s failure to perform its obligations under this Section 2.5(c).

(d) Means of Access to Technical Assistance. Eligible Support Recipients shall be permitted to request Technical Assistance (i) by telephoning CrossLead at such telephone number as CrossLead may specify for such purposes from time to time; or (ii) by directing electronic mail requests therefore to CrossLead at the electronic mail address as CrossLead may specify for such purposes from time to time.

(e) Consulting. Company will be able to order certain consulting services related to Company’s use of the CrossLead Modules pursuant to a written statement of work executed by the Parties (each, a “Statement of Work” and such services, the “Consulting Services”). Such Statement of Work shall set out a description of the applicable Consulting Services to be provided by CrossLead and the costs associated with such services, as well as any additional terms that will govern the Consulting Services. Any such additional terms shall apply only to the Consulting Services and shall not affect the terms of this Agreement, or any terms governing Company’s use of the CrossLead Modules. Each Statement of Work shall be attached to this Agreement and incorporated in this Agreement by reference.

3. COMPANY RESPONSIBILITIES.

3.1 Authorized Users Access to CrossLead Modules. Company may permit any Authorized Users to access and use the features and functions of the CrossLead Modules as contemplated by this Agreement. Company will be responsible for all actions or omissions of its Authorized Users. Authorized User IDs cannot be shared or used by more than one Authorized User at a time. Company shall use commercially reasonable efforts to prevent unauthorized access to, or use of, the CrossLead Modules, and notify CrossLead promptly of any such unauthorized use known to Company. Company acknowledges and agrees that it may need certain networking capabilities, bandwidth and hardware to use the CrossLead Modules. Company is solely responsible for all hardware, software and bandwidth required to reach the CrossLead systems to gain access to the CrossLead Modules.

3.2 Company Responsibility for Data and Security. Company and its Authorized Users shall have access to the Company Data and shall be responsible for all changes to and/or deletions of Company Data and the security of all passwords and other Access Protocols required in order to access the CrossLead Module. Company shall have the ability to export Company Data out of the CrossLead Module and is encouraged to make its own back-ups of the Company Data. Company shall have the sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Company Data. Company acknowledges and agrees that, except as otherwise agreed between the Parties to this Agreement or in a separate written agreement, CrossLead will have no obligation to back-up Company Data, nor will CrossLead have any liability for any loss or corruption of Company Data, nor will CrossLead have any obligation under this Agreement to retain any Company Data after the expiration or termination of the Term.

3.3 Service Rules and Guidelines. Company and all Authorized Users shall use the CrossLead Module solely for its internal purposes as contemplated by this Agreement and shall not use the SaaS Service to: (a) transmit material containing software viruses or other harmful or deleterious computer code, files, scripts, agents, or programs; (b) interfere with or disrupt the integrity or performance of the CrossLead Module or the data contained therein; (c) attempt to gain unauthorized access to the CrossLead Module computer systems or networks related to the CrossLead Modules; or (d) interfere with another user’s use and enjoyment of the CrossLead Modules.

3.4 Collection of Company Data. Company shall be responsible for obtaining any and all consents necessary to allow for the collection of Company Data under this Agreement and the processing of the Company Data by CrossLead. Company hereby represents and warrants that the collection and transmission of the Company Data to CrossLead as contemplated by this Agreement as well as the processing of such Company Data in conformance with the terms of this Agreement complies in all respects with all applicable laws, rules and regulations that apply to the Company and its employees.

4. FEES AND EXPENSES; PAYMENTS.

4.1 Fees. Company will pay to CrossLead, without offset or deduction, all fees required by a particular Order Form and/or Statement of Work (collectively, the “Fees”). In addition, Company shall reimburse CrossLead for all reasonable costs and expenses (including travel, lodging and out-of-pocket expenses) incurred in connection with the performance or provision of the services (“Expenses”). All Fees will be billed and paid in U.S. dollars. CrossLead shall submit a written invoice to Company for Fees, Expenses and any applicable taxes permitted under Section 4.3 to be paid by Company hereunder. Except as may be otherwise set forth in the applicable Order Form and/or Statement of Work, Company shall pay CrossLead within thirty (30) days of the date of receipt of the invoice via electronic transfer to the bank account specified by CrossLead. Invoices submitted by CrossLead in the form of electronic mail shall be deemed received by Company on the date of the electronic mail.

4.2 Price Escalations. The prices set forth in each Order Form for the provision of the CrossLead Module(s) under this Agreement will be adjusted upon each anniversary of the Effective Date to the list price in effect at the time of the renewal; but, in no event, will the annual fee charged to Company increase by more than seven percent (7%) over the cost for the then-existing Term.

4.3 Taxes. Fees invoiced hereunder do not and will not include any taxes levied by or due to any duly authorized taxing authority. Company will pay all applicable taxes and other government charges, if any, however designated, derived from or imposed on the transactions contemplated hereby, including sales, value-added, use, transfer, withholding, privilege, excise and other taxes and duties, except for taxes based on CrossLead’s income.

4.4 Disputed Fees. In the event that Company reasonably and in good faith disputes any invoice, Company shall notify CrossLead in writing within five (5) business days of the date of receipt of the applicable invoice. Company shall pay reasonable expenses and outside attorneys’ fees that CrossLead incurs in collecting late payments that are not disputed in good faith. Late payments that are not disputed in good faith bear interest at the rate of 1.5% per month (or the highest rate permitted by law, if less). If Company fails to pay any amounts invoiced by CrossLead (other than amounts disputed in good faith) by the applicable payment due date, CrossLead shall have the right, in its discretion, to suspend access to the CrossLead Module(s) and any Technical Assistance on notice to Company until such time that payment is received.

5. REPRESENTATIONS AND WARRANTIES.

5.1 Reciprocal Representations and Warranties. Each Party hereby represents and warrants that it is duly authorized to enter into this Agreement and to make the commitments and grant the rights set forth in this Agreement.

5.2 Representations of CrossLead. CrossLead represents and warrants that it will provide the CrossLead Module(s) and perform its other obligations under this Agreement in a professional and workmanlike manner substantially consistent with general industry standards. CrossLead further warrants, for the benefit of Company only, that the CrossLead Module will conform in all material respects to the standard user documentation for such CrossLead Module provided to Company by CrossLead (the “Documentation”) for a period of thirty (30) days after CrossLead first makes the CrossLead Module available to Company, provided that such warranty will not apply to failures to conform to the Documentation to the extent such failures arise, in whole or in part, from (i) any use of the CrossLead Module other than in accordance with the Documentation, or (ii) any combination of the CrossLead Module with software, hardware or other technology not provided by CrossLead under this Agreement.

6. DISCLAIMERS, EXCLUSIONS AND LIMITATIONS OF LIABILITY.

6.1 Internet Delays. CROSSLEAD'S SERVICES MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS. CROSSLEAD IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGE RESULTING FROM SUCH PROBLEMS.

6.2 Disclaimer. EXCEPT AS EXPRESSLY REPRESENTED OR WARRANTED IN SECTION 5, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE CROSSLEAD MODULES, THE DOCUMENTATION, AND ALL SERVICES PERFORMED BY CROSSLEAD ARE PROVIDED “AS IS,” AND CROSSLEAD DISCLAIMS ANY AND ALL OTHER PROMISES, REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, SYSTEM INTEGRATION AND/OR DATA ACCURACY. CROSSLEAD DOES NOT WARRANT THAT THE CROSSLEAD MODULES OR ANY OTHER SERVICES PROVIDED BY CROSSLEAD WILL MEET COMPANY’S REQUIREMENTS OR THAT THE OPERATION OF THE CROSSLEAD MODULES WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ALL ERRORS WILL BE CORRECTED.

6.3 Limitation of Liability. EXCEPT FOR LIABILITY RESULTING FROM BREACH OF SECTION 8 (CONFIDENTIALITY) OR OBLIGATIONS ARISING UNDER SECTION 7 (INDEMNIFICATION), AND NOTWITHSTANDING ANYTHING IN THIS AGREEMENT (INCLUDING ANY ORDER FORM AND/OR STATEMENT OF WORK) TO THE CONTRARY, (I) IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER FOR CONSEQUENTIAL, SPECIAL, INDIRECT, INCIDENTAL, OR PUNITIVE DAMAGES OR LOSS OF PROFITS OR REVENUES ARISING OUT OF THE PERFORMANCE OF THIS AGREEMENT, AND, (II) AS BETWEEN THE PARTIES, NEITHER PARTY’S LIABILITY IN CONNECTION WITH THIS AGREEMENT SHALL EXCEED THE AGGREGATE AMOUNT PAID BY COMPANY UNDER THE APPLICABLE ORDER FORM OR STATEMENT OF WORK FOR THE SERVICES GIVING RISE TO THE LIABILITY.

7. INDEMNIFICATION.

7.1 Reciprocal Indemnification by Parties. Each Party shall indemnify, hold harmless and, unless otherwise directed by the other Party, defend, the other Party and its affiliates, directors, officers, employees and agents (collectively, the “Indemnified Party”) from and against any and all third-party suits, actions, claims and resulting liabilities, losses, damages, judgments, payments, penalties, fines, fees, costs and expenses (including reasonable attorneys’ fees) awarded to the third party (collectively, “Liabilities”) arising from any third-party claim relating to or based on the gross negligence or intentional misconduct of the indemnifying Party, its affiliates, officers, directors, employees and agents in connection with this Agreement, provided that the indemnifying Party shall not be responsible for Liabilities resulting from the gross negligence or intentional misconduct of the Indemnified Party, and the Indemnified Party promptly notifies the indemnifying Party in writing of the claim, cooperates with the indemnifying Party, and allows the indemnifying Party sole authority to control the defense and settlement of such claim.

7.2 Indemnification by CrossLead. CrossLead agrees to indemnify, defend and hold harmless Company from and against any and all losses, liabilities, costs (including reasonable attorneys’ fees) or damages resulting from any claim by any third party that a CrossLead Module and/or the Documentation infringes such third party’s U.S. patents issued as of the Effective Date, or infringes or misappropriates, as applicable, such third party’s copyrights or trade secret rights under applicable laws of any jurisdiction within the United States of America, provided that Company promptly notifies CrossLead in writing of the claim, cooperates with CrossLead, and allows CrossLead sole authority to control the defense and settlement of such claim. If such a claim is made or appears possible, Company agrees to permit CrossLead, at CrossLead’s sole discretion, to enable it to continue to use the CrossLead Module or the Documentation, as applicable, or to modify or replace any such infringing material to make it non-infringing. If CrossLead determines that none of these alternatives is reasonably available, Company shall, upon written request from CrossLead, cease use of, and, if applicable, return, such materials as are the subject of the infringement claim. This Section 7 shall not apply if the alleged infringement arises, in whole or in part, from (i) modification of the CrossLead Module or the Documentation by Company, or (ii) combination, operation or use of the CrossLead Module with other software, hardware or technology not provided by CrossLead, or (iii) related to the Company Data.

8. CONFIDENTIALITY.

8.1 Treatment of Confidential Information. Each Party hereby acknowledges that during the performance of this Agreement it may learn, receive or otherwise have access to Confidential Information (as defined herein) of the other Party. Each Party shall exercise the same degree of care to keep confidential any Confidential Information of the other Party as such Party exercises to keep confidential such Party’s own information of like nature, but in no event less than a reasonable standard of care, and each Party and its affiliates and its and their respective employees, independent contractors, representatives and other agents shall not disclose, use, publish or otherwise reveal, directly or indirectly through any third party, any Confidential Information of the other Party to any third party or to any of such Party’s employees or agents that do not have a need to know such Confidential Information for the purpose of exercising such Party’s rights or performing such Party’s obligations under this Agreement.

