Webinar: A Wave of New Opportunity in Debt Origination Register Now

Legal

Dealpath Terms of Service

Dealpath Terms of Service

Last updated on July 1st, 2022

These Terms of Service (the “Terms”), together with all Order Forms (as defined below), govern Customer’s access and use of the Services (defined below) offered by Dealpath Inc. (“Dealpath”)’s, including as accessible via Dealpath’s website located at www.dealpath.com, including all subdomains thereof (the “Site”), unless Dealpath and Customer (as defined below) have entered into a separate written agreement governing Customer’s access and use of the Services.  These Terms commence upon the Order Form Effective Date of the initial Order Form.

     1.     DEFINITIONS

            1.1              “Authorized User” means an individual which Customer (or, when applicable, Dealpath at Customer’s request) has authorized to use the Services, including without limitation (i) to whom Customer (or, when applicable, Dealpath at Customer’s request) has assigned a unique username-password combination to access and use the Services; and (ii) who has registered to access and use the Services.

            1.2              “Customer” means the company or other legal entity identified as customer in the applicable Order Form.

            1.3              “Customer Data” means all data and information input or submitted by Customer, or Authorized Users on Customer’s behalf, into the Services, but excluding, for clarity, Usage Data and Dealpath’s other Intellectual Property Rights set forth in Section 5.

            1.4              “Fees” means the fees described in the applicable Order Form.

            1.5              “Professional Services” means any professional services expressly set forth in an applicable Order Form, which may include implementation services performed by Dealpath to configure and rollout the Services to Customer, as described in the applicable Order Form.

            1.6              “Intellectual Property Rights” means patent rights (including, without limitation, patent applications and disclosures), trademark rights, copyrights, trade secrets, moral rights, know-how, and any other intellectual property rights recognized in any country or jurisdiction in the world.

            1.7              “Order Form” means an order form duly executed by Dealpath and Customer which explicitly references these Terms.  Each Order Form shall be deemed incorporated by reference into these Terms upon mutual execution.

            1.8              “Order Form Initial Term” means the initial term of an Order Form as set forth therein.

            1.9              “Order Form Renewal Period” means the renewal period of an Order Form as set forth therein.

            1.10          “Order Form Term” means, with respect to an Order Form, the Order Form Initial Term together with any Order Form Renewal Periods.

            1.11          “Service Level Agreement” means service level agreement set forth in Exhibit A.

            1.12          “Services” means Dealpath’s proprietary cloud-based collaboration and workflow platform for real estate investment professionals as more particularly described and identified in the applicable Order Form.

     2.                  SERVICES

            2.1              Services. Dealpath will use commercially reasonable efforts to provide the Services to Customer in accordance with these Terms, including the Service Level Agreement, and the applicable Order Form.  Subject to Customer’s compliance with these Terms, Dealpath hereby grants Customer a limited, non-exclusive, non-transferable, non-sublicensable, worldwide license to access and use the Services during the Order Form Term solely for Customer’s business purposes, and such access and use is expressly limited to: (i) the number of Authorized Users for which Customer has paid the applicable Fees; and (ii) the scope of access and functionality designated in the Order Form for each category of Authorized User.

            2.2              Authorized Users.  An Authorized User may be an employee, independent contractor, or service provider of Customer; provided that each Authorized User must be an individual and may only use the Service on behalf of the Customer.  Customer will at all times be responsible and liable hereunder, for all actions or omissions of (i) any Authorized User or (ii) under an Authorized User’s account, whether such action or omission was by an Authorized User or by another party, and whether or not such action or omission was authorized by an Authorized User.  During the Order Form Initial Term or any Order Form Renewal Period, as applicable, Customer may, in its discretion, add additional Authorized Users in accordance with the process and prices described in the relevant Order Form. Upon each Order Form Renewal Period, subject to written notice at least thirty (30) days prior to the start of an Order Form Renewal Period, Customer may decrease its number of Authorized Users for each User Category and the applicable Fees will be adjusted accordingly.

            2.3              Professional Services. If an Order Form expressly includes Professional Services, Dealpath will use commercially reasonable efforts to perform the Professional Services for Customer in accordance with these Terms and the applicable Order Form.

            2.4              Restrictions. Customer shall not interfere with or disrupt the Site or the Services or attempt to gain access to any systems or networks that connect thereto (except as required to access and use the Services as permitted under these Terms). Customer shall not allow access to or use of the Site or Services by anyone other than Authorized Users, and shall not allow an Authorized User to access the Site or Service beyond the functionality scope set forth for the User Category designated for such Authorized User. Customer shall not, and shall not permit any person or entity to: (a) copy, modify, create derivative works of, or distribute any portion of the Site or Services; (b) rent, lease, frame, mirror, sell, resell, market, sublicense, publish, distribute, reproduce, assign, transfer, loan any portion of the Services or provide access to the Site or Services on a time-share or service bureau basis; (c) transfer any of its rights hereunder except as set forth in Section 11.8; Customer will not and will not permit any person or entity (including, without limitation, Authorized Users) to, directly or indirectly: (d) copy, modify or create any derivative work of any portion of the Services; (e) reverse engineer, decompile, decode, or disassemble or otherwise attempt to derive or gain improper access to any software component of the Services, in whole or in part; (g) use the Services in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property rights or other right of any person or entity, or that violates any applicable law; (h) access or search the Services (or download any data or content contained therein or transmitted thereby) through the use of any engine, software, tool, agent, device or mechanism (including spiders, robots, crawlers or any other similar data mining tools) other than software or Services features provided by Dealpath for use expressly for such purposes; or (i) use the Services any Confidential Information of Dealpath for benchmarking or competitive analysis with respect to competitive or related products or services, or to develop, commercialize, license or sell any product, service or technology that could, directly or indirectly, compete with the Services.

            2.5              Acceptable Use Policies. Customer acknowledges and agrees that Dealpath has no obligation to monitor or police communications or data transmitted through the Site or Services and that Dealpath shall not be responsible for the content of any such communications or transmissions. However, Dealpath has the right to monitor the foregoing for the purpose of operating the Site and Services, to ensure compliance with these Terms, and to comply with applicable law or other legal requirements. Customer and its Authorized Users shall use the Site or Services exclusively for authorized and legal purposes, consistent with all applicable laws, regulations and the rights of others. Customer and its Authorized Users shall not use the Site or Services to transmit any bulk unsolicited commercial communications. Customer shall keep confidential and not disclose to any third parties (except for Authorized Users who are employees or contractors), and shall ensure that Authorized Users keep confidential and do not disclose to any third parties (except for Authorized Users who are employees or contractors), any user identifications, account numbers and account profiles.

            2.6              Data Protection and Security. Each Party will comply with its obligations set forth in the Data Protection Addendum attached hereto as Exhibit B.

3.                  CUSTOMER OBLIGATIONS

            3.1              Cooperation and Assistance. Customer shall at all times provide Dealpath with good faith cooperation and assistance and make available such information, facilities, Customer personnel and equipment as may be reasonably required by Dealpath in order to provide the Services (and, if applicable, Professional Services), including, but not limited to, providing Customer Data, security access, information and, as necessary, software interfaces to Customer’s business applications (provided that such cooperation, assistance and resources shall be at all times subject to and in accordance with Customer’s facility, workplace, internet usage, and other internal policies, as then in effect). Additionally, Customer shall be solely responsible for acquiring and maintaining all telecommunications and Internet services and other hardware and software required to access and use the Services, including, without limitation, any and all costs, fees, expenses, and taxes of any kind related to the foregoing.

            3.2              Enforcement. Customer shall ensure that all Authorized Users comply with the terms and conditions of these Terms, including, without limitation, with Customer’s obligations and the restrictions set forth in Sections 2.4 and 2.5. Customer shall promptly notify Dealpath of any reasonable suspicion or reasonably alleged violation of these Terms by Customer or an Authorized User and shall reasonably cooperate with Dealpath with respect to: (a) investigation by Dealpath of any such suspected or alleged violation of these Terms and (b) any action by Dealpath to enforce these Terms. Dealpath may suspend or terminate any Authorized User’s access to the Services upon notice to Customer in the event that Dealpath reasonably determines that such Authorized User violated these Terms or of any other agreement between Dealpath and such Authorized User pursuant to which such Authorized User is permitted to access and use the Services.

            3.3              Customer Data. Customer hereby grants Dealpath a right and license to copy, use, display, perform and modify (i) the Customer Data solely to perform its obligations and exercise its rights under these Terms, including to provide the Services during the Order Form Term, (ii) the Customer Data, in deidentified and/or aggregated form, to operate and improve the Services and Dealpath’s products and services generally, during and after the Order Form Term, and (iii) to develop or derive Usage Data, in aggregated and deidentified form, as set forth in Section 5.1.Customer is responsible for providing all Customer Data in the appropriate format and the means by which the Customer Data was acquired, and for providing any notices, and obtaining any necessary rights, consents and licenses for Dealpath to use the Customer Data in accordance with these Terms.

            3.4              Marketing Support.  Customer authorizes Dealpath to use its Customer Marks (as defined below) pursuant to the terms of this Section, provided that Dealpath agrees to promptly cease any such use upon written notice from Customer. Customer grants to Dealpath a non-exclusive, non-transferable (except as permitted under Section 11.8), limited right to use Customer’s name, trademarks, and logos (collectively, the “Customer Marks”) on Dealpath’s websites and in the production of marketing materials, provided that (i) such use is in accordance with the trademark and logo use guidelines that Customer provides to Dealpath, and (ii) such consent/grant may be given, withheld, or withdrawn at any time in Customer’s sole and absolute discretion. All goodwill developed from such use shall be solely for the benefit of Customer.

4.                  FEES; EXPENSES; TAXES

            4.1              Fees. In consideration for Dealpath providing the Services and, if applicable, Professional Services, Customer shall pay to Dealpath the Fees in accordance with the terms set forth in the applicable Order Form.

            4.2              Invoices; Payment; Late Payment. Unless otherwise set forth in an Order Form, (a) Dealpath shall invoice Customer annually for all Fees and applicable Taxes (as defined in Section 4.3), and including any related interest and/or penalties, due in that period, and (b) each invoice is due and payable thirty (30) days following Customer’s receipt of a duly issued invoice. If Dealpath has not received payment within thirty (30) days after the due date and Customer has not reasonably disputed an invoice, interest shall accrue on such undisputed past due amounts at the rate of one and one-half percent (1.5%) per month, but in no event greater than the highest rate of interest allowed by applicable law, calculated from the date such amount was due until the date that payment is received by Dealpath, and Dealpath may suspend Services until all payments are made in full.

            4.3              Taxes. All Fees and other amounts stated or referred to in these Terms are exclusive of all taxes, duties, levies, tariffs, and other governmental charges (including, without limitation, VAT) (collectively, “Taxes”). Customer shall be responsible for payment of all Taxes and any related interest and/or penalties resulting from Customer’s use of the Services, other than any taxes based on Dealpath’s income.

5.                  PROPRIETARY RIGHTS.

            5.1              Services and Data. Dealpath shall own and retain all right, title and interest in and to: (a) the Services, and all improvements, enhancements, updates, and modifications thereto, and any derivative works of the foregoing; (b) any underlying software, algorithms, interfaces, databases, tools, know-how, processes, methods, applications, inventions or other technology used to deliver the Services or Professional Services, or otherwise developed by or on behalf of Dealpath in connection with providing Implementation  or Professional Services; and (c) all Intellectual Property Rights in and to any of the foregoing (collectively, “Dealpath IP”). Customer shall own and retain all right, title and interest in and to the Customer Data; provided that Dealpath may collect, generate, process and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies, including without limitation learnings, analytics, algorithms, data and other information derived therefrom (collectively, “Usage Data”). Usage Data shall be in an aggregated and de-identified form, and Dealpath shall own all right, title and interest in and to Usage Data, and all Intellectual Property Rights therein, which shall be deemed a part of Dealpath IP. Dealpath agrees that it will not use Usage Data for the benefit of a third party in a manner that would permit reverse engineering of Usage Data such that Customer (or its Authorized Users) can be identified as the source of such data.

            5.2              Feedback. From time to time Customer or its employees, contractors, or representatives may provide Dealpath with suggestions, comments, feedback or the like with regard to the Services or other products or services of Dealpath (collectively, “Feedback”).  To the extent that Customer provides to Dealpath any Feedback, Customer grants Dealpath a non-exclusive, worldwide, perpetual, irrevocable, fully-paid, royalty-free, sublicensable and transferable license to use, copy, modify, create derivative works based upon and otherwise exploit, freely and without restriction, the Feedback for any purpose.

            5.3              DMCA/Copyright Policy. Dealpath respects copyright law and expects Customer to do the same. It is Dealpath’s policy to terminate in appropriate circumstances access to the Services to customers (and its authorized users) who repeatedly infringe or are believed to be repeatedly infringing the rights of copyright holders. Please see Dealpath’s Copyright Policy at www.dealpath.com, for further information.

6.                  CONFIDENTIALITY

            6.1              Definition. “Confidential Information” means any business or technical information disclosed by one party to the other party that: (i) if disclosed in writing, is marked “confidential” or “proprietary” at the time of disclosure; (ii) if disclosed orally, is identified as “confidential” or “proprietary” at the time of disclosure, and is summarized in a writing sent by the disclosing party to the receiving party within thirty (30) days after any such disclosure; or (iii) under the circumstances, a person exercising reasonable business judgment would understand to be confidential or proprietary. For clarity, and regardless of the circumstances and manner of disclosure, subject to Dealpath’s rights set forth elsewhere in this Agreement, Customer Data is considered to be Confidential Information of Customer, and the Services and other Dealpath IP are Dealpath’s Confidential Information.

            6.2              Exclusions. The obligations and restrictions set forth in Section 7.3 will not apply to any information that: (i) is or becomes generally known to the public through no fault of or breach of these Terms by the receiving party; (ii) is rightfully known by the receiving party at the time of disclosure; (iii) is independently developed by the receiving party without access to the disclosing party’s Confidential Information; or (iv) the receiving party rightfully obtains from a third party who, after due inquiry, has the right to disclose such information without breach of any confidentiality obligation to the disclosing party.

            6.3              Use and Nondisclosure. A receiving party will not use the disclosing party’s Confidential Information except to perform its obligations and exercise its rights hereunder, and, except with the disclosing party’s prior written consent, will not disclose such Confidential Information to any third party except to those of its employees, agents, contractors, and subcontractors who have a bona fide need to know such Confidential Information for the performance or enforcement of these Terms; provided that each such employee, agent, contractor, and subcontractor is bound by a written agreement that contains use and disclosure restrictions consistent with the terms set forth in this Section 7. Each receiving party will protect the disclosing party’s Confidential Information from unauthorized use and disclosure using efforts equivalent to the efforts that the receiving Party ordinarily uses with respect to its own confidential information of like importance and in no event less than a reasonable standard of care. The provisions of this Section 7.3 will remain in effect for a period of three (3) years after the expiration or termination of these Terms; provided that with respect to Confidential Information that is a trade secret, the provisions of this Section 7.3 will remain in effect for so long as such Confidential Information is deemed a trade secret under applicable law.

            6.4              Permitted Disclosures. The provisions of this Section 7 will not restrict either party from disclosing the other party’s Confidential Information: (i) pursuant to the order or requirement of a court, administrative agency, or other governmental body; provided that the party required to make such a disclosure gives reasonable notice to the other party to enable it to contest such order or requirement or limit the scope of such request; (ii) on a confidential basis to its legal or professional financial advisors; or (iii) as required under applicable securities regulations.  In addition, either party may disclose the terms and conditions of these Terms on a confidential basis to present or future providers of venture capital and/or potential private investors in or acquirers of such party.

7.                  WARRANTY

            7.1              Mutual Warranties.  Each party hereby represents and warrants to the other party that: (i) it is duly organized, validly existing and in good standing under its jurisdiction of organization and has the right to enter into these Terms and (ii) the execution, delivery and performance of these Terms and the consummation of the transactions contemplated hereby are within the corporate powers of such party and have been duly authorized by all necessary corporate action on the part of such party, and constitute a valid and binding agreement of such party.

            7.2              Warranty for Services. Dealpath represents and warrants that the Services will be in material accordance with the Service Level Agreement. Dealpath’s sole and exclusive liability and Customer’s sole and exclusive remedy for any breach of the warranty set forth in this Section 7.2 will be as set forth in Section 5 of the Service Level Agreement.

            7.3              Customer Warranty. Customer represents and warrants that: (i) it has, and will continue to have, during the applicable Order Form Term, the legal right and authority to access, use and disclose to Dealpath any Customer Data; (ii) Dealpath has the right to use Customer Data in accordance with the terms of this Agreement; (iii) all Customer Data will be and remain true, accurate, and complete; and (iv) Dealpath’s use of the Customer Data in accordance with these Terms will not violate any applicable laws or regulations or cause a breach of any agreement or obligations between Customer and any third party.

            7.4              Disclaimer. EXCEPT AS EXPRESSLY PROVIDED IN SECTION 7, THE SERVICES AND OTHER DEALPATH IP ARE PROVIDED ON AN “AS IS” BASIS, AND DEALPATH MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHATSOEVER, EXPRESS OR IMPLIED, IN CONNECTION WITH THESE TERMS, THE SERVICES, OR ANY OTHER DEALPATH IP, AND DEALPATH HEREBY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY, ACCURACY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT, AND NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE. DEALPATH DISCLAIMS ANY WARRANTY THAT THE SERVICES WILL BE ERROR FREE OR UNINTERRUPTED OR THAT ALL ERRORS WILL BE CORRECTED. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM DEALPATH OR ELSEWHERE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THESE TERMS. Customer assumes sole responsibility and liability for results obtained from the use of the Services and for conclusions drawn from such use. Dealpath shall have no liability for any claims, losses, or damages caused by errors or omissions in any Customer Data or other information provided to Dealpath by Customer in connection with the Services or any actions taken by Dealpath at Customer’s direction. Dealpath shall have no liability for any claims, losses or damages arising out of or in connection with Customer’s or any Authorized User’s use of any third-party products, services, software or web sites that are accessed via links from within the Services.

