Dealpath Terms of Service
Last updated on July 1st, 2022
These Terms of Service (the “Terms”), together with all Order Forms (as defined below), govern Customer’s access and use of use of the Services (defined below) offered by Dealpath Inc. (“Dealpath”)’s, including as accessible via Dealpath’s website located at www.dealpath.com, including all subdomains thereof (the “Site”), unless Dealpath and Customer (as defined below) have entered into a separate written agreement governing Customer’s access and use of the Services. These Terms commence upon the Order Form Effective Date of the initial Order Form.
1.1 “Authorized User” means an individual which Customer (or, when applicable, Dealpath at Customer’s request) has authorized to use the Services, including without limitation (i) to whom Customer (or, when applicable, Dealpath at Customer’s request) has assigned a unique username-password combination to access and use the Services; and (ii) who has registered to access and use the Services.
1.2 “Customer” means the company or other legal entity identified as customer in the applicable Order Form.
1.3 “Customer Data” means all data and information input or submitted by Customer, or Authorized Users on Customer’s behalf, into the Services, but excluding, for clarity, Usage Data and Dealpath’s other Intellectual Property Rights set forth in Section 5.
1.4 “Fees” means the fees described in the applicable Order Form.
1.5 “Professional Services” means any professional services expressly set forth in an applicable Order Form, which may include implementation services performed by Dealpath to configure and rollout the Services to Customer, as described in the applicable Order Form.
1.6 “Intellectual Property Rights” means patent rights (including, without limitation, patent applications and disclosures), trademark rights, copyrights, trade secrets, moral rights, know-how, and any other intellectual property rights recognized in any country or jurisdiction in the world.
1.7 “Order Form” means an order form duly executed by Dealpath and Customer which explicitly references these Terms. Each Order Form shall be deemed incorporated by reference into these Terms upon mutual execution.
1.8 “Order Form Initial Term” means the initial term of an Order Form as set forth therein.
1.9 “Order Form Renewal Period” means the renewal period of an Order Form as set forth therein.
1.10 “Order Form Term” means, with respect to an Order Form, the Order Form Initial Term together with any Order Form Renewal Periods.
1.11 “Service Level Agreement” means service level agreement set forth in Exhibit A.
1.12 “Services” means Dealpath’s proprietary cloud-based collaboration and workflow platform for real estate investment professionals as more particularly described and identified in the applicable Order Form.
2.1 Services. Dealpath will use commercially reasonable efforts to provide the Services to Customer in accordance with these Terms, including the Service Level Agreement, and the applicable Order Form. Subject to Customer’s compliance with these Terms, Dealpath hereby grants Customer a limited, non-exclusive, non-transferable, non-sublicensable, worldwide license to access and use the Services during the Order Form Term solely for Customer’s business purposes, and such access and use is expressly limited to: (i) the number of Authorized Users for which Customer has paid the applicable Fees; and (ii) the scope of access and functionality designated in the Order Form for each category of Authorized User.
2.2 Authorized Users. An Authorized User may be an employee, independent contractor, or service provider of Customer; provided that each Authorized User must be an individual and may only use the Service on behalf of the Customer. Customer will at all times be responsible and liable hereunder, for all actions or omissions of (i) any Authorized User or (ii) under an Authorized User’s account, whether such action or omission was by an Authorized User or by another party, and whether or not such action or omission was authorized by an Authorized User. During the Order Form Initial Term or any Order Form Renewal Period, as applicable, Customer may, in its discretion, add additional Authorized Users in accordance with the process and prices described in the relevant Order Form. Upon each Order Form Renewal Period, subject to written notice at least thirty (30) days prior to the start of an Order Form Renewal Period, Customer may decrease its number of Authorized Users for each User Category and the applicable Fees will be adjusted accordingly.
2.3 Professional Services. If an Order Form expressly includes Professional Services, Dealpath will use commercially reasonable efforts to perform the Professional Services for Customer in accordance with these Terms and the applicable Order Form.
2.4 Restrictions. Customer shall not interfere with or disrupt the Site or the Services or attempt to gain access to any systems or networks that connect thereto (except as required to access and use the Services as permitted under these Terms). Customer shall not allow access to or use of the Site or Services by anyone other than Authorized Users, and shall not allow an Authorized User to access the Site or Service beyond the functionality scope set forth for the User Category designated for such Authorized User. Customer shall not, and shall not permit any person or entity to: (a) copy, modify, create derivative works of, or distribute any portion of the Site or Services; (b) rent, lease, frame, mirror, sell, resell, market, sublicense, publish, distribute, reproduce, assign, transfer, loan any portion of the Services or provide access to the Site or Services on a time-share or service bureau basis; (c) transfer any of its rights hereunder except as set forth in Section 11.8; Customer will not and will not permit any person or entity (including, without limitation, Authorized Users) to, directly or indirectly: (d) copy, modify or create any derivative work of any portion of the Services; (e) reverse engineer, decompile, decode, or disassemble or otherwise attempt to derive or gain improper access to any software component of the Services, in whole or in part; (g) use the Services in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property rights or other right of any person or entity, or that violates any applicable law; (h) access or search the Services (or download any data or content contained therein or transmitted thereby) through the use of any engine, software, tool, agent, device or mechanism (including spiders, robots, crawlers or any other similar data mining tools) other than software or Services features provided by Dealpath for use expressly for such purposes; or (i) use the Services any Confidential Information of Dealpath for benchmarking or competitive analysis with respect to competitive or related products or services, or to develop, commercialize, license or sell any product, service or technology that could, directly or indirectly, compete with the Services.
2.5 Acceptable Use Policies. Customer acknowledges and agrees that Dealpath has no obligation to monitor or police communications or data transmitted through the Site or Services and that Dealpath shall not be responsible for the content of any such communications or transmissions. However, Dealpath has the right to monitor the foregoing for the purpose of operating the Site and Services, to ensure compliance with these Terms, and to comply with applicable law or other legal requirements. Customer and its Authorized Users shall use the Site or Services exclusively for authorized and legal purposes, consistent with all applicable laws, regulations and the rights of others. Customer and its Authorized Users shall not use the Site or Services to transmit any bulk unsolicited commercial communications. Customer shall keep confidential and not disclose to any third parties (except for Authorized Users who are employees or contractors), and shall ensure that Authorized Users keep confidential and do not disclose to any third parties (except for Authorized Users who are employees or contractors), any user identifications, account numbers and account profiles.
2.6 Data Protection and Security. Each Party will comply with its obligations set forth in the Data Protection Addendum attached hereto as Exhibit B.