8.2 Definition of Confidential Information.Confidential Information” means any confidential or proprietary information or data of a Party or its affiliates (or its or their customers or licensees or third-party contractors), whether oral or in writing, that are designated as confidential or would reasonably be understood to be confidential and proprietary, including technical, marketing, sales, operating, performance, cost, know-how, research and development, business and process information, computer programming techniques, protected health information, nonpublic personal financial information, personal data, and all record-bearing media containing or disclosing such information or techniques.

8.3 Exceptions to Confidential Information. Confidential Information shall not include information that (a) is now generally known or available or which, hereafter through no act or failure to act on the part of the receiving Party, becomes generally known or available; (b) is rightfully known to the receiving Party on a non-confidential basis at the time of receiving such information; (c) is furnished to the receiving Party by a third party without restriction on disclosure and without the receiving Party having actual notice or reason to know that the third party lacks authority to so furnish the information; or (d) is independently developed by the receiving Party without reference to the Confidential Information of the other Party. A receiving Party may disclose any Confidential Information that is required to be disclosed by operation of law or by an instrumentality of the government, including any court, tribunal or administrative agency; provided that, to the extent permitted under applicable law, the receiving Party shall notify the other Party prior to such disclosure (and if reasonably requested by the other Party and at the other Party’s cost) shall assist the Party in seeking to obtain a protective order or to otherwise minimize the extent of such disclosure.

8.4 Use of Name. Each Party grants the other Party the limited right to use its name and logo to identify it as a customer or service provider, as applicable. Neither Party shall make any other use of the other Party’s name, or disclose the terms of this Agreement, without the other Party’s written consent.

8.5  Satisfaction Surveys. From time to time, CrossLead may ask Company's Authorized Users or employees previously chosen by Company to take part in CrossLead services and/or events to provide feedback regarding their level of satisfaction with the CrossLead SaaS Services and/or Consulting Services via emails and/or electronic surveys. Company hereby grants CrossLead the right to send such emails and surveys provided that CrossLead does not disclose Company's employees as participants in the surveys without Company's written consent.

9. TERM AND TERMINATION.

9.1 Term. This Agreement will remain in full force and effect while Company is authorized to use the CrossLead Platform.

9.2 Termination for Breach. Either Party may, at its option, terminate this Agreement, or as applicable, an individual Order Form or Statement of Work, in the event of a material breach by the other Party. Such termination may be effected only through a written notice to the breaching Party, specifically identifying the breach or breaches on which such notice of termination is based. The breaching Party will have a right to cure such breach or breaches within thirty (30) days of receipt of such notice, and this Agreement, or the applicable Order Form or Statement of Work will terminate in the event that such cure is not made within such thirty (30)-day period.

9.3 Termination for Convenience. Company may terminate any Order Form or Statement of Work at any time, for any reason or no reason upon thirty (30) days’ written notice to CrossLead.

9.4 Termination upon Bankruptcy or Insolvency. Either Party may, at its option, terminate any Order Form or Statement of Work immediately upon written notice to the other Party, in the event (a) that the other Party becomes insolvent or unable to pay its debts when due; (b) the other Party files a petition in bankruptcy, reorganization or similar proceeding, or, if filed against, such petition is not removed within ninety (90) days after such filing; (c) the other Party discontinues its business; or (d) a receiver is appointed or there is an assignment for the benefit of such other Party’s creditors.

9.5 Effect of Termination. Upon any termination of any Order Form or Statement of Work, Company will (a) immediately discontinue all use of the CrossLead Modules and any CrossLead Confidential Information; and (b) promptly pay to CrossLead all amounts due and payable under this Agreement, including all Expenses incurred by CrossLead prior to the effective date of termination that have been committed or incurred in accordance with the terms of this Agreement or the applicable Order Form and/or Statement of Work.

9.6 Survival. The provisions of Sections 2.4, 3.4, 6, 7, 8, 9.5, 9.6, and 11 will survive the termination of this Agreement.

9.7 Suspension of Service. If Company fails to pay undisputed amounts in accordance with the terms and conditions hereof and the Order Form and/or Statement of Work, CrossLead shall have the right, in addition to any of its other rights or remedies, to suspend the SaaS Service or Consulting Service, without liability to Company until such amounts are paid in full.

10. DEFINITIONS. Certain capitalized terms, not defined above, have the meanings set forth below.

10.1 “Access Protocols” will mean the passwords, access codes, technical specifications, connectivity standards or protocols, or other relevant procedures, as may be necessary to allow Company or any Authorized Users to access the CrossLead Module.

10.2 “Authorized User” will mean any individual who is an employee of Company, authorized, by virtue of such individual’s relationship to, or permissions from, Company, to access the CrossLead Module pursuant to Company’s rights under this Agreement.

10.3 “Company Data” will mean the data, media and content provided by Company through the CrossLead Modules or as part of any configuration or implementation services, including, but not limited to, calendar data, Company survey data and recordings or Company employee interviews.

10.4 “CrossLead Module” shall mean features and functions of a specific module of CrossLead Platform ordered by Company through an Order Form and provided by CrossLead by means of access to the CrossLead websites, solely to the extent set forth and further described in, and as limited by, the Order Forms executed by the Parties.

10.5 “Order Form” shall mean a document signed by both Parties identifying a given type of CrossLead Module to be made available by CrossLead pursuant to this Agreement. Each Order Form shall be agreed upon by the Parties as set forth in Section 2.1.

10.6 “Service Limit” shall mean CrossLead’s standard service limitations related to particular CrossLead Module(s) as set forth in CrossLead’s standard policies provided to Company from-time-to-time or as otherwise identified in an Order Form. For example, there are Service Limits on records, storage of Company Data, etc.

10.7 “Technical Assistance” shall mean the provision of responses by CrossLead personnel to questions from Eligible Support Recipients related to use of the CrossLead Module, including basic instruction or tutorial assistance regarding the features and functions of the CrossLead Module.

11. GENERAL.

11.1 Non-Competition. Notwithstanding anything in this Agreement to the contrary, (a) in no event shall CrossLead be restricted from providing services that are competitive with, or similar to, the services, for any third party; and (b) for the avoidance of doubt, CrossLead shall be free to use the general knowledge, skills and experience of its personnel, and any ideas, concepts, know-how, and techniques and other intellectual property rights that are acquired or used pursuant to this Agreement; in each case provided that CrossLead does not use any Confidential Information of the Company in breach of the terms of this Agreement.

11.2 Assignment. Neither Party may assign or otherwise transfer this Agreement or any of its rights and obligations hereunder without the prior written consent of the other Party; provided, however, that either Party may assign or otherwise transfer this Agreement, upon notice to the other Party but without the other Party’s consent, (i) to an affiliate, or (ii) to an entity that purchases all or substantially all of such Party’s business or assets to which this Agreement relates; further provided that the assignee or transferee is capable of fulfilling the obligations of the assigning or transferring Party under this Agreement. Any purported assignment or transfer in contravention of this Section 11.2 shall be null and void.

11.3 Contractor Relationship. CrossLead and its employees and agents shall perform the services under this Agreement as independent contractors. Nothing in this Agreement is intended or shall be construed to create a partnership, joint venture, or employer-employee relationship between Company and CrossLead or any of its employees or agents.

11.4 Subcontractor. CrossLead may perform all or any part of the services using one or more consultants or subcontractors, provided that CrossLead shall remain responsible for the performance of the services in accordance with the terms of this Agreement.

11.5 Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware without giving effect to the principles of conflict of law.

11.6 Severability. If any provision in this Agreement is found by a court of competent jurisdiction to be invalid or unenforceable to any extent, such finding shall not affect the other provisions of this Agreement and the invalid or unenforceable provision shall be deemed modified so that it is valid and enforceable to the maximum extent permitted by applicable law.

11.7 Complete Agreement. This Agreement, together with all Order Forms and Statements of Work attached hereto, represents the entire agreement between Company and CrossLead with respect to matters covered herein and supersedes all previous representations, proposals, or agreements, whether written or oral. To the extent there is a conflict between this Agreement and any Order Form or Statement of Work, the terms of this Agreement shall control unless the Order Form or Statement of Work expressly states the Parties’ intent to modify the terms of this Agreement with respect to that Order Form or Statement of Work.

11.8 U.S. Government End-Users. The software components that constitute the CrossLead Module are “commercial items” as that term is defined at 48 C.F.R. 2.101, consisting of “commercial computer software” and “commercial computer software documentation” as such terms are used in 48 C.F.R. 12.212. Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4, all U.S. Government end users acquire the CrossLead Module and the Documentation with only those rights set forth therein.

11.9 Force Majeure. Except with respect to Company’s payment obligations and each Party’s obligations under Section 8 (Confidentiality), neither Party shall be liable for failure to perform obligations under this Agreement if the failure results from an act of God, the act of a national, federal, state or local government authority, fire, explosion, accident, industrial dispute, or any other catastrophic or other similar event beyond such Party’s reasonable control (collectively, “Force Majeure”). If CrossLead is affected by an event of Force Majeure, upon giving prompt notice to Company, CrossLead shall be excused from performance hereunder on a day to day basis to the extent of the prevention, restriction or interference resulting from such Force Majeure.

11.10 Conflict Resolution. Except where injunctive relief is sought for breach of Section 2.4 (Ownership) or Section 8 (Confidentiality) or in order to comply with deadlines under applicable law, neither Party shall commence a legal action or proceedings with respect to any dispute, controversy, or claim arising out of or relating to this Agreement (including any Order Form or Statement of Work) unless and until, after applicable notice and opportunity to cure, senior executives for both Parties have met and discussed the matter in order to consider informal and amicable means of resolution and either such meeting failed to occur within fifteen (15) business days after receipt of written request therefor or the meeting did not produce a mutually satisfactory resolution of the matter.

11.11 Injunctive Relief. If either Party seeks injunctive relief for breach of Section 2.4 (Ownership) or Section 8 (Confidentiality), such Party may seek temporary and/or permanent injunctive relief without the necessity of proving actual damages or posting a bond.

11.12 Notices. Any notice required to be given by either Party under this Agreement shall be in writing and either (a) sent to the mailing address of the other Party as set forth on the applicable Order Form or Statement of Work (or such other address as such Party may specify in a notice to the other Party pursuant to this Section 11.12), or (b) sent by electronic mail to the electronic mail address associated with the Company’s license if to Company, or to legal@crosslead.com if to CrossLead. If delivered to a mailing address, such notice shall be deemed to have been given upon (i) actual receipt, (ii) the expiration of the fifth business day after being deposited in the United States mails, postage prepaid, or (iii) the next business day following deposit with an internationally recognized overnight delivery service (e.g., Federal Express). If delivered by electronic mail, any such notice shall be considered to have been given on the delivery date and at the time reflected by the time stamp.

11.13 No Waiver. No waiver or modification of any right or remedy under this Agreement or of any provision hereof shall be effective unless it is stated in writing and signed by the Parties and no effective waiver of any right, remedy or provision of this Agreement shall be deemed a waiver of any other, whether of a like or different character.

11.14 Interpretation. Captions included in this Agreement are for convenience only and are not to be used for purposes of interpretation of this Agreement. The Parties agree that this Agreement shall be fairly interpreted in accordance with its terms without any strict construction in favor of or against either Party, and that ambiguities shall not be interpreted against the drafting Party. The words “including” and “includes” when used herein, shall be deemed in each case to be followed by the words “without limitation”; and the words “hereof,” “herein,” and “hereunder” and words of similar import when used in this Agreement shall refer to this Agreement as a whole and not to any particular provision of this Agreement. Whenever the context may require, the singular form of nouns and pronouns shall include the plural, and vice versa.