8.                  TERM AND TERMINATION

            8.1              Term. These Terms are effective as of the Order Form Effective of the first Order Form the Customer and Dealpath enter into and, unless earlier terminated in accordance with Section 8.2, continue until all Order Forms have expired or are terminated pursuant to these Terms and applicable Order Forms.

            8.2              Termination for Cause. Either party may terminate these Terms (together with all Order Forms) upon written notice if the other party breaches any material term of these Terms and fails to correct the breach within thirty (30) days following written notice from the non-breaching specifying the breach; provided that the cure period for any default with respect to payment shall be ten (10) business days. Either party may terminate an individual Order Form upon written notice if the other party breaches any material term of such Order Form and fails to correct the breach within thirty (30) days following written notice from the non-breaching specifying the breach; provided that the cure period for any default with respect to payment shall be ten (10) business days.

            8.3              Rights and Obligations Upon Expiration or Termination. Upon expiration or termination of each Order Form: (i) Customer’s and its Authorized Users’ right to access and use the Services under such Order Form shall immediately terminate; (ii) Customer and its Authorized Users shall immediately cease all use of the Services under such Order Form; and (iii) subject to Section 3.3, each party shall make no further use of any Confidential Information, materials, or other items (and all copies thereof) belonging to the other party (unless otherwise authorized to do so hereunder based on a separate Order Form), and each party will promptly return to the other party (or destroy) all Confidential Information of the other party in its possession or control, except for any archived electronic communications which may be stored confidentially; and (iv) upon request, Dealpath shall at no additional cost make the Customer Data available to for download (in one of the formats offered by Dealpath) for a period of sixty (60) days following expiration/rumination (Customer may request longer timeframes and/or different formats which, if approved by Dealpath, may be subject to additional cost).

            8.4              Effect of Termination. Upon expiration or termination of an Order Form (other than termination pursuant to Section 8.2): (i) any other  Order Form that is then-in effect will remain in-effect for the duration of the then-current term of such Order Form; and (ii) these Terms will continue to apply with respect to such Order Forms until expiration or termination of such Order Forms. Termination of these Terms will automatically terminate all outstanding Order Forms.

            8.5              Survival. The rights and obligations of Dealpath and Customer contained in Sections 1 (Definitions), 3.3 (Customer Data), 4 (Fees, Expenses and Taxes), 5 (Proprietary Rights), 6 (Confidentiality), 7.4 (Disclaimer) 8.3 (Rights and Obligations Upon Expiration or Termination), 8.4 (Effect of Termination), 8.5 (Survival), 9 (Indemnification), 10 (Limitation of Liability), and 11 (General) shall survive any expiration or termination of these Terms and Order Forms.

9.                  INDEMNIFICATION

            9.1              Indemnification by Dealpath. Dealpath shall defend (or settle), indemnify and hold harmless Customer, its officers, directors and employees (collectively, “Customer Indemnitees”), from and against any court costs, reasonable attorneys’ fees, damages and liabilities awarded in final judgment against Customer Indemnitees, and amounts agreed to in settlement, with respect to each of the foregoing, to the extent arising from any third-party claim or suit against Customer Indemnitees that the Services, as provided by Dealpath to Customer pursuant to these Terms, infringe, misappropriate, or otherwise violate any Intellectual Property Right of any third party.  In connection with Dealpath’s obligations under this Section 9.1, Customer will: (a) provide Dealpath with prompt written notice of such claim (provided that any delay that does not materially prejudice Dealpath’s ability to defend the claim will not relieve Dealpath of its indemnification obligations); (b) provide reasonable cooperation to Dealpath, at Dealpath’s expense, in the defense and settlement of such claim; and (c) afford Dealpath sole authority to defend or settle such claim. Customer shall not enter into any stipulated judgment or settlement that purports to bind Dealpath without Dealpath’s express written authorization, which shall not be unreasonably withheld or delayed. 

            9.2              Injunctions. If Customer’s use of the Services is, or in Dealpath’s opinion is likely to be, enjoined due to the type of claim specified in Section 9.1, then Dealpath may at its sole option and expense: (i) replace or modify the Services to make them non-infringing and of equivalent functionality; (ii) procure for Customer the right to continue using the Services under the terms of these Terms; or (iii) if Dealpath is unable to accomplish either (i) or (ii) despite using its reasonable efforts, terminate Customer’s rights and Dealpath’s obligation under these Terms with respect to such Services (or these Terms altogether) and refund to Customer a pro-rata portion of the Fees paid for the remaining portion of the Order Form Initial Term or Order Form Renewal Period during which Customer would have had access to the Services.

            9.3              Exclusions. Notwithstanding the terms of Section 9.1, Dealpath will have no liability for any infringement or misappropriation claim of any kind to the extent that it results from: (i) Customer’s breach of these Terms, negligence, willful misconduct, or fraud; (ii) the combination, operation or use of the Services with equipment, devices, software or data not supplied by Dealpath, if a claim would not have occurred but for such combination, operation or use; (iii) Customer Data; (iv) Customer’s or an Authorized User’s use of the Services other than in accordance with these Terms; (v) Customer’s failure to use any enhancements, modifications, or updates to the Services made available by Dealpath to Customer, or Customer’s continued use of a prior version of the Services that has been superseded by a non-infringing version subsequently released by the provider.

            9.4              Sole Remedy. THE PROVISIONS OF SECTION 9.1, 9.2 AND 9.3 STATE DEALPATH AND ITS LICENSORS SOLE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO ANY ALLEGED OR ACTUAL INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS BY THE SERVICES.

            9.5              Indemnification by Customer. Customer shall defend (or settle), indemnify and hold harmless Dealpath, its officers, directors and employees (collectively, “Dealpath Indemnitees”), from and against any court costs, reasonable attorneys’ fees, damages and liabilities awarded in final judgment against Dealpath Indemnitees, and amounts agreed to in settlement, with respect to each of the foregoing, to the extent arising from any third-party claim or suit based on (i) allegations that Customer’s or an Authorized User’s use of the Services were not in accordance with these Terms, including a breach of Section 2.4, or (ii) Customer Data, including a claim that the Customer Data infringes,  misappropriates, or violates any Intellectual Property Rights, privacy rights, or other rights of a third party, applicable law, or was collected or disclosed in violation of the Terms. In connection with Customer’s obligations under this Section 9.5 Dealpath will: (a) provide Customer with prompt written notice of such claim (provided that any delay that does not materially prejudice Customer’s ability to defend the claim will not relieve Customer of its indemnification obligations); (b) provide reasonable cooperation to Customer, at Customer’s expense, in the defense and settlement of such claim; and (c) afford Customer sole authority to defend or settle such claim. Dealpath shall not enter into any stipulated judgment or settlement that purports to bind Customer without Customer’s express written authorization, which shall not be unreasonably withheld or delayed. 

10.              LIMITATION OF LIABILITY.

            10.1          Exclusion of Damages. EXCEPT FOR LIABILITY ARISING FROM A BREACH OF SECTIONS 2.4, 2.5, 6, OR 7.3, OR BREACH OF CUSTOMER’S PAYMENT OBLIGATIONS, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF INCOME, DATA, PROFITS, REVENUE OR BUSINESS INTERRUPTION, OR OTHER ECONOMIC LOSS, WHETHER OR NOT SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND WHETHER ANY CLAIM FOR RECOVERY IS BASED ON THEORIES OF CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE AND STRICT LIABILITY) OR OTHERWISE.

            10.2          Total Liability.  NOTWITHSTANDING ANY OTHER PROVISIONS OF THESE TERMS, EXCEPT FOR LIABILITY ARISING FROM A BREACH OF SECTIONS 2.4, 2.5, 7.3, BREACH OF CUSTOMER’S PAYMENT OBLIGATIONS, AND FOR THE PARTIES’ INDEMNIFICATION OBLIGATIONS IN SECTION 9, IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY TO THE OTHER PARTY AND ANY THIRD PARTY ABOUT THESE TERMS OR CUSTOMER’S ACCESS TO AND USE OF THE SERVICES EXCEED THE TOTAL FEES OWED BY CUSTOMER IN THE TWELVE-MONTH PERIOD PRECEDING THE CLAIM OR ACTION, REGARDLESS OF THE FORM OR THEORY OF THE CLAIM OR ACTION.

            10.3          Basis of Bargain. THE LIMITATIONS OF LIABILITY AND EXCLUSIONS OF DAMAGES SET FORTH IN THIS SECTION 10 ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN DEALPATH AND CUSTOMER AND WILL APPLY TO THE MAXIMUM EXTENT ALLOWED UNDER APPLICABLE LAW.

11.              GENERAL

            11.1          Governing Law. These Terms and all matters arising out of or relating to these Terms shall be governed by the laws of the State of California, without regard to its conflict of law provisions. Any legal action or proceeding relating to these Terms shall be brought exclusively in the state or federal courts located in San Francisco, California. Dealpath and Customer hereby agree to submit to the jurisdiction of, and agree that venue is proper in, those courts in any such legal action or proceeding.

            11.2          Waiver. The waiver by either party of any default or breach of these Terms shall not constitute a waiver of any other or subsequent default or breach. No waiver of any provision of these Terms will be effective unless it is in writing and signed by the party granting the waiver.

            11.3          Notices. Dealpath may give notice to Customer by means of a general notice through the Services interface, email to Customer’s e-mail address on record with Dealpath, or by written communication sent by first class postage prepaid mail or nationally recognized overnight delivery service to Customer’s address on record with Dealpath. Customer may give notice to Dealpath by written communication sent by first class postage prepaid mail or nationally recognized overnight delivery service addressed to Dealpath, Inc., 300 California Street, Ste 300, San Francisco, CA 94104. Notice shall be deemed to have been given upon receipt or, if earlier, two (2) business days after mailing, as applicable. For notices made by e-mail, the date of receipt will be deemed the date on which such notice is transmitted.

            11.4          Severability. In the event any provision of these Terms is held to be invalid or unenforceable, the remaining provisions of these Terms shall remain in full force and effect.

            11.5          Force Majeure. Neither party shall be liable hereunder by reason of any failure or delay in the performance of its obligations hereunder (except for the payment of money) on account of events beyond the reasonable control of such party, which may include without limitation denial-of-service attacks, strikes, shortages, riots, insurrection, epidemics, pandemics, fires, flood, storm, explosions, acts of God, war, terrorism, governmental action, labor conditions, earthquakes and material shortages (each a “Force Majeure Event”). Upon the occurrence of a Force Majeure Event, the non-performing party will be excused from any further performance of its obligations effected by the Force Majeure Event for so long as the event continues and such party continues to use commercially reasonable efforts to resume performance.

            11.6          Compliance with Laws. Each party agrees to comply with all applicable laws and regulations with respect to its activities hereunder, including, but not limited to, any export laws and regulations of the United States. Customer affirms that it is not named on, owned by, or acting on behalf of any U.S. government denied-party list, and it agrees  to comply fully with all relevant export control and sanctions laws and regulations of the United States (“Export Laws”) to ensure that neither the Services nor any technical data related thereto, is: (i) used, exported or re-exported directly or indirectly in violation of Export Laws; or (ii) used for any purposes prohibited by the Export Laws, including, but not limited to, nuclear, chemical, or biological weapons proliferation, missile systems or technology, or restricted unmanned aerial vehicle applications.

            11.7          Relationship Between the Parties. Nothing in these Terms shall be construed to create a partnership, joint venture or agency relationship between the parties. Neither party will have the power to bind the other or to incur obligations on the other’s behalf without such other party’s prior written consent.

            11.8          Assignment. Neither Party may assign or transfer these Terms, in whole or in part, without the other party’s prior written consent; provided that: (i) Dealpath may assign these Terms without Customer’s prior written consent to a successor entity in connection with a merger, acquisition, consolidation, by operation of law, or sale of all or substantially all of Dealpath’s assets to which these Terms relate; and (ii) Customer may assign these Terms without Dealpath’s prior written consent to a successor entity who is not a direct or indirect competitor of Dealpath in connection with a merger, acquisition, consolidation, by operation of law, or sale of all or substantially all of Customer’s assets to which these Terms relate.  Any attempted assignment or transfer without such consent will be null and of no effect.  Subject to the foregoing, these Terms will bind and inure to the benefit of the parties, their successors and permitted assigns.

            11.9          Entire Agreement. These Terms (together with all Order Forms) constitute the complete and exclusive agreement between the parties concerning its subject matter and supersede all prior or contemporaneous agreements or understandings, written or oral, concerning the subject matter of these Terms. These Terms may not be modified or amended except in a writing signed by a duly authorized representative of Dealpath and Customer. If there is any inconsistency between the provisions of these Terms and the terms in any Order Form, these Terms shall prevail.

            11.10      Non-Exclusive Remedies.  Except as otherwise set forth in these Terms, including Sections 7.2 and 9.4, the exercise by either party of any remedy under these Terms will be without prejudice to its other remedies under these Terms or otherwise.

            11.11      Equitable Relief. Each party acknowledges that a breach by the other party of any confidentiality or proprietary rights provision of these Terms may cause the non-breaching party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching party may institute an action to enjoin the breaching party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching party may be entitled at law or in equity.

            11.12      No Third-Party Beneficiaries. These Terms are intended for the sole and exclusive benefit of the signatories and is not intended to benefit any third party. Only the parties to these Terms may enforce them.

            11.13      Headings. The headings in these Terms are for the convenience of reference only and have no legal effect.

LIST OF EXHIBITS

EXHIBIT A – SERVICE LEVEL AGREEMENT

EXHIBIT B – DATA PROTECTION AGREEMENT

EXHIBIT C – REVISION HISTORY

EXHIBIT A
SERVICE LEVEL AGREEMENT

  1. Service Availability.

Dealpath will use commercially reasonable efforts to make the Services under each Order Form available to Customer with 99.90% platform uptime, measured monthly, excluding Planned Downtime, force majeure events (including as set forth in Section 11.5 of these Terms), and emergency maintenance (“Uptime Target”).

  1. Service Availability Calculation.

The Uptime Target for the Services under each Order Form will be calculated as follows:

α=((η – π – ∆) / (η- π)) * 100

Where:

α=% Availability
η  =  Number of hours in a month
π= Planned Downtime as defined below
∆ = Total time of Service unavailability

  1. Planned Downtime.

(a)        Planned Downtime. “Planned Downtime” occurs when Customer or Authorized Users have no access to the Services under an Order Form due to scheduled maintenance.

(b)       Scheduled Maintenance. Dealpath will use commercially reasonable efforts to undertake all necessary maintenance in a manner that mitigates impact to Customer and its users and to notify Customer of the required maintenance. Dealpath will use commercially reasonable efforts to provide twenty-four (24) hours’ prior notice for scheduled maintenance not to exceed six (6) hours.  Notice provided under this Section will be via email.

  1. Technical Support

(a)        Hours of Support.  Dealpath will respond to problems with the Services experienced by Customer or its Authorized Users in accordance with this Section 4. Dealpath will provide coverage parameters specific to the service(s) covered in these Terms as follows:

  • Telephone support: Dealpath will designate a dedicated account manager who will provide phone support to Customer during normal business hours on weekdays during the hours of 9:00 a.m. – 5:00 p.m. Pacific Time with the exclusion of Federal Holidays. Dealpath will use commercially reasonable efforts to respond to all support requests within 1 business day.

(b)       Problem Severity Level Definitions.  Problems reported by Customer to Dealpath support will be assigned a Severity Level in accordance with the following:

Impact Severity Levels

Severity 1

Critical Failure – actual failure of Service where the Service is unavailable to the Customer.

Severity 2

Major Degradation – Critical problem causing loss of data or loss of service to a core Service functionality.  Services are functioning but in a significantly reduced capacity, may affect multiple users.

Severity 3

Minor Service/Application Degradation – does not affect core Service functionality.

(c)        Problem Response Times.  Dealpath will use commercially reasonable efforts to meet or exceed the target response and problem resolution times for each Severity Level as set forth in the following:

Severity Level

Response Time Objective

Restoration
Resolution Objective

Customer Update Frequency

1

4 Hours

24 hours to resolve or provide work around

Daily

2

4 Hours

3 Business Days to resolve or provide work around

Daily

3

1 Day

20 Business Days to resolve or provide work around

Weekly

(*) “Business Days” are defined as non-weekend and non-US holiday days.