3. CUSTOMER OBLIGATIONS
3.1 Cooperation and Assistance. Customer shall at all times provide Dealpath with good faith cooperation and assistance and make available such information, facilities, Customer personnel and equipment as may be reasonably required by Dealpath in order to provide the Services (and, if applicable, Professional Services), including, but not limited to, providing Customer Data, security access, information and, as necessary, software interfaces to Customer’s business applications (provided that such cooperation, assistance and resources shall be at all times subject to and in accordance with Customer’s facility, workplace, internet usage, and other internal policies, as then in effect). Additionally, Customer shall be solely responsible for acquiring and maintaining all telecommunications and Internet services and other hardware and software required to access and use the Services, including, without limitation, any and all costs, fees, expenses, and taxes of any kind related to the foregoing.
3.2 Enforcement. Customer shall ensure that all Authorized Users comply with the terms and conditions of these Terms, including, without limitation, with Customer’s obligations and the restrictions set forth in Sections 2.4 and 2.5. Customer shall promptly notify Dealpath of any reasonable suspicion or reasonably alleged violation of these Terms by Customer or an Authorized User and shall reasonably cooperate with Dealpath with respect to: (a) investigation by Dealpath of any such suspected or alleged violation of these Terms and (b) any action by Dealpath to enforce these Terms. Dealpath may suspend or terminate any Authorized User’s access to the Services upon notice to Customer in the event that Dealpath reasonably determines that such Authorized User violated these Terms or of any other agreement between Dealpath and such Authorized User pursuant to which such Authorized User is permitted to access and use the Services.
3.3 Customer Data. Customer hereby grants Dealpath a right and license to copy, use, display, perform and modify (i) the Customer Data solely to perform its obligations and exercise its rights under these Terms, including to provide the Services during the Order Form Term, (ii) the Customer Data, in deidentified and/or aggregated form, to operate and improve the Services and Dealpath’s products and services generally, during and after the Order Form Term, and (iii) to develop or derive Usage Data, in aggregated and deidentified form, as set forth in Section 5.1.Customer is responsible for providing all Customer Data in the appropriate format and the means by which the Customer Data was acquired, and for providing any notices, and obtaining any necessary rights, consents and licenses for Dealpath to use the Customer Data in accordance with these Terms.
3.4 Marketing Support. Customer authorizes Dealpath to use its Customer Marks (as defined below) pursuant to the terms of this Section, provided that Dealpath agrees to promptly cease any such use upon written notice from Customer. Customer grants to Dealpath a non-exclusive, non-transferable (except as permitted under Section 11.8), limited right to use Customer’s name, trademarks, and logos (collectively, the “Customer Marks”) on Dealpath’s websites and in the production of marketing materials, provided that (i) such use is in accordance with the trademark and logo use guidelines that Customer provides to Dealpath, and (ii) such consent/grant may be given, withheld, or withdrawn at any time in Customer’s sole and absolute discretion. All goodwill developed from such use shall be solely for the benefit of Customer.
4. FEES; EXPENSES; TAXES
4.1 Fees. In consideration for Dealpath providing the Services and, if applicable, Professional Services, Customer shall pay to Dealpath the Fees in accordance with the terms set forth in the applicable Order Form.
4.2 Invoices; Payment; Late Payment. Unless otherwise set forth in an Order Form, (a) Dealpath shall invoice Customer annually for all Fees and applicable Taxes (as defined in Section 4.3), and including any related interest and/or penalties, due in that period, and (b) each invoice is due and payable thirty (30) days following Customer’s receipt of a duly issued invoice. If Dealpath has not received payment within thirty (30) days after the due date and Customer has not reasonably disputed an invoice, interest shall accrue on such undisputed past due amounts at the rate of one and one-half percent (1.5%) per month, but in no event greater than the highest rate of interest allowed by applicable law, calculated from the date such amount was due until the date that payment is received by Dealpath, and Dealpath may suspend Services until all payments are made in full.
4.3 Taxes. All Fees and other amounts stated or referred to in these Terms are exclusive of all taxes, duties, levies, tariffs, and other governmental charges (including, without limitation, VAT) (collectively, “Taxes”). Customer shall be responsible for payment of all Taxes and any related interest and/or penalties resulting from Customer’s use of the Services, other than any taxes based on Dealpath’s income.
5. PROPRIETARY RIGHTS.
5.1 Services and Data. Dealpath shall own and retain all right, title and interest in and to: (a) the Services, and all improvements, enhancements, updates, and modifications thereto, and any derivative works of the foregoing; (b) any underlying software, algorithms, interfaces, databases, tools, know-how, processes, methods, applications, inventions or other technology used to deliver the Services or Professional Services, or otherwise developed by or on behalf of Dealpath in connection with providing Implementation or Professional Services; and (c) all Intellectual Property Rights in and to any of the foregoing (collectively, “Dealpath IP”). Customer shall own and retain all right, title and interest in and to the Customer Data; provided that Dealpath may collect, generate, process and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies, including without limitation learnings, analytics, algorithms, data and other information derived therefrom (collectively, “Usage Data”). Usage Data shall be in an aggregated and de-identified form, and Dealpath shall own all right, title and interest in and to Usage Data, and all Intellectual Property Rights therein, which shall be deemed a part of Dealpath IP. Dealpath agrees that it will not use Usage Data for the benefit of a third party in a manner that would permit reverse engineering of Usage Data such that Customer (or its Authorized Users) can be identified as the source of such data.
5.2 Feedback. From time to time Customer or its employees, contractors, or representatives may provide Dealpath with suggestions, comments, feedback or the like with regard to the Services or other products or services of Dealpath (collectively, “Feedback”). To the extent that Customer provides to Dealpath any Feedback, Customer grants Dealpath a non-exclusive, worldwide, perpetual, irrevocable, fully-paid, royalty-free, sublicensable and transferable license to use, copy, modify, create derivative works based upon and otherwise exploit, freely and without restriction, the Feedback for any purpose.
5.3 DMCA/Copyright Policy. Dealpath respects copyright law and expects Customer to do the same. It is Dealpath’s policy to terminate in appropriate circumstances access to the Services to customers (and its authorized users) who repeatedly infringe or are believed to be repeatedly infringing the rights of copyright holders. Please see Dealpath’s Copyright Policy at www.dealpath.com, for further information.
6.1 Definition. “Confidential Information” means any business or technical information disclosed by one party to the other party that: (i) if disclosed in writing, is marked “confidential” or “proprietary” at the time of disclosure; (ii) if disclosed orally, is identified as “confidential” or “proprietary” at the time of disclosure, and is summarized in a writing sent by the disclosing party to the receiving party within thirty (30) days after any such disclosure; or (iii) under the circumstances, a person exercising reasonable business judgment would understand to be confidential or proprietary. For clarity, and regardless of the circumstances and manner of disclosure, subject to Dealpath’s rights set forth elsewhere in this Agreement, Customer Data is considered to be Confidential Information of Customer, and the Services and other Dealpath IP are Dealpath’s Confidential Information.