Annex 1

Subject Matter and Details of the Data Processing

Subject Matter - CrossLead’s provision of the Services to Company.

Duration of the Processing - From commencement of the Term until deletion of all Personal Data by CrossLead in accordance with the Agreement.

Nature and Purpose of the Processing - CrossLead will process Personal Data for the purposes of providing the Services to Company in accordance with the Agreement.

Categories of Personal Data - Personal Data relating to the data subjects provided to CrossLead in connection with the Services, by Company as described in more detail in the Agreement.

Data Subjects - Data subjects include the users about whom CrossLead Processes data in connection with the Services as described in more detail in the Agreement.

Annex 2

Security Measures

As from the Addendum Effective Date, CrossLead will implement and maintain the Security Measures set out in this Annex 2.

1. Organizational management and dedicated staff responsible for the development, implementation and maintenance of CrossLead’s information security program.

2. Audit and risk assessment procedures for the purposes of periodic review and assessment of risks to CrossLead’s organisation, monitoring and maintaining compliance with CrossLead’s policies and procedures, and reporting the condition of its information security and compliance to internal senior management.

3. Data security controls which include at a minimum, but may not be limited to, logical segregation of data, restricted access and monitoring, and utilization of commercially available and industry standard encryption technologies for Personal Data that is:

a. transmitted over public networks (i.e. the Internet) or when transmitted wirelessly; or

b. at rest or stored on portable or removable media (i.e. laptop computers, CD/DVD, USB drives, back-up tapes).

4. Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g. granting access on a need-to-know basis, use of unique IDs and passwords for all users, periodic review and revoking/changing access when employment terminates or changes in job functions occur).

5. Password controls designed to manage and control password strength, expiration and usage including prohibiting users from sharing passwords and requiring that CrossLead passwords that are assigned to its employees: (i) be at least eight (8) characters in length, (ii) not be stored in readable format on CrossLead’s computer systems; (iii) must be changed every four (4) months; and must have defined complexity.

6. Physical and environmental security of data center, server room facilities and other areas containing Personal Data designed to: (i) protect information assets from unauthorized physical access, (ii) manage, monitor and log movement of persons into and out of CrossLead facilities, and (iii) guard against environmental hazards such as heat, fire and water damage.

7. Change management procedures and tracking mechanisms designed to test, approve and monitor all changes to CrossLead’s technology and information assets.

8. Incident / problem management procedures design to allow CrossLead to investigate, respond to, mitigate and notify of events related to CrossLead’s technology and information assets.

9. Network security controls that provide for the use of enterprise firewalls, and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.

10. Vulnerability assessment and threat protection technologies and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.

11. Business resiliency/continuity and disaster recovery procedures designed to maintain service and/or recovery from foreseeable emergency situations or disasters.

CrossLead may update or modify such Security Measures from time to time provided that such updates and modifications do not materially decrease the overall security of the Services.

Annex 3

Model Contract Clauses

STANDARD CONTRACTUAL CLAUSES (PROCESSORS)

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.

Name of the data exporting organization: The legal entity defined as data exporter in the Data Protection Addendum entered into between the parties.

(the data exporter)

And

Name of the data importing organization: CrossLead, Inc.

Address: 1445 New York Avenue, NW, First Floor, Washington, DC 20005

(the data importer)

each a “party”; together “the parties”.

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

1. Definitions

For the purposes of the Clauses:

'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

'the data exporter' means the controller who transfers the personal data;

'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

'technical and organizational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

2. Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

3. Third-party beneficiary clause

3.1 The data subject can enforce against the data exporter this Clause, Clauses 4(b) to (i), Clauses 5(a) to (e), and (g) to (j), Clauses 6.1 and 6.2, Clause 7, Clause 8.2, and Clauses 9 to 12 as third-party beneficiary.

3.2 The data subject can enforce against the data importer this Clause, Clauses 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8.2, and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

3.3 The data subject can enforce against the subprocessor this Clause, Clauses 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8.2, and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.

3.4 The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

4. Obligations of the data exporter

The data exporter agrees and warrants:

(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;

(c) that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures specified in Appendix 2;

(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

(e) that it will ensure compliance with the security measures;

(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8.3 to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

(j) that it will ensure compliance with Clauses 4(a) to (i).

5. Obligations of the data importer

The data importer agrees and warrants:

(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c) that it has implemented the technical and organizational security measures specified in Appendix 2 before processing the personal data transferred;

(d) that it will promptly notify the data exporter about:

(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,

(ii) any accidental or unauthorized access, and

(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;

(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;

(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;

(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;

(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.

6. Liability

6.1 The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.

6.2 If a data subject is not able to bring a claim for compensation in accordance with Clause 6.1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.

6.3 The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.

6.4 If a data subject is not able to bring a claim against the data exporter or the data importer referred to in Clauses 6.1 and 6.2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.

7. Mediation and jurisdiction

7.1 The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

(b) to refer the dispute to the courts in the Member State in which the data exporter is established.

7.2 The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

8. Cooperation with supervisory authorities

8.1 The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

8.2 The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

8.3 The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer or any subprocessor, pursuant to Clause 8.2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).

9. Governing Law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

10. Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

11. Subprocessing

11.1 The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfill its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.

11.2 The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in Clause 6.1 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.

11.3 The provisions relating to data protection aspects for subprocessing of the contract referred to in Clause 11.1 shall be governed by the law of the Member State in which the data exporter is established.

11.4 The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.

12. Obligation after the termination of personal data processing services

12.1 The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

12.2 The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in Clause 12.1.

Appendix 1 to the Standard Contractual Clauses

Annex 1 of the Data Protection Addendum to which these Standard Contractual Clauses are attached is hereby incorporated by reference.

Appendix 2 to the Standard Contractual Clauses

Annex 2 of the Data Protection Addendum to which these Standard Contractual Clauses are attached is hereby incorporated by reference.

Data Protection Addendum


This Data Protection Addendum, including its appendices, (the “Addendum”) is entered into by Company and CrossLead. The Addendum, supplements and forms part of the Agreement and shall apply to the processing of Personal Data (as defined below) to the extent that European Data Protection Legislation applies to such processing. Capitalized terms used but not defined herein shall have the meaning given to them in the Agreement.

1. Definitions

For purposes of this Addendum, the terms below shall have the meanings set forth below. Capitalized terms that are used but not otherwise defined in this Addendum shall have the meanings given in the Agreement.

1.1 “Addendum Effective Date” means the date on which the parties agreed to this Addendum.

1.2 “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity, where “control” refers to the power to direct or cause the direction of the subject entity, whether through ownership of voting securities, by contract or otherwise.

1.3 “EEA” means the European Economic Area.

1.4 “EU” means the European Union.

1.5 “European Data Protection Legislation” means the GDPR and other data protection laws of the EU, its Member States, Switzerland, Iceland, Liechtenstein, Norway and the United Kingdom, in each case, applicable to the processing of Personal Data under the Agreement.

1.6 “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

1.7 “Information Security Incident” means a breach of CrossLead’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data in CrossLead’s possession, custody or control. “Information Security Incidents” do not include unsuccessful attempts or activities that do not compromise the security of Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, or other network attacks on firewalls or networked systems.

1.8 “Model Contract Clauses” means the standard data protection clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR and set forth in Annex 3.

1.9 “Personal Data” means the personal data as defined in GDPR that (a) Company makes available to CrossLead for the purpose of providing the Services and (b) is described in Annex 1-A.

1.10 “Security Documentation” means Annex 2 describing the Security Measures and any other documents and information made available by CrossLead under Section 5.4 (Reviews and Audits of Compliance).

1.11 “Security Measures” has the meaning given in Section 5.1.1 (CrossLead’s Security Measures).

1.12 “Subprocessors” means third parties authorized under this Addendum to process Personal Data in relation to the Services.

1.13 “Term” means the period from the Addendum Effective Date until the end of CrossLead’s provision of the Services.

1.14 “Third Party Subprocessors” has the meaning given in Section 9 (Subprocessors).

1.15 “Transfer Solution” means the Model Contract Clauses or another solution that enables the lawful transfer of personal data to a third country in accordance with Article 45 or 46 of the GDPR.

1.16 The terms “data subject”, “processing”, “controller”, “processor” and “supervisory authority” as used in this Addendum have the meanings given in the GDPR, and the terms “data importer” and “data exporter” have the meanings given in the Model Contract Clauses.

2. Duration of Addendum

This Addendum will take effect on the Addendum Effective Date and, notwithstanding the expiration of the Term, will remain in effect until, and automatically expire upon, CrossLead’s deletion of all Personal Data.

3. Processing of Data

3.1 Roles and Regulatory Compliance; Authorization.

(a) Processor and Controller Responsibilities. The parties acknowledge and agree that:

(i) the subject matter and details of the processing are described in Annex 1;

(ii) CrossLead is a processor of that Personal Data under European Data Protection Legislation;

(iii) Company is a controller of that Personal Data under European Data Protection Legislation; and

(iv) each party will comply with the obligations applicable to it in such role under the European Data Protection Legislation with respect to the processing of that Personal Data.

(b) Company Responsibilities. Company represents and warrants that (a) Company has established or ensured that another party has established a legal basis for CrossLead’s processing of Personal Data contemplated by this Addendum; (b) all notices have been given to, and obtained consents and rights have been obtained from, the relevant data subjects and any other party as may be required under applicable law (including European Data Protection Legislation) for such processing; and (c) Personal Data does not and will not contain special categories of data as described in Article 9(1) of GDPR.

3.2 Scope of Processing.

(a) Company’s Instructions. By entering into this Addendum, Company instructs CrossLead to process Personal Data (a) to provide the Services; (b) as authorized by the Agreement, including this Addendum; and (c) as further documented in any other written instructions given by Company and acknowledged in writing by CrossLead as constituting instructions for purposes of this Addendum.

(b) CrossLead’s Compliance with Instructions. CrossLead will only process Personal Data in accordance with Company’s instructions described in Section 3.2.1 unless European Data Protection Legislation requires otherwise, in which case CrossLead will notify Company (unless that law prohibits CrossLead from doing so on important grounds of public interest).

4. Data Deletion

4.1 Deletion on Termination. On expiry of the Term, Company instructs CrossLead to delete all Personal Data from CrossLead’s systems as soon as reasonably practicable, unless applicable law requires otherwise and further retention of such Personal Data is permitted under applicable European Data Protection Legislation.

5. Data Security

5.1 CrossLead Security Measures, Controls and Assistance.

(a) CrossLead Security Measures. CrossLead will implement and maintain technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data as described in Annex 2 (the “Security Measures”).

(b) Security Compliance by CrossLead Staff. CrossLead will grant access to Personal Data only to employees, contractors and Subprocessors who need such access for the scope of their performance, and are subject to appropriate confidentiality arrangements.

(c) CrossLead Security Assistance. CrossLead will (taking into account the nature of the processing of Personal Data and the information available to CrossLead) provide Company with reasonable assistance necessary for Company to comply with its obligations in respect of Personal Data under European Data Protection Legislation, including Articles 32 to 34 (inclusive) of the GDPR, by:

(i) implementing and maintaining the Security Measures in accordance with Section 5.1.1 (CrossLead’s Security Measures);

(ii) complying with the terms of Section 5.2 (Information Security Incidents); and

(iii) providing Company with the Security Documentation.

5.2 Information Security Incidents

(a) Information Security Incident Notification. If CrossLead becomes aware of an Information Security Incident, CrossLead will: (a) notify Company of the Information Security Incident without undue delay after becoming aware of the Information Security Incident; and (b) take reasonable steps to identify the cause of such Information Security Incident, minimize harm and prevent a recurrence.