  1. Service Level Credits

(a)        Any downtime resulting from outages of third party connections or utilities or other reasons beyond Dealpath’s control will be excluded from any calculation of downtime for the Uptime Target.  Customer’s sole and exclusive remedy, and Dealpath’s entire liability, in connection with the availability of the Services shall be that for each period in which Dealpath fails to meet the Uptime Target and which lasts longer than one hour, Dealpath will credit Customer 5% of Fees due for the Services for the month in question under the applicable Order Form for each period of 1 or more consecutive hours of downtime for the Services under such Order Form; provided that no more than one such credit will accrue per day. If the Fees for the Services are paid on an annual basis, the downtime credit will be calculated based on one-twelfth (1/12th) of the annual Fees. Downtime shall begin to accrue at the earliest of (i) as soon as Customer (with notice to Dealpath) recognizes that downtime is taking place, or (ii) Dealpath otherwise becomes aware that downtime is taking place, and continues until the availability of the Services is restored. In order to receive downtime credit, Customer must notify Dealpath in writing within twenty-four (24) hours from the time of downtime, and failure to provide such notice will forfeit the right to receive downtime credit. Such credits may not be redeemed for cash and shall not exceed (i) a total of credits for one (1) week of Fees under the applicable Order Form in any one (1) calendar month in any event, and (ii) 15% of Fees due annually in the aggregate. Dealpath will only apply a credit to the month in which the incident occurred, or, if the Fees for the Services are paid on an annual basis, Dealpath will credit the downtime credit at the end of the applicable annual period. Dealpath’s exercise of its rights under these Terms or the blocking of data communications or other portions of the Services in accordance with its policies shall not be deemed to be a failure of Dealpath to provide adequate service levels under these Terms.

 

EXHIBIT B – DATA PROTECTION ADDENDUM

This Data Processing Addendum (“Addendum”) forms part of the Terms between Customer and Dealpath.

  1. Subject Matter and Duration.
    1. Subject Matter. This Addendum reflects the parties’ commitment to abide by Data Protection Laws concerning the Processing of Customer Personal Data in connection with Dealpath’s execution of the Services under the Terms. All capitalized terms that are not expressly defined in this Addendum will have the meanings given to them in the Terms. If and to the extent language in this Addendum or any of its Exhibits conflicts with the Terms, this Addendum shall control.
    2. Duration and Survival. This Addendum will become legally binding upon the Order Form Effective Date of the initial Order Form, or upon the date that the parties enter into this Addendum if it is completed after the effective such Order Form Effective Date. Dealpath will Process Customer Personal Data until the relationship terminates as specified in the Terms. Dealpath’s obligations and Customer’s rights under this Addendum will continue in effect so long as Dealpath Processes Customer Personal Data.

For the purposes of this Addendum, the following terms and those defined within the body of this Addendum apply.

  1. Customer Personal Data” means Customer Data that is Personal Data Processed by Dealpath on behalf of Customer.
  2. Data Protection Laws” means all applicable data privacy, data protection, and cybersecurity laws, rules and regulations to which the Customer Personal Data are subject. “Data Protection Laws” may include, but are not limited to, the California Consumer Privacy Act of 2018 (“CCPA”) and the EU General Data Protection Regulation 2016/679 (“GDPR”).
  3. Personal Data” shall have the meaning assigned to the terms “personal data” or “personal information” under applicable Data Protection Laws.
  4. Process” or “Processing” means any operation or set of operations which is performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  5. Security Incident(s)” means the breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data attributable to Dealpath.
  6. Services” means any and all services that Dealpath performs under the Terms.
  7. Subprocessor” means Dealpath’s authorized vendors and third-party service providers that Process Customer Personal Data.

3. Data Use and Processing.

  1. Documented Instructions. Dealpath and its Subprocessors shall Process Customer Personal Data only in accordance with the documented instructions of Customer or as specifically authorized by this Addendum, the Terms, or any applicable Order Form. Dealpath will, unless legally prohibited from doing so, inform Customer in writing if it reasonably believes that there is a conflict between Customer’s instructions and applicable law or otherwise seeks to Process Customer Personal Data in a manner that is inconsistent with Customer’s instructions.
  2. Authorization to Use Subprocessors. To the extent necessary to fulfill Dealpath’s contractual obligations under the Terms or any Order Form, Customer hereby authorizes Dealpath to engage Subprocessors.
  3. Dealpath and Subprocessor Compliance. Dealpath agrees to (i) enter into a written agreement with Subprocessors regarding such Subprocessors’ Processing of Customer Personal Data that imposes on such Subprocessors data protection and security requirements for Customer Personal Data that are consistent with this Addendum; and (ii) remain responsible to Customer for Dealpath’s Subprocessors’ failure to perform their obligations with respect to the Processing of Customer Personal Data.
  4. Right to Object to New Subprocessors. If Customer wants to receive notifications of new Subprocessors Dealpath plans to engage, Customer must contact Dealpath in writing to request to be notified. If Customer signs up to receive notice of Dealpath’s new Subprocessors, Dealpath will notify Customer prior to engaging any new Subprocessors and allow Customer ten (10) days to object. If Customer has legitimate objections to the appointment of any new Subprocessor, the parties will work together in good faith to resolve the grounds for the objection. You can see Dealpath’s existing Subprocessors list here.
  5. Confidentiality. Any person authorized to Process Customer Personal Data must contractually agree to maintain the confidentiality of such information or be under an appropriate statutory obligation of confidentiality.
  6. Personal Data Inquiries and Requests. Dealpath agrees to provide reasonable assistance and comply with reasonable instructions from Customer related to any requests from individuals exercising their rights in Customer Personal Data granted to them under Data Protection Laws.
  7. Sale of Customer Personal Data Prohibited. Dealpath shall not sell Customer Personal Data as the term “sell” is defined by the CCPA.
  8. Data Protection Impact Assessment and Prior Consultation. Where required by Data Protection Laws, Dealpath agrees to provide reasonable assistance at Customer’s expense to Customer where, in Customer’s judgement, the type of Processing performed by Dealpath requires a data protection impact assessment and/or prior consultation with the relevant data protection authorities.
  9. Demonstrable Compliance. Dealpath agrees to provide reasonable information necessary to demonstrate compliance with this Addendum to Customer upon reasonable request.

4. Cross-Border Transfers of Personal Data.

  1. Cross-Border Transfers of Personal Data. Customer authorizes Dealpath to transfer Customer Personal Data across international borders, including from the European Economic Area to the United States. Where required, cross-border transfers of Customer Personal Data must be supported by an approved adequacy mechanism.
  2. Standard Contractual Clauses. If Customer Personal Data originating in the European Economic Area, Switzerland, and/or the United Kingdom is transferred by Customer to Dealpath in a country that has not been found to provide an adequate level of protection under applicable Data Protection Laws, the parties agree that the transfer shall be governed by Module Two’s obligations in the Annex to the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (“Standard Contractual Clauses”) as supplemented by Attachment 1 attached hereto, the terms of which are incorporated herein by reference. Each party’s signature to the Order Form shall be considered a signature to the Standard Contractual Clauses to the extent that the Standard Contractual Clauses apply hereunder.

5. Information Security Program.

1          Dealpath agrees to implement appropriate technical and organizational measures designed to protect Customer Personal Data in accordance with Data Protection Laws, as described in Annex II to this Attachment 1 to Exhibit B.

6. Security Incidents.

    1.  Notice. Upon becoming aware of a Security Incident, Dealpath agrees to provide notice via e-mail without undue delay and within the time frame required under Data Protection Laws to Customer’s Designated POC. Where possible, such notice will include all available details required under Data Protection Laws for Customer to comply with its own notification obligations to regulatory authorities or individuals affected by the Security Incident.
    2. Investigation. Dealpath will investigate the Security Incident and provide Customer with information concerning the scope, cause, impact of, and mitigation measures referenced in (3) below taken with respect to such Security Incident upon the initial notification referenced in (1) above, or, if not available at such time, promptly thereafter.
    3. Mitigation. Dealpath will take reasonable steps to mitigate the effects of the Security Incident as it relates to Dealpath’s impacted systems.

7. Audits. The parties acknowledge that Dealpath uses third party auditors to verify the adequacy of its Processing of Customer Personal Data. The audit: (i) is performed annually; (ii) is performed against the SOC 2 Type 2 framework; (iii) is performed by an independent third-party security professional at Dealpath’s selection and expense; and (iv) will result in the generation of an audit report affirming that Dealpath’s security controls are compliant with SOC 2 Type 2 (“Report”). Upon request, Dealpath will provide Customer with a copy of its then current Report. If Customer demonstrates that the information contained in the Report is not sufficient for its compliance purposes, then Customer may carry out a follow up audit to ensure Dealpath’s compliance with the terms of this Addendum by having Dealpath complete a data protection questionnaire of reasonable length. Any provision of the Report to, or audit carried out by Customer shall be subject to reasonable confidentiality procedures.

8. Data Deletion.

    1. Data Deletion. At the expiry or termination of the Terms, Dealpath will, upon Customer’s request, delete or return all Customer Personal Data (excluding any back-up or archival copies which shall be deleted in accordance with Dealpath’s data retention schedule), except where Dealpath is required to retain copies under applicable laws, in which case Dealpath will isolate and protect that Customer Personal Data from any further Processing except to the extent required by applicable laws.

9. Processing Details.

    1. Subject Matter. The subject matter of the Processing is the Services pursuant to the Terms.
    2. Duration. The Processing will continue until the expiration or termination of the Terms.
    3. Categories of Data Subjects. Data subjects whose Customer Personal Data will be Processed pursuant to the Terms.
    4. Nature and Purpose of the Processing. The purpose of the Processing of Customer Personal Data by Dealpath is the performance of the Services.
    5. Types of Customer Personal Data. Customer Personal Data that is Processed pursuant to the Terms.

10. Contact Information. Customer and Dealpath agree to designate a point of contact for urgent privacy and security issues (a “Designated POC”). The Designated POC for both parties are set forth in the applicable Order Form.

Attachment 1 to Exhibit B

Standard Contractual Clauses (Processors)

This Attachment 1 forms part of the Addendum and supplements the Standard Contractual Clauses. Capitalized terms not defined in this Attachment 1 have the meaning set forth in the Addendum.

The parties agree that the following terms shall supplement the Standard Contractual Clauses:

 

  1. Supplemental Terms. The parties agree that: (i) a new Clause 1(e) is added the Standard Contractual Clauses which shall read: “To the extent applicable hereunder, these Clauses also apply mutatis mutandis to the Parties’ processing of personal data that is subject to the Swiss Federal Act on Data Protection. Where applicable, references to EU Member State law or EU supervisory authorities shall be modified to include the appropriate reference under Swiss law as it relates to transfers of personal data that are subject to the Swiss Federal Act on Data Protection.”; (ii) a new Clause 1(f) is added to the Standard Contractual Clauses which shall read: “To the extent applicable hereunder, these Clauses, as supplemented by Annex III, also apply mutatis mutandis to the Parties’ processing of personal data that is subject to UK Data Protection Laws (as defined in Annex III).”; (iii) the optional text in Clause 7 is deleted; (iv) Option 1 in Clause 9 is struck and Option 2 is kept, and Dealpath must submit the request for specific authorization in accordance with Section 3(d) of the Addendum; (v) the optional text in Clause 11 is deleted; and (vi) in Clauses 17 and 18, the governing law and the competent courts are those of Ireland (for EEA transfers), Switzerland (for Swiss transfers), or England and Wales (for UK transfers).

 

  1. Annex I. Annex I to the Standard Contractual Clauses shall read as follows:

 A. List of Parties

Data Exporter: Customer.
Address: As set forth in the Order Form.
Contact person’s name, position, and contact details: As set forth in the Order Form.
Activities relevant to the data transferred under these Clauses: The Services.
Role: Controller.

Data Importer: Dealpath.  
Address: As set forth in the Order Form.
Contact person’s name, position, and contact details: As set forth in the Order Form.
Activities relevant to the data transferred under these Clauses: The Services.
Role: Processor.

B. Description of the Transfer:

Categories of data subjects whose personal data is transferred: The categories of data subjects whose Customer Personal Data is transferred under the Standard Contractual Clauses including, but not limited to, Authorized Users.

Categories of personal data transferred: The categories of Customer Personal Data transferred under the Standard Contractual Clauses including, but not limited to, Authorized Users’ name and email address.

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures: To the parties knowledge, no sensitive data is transferred.

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis): Customer Personal Data is transferred in accordance with the standard functionality of the Services, or as otherwise agreed upon by the parties.

Nature of the processing: The Services.

Purpose(s) of the data transfer and further processing: The Services.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: Dealpath will retain Customer Personal Data in accordance with the Addendum. 

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing: The subject matter, nature and duration identified in the Addendum.

C. Competent Supervisory Authority: The supervisory authority mandated by Clause 13. If no supervisory authority is mandated by Clause 13, then the Irish Data Protection Commission (DPC), and if this is not possible, then as otherwise agreed by the parties consistent with the conditions set forth in Clause 13.

D. Additional Data Transfer Impact Assessment Questions:

Will data importer process any personal data under the Clauses about a non-United States person that is “foreign intelligence information” as defined by 50 U.S.C. § 1801(e)?

Not to Dealpath’s knowledge.

Is data importer subject to any laws in a country outside of the European Economic Area, Switzerland, and/or the United Kingdom where personal data is stored or accessed from that would interfere with data importer fulfilling its obligations under the Clauses? For example, FISA Section 702. If yes, please list these laws:

As of the effective date of the Addendum, no court has found Dealpath to be eligible to receive process issued under the laws contemplated by this question, including FISA Section 702, and no such court action is pending.

Has data importer ever received a request from public authorities for information pursuant to the laws contemplated by the question above? If yes, please explain:

No.

Has data importer ever received a request from public authorities for personal data of individuals located in European Economic Area, Switzerland, and/or the United Kingdom? If yes, please explain:

No.

E. Data Transfer Impact Assessment Outcome: Taking into account the information and obligations set forth in the Addendum and, as may be the case for a party, such party’s independent research, to the parties’ knowledge, the Customer Personal Data originating in the European Economic Area, Switzerland, and/or the United Kingdom that is transferred pursuant to the Standard Contractual Clauses to a country that has not been found to provide an adequate level of protection under applicable Data Protection Laws is afforded a level of protection that is essentially equivalent to that guaranteed by applicable Data Protection Laws.

F. Clarifying Terms: The parties agree that: (i) the certification of deletion required by Clause 8.5 and Clause 16(d) of the Standard Contractual Clauses will be provided upon Customer’s written request; (ii) the measures Dealpath is required to take under Clause 8.6(c) of the Standard Contractual Clauses will only cover Dealpath’s impacted systems; (iii) the audit described in Clause 8.9 of the Standard Contractual Clauses shall be carried out in accordance with Section 7 of the Addendum; (iv) where permitted by applicable Data Protection Laws, Dealpath may engage existing Subprocessors using European Commission Decision C(2010)593 Standard Contractual Clauses for Controllers to Processors and such use of Subprocessors shall be deemed to comply with Clause 9 of the Standard Contractual Clauses; (v) the termination right contemplated by Clause 14(f) and Clause 16(c) of the Standard Contractual Clauses will be limited to the termination of the Standard Contractual Clauses; (vi) unless otherwise stated by Dealpath, Customer will be responsible for communicating with data subjects pursuant to Clause 15.1(a) of the Standard Contractual Clauses; (vii) the information required under Clause 15.1(c) of the Clauses will be provided upon Customer’s written request; and (viii) notwithstanding anything to the contrary, Customer will reimburse Dealpath for all costs and expenses incurred by Dealpath in connection with the performance of Dealpath’s obligations under Clause 15.1(b) and Clause 15.2 of the Standard Contractual Clauses without regard for any limitation of liability set forth in the Terms.

  1. Annex II. Annex II of the Standard Contractual Clauses shall read as follows:

Dealpath will maintain the following technical, organizational, and physical safeguards designed to protect the security, confidentiality, integrity, and availability of Customer Personal Data. Dealpath will not materially decrease the overall security of the Services during the Order Form Term.

  • SOC-2 Compliance. Dealpath is SOC 2 Type 2 certified and will remain certified for the duration of the Order Form Term.
  • Password Protection. Customer’s and its Authorized Users’ Services accounts are password protected with verification and notifications through Customer’s corporate email account.
  • Encryption. The Services are delivered and accessible using non-obsolete encryption and hash standards, with all data being encrypted at rest, using AES (reversible encryption) and SHA-2 (irreversible hashing) or better, and in encrypted in transit using HTTPS with Transport Layer Security 1.2 or better.
  • Physical and Logical Security. Dealpath shall use commercially reasonable efforts to restrict logical access to Dealpath’s equipment and/or media containing Customer Personal Data to authorized individuals as required in the applicable Service Schedule. Dealpath shall carry out commercially reasonable measures to limit physical access to Customer Personal Data in its custody or control, which may include use of electronic access control; CCTV; intrusion detection systems; implementing visitor entry control procedures; securing offices, rooms, and facilities; protecting against reasonably anticipated external and environmental threats; and controlling all access points including delivery and loading areas.
  • Software and Virus Protection. Dealpath shall regularly review and update, as necessary, all software, firmware, firewalls and hardware used on Dealpath’s systems in accordance with industry standard practices. Dealpath shall install and maintain commercially reasonable anti-virus software on its systems and update such anti-virus software on a regular basis in accordance with relevant industry practice. Dealpath shall notify the Customer promptly in the event it becomes aware of the actual or potential transmission of any identified computer virus by Dealpath to the Customer.
  • Disaster Recovery. Dealpath shall maintain and implement disaster recovery and avoidance procedures designed to restore, in a commercially reasonable manner, Dealpath’s critical business applications and critical infrastructure at data centers in the event of a disaster event at Dealpath’s facilities (“Disaster Recovery Plan”). On at least an annual basis, Dealpath shall review and update, if necessary, its Disaster Recovery Plan.

Pursuant to Clause 10(b) of the Standard Contractual Clauses, Dealpath will provide Customer assistance with data subject requests in accordance with the Addendum. 

 

  1. Annex III. A new Annex III shall be added to the Standard Contractual Clauses and shall read as follows:

The UK Information Commissioner’s Office International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (“UK Addendum”) is incorporated herein by reference.