6.2 Exclusions. The obligations and restrictions set forth in Section 7.3 will not apply to any information that: (i) is or becomes generally known to the public through no fault of or breach of these Terms by the receiving party; (ii) is rightfully known by the receiving party at the time of disclosure; (iii) is independently developed by the receiving party without access to the disclosing party’s Confidential Information; or (iv) the receiving party rightfully obtains from a third party who, after due inquiry, has the right to disclose such information without breach of any confidentiality obligation to the disclosing party.
6.3 Use and Nondisclosure. A receiving party will not use the disclosing party’s Confidential Information except to perform its obligations and exercise its rights hereunder, and, except with the disclosing party’s prior written consent, will not disclose such Confidential Information to any third party except to those of its employees, agents, contractors, and subcontractors who have a bona fide need to know such Confidential Information for the performance or enforcement of these Terms; provided that each such employee, agent, contractor, and subcontractor is bound by a written agreement that contains use and disclosure restrictions consistent with the terms set forth in this Section 7. Each receiving party will protect the disclosing party’s Confidential Information from unauthorized use and disclosure using efforts equivalent to the efforts that the receiving Party ordinarily uses with respect to its own confidential information of like importance and in no event less than a reasonable standard of care. The provisions of this Section 7.3 will remain in effect for a period of three (3) years after the expiration or termination of these Terms; provided that with respect to Confidential Information that is a trade secret, the provisions of this Section 7.3 will remain in effect for so long as such Confidential Information is deemed a trade secret under applicable law.
6.4 Permitted Disclosures. The provisions of this Section 7 will not restrict either party from disclosing the other party’s Confidential Information: (i) pursuant to the order or requirement of a court, administrative agency, or other governmental body; provided that the party required to make such a disclosure gives reasonable notice to the other party to enable it to contest such order or requirement or limit the scope of such request; (ii) on a confidential basis to its legal or professional financial advisors; or (iii) as required under applicable securities regulations. In addition, either party may disclose the terms and conditions of these Terms on a confidential basis to present or future providers of venture capital and/or potential private investors in or acquirers of such party.
7.1 Mutual Warranties. Each party hereby represents and warrants to the other party that: (i) it is duly organized, validly existing and in good standing under its jurisdiction of organization and has the right to enter into these Terms and (ii) the execution, delivery and performance of these Terms and the consummation of the transactions contemplated hereby are within the corporate powers of such party and have been duly authorized by all necessary corporate action on the part of such party, and constitute a valid and binding agreement of such party.
7.2 Warranty for Services. Dealpath represents and warrants that the Services will be in material accordance with the Service Level Agreement. Dealpath’s sole and exclusive liability and Customer’s sole and exclusive remedy for any breach of the warranty set forth in this Section 7.2 will be as set forth in Section 5 of the Service Level Agreement.
7.3 Customer Warranty. Customer represents and warrants that: (i) it has, and will continue to have, during the applicable Order Form Term, the legal right and authority to access, use and disclose to Dealpath any Customer Data; (ii) Dealpath has the right to use Customer Data in accordance with the terms of this Agreement; (iii) all Customer Data will be and remain true, accurate, and complete; and (iv) Dealpath’s use of the Customer Data in accordance with these Terms will not violate any applicable laws or regulations or cause a breach of any agreement or obligations between Customer and any third party.
7.4 Disclaimer. EXCEPT AS EXPRESSLY PROVIDED IN SECTION 7, THE SERVICES AND OTHER DEALPATH IP ARE PROVIDED ON AN “AS IS” BASIS, AND DEALPATH MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHATSOEVER, EXPRESS OR IMPLIED, IN CONNECTION WITH THESE TERMS, THE SERVICES, OR ANY OTHER DEALPATH IP, AND DEALPATH HEREBY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY, ACCURACY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT, AND NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE. DEALPATH DISCLAIMS ANY WARRANTY THAT THE SERVICES WILL BE ERROR FREE OR UNINTERRUPTED OR THAT ALL ERRORS WILL BE CORRECTED. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM DEALPATH OR ELSEWHERE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THESE TERMS. Customer assumes sole responsibility and liability for results obtained from the use of the Services and for conclusions drawn from such use. Dealpath shall have no liability for any claims, losses, or damages caused by errors or omissions in any Customer Data or other information provided to Dealpath by Customer in connection with the Services or any actions taken by Dealpath at Customer’s direction. Dealpath shall have no liability for any claims, losses or damages arising out of or in connection with Customer’s or any Authorized User’s use of any third-party products, services, software or web sites that are accessed via links from within the Services.
8. TERM AND TERMINATION
8.1 Term. These Terms are effective as of the Order Form Effective of the first Order Form the Customer and Dealpath enter into and, unless earlier terminated in accordance with Section 8.2, continue until all Order Forms have expired or are terminated pursuant to these Terms and applicable Order Forms.
8.2 Termination for Cause. Either party may terminate these Terms (together with all Order Forms) upon written notice if the other party breaches any material term of these Terms and fails to correct the breach within thirty (30) days following written notice from the non-breaching specifying the breach; provided that the cure period for any default with respect to payment shall be ten (10) business days. Either party may terminate an individual Order Form upon written notice if the other party breaches any material term of such Order Form and fails to correct the breach within thirty (30) days following written notice from the non-breaching specifying the breach; provided that the cure period for any default with respect to payment shall be ten (10) business days.
8.3 Rights and Obligations Upon Expiration or Termination. Upon expiration or termination of each Order Form: (i) Customer’s and its Authorized Users’ right to access and use the Services under such Order Form shall immediately terminate; (ii) Customer and its Authorized Users shall immediately cease all use of the Services under such Order Form; and (iii) subject to Section 3.3, each party shall make no further use of any Confidential Information, materials, or other items (and all copies thereof) belonging to the other party (unless otherwise authorized to do so hereunder based on a separate Order Form), and each party will promptly return to the other party (or destroy) all Confidential Information of the other party in its possession or control, except for any archived electronic communications which may be stored confidentially; and (iv) upon request, Dealpath shall at no additional cost make the Customer Data available to for download (in one of the formats offered by Dealpath) for a period of sixty (60) days following expiration/rumination (Customer may request longer timeframes and/or different formats which, if approved by Dealpath, may be subject to additional cost).