(b) Details of Information Security Incident. Notifications made pursuant to this Section 5.2 (Information Security Incidents) will describe, to the extent possible, details of the Information Security Incident, including steps taken to mitigate the potential risks and steps CrossLead recommends Company take to address the Information Security Incident.

(c) No Acknowledgement of Fault by CrossLead. CrossLead’s notification of or response to an Information Security Incident under this Section 5.2 (Information Security Incidents) will not be construed as an acknowledgement by CrossLead of any fault or liability with respect to the Information Security Incident.

5.3 Company’s Security Responsibilities and Assessment.

(a) Company’s Security Responsibilities. Company agrees that, without limitation of CrossLead’s obligations under Section 5.1 (CrossLead’s Security Measures, Controls and Assistance) and Section 5.2 (Information Security Incidents):

(i) Company is solely responsible for its use of the Services, including:

(1) making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of the Personal Data;

(2) securing the account authentication credentials, systems and devices Company uses to access the Services;

(3) securing Company’s systems and devices that CrossLead uses to provide the Services; and

(4) backing up its Personal Data; and

(ii) CrossLead has no obligation to protect Personal Data that Company elects to store or transfer outside of CrossLead’s and its Subprocessors’ systems.

(b) Company’s Security Assessment.

(i) Company is solely responsible for reviewing the Security Documentation and evaluating for itself whether the Services, the Security Measures and CrossLead’s commitments under this Section 5 (Data Security) will meet Company’s needs, including with respect to any security obligations of Company under the European Data Protection Legislation.

(ii) Company acknowledges and agrees that (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Personal Data as well as the risks to individuals) the Security Measures implemented and maintained by CrossLead as set out in Section 5.1.1 (CrossLead’s Security Measures) provide a level of security appropriate to the risk in respect of the Personal Data.

5.4 Reviews and Audits of Compliance

(a) Company may audit CrossLead’s compliance with its obligations under this Addendum up to once per year and on such other occasions as may be required by European Data Protection Legislation, including where mandated by Company’s supervisory authority. CrossLead will contribute to such audits by providing Company or Company’s supervisory authority with the information and assistance reasonably necessary to conduct the audit.

(b) If a third party is to conduct the audit, CrossLead may object to the auditor if the auditor is, in CrossLead’s reasonable opinion, not independent, a competitor of CrossLead, or otherwise manifestly unsuitable. Such objection by CrossLead will require Company to appoint another auditor or conduct the audit itself.

(c) To request an audit, Company must submit a detailed proposed audit plan to CrossLead at least two weeks in advance of the proposed audit date and any third party auditor must sign a customary non-disclosure agreement mutually acceptable to the parties (such acceptance not to be unreasonably withheld) providing for the confidential treatment of all information exchanged in connection with the audit and any reports regarding the results or findings thereof. The proposed audit plan must describe the proposed scope, duration, and start date of the audit. CrossLead will review the proposed audit plan and provide Company with any concerns or questions (for example, any request for information that could compromise CrossLead security, privacy, employment or other relevant policies). CrossLead will work cooperatively with Company to agree on a final audit plan. Nothing in this Section 5.4 shall require CrossLead to breach any duties of confidentiality.

(d) If the controls or measures to be assessed in the requested audit are addressed in an SSAE 16/ISAE 3402 Type 2, ISO, NIST or similar audit report performed by a qualified third party auditor within twelve (12) months of Company’s audit request and CrossLead has confirmed there are no known material changes in the controls audited. Company agrees to accept such report in lieu of requesting an audit of such controls or measures.

(e) The audit must be conducted during regular business hours, subject to the agreed final audit plan and CrossLead’s safety, security or other relevant policies, and may not unreasonably interfere with CrossLead business activities.

(f) Company will promptly notify CrossLead of any non-compliance discovered during the course of an audit and provide CrossLead any audit reports generated in connection with any audit under this Section 5.4, unless prohibited by European Data Protection Legislation or otherwise instructed by a supervisory authority. Company may use the audit reports only for the purposes of meeting Company’s regulatory audit requirements and/or confirming compliance with the requirements of this Addendum.

(g) Any audits are at Company’s expense. Company shall reimburse CrossLead for any time expended by CrossLead or its Third Party Subprocessors in connection with any audits or inspections under this Section 5.4 at CrossLead’s then-current professional services rates, which shall be made available to Company upon request. Company will be responsible for any fees charged by any auditor appointed by Company to execute any such audit. Nothing in this Addendum shall be construed to require CrossLead to furnish more information about its Third Party Subprocessors in a connection with such audits than such Third Party Subprocessors make generally available to their customers.

6. Impact Assessments and Consultations

CrossLead will (taking into account the nature of the processing and the information available to CrossLead) reasonably assist Company in complying with its obligations under European Data Protection Legislation in respect of data protection impact assessments and prior consultation, including, if applicable, Company’s obligations pursuant to Articles 35 and 36 of the GDPR, by (a) making available for review copies of the Security Documentation or other documentation describing relevant aspects of CrossLead’s information security program and the security measures applied in connection therewith; and (b) providing the other information contained in the Agreement including this Addendum.

7. Data Subject Rights

7.1 Company’s Responsibility for Requests. During the Term, if CrossLead receives any request from a data subject in relation to the data subject’s Personal Data, CrossLead will advise the data subject to submit their request to Company and Company will be responsible for responding to any such request.

7.2 CrossLead’s Data Subject Request Assistance. CrossLead will (taking into account the nature of the processing of Personal Data) provide Company with self-service functionality through the Services or other reasonable assistance as necessary for Company to perform its obligation under European Data Protection Legislation to respond to requests by data subjects, including if applicable, Company’s obligation to respond to requests for exercising the data subject’s rights set out in Chapter III of the GDPR. Company shall reimburse CrossLead for any such assistance beyond providing self-service features included as part of the Services at CrossLead’s then-current professional services rates, which shall be made available to Company upon request.

8. Data Transfers

8.1 Data Storage and Processing Facilities. CrossLead may, subject to Section 8.2 (Transfers of Data Out of the EEA), store and process Personal Data in the United States or anywhere CrossLead or its Subprocessors maintains facilities.

8.2 Transfers of Data Out of the EEA.

(a) CrossLead’s Transfer Obligations. If Company is established in the EEA and CrossLead’s processing of Personal Data involves transfers of Personal Data out of the EEA to CrossLead in a country not deemed by the European Commission to have adequate data protection, and the European Data Protection Legislation applies to such transfer, such transfer will be governed by the Model Contract Clauses. For the purposes of the Model Contract Clauses, Company and CrossLead agree that (a) Company will act as the data exporter on its own behalf and on behalf of any of its Affiliates established in the EEA which are parties to the Agreement and (b) CrossLead will act as the data importer.

(b) Model Contract Clauses Administration. The parties agree that (a) upon data exporter’s request under the Model Contract Clauses, data importer will provide the copies of the Subprocessor agreements that must be sent by the data importer to the data exporter pursuant to Clause 5(j) of the Standard Contract Clauses, and that data importer may remove or redact all commercial information or clauses unrelated the Model Contract Clauses or their equivalent beforehand; (b) the audits described in Clause 5(f) and Clause 12(2) of the Standard Contract Clauses shall be performed in accordance with Section 5.4 of this Addendum; (c) Company’s authorizations in Section 9.1 will constitute Company’s prior written consent to the subcontracting by CrossLead of the processing of Personal Data if such consent is required under Clause 5(h) of the Model Contract Clauses; and (d) certification of deletion of Personal Data as described in Clause 12(1) of the Model Contract Clauses shall be provided only upon Company’s request.

(c) Company’s Transfer Obligations. Company agrees that CrossLead may elect in its own discretion to use a Transfer Solution other than the Model Contract Clauses and that upon receipt of written notice of such election and the effectiveness of such other Transfer Solution, the Model Contract Clauses entered pursuant to Section 8.2.1 shall automatically terminate and become void. Company will take such action (which may include execution of documents) reasonably required by CrossLead to give full effect to such other Transfer Solution.

9. Subprocessors

9.1 Consent to Subprocessor Engagement. Company specifically authorizes the engagement of CrossLead’s Affiliates as Subprocessors. In addition, Company generally authorizes the engagement of any other third parties as Subprocessors (“Third Party Subprocessors”).

9.2 Information about Subprocessors. CrossLead will provide Company with information about Subprocessors, including their functions and locations, upon Company’s request

9.3 Requirements for Subprocessor Engagement. When engaging any Subprocessor, CrossLead will enter into a written contract with such Subprocessor containing data protection obligations not less protective than those in this Addendum with respect to Personal Data to the extent applicable to the nature of the services provided by such Subprocessor. CrossLead shall be liable for all obligations subcontracted to, and all acts and omissions of, the Subprocessor.

9.4 Opportunity to Object to Subprocessor Changes. When any new Third Party Subprocessor is engaged during the Term, CrossLead will notify Company of the engagement (including the name and location of the relevant Subprocessor and the activities it will perform) by providing an updated list of Subprocessors at www.crosslead.com. If Company objects to such engagement in a written notice to CrossLead within 15 days of being informed thereof on reasonable grounds relating to the protection of Personal Data, Company and CrossLead will work together in good faith to find a mutually acceptable resolution to address such objection. If the parties are unable to reach a mutually acceptable resolution within a reasonable timeframe, Company may, as its sole and exclusive remedy, terminate the Agreement by providing written notice to CrossLead.

10. Notices

Notwithstanding anything to the contrary in the Agreement, any notices required or permitted to be given by CrossLead to Company may be given (a) in accordance with the notice clause of the Agreement; (b) to CrossLead’s primary points of contact with Company; and/or (c) to any email provided by Company for the purpose of providing it with Service-related communications or alerts. Company is solely responsible for ensuring that such email addresses are valid.

11. Effect of These Terms

Except as expressly modified by the Addendum, the terms of the Agreement remain in full force and effect. To the extent of any conflict between this Addendum and the remaining terms of the Agreement, this Addendum will govern.


 

CrossLead Terms of Use

Last updated: May 23,­­­ 2019


This Terms of Use Agreement (the “Terms”) constitutes a legally binding agreement between you, the end-user (either an individual or a single entity) (“you” or “your”) and CrossLead, Inc. (“CrossLead,” “we” or “us”). These Terms govern your access to and use of any services made available to you on the CrossLead platform (collectively, the “Services”), and apply to your use of all Services, unless otherwise specified as applying only to a particular Service. By clicking “I Accept” (or a similar indicia of acceptance, including, with respect to “Enterprise Services” users, executing an “Order Form”) or by accessing or otherwise using the Services, you agree that (a) you have read and understood and agree to be bound by these Terms, (b) you are of legal age to form a binding contract with CrossLead, and (c) you have the authority to enter into the Terms personally or on behalf of the company named as the user (“Company”), and if you are registering as an authorized administrator of the Company (“Authorized Administrator”), to bind Company to the Terms. If you do not agree to be bound by the Terms, you may not access or use the Services. By using the Services, you also acknowledge that you have read and understand our Privacy Policy and Product Privacy Statement.

You may only use the Services if you or the Company has purchased a subscription to the Services (the “Subscription”). If you or the Company subscribe to the Services for a term (the “Initial Term”), then the Terms will be automatically renewed for additional periods of the same duration as the Initial Term at CrossLead’s then-current fee for such services unless you decline to renew the Subscription in accordance with Section 4.4 below. You acknowledge and agree that if the Subscription expires or is terminated, you will be unable to access or use the Services.

Please be aware that Section 9 of the Terms contains provisions governing how claims that you and we have against each other are resolved, including, without limitation, any claims that arose or were asserted prior to the Effective Date of the Terms. In particular, it contains an Arbitration Agreement which will, with limited exceptions, require disputes between us to be submitted to binding and final arbitration. Unless you opt out of the Arbitration Agreement: (1) you will only be permitted to pursue claims and seek relief against us on an individual basis, not as a plaintiff or class member in any class or representative action or proceeding; and (2) you are waiving your right to seek relief in a court of law and to have a jury trial on your claims.