Table 1: The start date in Table 1 is the effective date of the Addendum. All other information required by Table 1 is set forth in Annex I, Section A of the Clauses.

Table 2: The UK Addendum forms part of the version of the Approved EU SCCs which this UK Addendum is appended to including the Appendix Information, effective as of the effective date of the Addendum.

Table 3: The information required by Table 3 is set forth in Annex I and II to the Clauses.

Table 4: The parties agree that Importer may end the UK Addendum as set out in Section 19.

EXHIBIT C

Revision History

Terms of Service – Revision – February 14, 2020

Terms of Service – Revision – Aug 2019

Dealpath Terms of Service

Last updated on February 7th, 2023

These Terms of Service (the “Terms”), together with all Order Forms (as defined below), govern Customer’s access and use of the Services (defined below) offered by Dealpath Inc. (“Dealpath”) and Dealpath’s website located at www.dealpath.com and all subdomains thereof (the “Site”), unless Dealpath and Customer (as defined below) have entered into a separate written agreement governing Customer’s access and use of the Services. These Terms commence upon the Order Form Effective Date of the initial Order Form.

  1. DEFINITIONS
    1. Authorized User” means an individual which Customer (or, when applicable, Dealpath at Customer’s request) has authorized to use the Services, including without limitation (i) to whom Customer (or, when applicable, Dealpath at Customer’s request) has assigned a unique username-password combination to access and use the Services; and (ii) who has registered to access and use the Services.
    2. Customer” means the company or other legal entity identified as customer in the applicable Order Form.
    3. Customer Data” means all data and information input or submitted by Customer, or Authorized Users on Customer’s behalf, into the Services.
    4. Fees” means the fees described in the applicable Order Form.
    5. Intellectual Property Rights” means patent rights (including, without limitation, patent applications and disclosures), trademark rights, copyrights, trade secrets, moral rights, know-how, and any other intellectual property rights recognized in any country or jurisdiction in the world.
    6. Order Form” means an order form duly executed by Dealpath and Customer which explicitly references these Terms.  Each Order Form shall be deemed incorporated by reference into these Terms upon mutual execution.
    7. Order Form Initial Term” means the initial term of an Order Form as set forth therein.
    8. Order Form Renewal Period” means the renewal period of an Order Form as set forth therein.
    9. Order Form Term” means, with respect to an Order Form, the Order Form Initial Term together with any Order Form Renewal Periods.
    10. Professional Services” means any professional services expressly set forth in an applicable Order Form, which may include implementation services performed by Dealpath to configure and rollout the Services to Customer, as described in the applicable Order Form.
    11. Service Level Agreement” means service level agreement set forth in Exhibit A.
    12. Services” means Dealpath’s proprietary cloud-based collaboration and workflow platform for real estate investment professionals as more particularly described and identified in the applicable Order Form.
  2. SERVICES
    1. Services. Dealpath will use commercially reasonable efforts to provide the Services to Customer in accordance with these Terms, including the Service Level Agreement, and the applicable Order Form.  Subject to Customer’s compliance with these Terms, Dealpath hereby grants Customer a limited, non-exclusive, non-transferable, non-sublicensable, worldwide license to access and use the Services during the applicable Order Form Term solely for Customer’s business purposes, and such access and use is expressly limited to: (i) the number of Authorized Users for which Customer has paid the applicable Fees; and (ii) the scope of access and functionality designated in the Order Form for each category of Authorized User.
    2. Authorized Users.  An Authorized User may be an employee, independent contractor, or service provider of Customer; provided that each Authorized User must be an individual and may only use the Service on behalf of the Customer.  Customer will at all times be responsible and liable hereunder, for all actions or omissions (i) of any Authorized User or (ii) under an Authorized User’s account, whether such action or omission was by an Authorized User or by another party, and whether or not such action or omission was authorized by an Authorized User.  During the Order Form Initial Term or any Order Form Renewal Period, as applicable, Customer may, in its discretion, add additional Authorized Users in accordance with the process and prices described in the relevant Order Form. Upon each Order Form Renewal Period, subject to written notice at least thirty (30) days prior to the start of an Order Form Renewal Period, Customer may decrease its number of Authorized Users for each User Category and the applicable Fees will be adjusted accordingly.
    3. Professional Services. If an Order Form expressly includes Professional Services, Dealpath will use commercially reasonable efforts to perform the Professional Services for Customer in accordance with these Terms and the applicable Order Form.  Dealpath’s sole and exclusive liability and Customer’s sole and exclusive remedy for any failure to provide the Professional Services in accordance with these Terms or the applicable Order Form will be to re-perform the non-conforming Professional Services such that they are in accordance with these Terms and the applicable Order Form.
    4. Restrictions. Customer shall not allow access to or use of the Site or Services by anyone other than Authorized Users, and shall not allow an Authorized User to access the Site or Service beyond the functionality scope set forth for the User Category designated for such Authorized User. Customer will not at any time, and will not permit any individual or entity (including, without limitation, Authorized Users) to, directly or indirectly: (i) use the Services in any manner beyond the scope of rights expressly granted in these Terms; (ii) copy, modify, distribute, or create derivative works of the Site, Services, or any software used to provide the Services; (iii) reverse engineer, disassemble, decompile, decode or otherwise attempt to derive or gain improper access to any software component of the Services, in whole or in part; (iv) frame, mirror, sell, resell, reproduce, loan, publish, distribute, assign, transfer, rent, or lease use of the Services to any third-party, provide access to the Site or Services on a time-share or service bureau basis, or otherwise allow any third-party to use the Services for any purpose other than for the benefit of Customer in accordance with these Terms; (v) use the Services in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any third-party, or that violates any applicable law; (vi) interfere with, or disrupt the integrity or performance of, the Services, or any data or content contained therein or transmitted thereby; (vii) access or search the Services (or download any data or content contained therein or transmitted thereby) through the use of any engine, software, tool, agent, device or mechanism (including spiders, robots, crawlers or any other similar data mining tools) other than software or Services features provided by Dealpath for use expressly for such purposes; (viii) transfer any of its rights hereunder except as set forth in Section 11.9 (Assignment), (ix) use the Services to transmit any bulk unsolicited commercial communications, or (x) use the Services for benchmarking or competitive analysis, or to develop, commercialize, license or sell any product, service or technology that could, directly or indirectly, compete with the Services.
    5. Acceptable Use Policies. Customer acknowledges and agrees that Dealpath has no obligation to monitor or police communications or data transmitted through the Site or Services and that Dealpath shall not be responsible for the content of any such communications or transmissions. However, Dealpath has the right to monitor the foregoing for the purpose of operating the Site and Services, to ensure compliance with these Terms, and to comply with applicable law or other legal requirements. Customer and its Authorized Users shall use the Site or Services exclusively for authorized and legal purposes, consistent with all applicable laws, regulations and the rights of others. Customer and its Authorized Users shall not use the Site or Services to transmit any bulk unsolicited commercial communications.
    6. Third-Party Services.  Certain features and functionalities within the Services may allow Customer and its Authorized Users to interface or interact with, access and/or use compatible third-party services, products, technology, data, and content (collectively, “Third-Party Services”) through the Services.  Dealpath makes the APIs available to Customer to connect with Third-Party Services that are set forth in the applicable Order Form, and such APIs are provided hereunder as part of the Services.  However, Dealpath does not provide any aspect of the Third-Party Services and is not responsible for any compatibility issues, errors or bugs in the Third-Party Services caused in whole or in part by the Third-Party Services or any update or upgrade thereto.  Customer is solely responsible for maintaining the Third-Party Services and obtaining any associated licenses and consents necessary for Customer to use the Third-Party Services in connection with the Services.
    7. Data Protection and Security. Each Party will comply with its obligations set forth in the Data Protection Addendum attached hereto as Exhibit B.
  3. CUSTOMER OBLIGATIONS
    1. Cooperation and Assistance. Customer shall at all times provide Dealpath with good faith cooperation and assistance and make available such information, facilities, Customer personnel and equipment as may be reasonably required by Dealpath in order to provide the Services (and, if applicable, Professional Services), including, but not limited to, providing Customer Data, security access, information and, as necessary, software interfaces to Customer’s business applications (provided that such cooperation, assistance and resources shall be at all times subject to and in accordance with Customer’s facility, workplace, internet usage, and other internal policies, as then in effect). Additionally, Customer shall be solely responsible for acquiring and maintaining all telecommunications and Internet services and other hardware and software required to access and use the Services, including, without limitation, any and all costs, fees, expenses, and taxes of any kind related to the foregoing.
    2. Enforcement. Customer shall keep confidential and not disclose to any third-parties (except for third-party Authorized Users), and shall ensure that Authorized Users keep confidential and do not disclose to any third-parties (except for third-party Authorized Users), any user identifications, account numbers and account profiles.  Customer shall ensure that all Authorized Users comply with the terms and conditions of these Terms, including, without limitation, with Customer’s obligations and the restrictions set forth in Sections 2.4 (Restrictions) and 2.5 (Accept Use Policies). Customer shall promptly notify Dealpath of any reasonable suspicion or reasonably alleged violation of these Terms by Customer or an Authorized User and shall reasonably cooperate with Dealpath with respect to: (a) investigation by Dealpath of any such suspected or alleged violation of these Terms and (b) any action by Dealpath to enforce these Terms. Dealpath may suspend or terminate any Authorized User’s access to the Services upon notice to Customer in the event that Dealpath reasonably determines that such Authorized User violated these Terms or of any other agreement between Dealpath and such Authorized User pursuant to which such Authorized User is permitted to access and use the Services.
    3. Customer Data. Customer hereby grants Dealpath a right and license to copy, use, display, perform and modify the Customer Data solely to perform its obligations under these Terms, including to provide the Services and Professional Services.  Customer is responsible for providing all Customer Data in the appropriate format and the means by which the Customer Data was acquired, and for providing any notices, and obtaining any necessary rights, consents, and licenses for Dealpath to use the Customer Data in accordance with these Terms.
    4. Marketing Support.  Customer authorizes Dealpath to use its Customer Marks (as defined below) pursuant to the terms of this Section 3.4 (Marketing Support), provided that Dealpath agrees to promptly cease any such use upon written notice from Customer. Customer grants to Dealpath a non-exclusive, non-transferable (except as permitted under Section 11.9 – Assignment), limited right to use Customer’s name, trademarks, and logos (collectively, the “Customer Marks”) on Dealpath’s websites and in the production of marketing materials, provided that (i) such use is in accordance with the trademark and logo use guidelines that Customer provides to Dealpath, and (ii) such consent/grant may be given, withheld, or withdrawn at any time in Customer’s sole and absolute discretion. All goodwill developed from such use shall be solely for the benefit of Customer.
  4. FEES; EXPENSES; TAXES
    1. Fees. In consideration for Dealpath providing the Services and, if applicable, Professional Services, Customer shall pay to Dealpath the Fees in accordance with the terms set forth in the applicable Order Form.
    2. Invoices; Payment; Late Payment. Unless otherwise set forth in an Order Form, (a) Dealpath shall invoice Customer annually for all Fees and applicable Taxes (as defined in Section 4.3 – Taxes), and including any related interest and/or penalties, due in that period, and (b) each invoice is due and payable thirty (30) days following Customer’s receipt of a duly issued invoice. If Dealpath has not received payment within thirty (30) days after the due date and Customer has not reasonably disputed an invoice, interest shall accrue on such undisputed past due amounts at the rate of one and one-half percent (1.5%) per month, but in no event greater than the highest rate of interest allowed by applicable law, calculated from the date such amount was due until the date that payment is received by Dealpath, and Dealpath may suspend Services until all payments are made in full.
    3. Taxes. All Fees and other amounts stated or referred to in these Terms are exclusive of all taxes, duties, levies, tariffs, and other governmental charges (including, without limitation, VAT) (collectively, “Taxes”). Customer shall be responsible for payment of all Taxes and any related interest and/or penalties resulting from Customer’s use of the Services, other than any taxes based on Dealpath’s income.
  5. PROPRIETARY RIGHTS.
    1. Services and Data. Dealpath shall own and retain all right, title and interest in and to: (a) the Services, and all improvements, enhancements, updates, and modifications thereto, and any derivative works of the foregoing; (b) any underlying software, algorithms, interfaces, databases, tools, know-how, processes, methods, applications, inventions or other technology used to deliver the Services or Professional Services, or otherwise developed by or on behalf of Dealpath in connection with providing Implementation  or Professional Services; and (c) all Intellectual Property Rights in and to any of the foregoing (collectively, “Dealpath IP”). 
    2. Customer Data.  Customer shall own and retain all right, title and interest in and to the Customer Data; provided that Dealpath may collect, generate, process and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies, including without limitation learnings, analytics, algorithms, data and other information derived therefrom (collectively, “Usage Data”). Usage Data shall not incorporate any Customer Data and shall be in an aggregated and de-identified form. Dealpath shall own all right, title and interest in and to Usage Data, and all Intellectual Property Rights therein, which shall be deemed a part of Dealpath IP. Dealpath agrees that it will not use Usage Data for the benefit of a third party in a manner that would permit reverse engineering of Usage Data such that Customer (or its Authorized Users) can be identified as the source of such data.
    3. Feedback. From time to time Customer or its employees, contractors, or representatives may provide Dealpath with suggestions, comments, feedback or the like with regard to the Services or other products or services of Dealpath (collectively, “Feedback”).  To the extent that Customer provides to Dealpath any Feedback, Customer grants Dealpath a non-exclusive, worldwide, perpetual, irrevocable, fully-paid, royalty-free, sublicensable and transferable license to use, copy, modify, create derivative works based upon and otherwise exploit, freely and without restriction, the Feedback for any purpose.
    4. DMCA/Copyright Policy. Dealpath respects copyright law and expects Customer to do the same. It is Dealpath’s policy to terminate in appropriate circumstances access to the Services to customers (and its authorized users) who repeatedly infringe or are believed to be repeatedly infringing the rights of copyright holders. Please see Dealpath’s Copyright Policy at www.dealpath.com, for further information.
  6. CONFIDENTIALITY
    1. Definition. “Confidential Information” means any business or technical information disclosed by one party to the other party that: (i) if disclosed in writing, is marked “confidential” or “proprietary” at the time of disclosure; (ii) if disclosed orally, is identified as “confidential” or “proprietary” at the time of disclosure, and is summarized in a writing sent by the disclosing party to the receiving party within thirty (30) days after any such disclosure; or (iii) under the circumstances, a person exercising reasonable business judgment would understand to be confidential or proprietary. For clarity, and regardless of the circumstances and manner of disclosure, subject to Dealpath’s rights set forth elsewhere in these Terms, Customer Data is considered to be Confidential Information of Customer, and the Services and other Dealpath IP are Dealpath’s Confidential Information.  The terms and conditions of Order Forms hereunder shall be deemed the Confidential Information of Dealpath.
    2. Exclusions. The obligations and restrictions set forth in Section 6.3 (Use and Nondisclosure) will not apply to any information that: (i) is or becomes generally known to the public through no fault of or breach of these Terms by the receiving party; (ii) is rightfully known by the receiving party at the time of disclosure; (iii) is independently developed by the receiving party without access to the disclosing party’s Confidential Information; or (iv) the receiving party rightfully obtains from a third party who, after due inquiry, has the right to disclose such information without breach of any confidentiality obligation to the disclosing party.
    3. Use and Nondisclosure. A receiving party will not use the disclosing party’s Confidential Information except to perform its obligations and exercise its rights hereunder, and, except with the disclosing party’s prior written consent, will not disclose such Confidential Information to any third party except to those of its employees, agents, contractors, and subcontractors who have a bona fide need to know such Confidential Information for the performance or enforcement of these Terms; provided that each such employee, agent, contractor, and subcontractor is bound by a written agreement that contains use and disclosure restrictions consistent with the terms set forth in this Section 6 (Confidentiality). Each receiving party will protect the disclosing party’s Confidential Information from unauthorized use and disclosure using efforts equivalent to the efforts that the receiving Party ordinarily uses with respect to its own confidential information of like importance and in no event less than a reasonable standard of care. The provisions of this Section 6.3 (Use and Nondisclosure) will remain in effect for a period of three (3) years after the expiration or termination of these Terms; provided that with respect to Confidential Information that is a trade secret, the provisions of this Section 6.3 (Use and Nondisclosure) will remain in effect for so long as such Confidential Information is deemed a trade secret under applicable law.
    4. Permitted Disclosures. The provisions of this Section 6 (Confidentiality) will not restrict either party from disclosing the other party’s Confidential Information: (i) pursuant to the order or requirement of a court, administrative agency, or other governmental body; provided that the party required to make such a disclosure gives reasonable notice to the other party to enable it to contest such order or requirement or limit the scope of such request; (ii) on a confidential basis to its legal or professional financial advisors; or (iii) as required under applicable securities regulations.  In addition, either party may disclose the terms and conditions of these Terms on a confidential basis to present or future providers of venture capital and/or potential private investors in or acquirers of such party.
  7. WARRANTY
    1. Mutual Warranties.  Each party hereby represents and warrants to the other party that: (i) it is duly organized, validly existing and in good standing under its jurisdiction of organization and has the right to enter into these Terms and (ii) the execution, delivery and performance of these Terms and the consummation of the transactions contemplated hereby are within the corporate powers of such party and have been duly authorized by all necessary corporate action on the part of such party, and constitute a valid and binding agreement of such party.
    2. Warranty for Services. Dealpath represents and warrants that the Services will be in material accordance with the Service Level Agreement. Dealpath’s sole and exclusive liability and Customer’s sole and exclusive remedy for any breach of the warranty set forth in this Section 7.2 (Warranty for Services) will be as set forth in Section 5 of the Service Level Agreement.
    3. Customer Warranty. Customer represents and warrants that: (i) it has, and will continue to have, during the applicable Order Form Term, the legal right and authority to access, use and disclose to Dealpath any Customer Data; (ii) Dealpath has the right to use Customer Data in accordance with the terms of this Agreement; (iii) all Customer Data will be and remain true, accurate, and complete; and (iv) Dealpath’s use of the Customer Data in accordance with these Terms will not violate any applicable laws or regulations or cause a breach of any agreement or obligations between Customer and any third party.
    4. Disclaimer. EXCEPT AS EXPRESSLY PROVIDED IN SECTION 7, THE SERVICES, PROFESSIONAL SERVICES, AND OTHER DEALPATH IP ARE PROVIDED ON AN “AS IS” BASIS, AND DEALPATH MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHATSOEVER, EXPRESS OR IMPLIED, IN CONNECTION WITH THESE TERMS, THE SERVICES, PROFESSIONAL SERVICES,OR ANY OTHER DEALPATH IP, AND DEALPATH HEREBY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY, ACCURACY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT, AND NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE. DEALPATH DISCLAIMS ANY WARRANTY THAT THE SERVICES OR PROFESSIONAL SERVICES WILL BE ERROR FREE OR UNINTERRUPTED OR THAT ALL ERRORS WILL BE CORRECTED. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM DEALPATH OR ELSEWHERE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THESE TERMS. Customer assumes sole responsibility and liability for results obtained from the use of the Services and for conclusions drawn from such use. Dealpath shall have no liability for any claims, losses, or damages caused by errors or omissions in any Customer Data or other information provided to Dealpath by Customer in connection with the Services or any actions taken by Dealpath at Customer’s direction. Dealpath shall have no liability for any claims, losses or damages arising out of or in connection with Customer’s or any Authorized User’s use of any third-party products, services, software or web sites that are accessed via links from within the Services.
  8. TERM AND TERMINATION
    1. Term. These Terms are effective as of the Order Form Effective of the first Order Form the Customer and Dealpath enter into and, unless earlier terminated in accordance with Section 8.2 (Termination for Cause), continue until all Order Forms have expired or are terminated pursuant to these Terms and applicable Order Forms.
    2. Termination for Cause. Either party may terminate these Terms (together with all Order Forms) upon written notice if the other party breaches any material term of these Terms and fails to correct the breach within thirty (30) days following written notice from the non-breaching specifying the breach; provided that the cure period for any default with respect to payment shall be ten (10) business days. Either party may terminate an individual Order Form upon written notice if the other party breaches any material term of such Order Form and fails to correct the breach within thirty (30) days following written notice from the non-breaching specifying the breach; provided that the cure period for any default with respect to payment shall be ten (10) business days.
    3. Rights and Obligations Upon Expiration or Termination. Termination of these Terms will automatically terminate all outstanding Order Forms.  Upon expiration or termination of each Order Form: (i) Customer’s and its Authorized Users’ right to access and use the Services under such Order Form shall immediately terminate; (ii) Customer and its Authorized Users shall immediately cease all use of the Services under such Order Form; and (iii) each party shall make no further use of any Confidential Information, materials, or other items (and all copies thereof) belonging to the other party (unless otherwise authorized to do so hereunder based on a separate Order Form), and each party will promptly return to the other party (or destroy) all Confidential Information of the other party in its possession or control, except for any archived electronic communications which may be stored confidentially; and (iv) each party will promptly return to the other party (or destroy) all Confidential Information of the other party in its possession or control, provided that Dealpath may retain copies in accordance with its standard data retention policies of with regard to any archived electronic communications which may be stored confidentially; and (v) upon request, Dealpath shall at no additional cost make the Customer Data available to for download for a period of sixty (60) days following expiration/rumination (Customer may request longer timeframes and/or different formats which, if approved by Dealpath, may be subject to additional cost).
    4. Survival. The rights and obligations of Dealpath and Customer contained in Sections 1 (Definitions), 2.5 (Acceptable Use Policies), 2.7 (Data and Security), 4 (Fees, Expenses and Taxes), 5 (Proprietary Rights), 6 (Confidentiality), 7.4 (Disclaimer) 8.3 (Rights and Obligations Upon Expiration or Termination), 8.4 (Survival), 9 (Indemnification), 10 (Limitation of Liability), and 11 (General) shall survive any expiration or termination of these Terms and Order Forms.
  9. INDEMNIFICATION
    1. Indemnification by Dealpath. Dealpath shall defend (or settle), indemnify and hold harmless Customer, its officers, directors and employees (collectively, “Customer Indemnitees”), from and against any court costs, reasonable attorneys’ fees, damages and liabilities awarded in final judgment against Customer Indemnitees, and amounts agreed to in settlement, with respect to each of the foregoing, to the extent arising from any third-party claim, allegation, or suit against Customer Indemnitees that the Services, as provided by Dealpath to Customer pursuant to these Terms, infringe, misappropriate, or otherwise violate any Intellectual Property Right of any third party.  In connection with Dealpath’s obligations under this Section 9.1 (Indemnification by Dealpath), Customer will: (a) provide Dealpath with prompt written notice of such claim (provided that any delay that does not materially prejudice Dealpath’s ability to defend the claim will not relieve Dealpath of its indemnification obligations); (b) provide reasonable cooperation to Dealpath, at Dealpath’s expense, in the defense and settlement of such claim; and (c) afford Dealpath sole authority to defend or settle such claim. Customer shall not enter into any stipulated judgment or settlement that purports to bind Dealpath without Dealpath’s express written authorization, which shall not be unreasonably withheld or delayed. 
    2. Injunctions. If Customer’s use of the Services is, or in Dealpath’s opinion is likely to be, enjoined due to the type of claim specified in Section 9.1 (Indemnification by Dealpath), then Dealpath may at its sole option and expense: (i) replace or modify the Services to make them non-infringing and of equivalent functionality; (ii) procure for Customer the right to continue using the Services under the terms of these Terms; or (iii) if Dealpath is unable to accomplish either (i) or (ii) despite using its reasonable efforts, terminate Customer’s rights and Dealpath’s obligation under these Terms with respect to such Services (or these Terms altogether) and refund to Customer a pro-rata portion of the Fees paid for the remaining portion of the Order Form Initial Term or Order Form Renewal Period during which Customer would have had access to the Services.
    3. Exclusions. Notwithstanding the terms of Section 9.1 (Indemnification by Dealpath), Dealpath will have no liability for any infringement or misappropriation claim of any kind to the extent that it results from: (i) Customer’s breach of these Terms, negligence, willful misconduct, or fraud; (ii) the combination, operation or use of the Services with equipment, devices, software or data not supplied by Dealpath, if a claim would not have occurred but for such combination, operation or use; (iii) Customer Data; (iv) Customer’s or an Authorized User’s use of the Services other than in accordance with these Terms; (v) Customer’s failure to use any enhancements, modifications, or updates to the Services made available by Dealpath to Customer, or Customer’s continued use of a prior version of the Services that has been superseded by a non-infringing version subsequently released by the provider.
    4. Sole Remedy. THE PROVISIONS OF SECTION 9.1, 9.2 AND 9.3 STATE DEALPATH AND ITS LICENSORS SOLE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO ANY ALLEGED OR ACTUAL INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS BY THE SERVICES.
    5. Indemnification by Customer. Customer shall defend (or settle), indemnify and hold harmless Dealpath, its officers, directors and employees (collectively, “Dealpath Indemnitees”), from and against any court costs, reasonable attorneys’ fees, damages and liabilities awarded in final judgment against Dealpath Indemnitees, and amounts agreed to in settlement, with respect to each of the foregoing, to the extent arising from any third-party claim, allegation, or suit based on (i) Customer Data, including but not limited to any claim that Customer Data is infringing, misappropriating, or violating any Intellectual Property Rights or the publicity, privacy, or other rights of any third-party, applicable law, or was collected or disclosed in violation of these Terms, or (ii) Customer’s or an Authorized User’s use of the Services that is not in accordance with these Terms. In connection with Customer’s obligations under this Section 9.5 (Indemnification by Customer) Dealpath will: (a) provide Customer with prompt written notice of such claim (provided that any delay that does not materially prejudice Customer’s ability to defend the claim will not relieve Customer of its indemnification obligations); (b) provide reasonable cooperation to Customer, at Customer’s expense, in the defense and settlement of such claim; and (c) afford Customer sole authority to defend or settle such claim. Dealpath shall not enter into any stipulated judgment or settlement that purports to bind Customer without Customer’s express written authorization, which shall not be unreasonably withheld or delayed. 
  10. LIMITATION OF LIABILITY.
    1. Exclusion of Damages. EXCEPT FOR LIABILITY ARISING FROM A BREACH OF SECTIONS 2.4 (RESTRICTIONS), 2.5 (ACCEPTABLE USE POLICIES), 6 (CONFIDENTIALITY), OR 7.3 (CUSTOMER WARRANTIES, OR BREACH OF CUSTOMER’S PAYMENT OBLIGATIONS, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY LOSS OF INCOME, DATA, PROFITS, REVENUE OR BUSINESS INTERRUPTION, OR OTHER ECONOMIC LOSS,  OR ANY INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES UNDER OR RELATED TO THESE TERMS, WHETHER OR NOT SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND WHETHER ANY CLAIM FOR RECOVERY IS BASED ON THEORIES OF CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE AND STRICT LIABILITY) OR OTHERWISE.
    2. Total Liability.  NOTWITHSTANDING ANY OTHER PROVISIONS OF THESE TERMS, EXCEPT FOR LIABILITY ARISING FROM A BREACH OF SECTIONS 2.4 (RESTRICTIONS), 2.5 (ACCEPTABLE USE POLICY), 7.3 (CUSTOMER WARRANTIES), BREACH OF CUSTOMER’S PAYMENT OBLIGATIONS, AND FOR THE PARTIES’ INDEMNIFICATION OBLIGATIONS IN SECTION 9, IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY TO THE OTHER PARTY AND ANY THIRD PARTY RELATED TO THESE TERMS OR CUSTOMER’S ACCESS TO AND USE OF THE SERVICES AND/OR PROFESSIONAL SERVICES EXCEED THE TOTAL FEES OWED BY CUSTOMER IN THE TWELVE-MONTH PERIOD PRECEDING THE CLAIM OR ACTION, REGARDLESS OF THE FORM OR THEORY OF THE CLAIM OR ACTION.
    3. Basis of Bargain. THE LIMITATIONS OF LIABILITY AND EXCLUSIONS OF DAMAGES SET FORTH IN THIS SECTION 10 (LIMITATION OF LIABILITY) ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN DEALPATH AND CUSTOMER AND WILL APPLY TO THE MAXIMUM EXTENT ALLOWED UNDER APPLICABLE LAW.
  11. GENERAL
    1. Subcontractors. Dealpath may use subcontractors and other third-party providers  in connection with the performance of its own obligations hereunder (“Subcontractors”) as it deems appropriate; provided that the Dealpath remains responsible and liable for the acts and omissions of each such Subcontractor to the same extent Dealpath would be liable in accordance with the terms and limitations of these Terms had Dealpath directly engaged in such acts or omissions.
    2. Governing Law. These Terms and all matters arising out of or relating to these Terms shall be governed by the laws of the State of California, without regard to its conflict of law provisions. Any legal action or proceeding relating to these Terms shall be brought exclusively in the state or federal courts located in San Francisco, California. Dealpath and Customer hereby agree to submit to the jurisdiction of, and agree that venue is proper in, those courts in any such legal action or proceeding.
    3. Waiver. The waiver by either party of any default or breach of these Terms shall not constitute a waiver of any other or subsequent default or breach. No waiver of any provision of these Terms will be effective unless it is in writing and signed by the party granting the waiver.
    4. Notices. Dealpath may give notice to Customer by means of a general notice through the Services interface, email to Customer’s e-mail address on record with Dealpath, or by written communication sent by first class postage prepaid mail or nationally recognized overnight delivery service to Customer’s address on record with Dealpath. Customer may give notice to Dealpath by written communication sent by first class postage prepaid mail or nationally recognized overnight delivery service addressed to Dealpath, Inc., 300 California Street, Ste 300, San Francisco, CA 94104. Notice shall be deemed to have been given upon receipt or, if earlier, two (2) business days after mailing, as applicable. For notices made by e-mail, the date of receipt will be deemed the date on which such notice is transmitted.
    5. Severability. In the event any provision of these Terms is held to be invalid or unenforceable, the remaining provisions of these Terms shall remain in full force and effect.
    6. Force Majeure. Neither party shall be liable hereunder by reason of any failure or delay in the performance of its obligations hereunder (except for the payment of money) on account of events beyond the reasonable control of such party, which may include without limitation denial-of-service attacks, strikes, shortages, riots, insurrection, epidemics, pandemics, fires, flood, storm, explosions, acts of God, war, terrorism, governmental action, labor conditions, earthquakes and material shortages (each a “Force Majeure Event”). Upon the occurrence of a Force Majeure Event, the non-performing party will be excused from any further performance of its obligations effected by the Force Majeure Event for so long as the event continues and such party continues to use commercially reasonable efforts to resume performance.
    7. Compliance with Laws. Each party agrees to comply with all applicable laws and regulations with respect to its activities hereunder, including, but not limited to, any export laws and regulations of the United States. Customer affirms that it is not named on, owned by, or acting on behalf of any U.S. government denied-party list, and it agrees  to comply fully with all relevant export control and sanctions laws and regulations of the United States (“Export Laws”) to ensure that neither the Services nor any technical data related thereto, is: (i) used, exported or re-exported directly or indirectly in violation of Export Laws; or (ii) used for any purposes prohibited by the Export Laws, including, but not limited to, nuclear, chemical, or biological weapons proliferation, missile systems or technology, or restricted unmanned aerial vehicle applications.
    8. Relationship Between the Parties. Nothing in these Terms shall be construed to create a partnership, joint venture or agency relationship between the parties. Neither party will have the power to bind the other or to incur obligations on the other’s behalf without such other party’s prior written consent.
    9. Assignment. Neither Party may assign or transfer these Terms, in whole or in part, without the other party’s prior written consent; provided that: (i) Dealpath may assign these Terms without Customer’s prior written consent to a successor entity in connection with a merger, acquisition, consolidation, by operation of law, or sale of all or substantially all of Dealpath’s assets to which these Terms relate; and (ii) Customer may assign these Terms without Dealpath’s prior written consent to a successor entity who is not a direct or indirect competitor of Dealpath in connection with a merger, acquisition, consolidation, by operation of law, or sale of all or substantially all of Customer’s assets to which these Terms relate.  Any attempted assignment or transfer without such consent will be null and of no effect.  Subject to the foregoing, these Terms will bind and inure to the benefit of the parties, their successors and permitted assigns.
    10. Entire Agreement. These Terms (together with all Order Forms) constitute the complete and exclusive agreement between the parties concerning its subject matter and supersede all prior or contemporaneous agreements or understandings, written or oral, concerning the subject matter of these Terms. These Terms may not be modified or amended except in a writing signed by a duly authorized representative of Dealpath and Customer. If there is any inconsistency between the provisions of these Terms and the terms in any Order Form, these Terms shall prevail.
    11. Non-Exclusive Remedies.  Except as otherwise set forth in these Terms, including Sections 7.2 (Warranty for Services) and 9.4 (Sole Remedy), the exercise by either party of any remedy under these Terms will be without prejudice to its other remedies under these Terms or otherwise.
    12. Equitable Relief. Each party acknowledges that a breach by the other party of any confidentiality or proprietary rights provision of these Terms may cause the non-breaching party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching party may institute an action to enjoin the breaching party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching party may be entitled at law or in equity.
    13. No Third-Party Beneficiaries. These Terms are intended for the sole and exclusive benefit of the signatories and is not intended to benefit any third party. Only the parties to these Terms may enforce them.
    14. Headings. The headings in these Terms are for the convenience of reference only and have no legal effect.