8.4 Effect of Termination. Upon expiration or termination of an Order Form (other than termination pursuant to Section 8.2): (i) any other Order Form that is then-in effect will remain in-effect for the duration of the then-current term of such Order Form; and (ii) these Terms will continue to apply with respect to such Order Forms until expiration or termination of such Order Forms. Termination of these Terms will automatically terminate all outstanding Order Forms.
8.5 Survival. The rights and obligations of Dealpath and Customer contained in Sections 1 (Definitions), 3.3 (Customer Data), 4 (Fees, Expenses and Taxes), 5 (Proprietary Rights), 6 (Confidentiality), 7.4 (Disclaimer) 8.3 (Rights and Obligations Upon Expiration or Termination), 8.4 (Effect of Termination), 8.5 (Survival), 9 (Indemnification), 10 (Limitation of Liability), and 11 (General) shall survive any expiration or termination of these Terms and Order Forms.
9.1 Indemnification by Dealpath. Dealpath shall defend (or settle), indemnify and hold harmless Customer, its officers, directors and employees (collectively, “Customer Indemnitees”), from and against any court costs, reasonable attorneys’ fees, damages and liabilities awarded in final judgment against Customer Indemnitees, and amounts agreed to in settlement, with respect to each of the foregoing, to the extent arising from any third-party claim or suit against Customer Indemnitees that the Services, as provided by Dealpath to Customer pursuant to these Terms, infringe, misappropriate, or otherwise violate any Intellectual Property Right of any third party. In connection with Dealpath’s obligations under this Section 9.1, Customer will: (a) provide Dealpath with prompt written notice of such claim (provided that any delay that does not materially prejudice Dealpath’s ability to defend the claim will not relieve Dealpath of its indemnification obligations); (b) provide reasonable cooperation to Dealpath, at Dealpath’s expense, in the defense and settlement of such claim; and (c) afford Dealpath sole authority to defend or settle such claim. Customer shall not enter into any stipulated judgment or settlement that purports to bind Dealpath without Dealpath’s express written authorization, which shall not be unreasonably withheld or delayed.
9.2 Injunctions. If Customer’s use of the Services is, or in Dealpath’s opinion is likely to be, enjoined due to the type of claim specified in Section 9.1, then Dealpath may at its sole option and expense: (i) replace or modify the Services to make them non-infringing and of equivalent functionality; (ii) procure for Customer the right to continue using the Services under the terms of these Terms; or (iii) if Dealpath is unable to accomplish either (i) or (ii) despite using its reasonable efforts, terminate Customer’s rights and Dealpath’s obligation under these Terms with respect to such Services (or these Terms altogether) and refund to Customer a pro-rata portion of the Fees paid for the remaining portion of the Order Form Initial Term or Order Form Renewal Period during which Customer would have had access to the Services.
9.3 Exclusions. Notwithstanding the terms of Section 9.1, Dealpath will have no liability for any infringement or misappropriation claim of any kind to the extent that it results from: (i) Customer’s breach of these Terms, negligence, willful misconduct, or fraud; (ii) the combination, operation or use of the Services with equipment, devices, software or data not supplied by Dealpath, if a claim would not have occurred but for such combination, operation or use; (iii) Customer Data; (iv) Customer’s or an Authorized User’s use of the Services other than in accordance with these Terms; (v) Customer’s failure to use any enhancements, modifications, or updates to the Services made available by Dealpath to Customer, or Customer’s continued use of a prior version of the Services that has been superseded by a non-infringing version subsequently released by the provider.
9.4 Sole Remedy. THE PROVISIONS OF SECTION 9.1, 9.2 AND 9.3 STATE DEALPATH AND ITS LICENSORS SOLE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO ANY ALLEGED OR ACTUAL INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS BY THE SERVICES.
9.5 Indemnification by Customer. Customer shall defend (or settle), indemnify and hold harmless Dealpath, its officers, directors and employees (collectively, “Dealpath Indemnitees”), from and against any court costs, reasonable attorneys’ fees, damages and liabilities awarded in final judgment against Dealpath Indemnitees, and amounts agreed to in settlement, with respect to each of the foregoing, to the extent arising from any third-party claim or suit based on (i) allegations that Customer’s or an Authorized User’s use of the Services were not in accordance with these Terms, including a breach of Section 2.4, or (ii) Customer Data, including a claim that the Customer Data infringes, misappropriates, or violates any Intellectual Property Rights, privacy rights, or other rights of a third party, applicable law, or was collected or disclosed in violation of the Terms. In connection with Customer’s obligations under this Section 9.5 Dealpath will: (a) provide Customer with prompt written notice of such claim (provided that any delay that does not materially prejudice Customer’s ability to defend the claim will not relieve Customer of its indemnification obligations); (b) provide reasonable cooperation to Customer, at Customer’s expense, in the defense and settlement of such claim; and (c) afford Customer sole authority to defend or settle such claim. Dealpath shall not enter into any stipulated judgment or settlement that purports to bind Customer without Customer’s express written authorization, which shall not be unreasonably withheld or delayed.
10. LIMITATION OF LIABILITY.
10.1 Exclusion of Damages. EXCEPT FOR LIABILITY ARISING FROM A BREACH OF SECTIONS 2.4, 2.5, 6, OR 7.3, OR BREACH OF CUSTOMER’S PAYMENT OBLIGATIONS, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF INCOME, DATA, PROFITS, REVENUE OR BUSINESS INTERRUPTION, OR OTHER ECONOMIC LOSS, WHETHER OR NOT SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND WHETHER ANY CLAIM FOR RECOVERY IS BASED ON THEORIES OF CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE AND STRICT LIABILITY) OR OTHERWISE.
10.2 Total Liability. NOTWITHSTANDING ANY OTHER PROVISIONS OF THESE TERMS, EXCEPT FOR LIABILITY ARISING FROM A BREACH OF SECTIONS 2.4, 2.5, 7.3, BREACH OF CUSTOMER’S PAYMENT OBLIGATIONS, AND FOR THE PARTIES’ INDEMNIFICATION OBLIGATIONS IN SECTION 9, IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY TO THE OTHER PARTY AND ANY THIRD PARTY ABOUT THESE TERMS OR CUSTOMER’S ACCESS TO AND USE OF THE SERVICES EXCEED THE TOTAL FEES OWED BY CUSTOMER IN THE TWELVE-MONTH PERIOD PRECEDING THE CLAIM OR ACTION, REGARDLESS OF THE FORM OR THEORY OF THE CLAIM OR ACTION.
10.3 Basis of Bargain. THE LIMITATIONS OF LIABILITY AND EXCLUSIONS OF DAMAGES SET FORTH IN THIS SECTION 10 ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN DEALPATH AND CUSTOMER AND WILL APPLY TO THE MAXIMUM EXTENT ALLOWED UNDER APPLICABLE LAW.