Your use of the Services is also subject to any additional terms, conditions and policies that we separately post on the Services (“Supplemental Terms”) which are incorporated by reference into the Terms. The terms of the Data Protection Addendum at www.crosslead.com (“DPA”) are hereby incorporated by reference and shall apply to the extent User Content includes Personal Data, as defined in the DPA.  If you are an Enterprise Services user, your access to and use of the Services is also subject to the SaaS Agreement and corresponding Order Form (collectively, the “Enterprise Agreement”) entered into between CrossLead and Company. To the extent there is any conflict between the Terms, the Supplemental Terms, the Enterprise Agreement, and the DPA, the order of precedence shall be: (1) the DPA (to the extent applicable), (2) the Supplemental Terms, (3) the Enterprise Agreement, and (4) the Terms.

CrossLead reserves the right to make changes to these Terms at any time by making a revised version of the Terms available on the CrossLead Platform. We may notify you by sending you an e-mail to the last e-mail address you provided to us (if any), and/or by prominently posting notice of the changes on our Services. You are responsible for providing us with your most current e-mail address. In the event that the last e-mail address that you have provided us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the e-mail containing such notice will nonetheless constitute effective notice of the changes described in the notice. Any changes to these Terms will be effective upon the earlier of thirty (30) calendar days following our dispatch of an e-mail notice to you (if applicable) or thirty (30) calendar days following our posting of notice of the changes on our Services. These changes will be effective immediately for new users of our Services. Continued use of our Services following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

1. REGISTRATION

1.1 Account Creation. In order to use the Services, you must register for an account (“Account”) and provide certain information about yourself as prompted by the account registration form, such as your name, company name, and e-mail address. If you are an employee or other authorized user of Company, then the Company’s Authorized Administrator, or another individual designated as the account administrator (“Account Administrator”) of the Company, may have to send you an invitation to register an Account. If you are the Authorized Administrator or the Account Administrator, then you may be assigned different permissions than other users. Regardless of whether you are registering an Account under a Company Account or under an individual Account on behalf of a Company, you represent and warrant that: (a) all required registration information you submit is truthful and accurate; (b) you will maintain the accuracy of such information; and (c) you have all right, title, and authority to submit or otherwise transmit any Company Content, including any confidential or proprietary information or data, whether oral or in writing, that is designated as confidential or would reasonably be understood to be confidential and proprietary (“Confidential Information”) of the Company, to us and/or the Services. You may delete your Account at any time, for any reason, by following the instructions on the Services. We may suspend or terminate your Account in accordance with these Terms.

1.2 Account Responsibilities. You are responsible for maintaining the confidentiality of your Account login information and are fully responsible for all activities that occur under your Account.  You agree to immediately notify us of any unauthorized use, or suspected unauthorized use of your Account, or any other breach of security.  We cannot and will not be liable for any loss or damage arising from your failure to comply with the above requirements.

1.3 Account Limitations. While each Account Administrator can invite other authorized individuals of Company to register an Account, CrossLead may charge the Company for each additional authorized user who registers an Account. Accounts may not be shared, transferred, or used by more than one of user at a time. CrossLead reserves the right to impose restrictions on the number of authorized users under a Company Account.

2. ACCESS AND USE OF SERVICES.

2.1 Access Rights. Subject to your acceptance of the Terms, and to any other restrictions that may be set forth on an Order Form, you will be permitted to access the features and functions of the Services, which includes CrossLead’s proprietary software applications for the creation of CrossLead reports, insights, and visualizations, and any other features and functionalities provided through the Services. You may access and make use the Services solely during the term of these Terms and in accordance with the provisions of these Terms.  Access to the Services will allow you to create and view unique reports, insights, and visualizations of User Content, but you will not be able to use them outside of the Services or export them from the Services.  However, you will be able to print the reports, insights, and visualizations that you have created.

2.2 Usage Restrictions. The rights granted to you in these Terms are subject to the following restrictions: (a) you will not license, sell, rent, lease, transfer, assign, distribute, host, or otherwise commercially exploit the Services, whether in whole or in part, or any content displayed on the Services; (b) except to the extent permitted by applicable law, you shall not modify, make derivative works of, disassemble, reverse compile or reverse engineer any part of the Services; (c) you shall not access the Services in order to build a similar or competitive web product, or service; and (d) except as expressly stated herein, no part of the Services may be copied, reproduced, distributed, republished, downloaded, displayed, posted or transmitted in any form or by any means.  Unless otherwise indicated, any future release, update, or other addition to functionality of the Services shall be subject to these Terms.

2.3 Ownership. Subject to the rights granted in the Terms, CrossLead retains all right, title and interest in and to the Services and Insights, and you acknowledge that you neither own nor acquire any additional rights in and to the foregoing not expressly granted by the Terms or any licenses to the software used to provide the Services. You further acknowledge that CrossLead retains the right to use the foregoing for any purpose in CrossLead’s sole discretion.

2.4 Consulting. Company will be able to order certain consulting services related to its use of the Services pursuant to a written statement of work executed by the parties (each, a “Statement of Work” and such services, the “Consulting Services”). Such Statement of Work shall set out a description of the applicable Consulting Services. Any such additional terms shall apply only to the Consulting Services and shall not affect the terms of this Agreement, or any terms governing Company’s use of the Services. Each Statement of Work shall be incorporated in this Agreement by reference.

3. USER CONTENT.

3.1 User Content. “User Content” means any and all information and content that a user submits to, or uses with, the Services. You are solely responsible for your User Content. You assume all risks associated with use of your User Content, including any reliance on its accuracy, completeness or usefulness by others, or any disclosure of your User Content that personally identifies you or any third party. You hereby represent and warrant that your User Content does not violate our Acceptable Use Policy (defined in Section 3.3). You may not represent or imply to others that your User Content is in any way provided, sponsored or endorsed by us. Because you alone are responsible for your User Content, you may expose yourself to liability if, for example, your User Content violates the Acceptable Use Policy. We are not obligated to backup any User Content, and your User Content may be deleted at any time without prior notice.

3.2 License. CrossLead does not claim ownership of User Content. However, when you post or publish User Content on the Services, you hereby grant (and you represent and warrant that you have the right to grant) to us a royalty-free, fully paid, perpetual, irrevocable worldwide, non-exclusive and fully sublicensable right (including any moral rights) and license to use, distribute, reproduce, modify, adapt, publicly perform, and publicly display your User Content for the purposes of operating and providing the Services to you and other users.  You, on behalf of yourself and your associated Company (as applicable), further grant CrossLead the right to use the User Data to create an anonymous profile and derivative insights based on the Company Data, aggregated with other anonymous profiles (the “Insights”) that it may use as part of the Services for you and other customers of CrossLead in anonymous and aggregated form; provided, however, that such Insights do not disclose any of your or the Company’s Confidential Information or disclose your or the Company’s identity.

3.3 Acceptable Use Policy. As a condition of use, you agree not to use the Services for any purpose that is prohibited by the Terms or by applicable law. You shall not (and shall not permit any third party) either (a) take any action or (b) make available any content on or through the Services that: (i) infringes any patent, trademark, trade secret, copyright, right of publicity or other right of any person or entity; (ii) is unlawful, threatening, abusive, harassing, defamatory, libelous, deceptive, fraudulent, invasive of another’s privacy, tortious, obscene, offensive, or profane; (iii) constitutes unauthorized or unsolicited advertising, junk or bulk e-mail; (iv) involves commercial activities and/or sales without CrossLead’s prior written consent, such as contests, sweepstakes, barter, advertising, or pyramid schemes; (v) impersonates any person or entity, including any employee or representative of CrossLead; (vi) interferes with or attempt to interfere with the proper functioning of the Services or uses the Services in any way not expressly permitted by the Terms; (vii) attempts to engage in or engage in, any potentially harmful acts that are directed against the Services, including but not limited to violating or attempting to violate any security features of the Services, using manual or automated software or other means to access, “scrape,” “crawl” or “spider” any pages contained in Services, introducing viruses, worms, or similar harmful code into Services, or interfering or attempting to interfere with use of Services by any other user, host or network, including by means of overloading, “flooding,” “spamming,” “mail bombing,” or “crashing” the Services; or (viii) constitutes any of the following (collectively, “Sensitive Personal Information”): (a) credit, debit or other payment card data subject to the Payment Card Industry Data Security Standards (“PCI DSS”); (b) patient, medical or other protected health information regulated by the Health Insurance Portability and Accountability Act (“HIPAA”); (c) any information deemed to be “special categories of data” as such term is defined in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation); or (d) any other personal information subject to regulation under the Children’s Online Privacy Protection Act. You acknowledge that CrossLead is not a Business Associate or subcontractor (as those terms are defined in HIPAA) or a payment card processor and that that Services are neither HIPAA nor PCI DSS compliant. CrossLead shall have no liability for Sensitive Personal Information, notwithstanding anything to the contrary herein.

3.4 Feedback. You agree that submission of any ideas, suggestions, documents, and/or proposals to CrossLead through its suggestion, feedback, wiki, forum or similar pages (“Feedback”) is at your own risk and that CrossLead has no obligations (including without limitation obligations of confidentiality) with respect to such Feedback. You represent and warrant that you have all rights necessary to submit the Feedback.  You hereby grant to CrossLead a fully paid, royalty-free, perpetual, irrevocable, worldwide, non-exclusive, and fully sublicensable right and license to use, reproduce, perform, display, distribute, adapt, modify, re-format, create derivative works of, and otherwise commercially or non-commercially exploit in any manner, any and all Feedback, and to sublicense the foregoing rights, in connection with the operation and maintenance of the Services and/or CrossLead’s business.

3.5 Use of Name. You agree that CrossLead may use Company’s name and logo in CrossLead’s marketing materials or communications for the sole purpose of indicating Company as a user of the Services. Neither party will issue a press release announcing its relationship with the other party without the other party’s approval, not to be unreasonably withheld or delayed. Subject to the terms and conditions of this Agreement, Company hereby grants to CrossLead a non-exclusive and limited license to use and publicly display Company’s name and logo as set forth in this subsection.

3.6 Satisfaction Surveys. From time to time, CrossLead may ask Company's end-users to provide feedback regarding their level of satisfaction with the Services via emails and/or electronic surveys. Company hereby grants CrossLead the right to send such emails and surveys provided that CrossLead does not disclose Company's end-users as participants in the surveys without Company's written consent.

4. FEES AND PURCHASE TERMS.

4.1 Free Trial. CrossLead may provide a free trial when Company first signs up to access certain of the Services. This free trial will not have any limit on the number of authorized users, nor will it require the submission of Payment Provider information. At the end of the trial period, Company’s access to the Services will terminate unless Company purchases a Subscription to such Services. Upon purchase of a Subscription, CrossLead will begin billing Company the applicable Subscription Fees in accordance with the payment terms set forth in this Section 4.

4.2 Payment. Company agrees to pay all fees or charges for the Services in accordance with the fees, charges and billing terms in effect at the time a fee or charge is due and payable. Payments for “Enterprise Services” are due and payable in accordance with terms set forth in the Enterprise Agreement. With respect to the “Digital Capture Services”, Company must provide CrossLead with a valid credit card (Visa, MasterCard, or any other issuer accepted by us) (“Payment Provider”) as a condition to signing up for a “Digital Capture” Subscription.  Company’s Payment Provider agreement governs Company’s use of the designated credit card, and Company must refer to that agreement and not the Terms to determine its rights and liabilities.  By providing CrossLead with a credit card number and associated payment information, Company agrees that CrossLead is authorized to immediately invoice Company for all fees and charges due and payable to CrossLead hereunder and that no additional notice or consent is required.  Company agrees to immediately notify CrossLead of any change in your billing address or the credit card used for payment hereunder. CrossLead reserves the right at any time to change its prices and billing methods, either immediately upon posting on CrossLead Properties or by e-mail notification.