LIST OF EXHIBITS

EXHIBIT A – SERVICE LEVEL AGREEMENT

EXHIBIT B – DATA PROTECTION AGREEMENT

EXHIBIT C – REVISION HISTORY

EXHIBIT A
SERVICE LEVEL AGREEMENT

1. Service Availability.  

Dealpath will make the Services under each Order Form available to Customer with 99.90% uptime, measured monthly, excluding Excused Downtime (“Uptime Requirement”). 

 2. Service Availability Calculation.

The percentage uptime for the Services under each Order Form will be calculated as follows (“Availability Percentage”).  Each month in which the Availability Percentage is less than the Uptime Requirement is referred to herein as a Deficient Month.

α=((η – π – ∆) / (η- π)) * 100

Where: 

α = % Availability
η =  Number of hours in a month
π = Excused Downtime as defined below
∆ = Total time of Service unavailability

3. Excused Downtime

(a) Excused Downtime. “Excused Downtime” occurs when Customer has no or limited access to the Services under an Order Form that arises from (i) scheduled maintenance, (ii) a Force Majeure Event, (iii) any hardware or software not supplied by Dealpath; (iv) from telecommunications or Internet service provider failures; (v) Customer’s use of the Services in an unauthorized or unlawful manner or any interruption resulting from Customer’s misuse, alteration, or damage of the Services; or (vi) Dealpath’s exercise of its rights under the Agreement or the blocking of data communications or other portions of the Services in accordance with its policies.