11.1 Governing Law. These Terms and all matters arising out of or relating to these Terms shall be governed by the laws of the State of California, without regard to its conflict of law provisions. Any legal action or proceeding relating to these Terms shall be brought exclusively in the state or federal courts located in San Francisco, California. Dealpath and Customer hereby agree to submit to the jurisdiction of, and agree that venue is proper in, those courts in any such legal action or proceeding.
11.2 Waiver. The waiver by either party of any default or breach of these Terms shall not constitute a waiver of any other or subsequent default or breach. No waiver of any provision of these Terms will be effective unless it is in writing and signed by the party granting the waiver.
11.3 Notices. Dealpath may give notice to Customer by means of a general notice through the Services interface, email to Customer’s e-mail address on record with Dealpath, or by written communication sent by first class postage prepaid mail or nationally recognized overnight delivery service to Customer’s address on record with Dealpath. Customer may give notice to Dealpath by written communication sent by first class postage prepaid mail or nationally recognized overnight delivery service addressed to Dealpath, Inc., 300 California Street, Ste 300, San Francisco, CA 94104. Notice shall be deemed to have been given upon receipt or, if earlier, two (2) business days after mailing, as applicable. For notices made by e-mail, the date of receipt will be deemed the date on which such notice is transmitted.
11.4 Severability. In the event any provision of these Terms is held to be invalid or unenforceable, the remaining provisions of these Terms shall remain in full force and effect.
11.5 Force Majeure. Neither party shall be liable hereunder by reason of any failure or delay in the performance of its obligations hereunder (except for the payment of money) on account of events beyond the reasonable control of such party, which may include without limitation denial-of-service attacks, strikes, shortages, riots, insurrection, epidemics, pandemics, fires, flood, storm, explosions, acts of God, war, terrorism, governmental action, labor conditions, earthquakes and material shortages (each a “Force Majeure Event”). Upon the occurrence of a Force Majeure Event, the non-performing party will be excused from any further performance of its obligations effected by the Force Majeure Event for so long as the event continues and such party continues to use commercially reasonable efforts to resume performance.
11.6 Compliance with Laws. Each party agrees to comply with all applicable laws and regulations with respect to its activities hereunder, including, but not limited to, any export laws and regulations of the United States. Customer affirms that it is not named on, owned by, or acting on behalf of any U.S. government denied-party list, and it agrees to comply fully with all relevant export control and sanctions laws and regulations of the United States (“Export Laws”) to ensure that neither the Services nor any technical data related thereto, is: (i) used, exported or re-exported directly or indirectly in violation of Export Laws; or (ii) used for any purposes prohibited by the Export Laws, including, but not limited to, nuclear, chemical, or biological weapons proliferation, missile systems or technology, or restricted unmanned aerial vehicle applications.
11.7 Relationship Between the Parties. Nothing in these Terms shall be construed to create a partnership, joint venture or agency relationship between the parties. Neither party will have the power to bind the other or to incur obligations on the other’s behalf without such other party’s prior written consent.
11.8 Assignment. Neither Party may assign or transfer these Terms, in whole or in part, without the other party’s prior written consent; provided that: (i) Dealpath may assign these Terms without Customer’s prior written consent to a successor entity in connection with a merger, acquisition, consolidation, by operation of law, or sale of all or substantially all of Dealpath’s assets to which these Terms relate; and (ii) Customer may assign these Terms without Dealpath’s prior written consent to a successor entity who is not a direct or indirect competitor of Dealpath in connection with a merger, acquisition, consolidation, by operation of law, or sale of all or substantially all of Customer’s assets to which these Terms relate. Any attempted assignment or transfer without such consent will be null and of no effect. Subject to the foregoing, these Terms will bind and inure to the benefit of the parties, their successors and permitted assigns.
11.9 Entire Agreement. These Terms (together with all Order Forms) constitute the complete and exclusive agreement between the parties concerning its subject matter and supersede all prior or contemporaneous agreements or understandings, written or oral, concerning the subject matter of these Terms. These Terms may not be modified or amended except in a writing signed by a duly authorized representative of Dealpath and Customer. If there is any inconsistency between the provisions of these Terms and the terms in any Order Form, these Terms shall prevail.
11.10 Non-Exclusive Remedies. Except as otherwise set forth in these Terms, including Sections 7.2 and 9.4, the exercise by either party of any remedy under these Terms will be without prejudice to its other remedies under these Terms or otherwise.
11.11 Equitable Relief. Each party acknowledges that a breach by the other party of any confidentiality or proprietary rights provision of these Terms may cause the non-breaching party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching party may institute an action to enjoin the breaching party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching party may be entitled at law or in equity.
11.12 No Third-Party Beneficiaries. These Terms are intended for the sole and exclusive benefit of the signatories and is not intended to benefit any third party. Only the parties to these Terms may enforce them.
11.13 Headings. The headings in these Terms are for the convenience of reference only and have no legal effect.
LIST OF EXHIBITS
EXHIBIT A – SERVICE LEVEL AGREEMENT
EXHIBIT B – DATA PROTECTION AGREEMENT
EXHIBIT C – REVISION HISTORY
SERVICE LEVEL AGREEMENT
- Service Availability.
Dealpath will use commercially reasonable efforts to make the Services under each Order Form available to Customer with 99.90% platform uptime, measured monthly, excluding Planned Downtime, force majeure events (including as set forth in Section 11.5 of these Terms), and emergency maintenance (“Uptime Target”).
- Service Availability Calculation.
The Uptime Target for the Services under each Order Form will be calculated as follows:
α=((η – π – ∆) / (η- π)) * 100
η = Number of hours in a month
π= Planned Downtime as defined below
∆ = Total time of Service unavailability
- Planned Downtime.
(a) Planned Downtime. “Planned Downtime” occurs when Customer or Authorized Users have no access to the Services under an Order Form due to scheduled maintenance.
(b) Scheduled Maintenance. Dealpath will use commercially reasonable efforts to undertake all necessary maintenance in a manner that mitigates impact to Customer and its users and to notify Customer of the required maintenance. Dealpath will use commercially reasonable efforts to provide twenty-four (24) hours’ prior notice for scheduled maintenance not to exceed six (6) hours. Notice provided under this Section will be via email.
- Technical Support
(a) Hours of Support. Dealpath will respond to problems with the Services experienced by Customer or its Authorized Users in accordance with this Section 4. Dealpath will provide coverage parameters specific to the service(s) covered in these Terms as follows:
- Telephone support: Dealpath will designate a dedicated account manager who will provide phone support to Customer during normal business hours on weekdays during the hours of 9:00 a.m. – 5:00 p.m. Pacific Time with the exclusion of Federal Holidays. Dealpath will use commercially reasonable efforts to respond to all support requests within 1 business day.