4.3 Fees. Company will be responsible for payment of the applicable fees for the applicable Subscriptions (each, a “Subscription Fee”) or other Services (“Fees”). If Company has not paid its Subscription Fees or Fees, then you may not have access to certain features or functions of the Services and/or your Account may be terminated or suspended. Except as set forth in the Terms, all fees for the Services are non-refundable.  No contract will exist between Company and CrossLead for the Services until CrossLead accepts Company’s order by a confirmatory e-mail, execution of an Enterprise Agreement, or other appropriate means of confirmation.

4.4 Taxes. The payments required under Section 4.2 of these Terms do not include any taxes or any credit card processing fees that may be due in connection with the Subscription provided under these Terms. Company will be responsible for the payment of such taxes or credit card processing fees that may be incurred in connection with the Subscription.

4.5 Automatic Renewal. Except as otherwise set forth on an Order Form, as applicable, your access to the Services will continue so long as your Company’s Subscription remains active. After the initial subscription period, and again after any subsequent subscription period, Company’s Subscription will automatically commence on the first day following the end of such period (each, a “Renewal Commencement Date”) and continue for an additional equivalent period, at CrossLead’s then-current price for such subscription.  Company agrees that its Account will be subject to this automatic renewal feature unless Company cancels its subscription at least thirty (30) days prior to the Renewal Commencement Date (or in the event that you receive a notice from CrossLead that your subscription will be automatically renewed, you will have thirty days from the date of the CrossLead notice), by contacting CrossLead at legal@crosslead.com.  If Company wants to change or terminate its Subscription, please contact CrossLead at legal@crosslead.com.  If Company cancels such Subscription, you may use the Subscription until the end of Company’s then-current subscription term; the Subscription will not be renewed after Company’s then-current term expires.  However, Company will not be eligible for a prorated refund of any portion of the subscription fee paid for the then-current subscription period.  By subscribing, Company authorizes CrossLead to charge its Payment Provider now, and again at the beginning of any subsequent subscription period.  Upon renewal of the Subscription, if CrossLead does not receive payment from Company’s Payment Provider, (a) Company agrees to pay all amounts due on its Account upon demand and/or (b) Company agrees that CrossLead may either terminate or suspend its subscription and continue to attempt to charge its Payment Provider until payment is received (upon receipt of payment, Company’s Account will be activated and for purposes of automatic renewal, the new subscription commitment period will begin as of the day payment was received).

4.6 Third Party Provider. CrossLead uses Stripe, Inc. as the third party service provider for payment services (e.g., card acceptance, merchant settlement, and related services). By using the Services, Company agrees to be bound by Stripe’s Privacy Policy, available at https://stripe.com/us/privacy and hereby consents and authorizes Stripe to share any information and payment instructions Company provides to the minimum extent required to complete your transactions.

5. INDEMNIFICATION. You agree to indemnify and hold CrossLead, its parents, subsidiaries, affiliates, officers, employees, agents, partners, suppliers, and licensors (each, a “CrossLead Party” and collectively, the “CrossLead Parties”) harmless from any losses, costs, liabilities and expenses (including reasonable attorneys’ fees) relating to or arising out of any and all of the following: (a) User Content; (b) your use of, or inability to use, the Services; (c) your violation of the Terms; (d) your violation of any rights of another party; or (e) your violation of any applicable laws, rules or regulations. CrossLead reserves the right, at its own cost, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you, in which event you will fully cooperate with CrossLead in asserting any available defenses. This provision does not require you to indemnify any of the CrossLead Parties for any unconscionable commercial practice by such party or for such party’s fraud, deception, false promise, misrepresentation or concealment, suppression or omission of any material fact in connection with the Services provided hereunder. You agree that the provisions in this section will survive any termination of your Account, the Terms and/or your access to the Services.

6. DISCLAIMER OF WARRANTIES AND CONDITIONS.

6.1 As Is. YOU EXPRESSLY UNDERSTAND AND AGREE THAT TO THE EXTENT PERMITTED BY APPLICABLE LAW, YOUR USE OF THE SERVICES IS AT YOUR SOLE RISK, AND THE SERVICES IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITH ALL FAULTS. CROSSLEAD PARTIES EXPRESSLY DISCLAIM ALL WARRANTIES, REPRESENTATIONS, AND CONDITIONS OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT ARISING FROM USE OF THE SERVICES.

(a) CROSSLEAD PARTIES MAKE NO WARRANTY, REPRESENTATION OR CONDITION THAT: (1) THE SERVICES WILL MEET YOUR REQUIREMENTS; (2) YOUR USE OF THE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE OR ERROR-FREE; OR (3) THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES WILL BE ACCURATE OR RELIABLE.

(b) ANY CONTENT DOWNLOADED FROM OR OTHERWISE ACCESSED THROUGH THE SERVICES IS ACCESSED AT YOUR OWN RISK, AND YOU SHALL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR PROPERTY, INCLUDING, BUT NOT LIMITED TO, YOUR COMPUTER SYSTEM AND ANY DEVICE YOU USE TO ACCESS THE SERVICES, OR ANY OTHER LOSS THAT RESULTS FROM ACCESSING SUCH CONTENT.

(c) THE SERVICES MAY BE SUBJECT TO DELAYS, CANCELLATIONS AND OTHER DISRUPTIONS. CROSSLEAD MAKES NO WARRANTY, REPRESENTATION OR CONDITION WITH RESPECT TO THE SERVICES, INCLUDING BUT NOT LIMITED TO, THE QUALITY, EFFECTIVENESS, REPUTATION AND OTHER CHARACTERISTICS OF THE SERVICES.

(d) NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM CROSSLEAD OR THROUGH THE SERVICES WILL CREATE ANY WARRANTY NOT EXPRESSLY MADE HEREIN.

(e) FROM TIME TO TIME, CROSSLEAD MAY OFFER NEW “BETA” FEATURES OR TOOLS WITH WHICH ITS USERS MAY EXPERIMENT. SUCH FEATURES OR TOOLS ARE OFFERED SOLELY FOR EXPERIMENTAL PURPOSES AND WITHOUT ANY WARRANTY OF ANY KIND, AND MAY BE MODIFIED OR DISCONTINUED AT CROSSLEAD’S SOLE DISCRETION.  THE PROVISIONS OF THIS SECTION APPLY WITH FULL FORCE TO SUCH FEATURES OR TOOLS.

6.2 No Liability for Conduct of Third Parties. YOU ACKNOWLEDGE AND AGREE THAT CROSSLEAD PARTIES ARE NOT LIABLE, AND YOU AGREE NOT TO SEEK TO HOLD CROSSLEAD PARTIES LIABLE, FOR THE CONDUCT OF THIRD PARTIES, INCLUDING OPERATORS OF EXTERNAL SITES, AND THAT THE RISK OF INJURY FROM SUCH THIRD PARTIES RESTS ENTIRELY WITH YOU.

7. LIMITATION OF LIABILITY.

7.1 Disclaimer of Certain Damages. YOU UNDERSTAND AND AGREE THAT IN NO EVENT SHALL CROSSLEAD PARTIES BE LIABLE FOR ANY LOSS OF PROFITS, REVENUE OR DATA, INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES, OR DAMAGES OR COSTS DUE TO LOSS OF PRODUCTION OR USE, BUSINESS INTERRUPTION, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, IN EACH CASE WHETHER OR NOT CROSSLEAD HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, ARISING OUT OF OR IN CONNECTION WITH THE TERMS, ON ANY THEORY OF LIABILITY, RESULTING FROM: (1) THE USE OR INABILITY TO USE THE SERVICES; (2) THE COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES RESULTING FROM ANY GOODS, DATA, INFORMATION OR SERVICES PURCHASED OR OBTAINED OR MESSAGES RECEIVED FOR TRANSACTIONS ENTERED INTO THROUGH THE SERVICES; (3) UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS OR DATA; (4) STATEMENTS OR CONDUCT OF ANY THIRD PARTY ON THE SERVICES; OR (5) ANY OTHER MATTER RELATED TO THE SERVICES, WHETHER BASED ON WARRANTY, COPYRIGHT, CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR ANY OTHER LEGAL THEORY.  THE FOREGOING CAP ON LIABILITY SHALL NOT APPLY TO LIABILITY OF A CROSSLEAD PARTY FOR (A) DEATH OR PERSONAL INJURY CAUSED BY A CROSSLEAD PARTY’S NEGLIGENCE; OR FOR (B) ANY INJURY CAUSED BY A CROSSLEAD PARTY’S FRAUD OR FRAUDULENT MISREPRESENTATION.

7.2 Cap on Liability. UNDER NO CIRCUMSTANCES WILL CROSSLEAD PARTIES BE LIABLE TO YOU FOR MORE THAN THE GREATER OF (A) THE TOTAL AMOUNT PAID TO CROSSLEAD BY YOU DURING THE ONE-MONTH PERIOD PRIOR TO THE ACT, OMISSION OR OCCURRENCE GIVING RISE TO SUCH LIABILITY AND (B) THE REMEDY OR PENALTY IMPOSED BY THE STATUTE UNDER WHICH SUCH CLAIM ARISES. THE FOREGOING CAP ON LIABILITY SHALL NOT APPLY TO LIABILITY OF A CROSSLEAD PARTY FOR (A) DEATH OR PERSONAL INJURY CAUSED BY A CROSSLEAD PARTY’S NEGLIGENCE; OR FOR (B) ANY INJURY CAUSED BY A CROSSLEAD PARTY’S FRAUD OR FRAUDULENT MISREPRESENTATION.

7.3 User Content. CROSSLEAD ASSUMES NO RESPONSIBILITY FOR THE TIMELINESS, DELETION, MIS-DELIVERY OR FAILURE TO STORE ANY CONTENT (INCLUDING, BUT NOT LIMITED TO, USER CONTENT), USER COMMUNICATIONS OR PERSONALIZATION SETTINGS UNLESS WE ARE REQUIRED TO BY LAW.

7.4 Basis of the Bargain. THE LIMITATIONS OF DAMAGES SET FORTH ABOVE ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN CROSSLEAD AND YOU.

8. TERM AND TERMINATION.

8.1 Term. The Terms commences on the date when you accept them (as described in the preamble above) and remain in full force and effect while you use the Services, unless terminated earlier in accordance with Terms.

8.2 Prior Use. Notwithstanding the foregoing, you hereby acknowledge and agree that the Terms commenced on the earlier to occur of (a) the date you first used the Services or (b) the date you accepted the Terms and will remain in full force and effect while you use the Services, unless earlier terminated in accordance with the Terms.

8.3 Termination. We may suspend or terminate your rights to use the Services (including your Account) at any time for any reason at our sole discretion, including for any use of the Services in violation of these Terms. Upon termination of your rights under these Terms, your Account and right to access and use the Services will terminate immediately. You understand that any termination of your Account may involve deletion of your User Content associated with your Account from our live databases. We will not have any liability whatsoever to you for any termination of your rights under these Terms, including for termination of your Account or deletion of your User Content. ACCESS TO THE SERVICES WILL CONTINUE AT THE END OF EACH SUBSCRIPTION PERIOD UNLESS YOU CANCEL YOUR SUBSCRIPTION IN ACCORDANCE WITH THE PROCEDURE SET FORTH IN SECTION 4.4. All provisions of the Terms which by their nature should survive, shall survive termination of your Account and Subscription, including without limitation, ownership provisions, warranty disclaimers, and limitation of liability.