(b) Scheduled Maintenance. Dealpath will use commercially reasonable efforts to undertake all necessary maintenance in a manner that mitigates impact to Customer and its users and to notify Customer of the required maintenance. Dealpath will use commercially reasonable efforts to provide twenty-four (24) hours’ prior notice for scheduled maintenance not to exceed six (6) hours.  Notice provided under this Section will be via email.

4. Technical Support

(a) Hours of Support.  Dealpath will respond to problems with the Services experienced by Customer or its Authorized Users in accordance with this Section 4. Dealpath will provide coverage parameters specific to the service(s) covered in this Agreement as follows:

  • Telephone support: Dealpath will designate a dedicated account manager who will provide phone support to Customer during normal business hours on weekdays during the hours of 9:00 a.m. – 5:00 p.m. Pacific Time with the exclusion of Federal Holidays. Dealpath will use commercially reasonable efforts to respond to all support requests within 1 business day.

(b) Problem Severity Level Definitions.  Problems reported by Customer to Dealpath support will be assigned a Severity Level in accordance with the following:

Impact Severity Levels
Severity 1            Critical Failure – actual failure of Services where the Services are unavailable to the Customer.
Severity 2Major Degradation – Critical problem causing loss of data or loss of service to core Services functionality.  Services are functioning but in a significantly reduced capacity, may affect multiple users.
Severity 3Minor Service/Application Degradation – does not affect core Services functionality.

(c) Problem Response Times.  Dealpath will use commercially reasonable efforts to meet or exceed the target response and problem resolution times for each Severity Level as set forth in the following:

Severity LevelResponse Time Objective

Restoration

Resolution Objective

Customer Update Frequency

1

 

4 Hours 24 hours to resolve or provide work aroundDaily
24 Hours 3 Business Days to resolve or provide work aroundDaily
31 Day20 Business Days to resolve or provide work aroundWeekly

(*) “Business Days” are defined as non-weekend and non-US holiday days.

5. Service Level Credits

(a) Customer’s sole and exclusive remedy, and Dealpath’s sole and exclusive liability, in connection with the availability of the Services shall be that for each continuous period of downtime lasting longer than one hour that occurs in a calendar Deficient Month, Dealpath will credit Customer 5% of any recurring Fees due for the month in question under the applicable Order Form (monthly fees may be calculated by dividing any annual recurring fees by 12); provided that no more than one such credit will accrue per day. Downtime shall begin to accrue at the earliest of (i) as soon as Customer (with notice to Dealpath) recognizes that downtime is taking place, or (ii) Dealpath otherwise becomes aware that downtime is taking place, and continues until the availability of the Services is restored. In order to receive downtime credit, Customer must notify Dealpath in writing within twenty-four (24) hours from the time of downtime, and failure to provide such notice will forfeit the right to receive downtime credit.  Such credits shall not exceed a total of credits for one (1) week of recurring Fees (pro-rated) under the applicable Order Form for any one (1) calendar Deficient Month and, except as set forth in following sentence, such credits may not be redeemed for cash.  If there will be no subsequent invoice for recurring Fees from Dealpath, Dealpath will refund to Customer the amount of any credit that would have been due to Customer under a subsequent invoice. 

(b) Notwithstanding Section 5(a) above, in the event Customer experiences a Severity Level 1 event five (5) times for the Services under an Order Form within any rolling six (6)-month period, Customer may immediately terminate such Order Form upon written notice.

EXHIBIT B – Data Protection Agreement

This Data Processing Addendum (“Addendum”) forms part of the Terms between Customer and Dealpath.

1. Subject Matter and Duration.

  1. Subject Matter. This Addendum reflects the parties’ commitment to abide by Data Protection Laws concerning the Processing of Customer Personal Data in connection with Dealpath’s execution of the Services under the Terms. All capitalized terms that are not expressly defined in this Addendum will have the meanings given to them in the Terms. If and to the extent language in this Addendum or any of its Exhibits conflicts with the Terms, this Addendum shall control.
  2. Duration and Survival. This Addendum will become legally binding upon the Order Form Effective Date of the initial Order Form, or upon the date that the parties enter into this Addendum if it is completed after the effective such Order Form Effective Date. Dealpath will Process Customer Personal Data until the relationship terminates as specified in the Terms. Dealpath’s obligations and Customer’s rights under this Addendum will continue in effect so long as Dealpath Processes Customer Personal Data.

For the purposes of this Addendum, the following terms and those defined within the body of this Addendum apply.

  1. “Customer Personal Data” means Customer Data that is Personal Data Processed by Dealpath on behalf of Customer.
  2. “Data Protection Laws” means all applicable data privacy, data protection, and cybersecurity laws, rules and regulations to which the Customer Personal Data are subject. “Data Protection Laws” may include, but are not limited to, the California Consumer Privacy Act of 2018 (“CCPA”) and the EU General Data Protection Regulation 2016/679 (“GDPR”).
  3. “Personal Data” shall have the meaning assigned to the terms “personal data” or “personal information” under applicable Data Protection Laws.
  4. “Process” or “Processing” means any operation or set of operations which is performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  5. “Security Incident(s)” means the breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data attributable to Dealpath.
  6. “Services” means any and all services that Dealpath performs under the Terms.
  7. “Subprocessor” means Dealpath’s authorized vendors and third-party service providers that Process Customer Personal Data.

2. Data Use and Processing.

  1. Documented Instructions. Dealpath and its Subprocessors shall Process Customer Personal Data only in accordance with the documented instructions of Customer or as specifically authorized by this Addendum, the Terms, or any applicable Order Form. Dealpath will, unless legally prohibited from doing so, inform Customer in writing if it reasonably believes that there is a conflict between Customer’s instructions and applicable law or otherwise seeks to Process Customer Personal Data in a manner that is inconsistent with Customer’s instructions.
  2. Authorization to Use Subprocessors. To the extent necessary to fulfill Dealpath’s contractual obligations under the Terms or any Order Form, Customer hereby authorizes Dealpath to engage Subprocessors.
  3. Dealpath and Subprocessor Compliance. Dealpath agrees to (i) enter into a written agreement with Subprocessors regarding such Subprocessors’ Processing of Customer Personal Data that imposes on such Subprocessors data protection and security requirements for Customer Personal Data that are consistent with this Addendum; and (ii) remain responsible to Customer for Dealpath’s Subprocessors’ failure to perform their obligations with respect to the Processing of Customer Personal Data.
  4. Right to Object to New Subprocessors. If Customer wants to receive notifications of new Subprocessors Dealpath plans to engage, Customer must contact Dealpath in writing to request to be notified. If Customer signs up to receive notice of Dealpath’s new Subprocessors, Dealpath will notify Customer prior to engaging any new Subprocessors and allow Customer ten (10) days to object. If Customer has legitimate objections to the appointment of any new Subprocessor, the parties will work together in good faith to resolve the grounds for the objection. You can see Dealpath’s existing Subprocessors list here.
  5. Confidentiality. Any person authorized to Process Customer Personal Data must contractually agree to maintain the confidentiality of such information or be under an appropriate statutory obligation of confidentiality.
  6. Personal Data Inquiries and Requests. Dealpath agrees to provide reasonable assistance and comply with reasonable instructions from Customer related to any requests from individuals exercising their rights in Customer Personal Data granted to them under Data Protection Laws.
  7. Sale of Customer Personal Data Prohibited. Dealpath shall not sell Customer Personal Data as the term “sell” is defined by the CCPA.
  8. Data Protection Impact Assessment and Prior Consultation. Where required by Data Protection Laws, Dealpath agrees to provide reasonable assistance at Customer’s expense to Customer where, in Customer’s judgement, the type of Processing performed by Dealpath requires a data protection impact assessment and/or prior consultation with the relevant data protection authorities.
  9. Demonstrable Compliance. Dealpath agrees to provide reasonable information necessary to demonstrate compliance with this Addendum to Customer upon reasonable request.

3. Cross-Border Transfers of Personal Data.

  1. Cross-Border Transfers of Personal Data. Customer authorizes Dealpath to transfer Customer Personal Data across international borders, including from the European Economic Area to the United States. Where required, cross-border transfers of Customer Personal Data must be supported by an approved adequacy mechanism.
  2. Standard Contractual Clauses. If Customer Personal Data originating in the European Economic Area, Switzerland, and/or the United Kingdom is transferred by Customer to Dealpath in a country that has not been found to provide an adequate level of protection under applicable Data Protection Laws, the parties agree that the transfer shall be governed by Module Two’s obligations in the Annex to the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (“Standard Contractual Clauses”) as supplemented by Attachment 1 attached hereto, the terms of which are incorporated herein by reference. Each party’s signature to the Order Form shall be considered a signature to the Standard Contractual Clauses to the extent that the Standard Contractual Clauses apply hereunder.

4. Information Security Program. Dealpath agrees to implement appropriate technical and organizational measures designed to protect Customer Personal Data in accordance with Data Protection Laws, as described in Annex II to this Attachment 1 to Exhibit B.

5. Security Incidents.

  1. Notice. Upon becoming aware of a Security Incident, Dealpath agrees to provide notice via e-mail without undue delay and within the time frame required under Data Protection Laws to Customer’s Designated POC. Where possible, such notice will include all available details required under Data Protection Laws for Customer to comply with its own notification obligations to regulatory authorities or individuals affected by the Security Incident.
  2. Investigation. Dealpath will investigate the Security Incident and provide Customer with information concerning the scope, cause, impact of, and mitigation measures referenced in (3) below taken with respect to such Security Incident upon the initial notification referenced in (1) above, or, if not available at such time, promptly thereafter.
  3. Mitigation. Dealpath will take reasonable steps to mitigate the effects of the Security Incident as it relates to Dealpath’s impacted systems.

6. Audits. The parties acknowledge that Dealpath uses third party auditors to verify the adequacy of its Processing of Customer Personal Data. The audit: (i) is performed annually; (ii) is performed against the SOC 2 Type 2 framework; (iii) is performed by an independent third-party security professional at Dealpath’s selection and expense; and (iv) will result in the generation of an audit report affirming that Dealpath’s security controls are compliant with SOC 2 Type 2 (“Report”). Upon request, Dealpath will provide Customer with a copy of its then current Report. If Customer demonstrates that the information contained in the Report is not sufficient for its compliance purposes, then Customer may carry out a follow up audit to ensure Dealpath’s compliance with the terms of this Addendum by having Dealpath complete a data protection questionnaire of reasonable length. Any provision of the Report to, or audit carried out by Customer shall be subject to reasonable confidentiality procedures.

7. Data Deletion. At the expiry or termination of the Terms, Dealpath will, upon Customer’s request, delete or return all Customer Personal Data (excluding any back-up or archival copies which shall be deleted in accordance with Dealpath’s data retention schedule), except where Dealpath is required to retain copies under applicable laws, in which case Dealpath will isolate and protect that Customer Personal Data from any further Processing except to the extent required by applicable laws.

8. Processing Details.

  1. Subject Matter. The subject matter of the Processing is the Services pursuant to the Terms.
  2. Duration. The Processing will continue until the expiration or termination of the Terms.
  3. Categories of Data Subjects. Data subjects whose Customer Personal Data will be Processed pursuant to the Terms.
  4. Nature and Purpose of the Processing. The purpose of the Processing of Customer Personal Data by Dealpath is the performance of the Services.
  5. Types of Customer Personal Data. Customer Personal Data that is Processed pursuant to the Terms.

9. Contact Information. Customer and Dealpath agree to designate a point of contact for urgent privacy and security issues (a “Designated POC”). The Designated POC for both parties are set forth in the applicable Order Form.

Attachment 1 to Exhibit B

Standard Contractual Clauses (Processors)

This Attachment 1 forms part of the Addendum and supplements the Standard Contractual Clauses. Capitalized terms not defined in this Attachment 1 have the meaning set forth in the Addendum.

The parties agree that the following terms shall supplement the Standard Contractual Clauses:

  1. Supplemental Terms. The parties agree that: (i) a new Clause 1(e) is added the Standard Contractual Clauses which shall read: “To the extent applicable hereunder, these Clauses also apply mutatis mutandis to the Parties’ processing of personal data that is subject to the Swiss Federal Act on Data Protection. Where applicable, references to EU Member State law or EU supervisory authorities shall be modified to include the appropriate reference under Swiss law as it relates to transfers of personal data that are subject to the Swiss Federal Act on Data Protection.”; (ii) a new Clause 1(f) is added to the Standard Contractual Clauses which shall read: “To the extent applicable hereunder, these Clauses, as supplemented by Annex III, also apply mutatis mutandis to the Parties’ processing of personal data that is subject to UK Data Protection Laws (as defined in Annex III).”; (iii) the optional text in Clause 7 is deleted; (iv) Option 1 in Clause 9 is struck and Option 2 is kept, and Dealpath must submit the request for specific authorization in accordance with Section 3(d) of the Addendum; (v) the optional text in Clause 11 is deleted; and (vi) in Clauses 17 and 18, the governing law and the competent courts are those of Ireland (for EEA transfers), Switzerland (for Swiss transfers), or England and Wales (for UK transfers).
  2. Annex I. Annex I to the Standard Contractual Clauses shall read as follows:

A. List of Parties

Data Exporter: Customer.
Address: As set forth in the Order Form.
Contact person’s name, position, and contact details: As set forth in the Order Form.
Activities relevant to the data transferred under these Clauses: The Services.
Role: Controller.


Data Importer: Dealpath.
Address: As set forth in the Order Form.
Contact person’s name, position, and contact details: As set forth in the Order Form.
Activities relevant to the data transferred under these Clauses: The Services.
Role: Processor.

B. Description of the Transfer:

Categories of data subjects whose personal data is transferred: The categories of data subjects whose Customer Personal Data is transferred under the Standard Contractual Clauses including, but not limited to, Authorized Users.

Categories of personal data transferred: The categories of Customer Personal Data transferred under the Standard Contractual Clauses including, but not limited to, Authorized Users’ name and email address.

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures: To the parties knowledge, no sensitive data is transferred.

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis): Customer Personal Data is transferred in accordance with the standard functionality of the Services, or as otherwise agreed upon by the parties.

Nature of the processing: The Services.

Purpose(s) of the data transfer and further processing: The Services.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: Dealpath will retain Customer Personal Data in accordance with the Addendum. 

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing: The subject matter, nature and duration identified in the Addendum.

C. Competent Supervisory Authority: The supervisory authority mandated by Clause 13. If no supervisory authority is mandated by Clause 13, then the Irish Data Protection Commission (DPC), and if this is not possible, then as otherwise agreed by the parties consistent with the conditions set forth in Clause 13.

D. Additional Data Transfer Impact Assessment Questions:

Will data importer process any personal data under the Clauses about a non-United States person that is “foreign intelligence information” as defined by 50 U.S.C. § 1801(e)?

Not to Dealpath’s knowledge.

Is data importer subject to any laws in a country outside of the European Economic Area, Switzerland, and/or the United Kingdom where personal data is stored or accessed from that would interfere with data importer fulfilling its obligations under the Clauses? For example, FISA Section 702. If yes, please list these laws:

As of the effective date of the Addendum, no court has found Dealpath to be eligible to receive process issued under the laws contemplated by this question, including FISA Section 702, and no such court action is pending.

Has data importer ever received a request from public authorities for information pursuant to the laws contemplated by the question above? If yes, please explain:

No.

Has data importer ever received a request from public authorities for personal data of individuals located in European Economic Area, Switzerland, and/or the United Kingdom? If yes, please explain:

No.

E. Data Transfer Impact Assessment Outcome: Taking into account the information and obligations set forth in the Addendum and, as may be the case for a party, such party’s independent research, to the parties’ knowledge, the Customer Personal Data originating in the European Economic Area, Switzerland, and/or the United Kingdom that is transferred pursuant to the Standard Contractual Clauses to a country that has not been found to provide an adequate level of protection under applicable Data Protection Laws is afforded a level of protection that is essentially equivalent to that guaranteed by applicable Data Protection Laws.

F. Clarifying Terms: The parties agree that: (i) the certification of deletion required by Clause 8.5 and Clause 16(d) of the Standard Contractual Clauses will be provided upon Customer’s written request; (ii) the measures Dealpath is required to take under Clause 8.6(c) of the Standard Contractual Clauses will only cover Dealpath’s impacted systems; (iii) the audit described in Clause 8.9 of the Standard Contractual Clauses shall be carried out in accordance with Section 7 of the Addendum; (iv) where permitted by applicable Data Protection Laws, Dealpath may engage existing Subprocessors using European Commission Decision C(2010)593 Standard Contractual Clauses for Controllers to Processors and such use of Subprocessors shall be deemed to comply with Clause 9 of the Standard Contractual Clauses; (v) the termination right contemplated by Clause 14(f) and Clause 16(c) of the Standard Contractual Clauses will be limited to the termination of the Standard Contractual Clauses; (vi) unless otherwise stated by Dealpath, Customer will be responsible for communicating with data subjects pursuant to Clause 15.1(a) of the Standard Contractual Clauses; (vii) the information required under Clause 15.1(c) of the Clauses will be provided upon Customer’s written request; and (viii) notwithstanding anything to the contrary, Customer will reimburse Dealpath for all costs and expenses incurred by Dealpath in connection with the performance of Dealpath’s obligations under Clause 15.1(b) and Clause 15.2 of the Standard Contractual Clauses without regard for any limitation of liability set forth in the Terms.

3. Annex II. Annex II of the Standard Contractual Clauses shall read as follows:

Dealpath will maintain the following technical, organizational, and physical safeguards designed to protect the security, confidentiality, integrity, and availability of Customer Personal Data. Dealpath will not materially decrease the overall security of the Services during the Order Form Term.