(b) Problem Severity Level Definitions. Problems reported by Customer to Dealpath support will be assigned a Severity Level in accordance with the following:
Impact Severity Levels
Critical Failure – actual failure of Service where the Service is unavailable to the Customer.
Major Degradation – Critical problem causing loss of data or loss of service to a core Service functionality. Services are functioning but in a significantly reduced capacity, may affect multiple users.
Minor Service/Application Degradation – does not affect core Service functionality.
(c) Problem Response Times. Dealpath will use commercially reasonable efforts to meet or exceed the target response and problem resolution times for each Severity Level as set forth in the following:
Response Time Objective
Customer Update Frequency
24 hours to resolve or provide work around
3 Business Days to resolve or provide work around
20 Business Days to resolve or provide work around
(*) “Business Days” are defined as non-weekend and non-US holiday days.
- Service Level Credits
(a) Any downtime resulting from outages of third party connections or utilities or other reasons beyond Dealpath’s control will be excluded from any calculation of downtime for the Uptime Target. Customer’s sole and exclusive remedy, and Dealpath’s entire liability, in connection with the availability of the Services shall be that for each period in which Dealpath fails to meet the Uptime Target and which lasts longer than one hour, Dealpath will credit Customer 5% of Fees due for the Services for the month in question under the applicable Order Form for each period of 1 or more consecutive hours of downtime for the Services under such Order Form; provided that no more than one such credit will accrue per day. If the Fees for the Services are paid on an annual basis, the downtime credit will be calculated based on one-twelfth (1/12th) of the annual Fees. Downtime shall begin to accrue at the earliest of (i) as soon as Customer (with notice to Dealpath) recognizes that downtime is taking place, or (ii) Dealpath otherwise becomes aware that downtime is taking place, and continues until the availability of the Services is restored. In order to receive downtime credit, Customer must notify Dealpath in writing within twenty-four (24) hours from the time of downtime, and failure to provide such notice will forfeit the right to receive downtime credit. Such credits may not be redeemed for cash and shall not exceed (i) a total of credits for one (1) week of Fees under the applicable Order Form in any one (1) calendar month in any event, and (ii) 15% of Fees due annually in the aggregate. Dealpath will only apply a credit to the month in which the incident occurred, or, if the Fees for the Services are paid on an annual basis, Dealpath will credit the downtime credit at the end of the applicable annual period. Dealpath’s exercise of its rights under these Terms or the blocking of data communications or other portions of the Services in accordance with its policies shall not be deemed to be a failure of Dealpath to provide adequate service levels under these Terms.
EXHIBIT B – DATA PROTECTION ADDENDUM
This Data Processing Addendum (“Addendum”) forms part of the Terms between Customer and Dealpath.
- Subject Matter and Duration.
- Subject Matter. This Addendum reflects the parties’ commitment to abide by Data Protection Laws concerning the Processing of Customer Personal Data in connection with Dealpath’s execution of the Services under the Terms. All capitalized terms that are not expressly defined in this Addendum will have the meanings given to them in the Terms. If and to the extent language in this Addendum or any of its Exhibits conflicts with the Terms, this Addendum shall control.
- Duration and Survival. This Addendum will become legally binding upon the Order Form Effective Date of the initial Order Form, or upon the date that the parties enter into this Addendum if it is completed after the effective such Order Form Effective Date. Dealpath will Process Customer Personal Data until the relationship terminates as specified in the Terms. Dealpath’s obligations and Customer’s rights under this Addendum will continue in effect so long as Dealpath Processes Customer Personal Data.
For the purposes of this Addendum, the following terms and those defined within the body of this Addendum apply.
- “Customer Personal Data” means Customer Data that is Personal Data Processed by Dealpath on behalf of Customer.
- “Data Protection Laws” means all applicable data privacy, data protection, and cybersecurity laws, rules and regulations to which the Customer Personal Data are subject. “Data Protection Laws” may include, but are not limited to, the California Consumer Privacy Act of 2018 (“CCPA”) and the EU General Data Protection Regulation 2016/679 (“GDPR”).
- “Personal Data” shall have the meaning assigned to the terms “personal data” or “personal information” under applicable Data Protection Laws.
- “Process” or “Processing” means any operation or set of operations which is performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
- “Security Incident(s)” means the breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data attributable to Dealpath.
- “Services” means any and all services that Dealpath performs under the Terms.
- “Subprocessor” means Dealpath’s authorized vendors and third-party service providers that Process Customer Personal Data.
3. Data Use and Processing.
- Documented Instructions. Dealpath and its Subprocessors shall Process Customer Personal Data only in accordance with the documented instructions of Customer or as specifically authorized by this Addendum, the Terms, or any applicable Order Form. Dealpath will, unless legally prohibited from doing so, inform Customer in writing if it reasonably believes that there is a conflict between Customer’s instructions and applicable law or otherwise seeks to Process Customer Personal Data in a manner that is inconsistent with Customer’s instructions.
- Authorization to Use Subprocessors. To the extent necessary to fulfill Dealpath’s contractual obligations under the Terms or any Order Form, Customer hereby authorizes Dealpath to engage Subprocessors.
- Dealpath and Subprocessor Compliance. Dealpath agrees to (i) enter into a written agreement with Subprocessors regarding such Subprocessors’ Processing of Customer Personal Data that imposes on such Subprocessors data protection and security requirements for Customer Personal Data that are consistent with this Addendum; and (ii) remain responsible to Customer for Dealpath’s Subprocessors’ failure to perform their obligations with respect to the Processing of Customer Personal Data.
- Right to Object to New Subprocessors. If Customer wants to receive notifications of new Subprocessors Dealpath plans to engage, Customer must contact Dealpath in writing to request to be notified. If Customer signs up to receive notice of Dealpath’s new Subprocessors, Dealpath will notify Customer prior to engaging any new Subprocessors and allow Customer ten (10) days to object. If Customer has legitimate objections to the appointment of any new Subprocessor, the parties will work together in good faith to resolve the grounds for the objection. You can see Dealpath’s existing Subprocessors list here.
- Confidentiality. Any person authorized to Process Customer Personal Data must contractually agree to maintain the confidentiality of such information or be under an appropriate statutory obligation of confidentiality.
- Personal Data Inquiries and Requests. Dealpath agrees to provide reasonable assistance and comply with reasonable instructions from Customer related to any requests from individuals exercising their rights in Customer Personal Data granted to them under Data Protection Laws.