9. DISPUTE RESOLUTION. Please read the following arbitration agreement in this Section (“Arbitration Agreement”) carefully. It requires you to arbitrate disputes with CrossLead and limits the manner in which you can seek relief from us.

9.1 Applicability of Arbitration Agreement. You agree that any dispute or claim relating in any way to your access or use of the Website, to any products sold or distributed through the Website, or to any aspect of your relationship with CrossLead, will be resolved by binding arbitration, rather than in court, except that (1) you may assert claims in small claims court if your claims qualify; and (2) you or CrossLead may seek equitable relief in court for infringement or other misuse of intellectual property rights (such as trademarks, trade dress, domain names, trade secrets, copyrights, and patents).  This Arbitration Agreement shall apply, without limitation, to all claims that arose or were asserted before the effective date of the Terms or any prior version of the Terms.

9.2 Arbitration Rules and Forum. The Federal Arbitration Act governs the interpretation and enforcement of this Arbitration Agreement.  To begin an arbitration proceeding, you must send a letter requesting arbitration and describing your claim to our registered agent, CSC, 251 Little Falls Drive Wilmington, DE 19808-1674.  The arbitration will be conducted by JAMS, an established alternative dispute resolution provider.  Disputes involving claims and counterclaims under $250,000, not inclusive of attorneys’ fees and interest, shall be subject to JAMS’s most current version of the Streamlined Arbitration Rules and procedures available at http://www.jamsadr.com/rules-streamlined-arbitration/; all other claims shall be subject to JAMS’s most current version of the Comprehensive Arbitration Rules and Procedures, available at http://www.jamsadr.com/rules-comprehensive-arbitration/.  JAMS’s rules are also available at www.jamsadr.com or by calling JAMS at 800-352-5267.  If JAMS is not available to arbitrate, the parties will select an alternative arbitral forum.  If the arbitrator finds that you cannot afford to pay JAMS’s filing, administrative, hearing and/or other fees and cannot obtain a waiver from JAMS, CrossLead will pay them for you.  In addition, CrossLead will reimburse all such JAMS’s filing, administrative, hearing and/or other fees for claims totaling less than $10,000 unless the arbitrator determines the claims are frivolous.

You may choose to have the arbitration conducted by telephone, based on written submissions, or in person in the country where you live or at another mutually agreed location.  Any judgment on the award rendered by the arbitrator may be entered in any court of competent jurisdiction.

9.3 Authority of Arbitrator. The arbitrator shall have exclusive authority to (a) determine the scope and enforceability of this Arbitration Agreement and (b) resolve any dispute related to the interpretation, applicability, enforceability or formation of this Arbitration Agreement including, but not limited to, any claim that all or any part of this Arbitration Agreement is void or voidable.  The arbitration will decide the rights and liabilities, if any, of you and CrossLead.  The arbitration proceeding will not be consolidated with any other matters or joined with any other cases or parties.  The arbitrator shall have the authority to grant motions dispositive of all or part of any claim. The arbitrator shall have the authority to award monetary damages and to grant any non-monetary remedy or relief available to an individual under applicable law, the arbitral forum’s rules, and the Terms (including the Arbitration Agreement). The arbitrator shall issue a written award and statement of decision describing the essential findings and conclusions on which the award is based, including the calculation of any damages awarded.  The arbitrator has the same authority to award relief on an individual basis that a judge in a court of law would have.  The award of the arbitrator is final and binding upon you and us.

9.4 Waiver of Jury Trial. YOU AND CROSSLEAD HEREBY WAIVE ANY CONSTITUTIONAL AND STATUTORY RIGHTS TO SUE IN COURT AND HAVE A TRIAL IN FRONT OF A JUDGE OR A JURY.  You and CrossLead are instead electing that all claims and disputes shall be resolved by arbitration under this Arbitration Agreement, except as specified in Section 9.1 above.  An arbitrator can award on an individual basis the same damages and relief as a court and must follow the Terms as a court would.  However, there is no judge or jury in arbitration, and court review of an arbitration award is subject to very limited review.

9.5 Waiver of Class or Other Non-Individualized Relief. ALL CLAIMS AND DISPUTES WITHIN THE SCOPE OF THIS ARBITRATION AGREEMENT MUST BE ARBITRATED ON AN INDIVIDUAL BASIS AND NOT ON A CLASS OR COLLECTIVE BASIS, ONLY INDIVIDUAL RELIEF IS AVAILABLE, AND CLAIMS OF MORE THAN ONE CUSTOMER OR USER CANNOT BE ARBITRATED OR CONSOLIDATED WITH THOSE OF ANY OTHER CUSTOMER OR USER.  If a decision is issued stating that applicable law precludes enforcement of any of this subsection’s limitations as to a given claim for relief, then the claim must be severed from the arbitration and brought into the State or Federal Courts located in the State of Delaware.  All other claims shall be arbitrated.

9.6 30-Day Right to Opt Out. You have the right to opt out of the provisions of this Arbitration Agreement by sending written notice of your decision to opt out to: legal@crosslead.com, within 30 days after first becoming subject to this Arbitration Agreement.  Your notice must include your name and address, your username (if any), the email address you used to set up your account (if you have one), and an unequivocal statement that you want to opt out of this Arbitration Agreement. If you opt out of this Arbitration Agreement, all other parts of this Agreement will continue to apply to you.  Opting out of this Arbitration Agreement has no effect on any other arbitration agreements that you may currently have, or may enter in the future, with us.

9.7 Severability. Except as provided in subsection 9.5, if any part or parts of this Arbitration Agreement are found under the law to be invalid or unenforceable, then such specific part or parts shall be of no force and effect and shall be severed and the remainder of the Arbitration Agreement shall continue in full force and effect.

9.8 Survival of Agreement. This Arbitration Agreement will survive the termination of your relationship with CrossLead.

9.9 Modification. Notwithstanding any provision in the Terms to the contrary, we agree that if CrossLead makes any future material change to this Arbitration Agreement, you may reject that change within thirty (30) days of such change becoming effective by writing CrossLead at the following address: CrossLead, Inc., 1445 New York Avenue NW, 1st Floor, Washington, DC 20005.

10. GENERAL PROVISIONS.

10.1 Electronic Communications. The communications between you and CrossLead may take place via electronic means, whether you visit the Services or send CrossLead e-mails, or whether CrossLead posts notices on the Services or communicates with you via e-mail.  For contractual purposes, you (a) consent to receive communications from CrossLead in an electronic form; and (b) agree that all terms and conditions, agreements, notices, disclosures, and other communications that CrossLead provides to you electronically satisfy any legal requirement that such communications would satisfy if it were to be in writing. The foregoing does not affect your statutory rights.

10.2 Release. You hereby release CrossLead Parties and their successors from claims, demands, any and all losses, damages, rights, and actions of any kind, including personal injuries, death, and property damage, that is either directly or indirectly related to or arises from your use of the Services, including but not limited to, any interactions with or conduct of other Users or third-party websites of any kind arising in connection with or as a result of the Terms or your use of the Services.  If you are a California resident, you hereby waive California Civil Code Section 1542, which states, “A general release does not extend to claims that the creditor or releasing party does not know or suspect to exist in his or her favor at the time of executing the release and that, if known by him or her, would have materially affected his or her settlement with the debtor or released party.”  The foregoing release does not apply to any claims, demands, or any losses, damages, rights and actions of any kind, including personal injuries, death or property damage for any unconscionable commercial practice by a CrossLead Party or for such party’s fraud, deception, false, promise, misrepresentation or concealment, suppression or omission of any material fact in connection with the Services.

10.3 Assignment. The Terms, and your rights and obligations hereunder, may not be assigned, subcontracted, delegated or otherwise transferred by you without CrossLead’s prior written consent, and any attempted assignment, subcontract, delegation, or transfer in violation of the foregoing will be null and void.

10.4 Force Majeure. CrossLead shall not be liable for any delay or failure to perform resulting from causes outside its reasonable control, including, but not limited to, acts of God, war, terrorism, riots, embargos, acts of civil or military authorities, fire, floods, accidents, strikes or shortages of transportation facilities, fuel, energy, labor or materials.

10.5 Questions, Complaints, Claims. If you have any questions, complaints or claims with respect to the Services, please contact us at: support@crosslead.com. We will do our best to address your concerns.  If you feel that your concerns have been addressed incompletely, we invite you to let us know for further investigation.

10.6 Governing Law. THE TERMS AND ANY ACTION RELATED THERETO WILL BE GOVERNED AND INTERPRETED BY AND UNDER THE LAWS OF THE STATE OF DELAWARE, CONSISTENT WITH THE FEDERAL ARBITRATION ACT, WITHOUT GIVING EFFECT TO ANY PRINCIPLES THAT PROVIDE FOR THE APPLICATION OF THE LAW OF ANOTHER JURISDICTION. THE UNITED NATIONS CONVENTION ON CONTRACTS FOR THE INTERNATIONAL SALE OF GOODS DOES NOT APPLY TO THE TERMS.

10.7 Notice. Where CrossLead requires that you provide an e-mail address, you are responsible for providing CrossLead with your most current e-mail address.  In the event that the last e-mail address you provided to CrossLead is not valid, or for any reason is not capable of delivering to you any notices required/ permitted by the Terms, CrossLead’s dispatch of the e-mail containing such notice will nonetheless constitute effective notice.  You may give notice to CrossLead at the following address: CrossLead, Inc., 1445 New York Avenue NW, 1st Floor, Washington, DC 20005.  Such notice shall be deemed given when received by CrossLead by letter delivered by nationally recognized overnight delivery service or first class postage prepaid mail at the above address.

10.8 Waiver. Any waiver or failure to enforce any provision of the Terms on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion.

10.9 Severability. If any portion of the Terms is held invalid or unenforceable, that portion shall be construed in a manner to reflect, as nearly as possible, the original intention of the parties, and the remaining portions shall remain in full force and effect.

10.10 Export Control. You may not use, export, import, or transfer the Services except as authorized by U.S. law, the laws of the jurisdiction in which you obtained the Services, and any other applicable laws.  In particular, but without limitation, CrossLead Properties may not be exported or re-exported (a) into any United States embargoed countries, or (b) to anyone on the U.S. Treasury Department’s list of Specially Designated Nationals or the U.S. Department of Commerce’s Denied Person’s List or Entity List. By using the Services, you represent and warrant that (y) you are not located in a country that is subject to a U.S. Government embargo, or that has been designated by the U.S. Government as a “terrorist supporting” country and (z) you are not listed on any U.S. Government list of prohibited or restricted parties. You also will not use the Services for any purpose prohibited by U.S. law, including the development, design, manufacture or production of missiles, nuclear, chemical or biological weapons.  You acknowledge and agree that products, services or technology provided by CrossLead are subject to the export control laws and regulations of the United States.  You shall comply with these laws and regulations and shall not, without prior U.S. government authorization, export, re-export, or transfer CrossLead products, services or technology, either directly or indirectly, to any country in violation of such laws and regulations.

10.11 Consumer Complaints. In accordance with California Civil Code §1789.3, you may report complaints to the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by contacting them in writing at 400 R Street, Sacramento, CA 95814, or by telephone at (800) 952-5210.

10.12 Entire Terms. The Terms is the final, complete and exclusive agreement of the parties with respect to the subject matter hereof and supersedes and merges all prior discussions between the parties with respect to such subject matter.

Privacy Policy


Effective as of May 23, 2019.

This Privacy Policy is designed to help you understand how CrossLead, Inc. (“CrossLead”, “we”, “us” or “our”) collects, uses and shares personal information.