  • SOC-2 Compliance. Dealpath is SOC 2 Type 2 certified and will remain certified for the duration of the Order Form Term.
  • Password Protection. Customer’s and its Authorized Users’ Services accounts are password protected with verification and notifications through Customer’s corporate email account.
  • Encryption. The Services are delivered and accessible using non-obsolete encryption and hash standards, with all data being encrypted at rest, using AES (reversible encryption) and SHA-2 (irreversible hashing) or better, and in encrypted in transit using HTTPS with Transport Layer Security 1.2 or better.
  • Physical and Logical Security. Dealpath shall use commercially reasonable efforts to restrict logical access to Dealpath’s equipment and/or media containing Customer Personal Data to authorized individuals as required in the applicable Service Schedule. Dealpath shall carry out commercially reasonable measures to limit physical access to Customer Personal Data in its custody or control, which may include use of electronic access control; CCTV; intrusion detection systems; implementing visitor entry control procedures; securing offices, rooms, and facilities; protecting against reasonably anticipated external and environmental threats; and controlling all access points including delivery and loading areas.
  • Software and Virus Protection. Dealpath shall regularly review and update, as necessary, all software, firmware, firewalls and hardware used on Dealpath’s systems in accordance with industry standard practices. Dealpath shall install and maintain commercially reasonable anti-virus software on its systems and update such anti-virus software on a regular basis in accordance with relevant industry practice. Dealpath shall notify the Customer promptly in the event it becomes aware of the actual or potential transmission of any identified computer virus by Dealpath to the Customer.
  • Disaster Recovery. Dealpath shall maintain and implement disaster recovery and avoidance procedures designed to restore, in a commercially reasonable manner, Dealpath’s critical business applications and critical infrastructure at data centers in the event of a disaster event at Dealpath’s facilities (“Disaster Recovery Plan”). On at least an annual basis, Dealpath shall review and update, if necessary, its Disaster Recovery Plan.

Pursuant to Clause 10(b) of the Standard Contractual Clauses, Dealpath will provide Customer assistance with data subject requests in accordance with the Addendum.

4. Annex III. A new Annex III shall be added to the Standard Contractual Clauses and shall read as follows:

The UK Information Commissioner’s Office International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (“UK Addendum”) is incorporated herein by reference.

Table 1: The start date in Table 1 is the effective date of the Addendum. All other information required by Table 1 is set forth in Annex I, Section A of the Clauses.

Table 2: The UK Addendum forms part of the version of the Approved EU SCCs which this UK Addendum is appended to including the Appendix Information, effective as of the effective date of the Addendum.

Table 3: The information required by Table 3 is set forth in Annex I and II to the Clauses.

Table 4: The parties agree that Importer may end the UK Addendum as set out in Section 19.

EXHIBIT CRevision History

Terms of Service – Revision – July 2022

Terms of Service – Revision – February 14, 2020

Terms of Service – Revision – Aug 2019

Dealpath Terms of Service

Last updated on February 7th, 2023

These Terms of Service (the “Terms”), together with all Order Forms (as defined below), govern Customer’s access and use of the Services (defined below) offered by Dealpath Inc. (“Dealpath”) and Dealpath’s website located at www.dealpath.com and all subdomains thereof (the “Site”), unless Dealpath and Customer (as defined below) have entered into a separate written agreement governing Customer’s access and use of the Services. These Terms commence upon the Order Form Effective Date of the initial Order Form.