- Sale of Customer Personal Data Prohibited. Dealpath shall not sell Customer Personal Data as the term “sell” is defined by the CCPA.
- Data Protection Impact Assessment and Prior Consultation. Where required by Data Protection Laws, Dealpath agrees to provide reasonable assistance at Customer’s expense to Customer where, in Customer’s judgement, the type of Processing performed by Dealpath requires a data protection impact assessment and/or prior consultation with the relevant data protection authorities.
- Demonstrable Compliance. Dealpath agrees to provide reasonable information necessary to demonstrate compliance with this Addendum to Customer upon reasonable request.
4. Cross-Border Transfers of Personal Data.
- Cross-Border Transfers of Personal Data. Customer authorizes Dealpath to transfer Customer Personal Data across international borders, including from the European Economic Area to the United States. Where required, cross-border transfers of Customer Personal Data must be supported by an approved adequacy mechanism.
- Standard Contractual Clauses. If Customer Personal Data originating in the European Economic Area, Switzerland, and/or the United Kingdom is transferred by Customer to Dealpath in a country that has not been found to provide an adequate level of protection under applicable Data Protection Laws, the parties agree that the transfer shall be governed by Module Two’s obligations in the Annex to the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (“Standard Contractual Clauses”) as supplemented by Attachment 1 attached hereto, the terms of which are incorporated herein by reference. Each party’s signature to the Order Form shall be considered a signature to the Standard Contractual Clauses to the extent that the Standard Contractual Clauses apply hereunder.
5. Information Security Program.
1 Dealpath agrees to implement appropriate technical and organizational measures designed to protect Customer Personal Data in accordance with Data Protection Laws, as described in Annex II to this Attachment 1 to Exhibit B.
6. Security Incidents.
- Notice. Upon becoming aware of a Security Incident, Dealpath agrees to provide notice via e-mail without undue delay and within the time frame required under Data Protection Laws to Customer’s Designated POC. Where possible, such notice will include all available details required under Data Protection Laws for Customer to comply with its own notification obligations to regulatory authorities or individuals affected by the Security Incident.
- Investigation. Dealpath will investigate the Security Incident and provide Customer with information concerning the scope, cause, impact of, and mitigation measures referenced in (3) below taken with respect to such Security Incident upon the initial notification referenced in (1) above, or, if not available at such time, promptly thereafter.
- Mitigation. Dealpath will take reasonable steps to mitigate the effects of the Security Incident as it relates to Dealpath’s impacted systems.
7. Audits. The parties acknowledge that Dealpath uses third party auditors to verify the adequacy of its Processing of Customer Personal Data. The audit: (i) is performed annually; (ii) is performed against the SOC 2 Type 2 framework; (iii) is performed by an independent third-party security professional at Dealpath’s selection and expense; and (iv) will result in the generation of an audit report affirming that Dealpath’s security controls are compliant with SOC 2 Type 2 (“Report”). Upon request, Dealpath will provide Customer with a copy of its then current Report. If Customer demonstrates that the information contained in the Report is not sufficient for its compliance purposes, then Customer may carry out a follow up audit to ensure Dealpath’s compliance with the terms of this Addendum by having Dealpath complete a data protection questionnaire of reasonable length. Any provision of the Report to, or audit carried out by Customer shall be subject to reasonable confidentiality procedures.
8. Data Deletion.
- Data Deletion. At the expiry or termination of the Terms, Dealpath will, upon Customer’s request, delete or return all Customer Personal Data (excluding any back-up or archival copies which shall be deleted in accordance with Dealpath’s data retention schedule), except where Dealpath is required to retain copies under applicable laws, in which case Dealpath will isolate and protect that Customer Personal Data from any further Processing except to the extent required by applicable laws.
9. Processing Details.
- Subject Matter. The subject matter of the Processing is the Services pursuant to the Terms.
- Duration. The Processing will continue until the expiration or termination of the Terms.
- Categories of Data Subjects. Data subjects whose Customer Personal Data will be Processed pursuant to the Terms.
- Nature and Purpose of the Processing. The purpose of the Processing of Customer Personal Data by Dealpath is the performance of the Services.
- Types of Customer Personal Data. Customer Personal Data that is Processed pursuant to the Terms.
10. Contact Information. Customer and Dealpath agree to designate a point of contact for urgent privacy and security issues (a “Designated POC”). The Designated POC for both parties are set forth in the applicable Order Form.
Attachment 1 to Exhibit B
Standard Contractual Clauses (Processors)
This Attachment 1 forms part of the Addendum and supplements the Standard Contractual Clauses. Capitalized terms not defined in this Attachment 1 have the meaning set forth in the Addendum.
The parties agree that the following terms shall supplement the Standard Contractual Clauses:
- Supplemental Terms. The parties agree that: (i) a new Clause 1(e) is added the Standard Contractual Clauses which shall read: “To the extent applicable hereunder, these Clauses also apply mutatis mutandis to the Parties’ processing of personal data that is subject to the Swiss Federal Act on Data Protection. Where applicable, references to EU Member State law or EU supervisory authorities shall be modified to include the appropriate reference under Swiss law as it relates to transfers of personal data that are subject to the Swiss Federal Act on Data Protection.”; (ii) a new Clause 1(f) is added to the Standard Contractual Clauses which shall read: “To the extent applicable hereunder, these Clauses, as supplemented by Annex III, also apply mutatis mutandis to the Parties’ processing of personal data that is subject to UK Data Protection Laws (as defined in Annex III).”; (iii) the optional text in Clause 7 is deleted; (iv) Option 1 in Clause 9 is struck and Option 2 is kept, and Dealpath must submit the request for specific authorization in accordance with Section 3(d) of the Addendum; (v) the optional text in Clause 11 is deleted; and (vi) in Clauses 17 and 18, the governing law and the competent courts are those of Ireland (for EEA transfers), Switzerland (for Swiss transfers), or England and Wales (for UK transfers).
- Annex I. Annex I to the Standard Contractual Clauses shall read as follows:
A. List of Parties
Data Exporter: Customer.
Address: As set forth in the Order Form.
Contact person’s name, position, and contact details: As set forth in the Order Form.
Activities relevant to the data transferred under these Clauses: The Services.
Data Importer: Dealpath.
Address: As set forth in the Order Form.
Contact person’s name, position, and contact details: As set forth in the Order Form.
Activities relevant to the data transferred under these Clauses: The Services.
B. Description of the Transfer:
Categories of data subjects whose personal data is transferred: The categories of data subjects whose Customer Personal Data is transferred under the Standard Contractual Clauses including, but not limited to, Authorized Users.
Categories of personal data transferred: The categories of Customer Personal Data transferred under the Standard Contractual Clauses including, but not limited to, Authorized Users’ name and email address.