Index

What This Privacy Policy Covers

Personal Information We Collect

How We Use Your Personal Information

How We Share Your Personal Information

Your Choices

Cookies and Similar Technologies

Other Important Privacy Information

How to Contact Us

Notice to European Users

What This Privacy Policy Covers

This Privacy Policy applies to our collection, use and sharing of your personal information if you:

  • visit our website at CrossLead.com or any other website to which we post this privacy policy (the “Sites”);
  • have registered for a subscription to the CrossLead platform (together with the Sites, the “Service”) on behalf of your organization or use the Service as your organization’s authorized administrator; or
  • receive our marketing communications.

This Privacy Policy does not apply to any information that we handle on behalf of the organizations who use the CrossLead platform.  Our customers have their own policies for how they collect, use and share personal information, and we use the information they share with us only as permitted by our contracts with them.  You should contact the relevant CrossLead customer if you have questions, concerns or requests regarding personal information that we handle on its behalf.  For more information about the personal information we handle on behalf of our customers, see our Product Privacy Statement.

Personal Information We Collect

Information you give us. Personal information you may provide through the Service or otherwise communicate to us includes:

  • Registration and contact information. We collect information about you when you register for or use the Service,  or attend conferences at which we are present.  This information may include your first and last name, email and mailing addresses, phone number and company name.
  • Correspondence. We may collect information about you when you request information from us or otherwise correspond with us.
  • Other information. We may collect other information from you that is not specifically listed here.  We will use such information in accordance with this Privacy Policy.

Information automatically collected. Our servers and third party service providers may automatically record certain information about the computers or devices you use to access the Service and how you use the Service, such as your Internet Protocol (IP) address, device identifiers, device and browser type, operating system, Internet service provider, referring/exit pages, clickstream data, the pages or features of the Service that you browsed and the time spent on those pages or features, the frequency with which you use the Service, the links that you click on or use and other statistics.  We collect this information in server logs and by using cookies and similar tracking technologies. See our Cookie Policy for more information.

Sensitive personal information. We do not intentionally collect any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin; political opinions, religion or other beliefs; health, biometrics or genetic characteristics; criminal background or union membership) through the Service or otherwise, but, if you provide it to us, you must consent to our use of this information as described in this Privacy Policy.

How We Use Your Personal Information

We use your personal information for the following purposes and as otherwise described to you in this Privacy Policy or at the time of collection:

To provide the Service. We use your personal information:

  • to provide, operate and improve the Service;
  • to communicate with you, including by sending you announcements, updates, security alerts, and support and administrative messages through, for example, email, Intercom, and Pendo;
  • to better understand your needs and interests, and personalize your experience with the Service; and
  • to respond to your requests, questions and feedback.

For research and development. We use information automatically collected and other information to analyze trends, analyze users’ movements around our Service, gather demographic information about our user base as a whole, improve the Service and develop new products and services.

To send you marketing communications. We may send you newsletters or other marketing communications, but you may opt out of receiving them as described in the ‘Opt out of marketing’ section below.

To create anonymous data. We may create aggregated and other anonymous data from our users’ information.  We make personal information into anonymous data by removing information that makes the data personally identifiable.  We may use this anonymous data and share it with third parties to understand and improve our Service and for other lawful business purposes.

For compliance, fraud prevention and safety.  We may use your personal information as we believe appropriate to (a) investigate violations of and enforce our Terms of Use; (b) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

For compliance with law.  We may use your personal information as we believe appropriate to (a) comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; and (b) where permitted by law in connection with a legal investigation.

With your consent.  In some cases we may ask for your consent to collect, use or share your personal information, such as when required by law or our agreements with third parties.

How We Share your Personal Information

We do not share your personal information with third parties without your consent, except in the following circumstances:

Service providers. We may share your personal information with third party companies and individuals as needed for them to provide us with services that help us with our business activities and operate the Service (such as customer support, hosting and storage, website analytics, email delivery, marketing/advertising, database management services and legal and other professional advice).  These third parties will be given limited access to your personal information that is reasonably necessary for them to provide their services.

For legal reasons. We may disclose your personal information as we believe appropriate to government or law enforcement officials or private parties for the purposes described above under the following sections: For compliance, fraud prevention and safety and For compliance with law.

Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business deal (or potential business deal) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

Your Choices

Opt out of marketing.  You may opt out of marketing-related emails by following the unsubscribe instructions in the email.  You may continue to receive service-related and other non-marketing emails.

Cookies and Similar Technologies

We may allow service providers and other third parties to use cookies and other tracking technologies to track your browsing activity over time and across the Service and third party websites.  For more details, see our Cookie Policy.  We may also use cookies and similar technologies to record whether emails we send you are delivered and opened and whether links within the email are clicked.  Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit.  We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Other Important Privacy Information

Third party sites and services. The Service may contain links to other websites and services operated by third parties.  These links are not an endorsement of, or representation that we are affiliated with, any third party.  We do not control third party websites, applications or services, and are not responsible for their actions.  Other websites and services follow different rules regarding their collection, use and sharing of your personal information.  We encourage you to read their privacy policies to learn more.

Security.  The security of your personal information is important to us.  We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect.  However, security risk is inherent in all internet and information technologies and we cannot guarantee the absolute security of your personal information.

International data use.  We are headquartered in the United States and have service providers in other countries, and your personal information may be collected, used and stored in the United States or other locations outside of your home country.  Privacy laws in the locations where we handle your personal information may not be as protective as the privacy laws in your home country.

Children.  The Service are not directed at, and we do not knowingly collect personal information from, anyone under the age of 16.  If we learn that we have collected personal information from a child under age 16, we will attempt to delete that information as soon as possible.

Changes to this Privacy Policy.  We reserve the right to modify this Privacy Policy at any time.  If we make changes to this Privacy Policy we will post them on the Sites and indicate the effective date of the change.  If we make material changes to this Privacy Policy we will notify you by email or through the Service.

How to Contact Us

CrossLead, Inc.
1445 New York Avenue,
NW First Floor
Washington, DC 20005

privacy@crosslead.com

Notice to European Users

The following applies to individuals in the European Economic Area and the United Kingdom.

Controller.  Crosslead, Inc. is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation.

Legal bases for processing. The legal bases of our processing of your personal information as described in this Privacy Policy will depend on the type of personal information and the specific context in which we process it.  However, the legal bases we typically rely on are set out in the table below.  We rely on our legitimate interests as our legal basis only where those interests are not overridden by the impact on you (unless we have your consent or our processing is otherwise required or permitted by law). If you have questions about the legal basis of how we process your personal information, contact us at privacy@crosslead.com.

Processing purpose

Legal basis

To provide the Sites

You have entered a contract with us for the provision of the Service and we need to process your personal information to provide services you have requested or take steps that you request prior to providing services.  If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the Service you access and request.

For research and development

To send you marketing communications

To create anonymous data

For compliance, fraud prevention and safety

These activities constitute our legitimate interests.

For compliance with law

Processing is necessary to comply with our legal obligations.

With your consent

Processing is based on your consent.  Where we rely on your consent you have the right to withdraw it anytime in the manner indicated when it is collected.

To share your personal information as described in this Privacy Policy

This sharing constitutes our legitimate interests, and in some cases may be necessary to comply with our legal obligations.

Retention

We retain personal information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested; to comply with applicable legal, tax or accounting requirements; to establish or defend legal claims; or for fraud prevention).  When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Your rights

European data protection laws give you certain rights regarding your personal information.  You may ask us to take the following actions in relation to your personal information that we hold:

  • Access.  Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct.  Update or correct inaccuracies in your personal information.
  • Delete.  Delete your personal information.
  • Transfer.  Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Restrict.  Restrict the processing of your personal information.
  • Object.  Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You may submit these requests by email to privacy@crosslead.com or our postal address provided above.  We may request specific information from you to help us confirm your identity and process your request.  Applicable law may require or permit us to decline your request.  If we decline your request, we will tell you why, subject to legal restrictions.  If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction.  You can find your data protection regulator here.

Cross-Border Data Transfer

If we transfer your personal information from the European Economic Area to a country outside of it and are required to apply additional safeguards to your personal information under European data protection legislation, we will do so.  Please contact us for further information about any such transfers or the specific safeguards applied.

Cookies Policy


This Cookie Policy explains how CrossLead, Inc. (“CrossLead”, “we”, “us” or “our”) uses cookies and similar tracking technologies when you visit our website at www.CrossLead.com or any other site to which we post this Cookie Policy (the “Sites”).

What are cookies?

Cookies are small data files that are placed on your computer when you visit a site.  Cookies serve different purposes, like helping us understand how a site is being used, letting you navigate between pages efficiently, remembering your preferences and generally improving your browsing experience.  Cookies can also help ensure advertising you see online is more relevant to you and your interests.

Who places cookies on my device?

Cookies set by the site you visit are called “first party cookies”.  Cookies set by parties other than us are called “third party cookies”.   Third party cookies enable third party features or functionality within the site, such as site analytics, advertising and social media features.  The parties that set these third party cookies can recognize your computer or device both when it visits the site in question and also when it visits certain other sites and/or mobile apps.  We do not control how these third parties use your information, which is subject to their own privacy policies.  See below for details on use of third party cookies and similar technologies with our Sites.

How long will cookies stay on my device?

The length of time a cookie will stay on your device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing.  Persistent cookies stay on your browsing device after you have finished browsing until they expire or are deleted.

What other tracking technologies should I know about?

Cookies are not the only way to track visitors to a site or app.  Companies use tiny graphics files with unique identifiers called beacons (and also “pixels” or “clear gifs”) to recognize when someone visits its sites.  These technologies often depend on cookies to function properly, and so disabling cookies may impair their functioning.

What types of cookies and similar tracking technologies does CrossLead use?

We use cookies and other tracking technologies in the following categories described below.

Analytics

  • Description: These cookies help us understand how our Sites are performing and being used.  These cookies may work with clear gifs included in emails we send to track which emails are opened and which links are clicked by recipients.
  • Who serves the cookies: Google Analytics
  • How to control them: Google Analytics uses its own cookies. You can find out more information about Google Analytics cookies here and about how Google protects your data here.  You can prevent the use of Google Analytics relating to your use of our Sites by downloading and installing a browser plugin available here.

Essential

  • Description: These cookies are essential to provide you with our Sites and to enable you to use some of their features.  Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
  • Who serves the cookies: CrossLead

Functionality/ Performance 

Your Choices

Most browsers let you remove or reject cookies.  To do this, follow the instructions in your browser settings.  Many browsers accept cookies by default until you change your settings.  Please note that if you set your browser to disable cookies, parts of the Sites may not work properly.

For more information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org.

For more information about how we collect, use and share your information, see our Privacy Policy.

Changes

Information about the cookies we use may be updated from time to time, so please check back on a regular basis for any changes.

Questions

If you have any questions about this Cookie Policy, please contact us by email at privacy@crosslead.com.

Last modified August 17, 2018

List of Subprocessors


Last updated May 23, 2019

Entity Name Purpose Entity Country
Amazon Web Services, Inc. Hosting and Storage United States
Atlassian Corporation Plc Project Management Australia
Automattic Website Functionality United States
Bugsnag, Inc. Bug Detection; Analytics United States
Dropbox, Inc. Data Processing United States
Google, Inc. Analytics United States
Hubspot, Inc. Customer Relationship Management United States
Intercom Analytics; Communications United States
iThemes Media, LLC Website Functionality United States
MongoDB, Inc. Hosting and Storage United States
Pendo,io, Inc. Analytics; Communications United States
Stripe, Inc. Cloud-Based Payment Provider United States
Themeco, LLC Website Functionality United States
Typeform S.L. Data Processing Spain
WP Media Website Functionality France