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures: To the parties knowledge, no sensitive data is transferred.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis): Customer Personal Data is transferred in accordance with the standard functionality of the Services, or as otherwise agreed upon by the parties.
Nature of the processing: The Services.
Purpose(s) of the data transfer and further processing: The Services.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: Dealpath will retain Customer Personal Data in accordance with the Addendum.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing: The subject matter, nature and duration identified in the Addendum.
C. Competent Supervisory Authority: The supervisory authority mandated by Clause 13. If no supervisory authority is mandated by Clause 13, then the Irish Data Protection Commission (DPC), and if this is not possible, then as otherwise agreed by the parties consistent with the conditions set forth in Clause 13.
D. Additional Data Transfer Impact Assessment Questions:
Will data importer process any personal data under the Clauses about a non-United States person that is “foreign intelligence information” as defined by 50 U.S.C. § 1801(e)?
Not to Dealpath’s knowledge.
Is data importer subject to any laws in a country outside of the European Economic Area, Switzerland, and/or the United Kingdom where personal data is stored or accessed from that would interfere with data importer fulfilling its obligations under the Clauses? For example, FISA Section 702. If yes, please list these laws:
As of the effective date of the Addendum, no court has found Dealpath to be eligible to receive process issued under the laws contemplated by this question, including FISA Section 702, and no such court action is pending.
Has data importer ever received a request from public authorities for information pursuant to the laws contemplated by the question above? If yes, please explain:
Has data importer ever received a request from public authorities for personal data of individuals located in European Economic Area, Switzerland, and/or the United Kingdom? If yes, please explain:
E. Data Transfer Impact Assessment Outcome: Taking into account the information and obligations set forth in the Addendum and, as may be the case for a party, such party’s independent research, to the parties’ knowledge, the Customer Personal Data originating in the European Economic Area, Switzerland, and/or the United Kingdom that is transferred pursuant to the Standard Contractual Clauses to a country that has not been found to provide an adequate level of protection under applicable Data Protection Laws is afforded a level of protection that is essentially equivalent to that guaranteed by applicable Data Protection Laws.
F. Clarifying Terms: The parties agree that: (i) the certification of deletion required by Clause 8.5 and Clause 16(d) of the Standard Contractual Clauses will be provided upon Customer’s written request; (ii) the measures Dealpath is required to take under Clause 8.6(c) of the Standard Contractual Clauses will only cover Dealpath’s impacted systems; (iii) the audit described in Clause 8.9 of the Standard Contractual Clauses shall be carried out in accordance with Section 7 of the Addendum; (iv) where permitted by applicable Data Protection Laws, Dealpath may engage existing Subprocessors using European Commission Decision C(2010)593 Standard Contractual Clauses for Controllers to Processors and such use of Subprocessors shall be deemed to comply with Clause 9 of the Standard Contractual Clauses; (v) the termination right contemplated by Clause 14(f) and Clause 16(c) of the Standard Contractual Clauses will be limited to the termination of the Standard Contractual Clauses; (vi) unless otherwise stated by Dealpath, Customer will be responsible for communicating with data subjects pursuant to Clause 15.1(a) of the Standard Contractual Clauses; (vii) the information required under Clause 15.1(c) of the Clauses will be provided upon Customer’s written request; and (viii) notwithstanding anything to the contrary, Customer will reimburse Dealpath for all costs and expenses incurred by Dealpath in connection with the performance of Dealpath’s obligations under Clause 15.1(b) and Clause 15.2 of the Standard Contractual Clauses without regard for any limitation of liability set forth in the Terms.
- Annex II. Annex II of the Standard Contractual Clauses shall read as follows:
Dealpath will maintain the following technical, organizational, and physical safeguards designed to protect the security, confidentiality, integrity, and availability of Customer Personal Data. Dealpath will not materially decrease the overall security of the Services during the Order Form Term.
- SOC-2 Compliance. Dealpath is SOC 2 Type 2 certified and will remain certified for the duration of the Order Form Term.
- Password Protection. Customer’s and its Authorized Users’ Services accounts are password protected with verification and notifications through Customer’s corporate email account.
- Encryption. The Services are delivered and accessible using non-obsolete encryption and hash standards, with all data being encrypted at rest, using AES (reversible encryption) and SHA-2 (irreversible hashing) or better, and in encrypted in transit using HTTPS with Transport Layer Security 1.2 or better.
- Physical and Logical Security. Dealpath shall use commercially reasonable efforts to restrict logical access to Dealpath’s equipment and/or media containing Customer Personal Data to authorized individuals as required in the applicable Service Schedule. Dealpath shall carry out commercially reasonable measures to limit physical access to Customer Personal Data in its custody or control, which may include use of electronic access control; CCTV; intrusion detection systems; implementing visitor entry control procedures; securing offices, rooms, and facilities; protecting against reasonably anticipated external and environmental threats; and controlling all access points including delivery and loading areas.
- Software and Virus Protection. Dealpath shall regularly review and update, as necessary, all software, firmware, firewalls and hardware used on Dealpath’s systems in accordance with industry standard practices. Dealpath shall install and maintain commercially reasonable anti-virus software on its systems and update such anti-virus software on a regular basis in accordance with relevant industry practice. Dealpath shall notify the Customer promptly in the event it becomes aware of the actual or potential transmission of any identified computer virus by Dealpath to the Customer.
- Disaster Recovery. Dealpath shall maintain and implement disaster recovery and avoidance procedures designed to restore, in a commercially reasonable manner, Dealpath’s critical business applications and critical infrastructure at data centers in the event of a disaster event at Dealpath’s facilities (“Disaster Recovery Plan”). On at least an annual basis, Dealpath shall review and update, if necessary, its Disaster Recovery Plan.
Pursuant to Clause 10(b) of the Standard Contractual Clauses, Dealpath will provide Customer assistance with data subject requests in accordance with the Addendum.
- Annex III. A new Annex III shall be added to the Standard Contractual Clauses and shall read as follows:
The UK Information Commissioner’s Office International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (“UK Addendum”) is incorporated herein by reference.
Table 1: The start date in Table 1 is the effective date of the Addendum. All other information required by Table 1 is set forth in Annex I, Section A of the Clauses.
Table 2: The UK Addendum forms part of the version of the Approved EU SCCs which this UK Addendum is appended to including the Appendix Information, effective as of the effective date of the Addendum.
Table 3: The information required by Table 3 is set forth in Annex I and II to the Clauses.
Table 4: The parties agree that Importer may end the UK Addendum as set out in Section 19.
Terms of Service – Revision – February 14, 2020
Terms of Service – Revision – Aug 2019