  1. DEFINITIONS
    1. Authorized User” means an individual which Customer (or, when applicable, Dealpath at Customer’s request) has authorized to use the Services, including without limitation (i) to whom Customer (or, when applicable, Dealpath at Customer’s request) has assigned a unique username-password combination to access and use the Services; and (ii) who has registered to access and use the Services.
    2. Customer” means the company or other legal entity identified as customer in the applicable Order Form.
    3. Customer Data” means all data and information input or submitted by Customer, or Authorized Users on Customer’s behalf, into the Services.
    4. Fees” means the fees described in the applicable Order Form.
    5. Intellectual Property Rights” means patent rights (including, without limitation, patent applications and disclosures), trademark rights, copyrights, trade secrets, moral rights, know-how, and any other intellectual property rights recognized in any country or jurisdiction in the world.
    6. Order Form” means an order form duly executed by Dealpath and Customer which explicitly references these Terms.  Each Order Form shall be deemed incorporated by reference into these Terms upon mutual execution.
    7. Order Form Initial Term” means the initial term of an Order Form as set forth therein.
    8. Order Form Renewal Period” means the renewal period of an Order Form as set forth therein.
    9. Order Form Term” means, with respect to an Order Form, the Order Form Initial Term together with any Order Form Renewal Periods.
    10. Professional Services” means any professional services expressly set forth in an applicable Order Form, which may include implementation services performed by Dealpath to configure and rollout the Services to Customer, as described in the applicable Order Form.
    11. Service Level Agreement” means service level agreement set forth in Exhibit A.
    12. Services” means Dealpath’s proprietary cloud-based collaboration and workflow platform for real estate investment professionals as more particularly described and identified in the applicable Order Form.
  2. SERVICES
    1. Services. Dealpath will use commercially reasonable efforts to provide the Services to Customer in accordance with these Terms, including the Service Level Agreement, and the applicable Order Form.  Subject to Customer’s compliance with these Terms, Dealpath hereby grants Customer a limited, non-exclusive, non-transferable, non-sublicensable, worldwide license to access and use the Services during the applicable Order Form Term solely for Customer’s business purposes, and such access and use is expressly limited to: (i) the number of Authorized Users for which Customer has paid the applicable Fees; and (ii) the scope of access and functionality designated in the Order Form for each category of Authorized User.
    2. Authorized Users.  An Authorized User may be an employee, independent contractor, or service provider of Customer; provided that each Authorized User must be an individual and may only use the Service on behalf of the Customer.  Customer will at all times be responsible and liable hereunder, for all actions or omissions (i) of any Authorized User or (ii) under an Authorized User’s account, whether such action or omission was by an Authorized User or by another party, and whether or not such action or omission was authorized by an Authorized User.  During the Order Form Initial Term or any Order Form Renewal Period, as applicable, Customer may, in its discretion, add additional Authorized Users in accordance with the process and prices described in the relevant Order Form. Upon each Order Form Renewal Period, subject to written notice at least thirty (30) days prior to the start of an Order Form Renewal Period, Customer may decrease its number of Authorized Users for each User Category and the applicable Fees will be adjusted accordingly.
    3. Professional Services. If an Order Form expressly includes Professional Services, Dealpath will use commercially reasonable efforts to perform the Professional Services for Customer in accordance with these Terms and the applicable Order Form.  Dealpath’s sole and exclusive liability and Customer’s sole and exclusive remedy for any failure to provide the Professional Services in accordance with these Terms or the applicable Order Form will be to re-perform the non-conforming Professional Services such that they are in accordance with these Terms and the applicable Order Form.
    4. Restrictions. Customer shall not allow access to or use of the Site or Services by anyone other than Authorized Users, and shall not allow an Authorized User to access the Site or Service beyond the functionality scope set forth for the User Category designated for such Authorized User. Customer will not at any time, and will not permit any individual or entity (including, without limitation, Authorized Users) to, directly or indirectly: (i) use the Services in any manner beyond the scope of rights expressly granted in these Terms; (ii) copy, modify, distribute, or create derivative works of the Site, Services, or any software used to provide the Services; (iii) reverse engineer, disassemble, decompile, decode or otherwise attempt to derive or gain improper access to any software component of the Services, in whole or in part; (iv) frame, mirror, sell, resell, reproduce, loan, publish, distribute, assign, transfer, rent, or lease use of the Services to any third-party, provide access to the Site or Services on a time-share or service bureau basis, or otherwise allow any third-party to use the Services for any purpose other than for the benefit of Customer in accordance with these Terms; (v) use the Services in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any third-party, or that violates any applicable law; (vi) interfere with, or disrupt the integrity or performance of, the Services, or any data or content contained therein or transmitted thereby; (vii) access or search the Services (or download any data or content contained therein or transmitted thereby) through the use of any engine, software, tool, agent, device or mechanism (including spiders, robots, crawlers or any other similar data mining tools) other than software or Services features provided by Dealpath for use expressly for such purposes; (viii) transfer any of its rights hereunder except as set forth in Section 11.9 (Assignment), (ix) use the Services to transmit any bulk unsolicited commercial communications, or (x) use the Services for benchmarking or competitive analysis, or to develop, commercialize, license or sell any product, service or technology that could, directly or indirectly, compete with the Services.
    5. Acceptable Use Policies. Customer acknowledges and agrees that Dealpath has no obligation to monitor or police communications or data transmitted through the Site or Services and that Dealpath shall not be responsible for the content of any such communications or transmissions. However, Dealpath has the right to monitor the foregoing for the purpose of operating the Site and Services, to ensure compliance with these Terms, and to comply with applicable law or other legal requirements. Customer and its Authorized Users shall use the Site or Services exclusively for authorized and legal purposes, consistent with all applicable laws, regulations and the rights of others. Customer and its Authorized Users shall not use the Site or Services to transmit any bulk unsolicited commercial communications.
    6. Third-Party Services.  Certain features and functionalities within the Services may allow Customer and its Authorized Users to interface or interact with, access and/or use compatible third-party services, products, technology, data, and content (collectively, “Third-Party Services”) through the Services.  Dealpath makes the APIs available to Customer to connect with Third-Party Services that are set forth in the applicable Order Form, and such APIs are provided hereunder as part of the Services.  However, Dealpath does not provide any aspect of the Third-Party Services and is not responsible for any compatibility issues, errors or bugs in the Third-Party Services caused in whole or in part by the Third-Party Services or any update or upgrade thereto.  Customer is solely responsible for maintaining the Third-Party Services and obtaining any associated licenses and consents necessary for Customer to use the Third-Party Services in connection with the Services.
    7. Data Protection and Security. Each Party will comply with its obligations set forth in the Data Protection Addendum attached hereto as Exhibit B.
  3. CUSTOMER OBLIGATIONS
    1. Cooperation and Assistance. Customer shall at all times provide Dealpath with good faith cooperation and assistance and make available such information, facilities, Customer personnel and equipment as may be reasonably required by Dealpath in order to provide the Services (and, if applicable, Professional Services), including, but not limited to, providing Customer Data, security access, information and, as necessary, software interfaces to Customer’s business applications (provided that such cooperation, assistance and resources shall be at all times subject to and in accordance with Customer’s facility, workplace, internet usage, and other internal policies, as then in effect). Additionally, Customer shall be solely responsible for acquiring and maintaining all telecommunications and Internet services and other hardware and software required to access and use the Services, including, without limitation, any and all costs, fees, expenses, and taxes of any kind related to the foregoing.
    2. Enforcement. Customer shall keep confidential and not disclose to any third-parties (except for third-party Authorized Users), and shall ensure that Authorized Users keep confidential and do not disclose to any third-parties (except for third-party Authorized Users), any user identifications, account numbers and account profiles.  Customer shall ensure that all Authorized Users comply with the terms and conditions of these Terms, including, without limitation, with Customer’s obligations and the restrictions set forth in Sections 2.4 (Restrictions) and 2.5 (Accept Use Policies). Customer shall promptly notify Dealpath of any reasonable suspicion or reasonably alleged violation of these Terms by Customer or an Authorized User and shall reasonably cooperate with Dealpath with respect to: (a) investigation by Dealpath of any such suspected or alleged violation of these Terms and (b) any action by Dealpath to enforce these Terms. Dealpath may suspend or terminate any Authorized User’s access to the Services upon notice to Customer in the event that Dealpath reasonably determines that such Authorized User violated these Terms or of any other agreement between Dealpath and such Authorized User pursuant to which such Authorized User is permitted to access and use the Services.
    3. Customer Data. Customer hereby grants Dealpath a right and license to copy, use, display, perform and modify the Customer Data solely to perform its obligations under these Terms, including to provide the Services and Professional Services.  Customer is responsible for providing all Customer Data in the appropriate format and the means by which the Customer Data was acquired, and for providing any notices, and obtaining any necessary rights, consents, and licenses for Dealpath to use the Customer Data in accordance with these Terms.
    4. Marketing Support.  Customer authorizes Dealpath to use its Customer Marks (as defined below) pursuant to the terms of this Section 3.4 (Marketing Support), provided that Dealpath agrees to promptly cease any such use upon written notice from Customer. Customer grants to Dealpath a non-exclusive, non-transferable (except as permitted under Section 11.9 – Assignment), limited right to use Customer’s name, trademarks, and logos (collectively, the “Customer Marks”) on Dealpath’s websites and in the production of marketing materials, provided that (i) such use is in accordance with the trademark and logo use guidelines that Customer provides to Dealpath, and (ii) such consent/grant may be given, withheld, or withdrawn at any time in Customer’s sole and absolute discretion. All goodwill developed from such use shall be solely for the benefit of Customer.
  4. FEES; EXPENSES; TAXES
    1. Fees. In consideration for Dealpath providing the Services and, if applicable, Professional Services, Customer shall pay to Dealpath the Fees in accordance with the terms set forth in the applicable Order Form.
    2. Invoices; Payment; Late Payment. Unless otherwise set forth in an Order Form, (a) Dealpath shall invoice Customer annually for all Fees and applicable Taxes (as defined in Section 4.3 – Taxes), and including any related interest and/or penalties, due in that period, and (b) each invoice is due and payable thirty (30) days following Customer’s receipt of a duly issued invoice. If Dealpath has not received payment within thirty (30) days after the due date and Customer has not reasonably disputed an invoice, interest shall accrue on such undisputed past due amounts at the rate of one and one-half percent (1.5%) per month, but in no event greater than the highest rate of interest allowed by applicable law, calculated from the date such amount was due until the date that payment is received by Dealpath, and Dealpath may suspend Services until all payments are made in full.
    3. Taxes. All Fees and other amounts stated or referred to in these Terms are exclusive of all taxes, duties, levies, tariffs, and other governmental charges (including, without limitation, VAT) (collectively, “Taxes”). Customer shall be responsible for payment of all Taxes and any related interest and/or penalties resulting from Customer’s use of the Services, other than any taxes based on Dealpath’s income.
  5. PROPRIETARY RIGHTS.
    1. Services and Data. Dealpath shall own and retain all right, title and interest in and to: (a) the Services, and all improvements, enhancements, updates, and modifications thereto, and any derivative works of the foregoing; (b) any underlying software, algorithms, interfaces, databases, tools, know-how, processes, methods, applications, inventions or other technology used to deliver the Services or Professional Services, or otherwise developed by or on behalf of Dealpath in connection with providing Implementation  or Professional Services; and (c) all Intellectual Property Rights in and to any of the foregoing (collectively, “Dealpath IP”). 
    2. Customer Data.  Customer shall own and retain all right, title and interest in and to the Customer Data; provided that Dealpath may collect, generate, process and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies, including without limitation learnings, analytics, algorithms, data and other information derived therefrom (collectively, “Usage Data”). Usage Data shall not incorporate any Customer Data and shall be in an aggregated and de-identified form. Dealpath shall own all right, title and interest in and to Usage Data, and all Intellectual Property Rights therein, which shall be deemed a part of Dealpath IP. Dealpath agrees that it will not use Usage Data for the benefit of a third party in a manner that would permit reverse engineering of Usage Data such that Customer (or its Authorized Users) can be identified as the source of such data.
    3. Feedback. From time to time Customer or its employees, contractors, or representatives may provide Dealpath with suggestions, comments, feedback or the like with regard to the Services or other products or services of Dealpath (collectively, “Feedback”).  To the extent that Customer provides to Dealpath any Feedback, Customer grants Dealpath a non-exclusive, worldwide, perpetual, irrevocable, fully-paid, royalty-free, sublicensable and transferable license to use, copy, modify, create derivative works based upon and otherwise exploit, freely and without restriction, the Feedback for any purpose.
    4. DMCA/Copyright Policy. Dealpath respects copyright law and expects Customer to do the same. It is Dealpath’s policy to terminate in appropriate circumstances access to the Services to customers (and its authorized users) who repeatedly infringe or are believed to be repeatedly infringing the rights of copyright holders. Please see Dealpath’s Copyright Policy at www.dealpath.com, for further information.
  6. CONFIDENTIALITY
    1. Definition. “Confidential Information” means any business or technical information disclosed by one party to the other party that: (i) if disclosed in writing, is marked “confidential” or “proprietary” at the time of disclosure; (ii) if disclosed orally, is identified as “confidential” or “proprietary” at the time of disclosure, and is summarized in a writing sent by the disclosing party to the receiving party within thirty (30) days after any such disclosure; or (iii) under the circumstances, a person exercising reasonable business judgment would understand to be confidential or proprietary. For clarity, and regardless of the circumstances and manner of disclosure, subject to Dealpath’s rights set forth elsewhere in these Terms, Customer Data is considered to be Confidential Information of Customer, and the Services and other Dealpath IP are Dealpath’s Confidential Information.  The terms and conditions of Order Forms hereunder shall be deemed the Confidential Information of Dealpath.
    2. Exclusions. The obligations and restrictions set forth in Section 6.3 (Use and Nondisclosure) will not apply to any information that: (i) is or becomes generally known to the public through no fault of or breach of these Terms by the receiving party; (ii) is rightfully known by the receiving party at the time of disclosure; (iii) is independently developed by the receiving party without access to the disclosing party’s Confidential Information; or (iv) the receiving party rightfully obtains from a third party who, after due inquiry, has the right to disclose such information without breach of any confidentiality obligation to the disclosing party.
    3. Use and Nondisclosure. A receiving party will not use the disclosing party’s Confidential Information except to perform its obligations and exercise its rights hereunder, and, except with the disclosing party’s prior written consent, will not disclose such Confidential Information to any third party except to those of its employees, agents, contractors, and subcontractors who have a bona fide need to know such Confidential Information for the performance or enforcement of these Terms; provided that each such employee, agent, contractor, and subcontractor is bound by a written agreement that contains use and disclosure restrictions consistent with the terms set forth in this Section 6 (Confidentiality). Each receiving party will protect the disclosing party’s Confidential Information from unauthorized use and disclosure using efforts equivalent to the efforts that the receiving Party ordinarily uses with respect to its own confidential information of like importance and in no event less than a reasonable standard of care. The provisions of this Section 6.3 (Use and Nondisclosure) will remain in effect for a period of three (3) years after the expiration or termination of these Terms; provided that with respect to Confidential Information that is a trade secret, the provisions of this Section 6.3 (Use and Nondisclosure) will remain in effect for so long as such Confidential Information is deemed a trade secret under applicable law.
    4. Permitted Disclosures. The provisions of this Section 6 (Confidentiality) will not restrict either party from disclosing the other party’s Confidential Information: (i) pursuant to the order or requirement of a court, administrative agency, or other governmental body; provided that the party required to make such a disclosure gives reasonable notice to the other party to enable it to contest such order or requirement or limit the scope of such request; (ii) on a confidential basis to its legal or professional financial advisors; or (iii) as required under applicable securities regulations.  In addition, either party may disclose the terms and conditions of these Terms on a confidential basis to present or future providers of venture capital and/or potential private investors in or acquirers of such party.
  7. WARRANTY
    1. Mutual Warranties.  Each party hereby represents and warrants to the other party that: (i) it is duly organized, validly existing and in good standing under its jurisdiction of organization and has the right to enter into these Terms and (ii) the execution, delivery and performance of these Terms and the consummation of the transactions contemplated hereby are within the corporate powers of such party and have been duly authorized by all necessary corporate action on the part of such party, and constitute a valid and binding agreement of such party.
    2. Warranty for Services. Dealpath represents and warrants that the Services will be in material accordance with the Service Level Agreement. Dealpath’s sole and exclusive liability and Customer’s sole and exclusive remedy for any breach of the warranty set forth in this Section 7.2 (Warranty for Services) will be as set forth in Section 5 of the Service Level Agreement.
    3. Customer Warranty. Customer represents and warrants that: (i) it has, and will continue to have, during the applicable Order Form Term, the legal right and authority to access, use and disclose to Dealpath any Customer Data; (ii) Dealpath has the right to use Customer Data in accordance with the terms of this Agreement; (iii) all Customer Data will be and remain true, accurate, and complete; and (iv) Dealpath’s use of the Customer Data in accordance with these Terms will not violate any applicable laws or regulations or cause a breach of any agreement or obligations between Customer and any third party.
    4. Disclaimer. EXCEPT AS EXPRESSLY PROVIDED IN SECTION 7, THE SERVICES, PROFESSIONAL SERVICES, AND OTHER DEALPATH IP ARE PROVIDED ON AN “AS IS” BASIS, AND DEALPATH MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHATSOEVER, EXPRESS OR IMPLIED, IN CONNECTION WITH THESE TERMS, THE SERVICES, PROFESSIONAL SERVICES,OR ANY OTHER DEALPATH IP, AND DEALPATH HEREBY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY, ACCURACY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT, AND NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE. DEALPATH DISCLAIMS ANY WARRANTY THAT THE SERVICES OR PROFESSIONAL SERVICES WILL BE ERROR FREE OR UNINTERRUPTED OR THAT ALL ERRORS WILL BE CORRECTED. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM DEALPATH OR ELSEWHERE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THESE TERMS. Customer assumes sole responsibility and liability for results obtained from the use of the Services and for conclusions drawn from such use. Dealpath shall have no liability for any claims, losses, or damages caused by errors or omissions in any Customer Data or other information provided to Dealpath by Customer in connection with the Services or any actions taken by Dealpath at Customer’s direction. Dealpath shall have no liability for any claims, losses or damages arising out of or in connection with Customer’s or any Authorized User’s use of any third-party products, services, software or web sites that are accessed via links from within the Services.
  8. TERM AND TERMINATION
    1. Term. These Terms are effective as of the Order Form Effective of the first Order Form the Customer and Dealpath enter into and, unless earlier terminated in accordance with Section 8.2 (Termination for Cause), continue until all Order Forms have expired or are terminated pursuant to these Terms and applicable Order Forms.
    2. Termination for Cause. Either party may terminate these Terms (together with all Order Forms) upon written notice if the other party breaches any material term of these Terms and fails to correct the breach within thirty (30) days following written notice from the non-breaching specifying the breach; provided that the cure period for any default with respect to payment shall be ten (10) business days. Either party may terminate an individual Order Form upon written notice if the other party breaches any material term of such Order Form and fails to correct the breach within thirty (30) days following written notice from the non-breaching specifying the breach; provided that the cure period for any default with respect to payment shall be ten (10) business days.
    3. Rights and Obligations Upon Expiration or Termination. Termination of these Terms will automatically terminate all outstanding Order Forms.  Upon expiration or termination of each Order Form: (i) Customer’s and its Authorized Users’ right to access and use the Services under such Order Form shall immediately terminate; (ii) Customer and its Authorized Users shall immediately cease all use of the Services under such Order Form; and (iii) each party shall make no further use of any Confidential Information, materials, or other items (and all copies thereof) belonging to the other party (unless otherwise authorized to do so hereunder based on a separate Order Form), and each party will promptly return to the other party (or destroy) all Confidential Information of the other party in its possession or control, except for any archived electronic communications which may be stored confidentially; and (iv) each party will promptly return to the other party (or destroy) all Confidential Information of the other party in its possession or control, provided that Dealpath may retain copies in accordance with its standard data retention policies of with regard to any archived electronic communications which may be stored confidentially; and (v) upon request, Dealpath shall at no additional cost make the Customer Data available to for download for a period of sixty (60) days following expiration/rumination (Customer may request longer timeframes and/or different formats which, if approved by Dealpath, may be subject to additional cost).
    4. Survival. The rights and obligations of Dealpath and Customer contained in Sections 1 (Definitions), 2.5 (Acceptable Use Policies), 2.7 (Data and Security), 4 (Fees, Expenses and Taxes), 5 (Proprietary Rights), 6 (Confidentiality), 7.4 (Disclaimer) 8.3 (Rights and Obligations Upon Expiration or Termination), 8.4 (Survival), 9 (Indemnification), 10 (Limitation of Liability), and 11 (General) shall survive any expiration or termination of these Terms and Order Forms.
  9. INDEMNIFICATION
    1. Indemnification by Dealpath. Dealpath shall defend (or settle), indemnify and hold harmless Customer, its officers, directors and employees (collectively, “Customer Indemnitees”), from and against any court costs, reasonable attorneys’ fees, damages and liabilities awarded in final judgment against Customer Indemnitees, and amounts agreed to in settlement, with respect to each of the foregoing, to the extent arising from any third-party claim, allegation, or suit against Customer Indemnitees that the Services, as provided by Dealpath to Customer pursuant to these Terms, infringe, misappropriate, or otherwise violate any Intellectual Property Right of any third party.  In connection with Dealpath’s obligations under this Section 9.1 (Indemnification by Dealpath), Customer will: (a) provide Dealpath with prompt written notice of such claim (provided that any delay that does not materially prejudice Dealpath’s ability to defend the claim will not relieve Dealpath of its indemnification obligations); (b) provide reasonable cooperation to Dealpath, at Dealpath’s expense, in the defense and settlement of such claim; and (c) afford Dealpath sole authority to defend or settle such claim. Customer shall not enter into any stipulated judgment or settlement that purports to bind Dealpath without Dealpath’s express written authorization, which shall not be unreasonably withheld or delayed. 
    2. Injunctions. If Customer’s use of the Services is, or in Dealpath’s opinion is likely to be, enjoined due to the type of claim specified in Section 9.1 (Indemnification by Dealpath), then Dealpath may at its sole option and expense: (i) replace or modify the Services to make them non-infringing and of equivalent functionality; (ii) procure for Customer the right to continue using the Services under the terms of these Terms; or (iii) if Dealpath is unable to accomplish either (i) or (ii) despite using its reasonable efforts, terminate Customer’s rights and Dealpath’s obligation under these Terms with respect to such Services (or these Terms altogether) and refund to Customer a pro-rata portion of the Fees paid for the remaining portion of the Order Form Initial Term or Order Form Renewal Period during which Customer would have had access to the Services.
    3. Exclusions. Notwithstanding the terms of Section 9.1 (Indemnification by Dealpath), Dealpath will have no liability for any infringement or misappropriation claim of any kind to the extent that it results from: (i) Customer’s breach of these Terms, negligence, willful misconduct, or fraud; (ii) the combination, operation or use of the Services with equipment, devices, software or data not supplied by Dealpath, if a claim would not have occurred but for such combination, operation or use; (iii) Customer Data; (iv) Customer’s or an Authorized User’s use of the Services other than in accordance with these Terms; (v) Customer’s failure to use any enhancements, modifications, or updates to the Services made available by Dealpath to Customer, or Customer’s continued use of a prior version of the Services that has been superseded by a non-infringing version subsequently released by the provider.
    4. Sole Remedy. THE PROVISIONS OF SECTION 9.1, 9.2 AND 9.3 STATE DEALPATH AND ITS LICENSORS SOLE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO ANY ALLEGED OR ACTUAL INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS BY THE SERVICES.
    5. Indemnification by Customer. Customer shall defend (or settle), indemnify and hold harmless Dealpath, its officers, directors and employees (collectively, “Dealpath Indemnitees”), from and against any court costs, reasonable attorneys’ fees, damages and liabilities awarded in final judgment against Dealpath Indemnitees, and amounts agreed to in settlement, with respect to each of the foregoing, to the extent arising from any third-party claim, allegation, or suit based on (i) Customer Data, including but not limited to any claim that Customer Data is infringing, misappropriating, or violating any Intellectual Property Rights or the publicity, privacy, or other rights of any third-party, applicable law, or was collected or disclosed in violation of these Terms, or (ii) Customer’s or an Authorized User’s use of the Services that is not in accordance with these Terms. In connection with Customer’s obligations under this Section 9.5 (Indemnification by Customer) Dealpath will: (a) provide Customer with prompt written notice of such claim (provided that any delay that does not materially prejudice Customer’s ability to defend the claim will not relieve Customer of its indemnification obligations); (b) provide reasonable cooperation to Customer, at Customer’s expense, in the defense and settlement of such claim; and (c) afford Customer sole authority to defend or settle such claim. Dealpath shall not enter into any stipulated judgment or settlement that purports to bind Customer without Customer’s express written authorization, which shall not be unreasonably withheld or delayed. 
  10. LIMITATION OF LIABILITY.
    1. Exclusion of Damages. EXCEPT FOR LIABILITY ARISING FROM A BREACH OF SECTIONS 2.4 (RESTRICTIONS), 2.5 (ACCEPTABLE USE POLICIES), 6 (CONFIDENTIALITY), OR 7.3 (CUSTOMER WARRANTIES, OR BREACH OF CUSTOMER’S PAYMENT OBLIGATIONS, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY LOSS OF INCOME, DATA, PROFITS, REVENUE OR BUSINESS INTERRUPTION, OR OTHER ECONOMIC LOSS,  OR ANY INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES UNDER OR RELATED TO THESE TERMS, WHETHER OR NOT SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND WHETHER ANY CLAIM FOR RECOVERY IS BASED ON THEORIES OF CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE AND STRICT LIABILITY) OR OTHERWISE.
    2. Total Liability.  NOTWITHSTANDING ANY OTHER PROVISIONS OF THESE TERMS, EXCEPT FOR LIABILITY ARISING FROM A BREACH OF SECTIONS 2.4 (RESTRICTIONS), 2.5 (ACCEPTABLE USE POLICY), 7.3 (CUSTOMER WARRANTIES), BREACH OF CUSTOMER’S PAYMENT OBLIGATIONS, AND FOR THE PARTIES’ INDEMNIFICATION OBLIGATIONS IN SECTION 9, IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY TO THE OTHER PARTY AND ANY THIRD PARTY RELATED TO THESE TERMS OR CUSTOMER’S ACCESS TO AND USE OF THE SERVICES AND/OR PROFESSIONAL SERVICES EXCEED THE TOTAL FEES OWED BY CUSTOMER IN THE TWELVE-MONTH PERIOD PRECEDING THE CLAIM OR ACTION, REGARDLESS OF THE FORM OR THEORY OF THE CLAIM OR ACTION.
    3. Basis of Bargain. THE LIMITATIONS OF LIABILITY AND EXCLUSIONS OF DAMAGES SET FORTH IN THIS SECTION 10 (LIMITATION OF LIABILITY) ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN DEALPATH AND CUSTOMER AND WILL APPLY TO THE MAXIMUM EXTENT ALLOWED UNDER APPLICABLE LAW.
  11. GENERAL
    1. Subcontractors. Dealpath may use subcontractors and other third-party providers  in connection with the performance of its own obligations hereunder (“Subcontractors”) as it deems appropriate; provided that the Dealpath remains responsible and liable for the acts and omissions of each such Subcontractor to the same extent Dealpath would be liable in accordance with the terms and limitations of these Terms had Dealpath directly engaged in such acts or omissions.
    2. Governing Law. These Terms and all matters arising out of or relating to these Terms shall be governed by the laws of the State of California, without regard to its conflict of law provisions. Any legal action or proceeding relating to these Terms shall be brought exclusively in the state or federal courts located in San Francisco, California. Dealpath and Customer hereby agree to submit to the jurisdiction of, and agree that venue is proper in, those courts in any such legal action or proceeding.
    3. Waiver. The waiver by either party of any default or breach of these Terms shall not constitute a waiver of any other or subsequent default or breach. No waiver of any provision of these Terms will be effective unless it is in writing and signed by the party granting the waiver.
    4. Notices. Dealpath may give notice to Customer by means of a general notice through the Services interface, email to Customer’s e-mail address on record with Dealpath, or by written communication sent by first class postage prepaid mail or nationally recognized overnight delivery service to Customer’s address on record with Dealpath. Customer may give notice to Dealpath by written communication sent by first class postage prepaid mail or nationally recognized overnight delivery service addressed to Dealpath, Inc., 300 California Street, Ste 300, San Francisco, CA 94104. Notice shall be deemed to have been given upon receipt or, if earlier, two (2) business days after mailing, as applicable. For notices made by e-mail, the date of receipt will be deemed the date on which such notice is transmitted.
    5. Severability. In the event any provision of these Terms is held to be invalid or unenforceable, the remaining provisions of these Terms shall remain in full force and effect.
    6. Force Majeure. Neither party shall be liable hereunder by reason of any failure or delay in the performance of its obligations hereunder (except for the payment of money) on account of events beyond the reasonable control of such party, which may include without limitation denial-of-service attacks, strikes, shortages, riots, insurrection, epidemics, pandemics, fires, flood, storm, explosions, acts of God, war, terrorism, governmental action, labor conditions, earthquakes and material shortages (each a “Force Majeure Event”). Upon the occurrence of a Force Majeure Event, the non-performing party will be excused from any further performance of its obligations effected by the Force Majeure Event for so long as the event continues and such party continues to use commercially reasonable efforts to resume performance.
    7. Compliance with Laws. Each party agrees to comply with all applicable laws and regulations with respect to its activities hereunder, including, but not limited to, any export laws and regulations of the United States. Customer affirms that it is not named on, owned by, or acting on behalf of any U.S. government denied-party list, and it agrees  to comply fully with all relevant export control and sanctions laws and regulations of the United States (“Export Laws”) to ensure that neither the Services nor any technical data related thereto, is: (i) used, exported or re-exported directly or indirectly in violation of Export Laws; or (ii) used for any purposes prohibited by the Export Laws, including, but not limited to, nuclear, chemical, or biological weapons proliferation, missile systems or technology, or restricted unmanned aerial vehicle applications.
    8. Relationship Between the Parties. Nothing in these Terms shall be construed to create a partnership, joint venture or agency relationship between the parties. Neither party will have the power to bind the other or to incur obligations on the other’s behalf without such other party’s prior written consent.
    9. Assignment. Neither Party may assign or transfer these Terms, in whole or in part, without the other party’s prior written consent; provided that: (i) Dealpath may assign these Terms without Customer’s prior written consent to a successor entity in connection with a merger, acquisition, consolidation, by operation of law, or sale of all or substantially all of Dealpath’s assets to which these Terms relate; and (ii) Customer may assign these Terms without Dealpath’s prior written consent to a successor entity who is not a direct or indirect competitor of Dealpath in connection with a merger, acquisition, consolidation, by operation of law, or sale of all or substantially all of Customer’s assets to which these Terms relate.  Any attempted assignment or transfer without such consent will be null and of no effect.  Subject to the foregoing, these Terms will bind and inure to the benefit of the parties, their successors and permitted assigns.
    10. Entire Agreement. These Terms (together with all Order Forms) constitute the complete and exclusive agreement between the parties concerning its subject matter and supersede all prior or contemporaneous agreements or understandings, written or oral, concerning the subject matter of these Terms. These Terms may not be modified or amended except in a writing signed by a duly authorized representative of Dealpath and Customer. If there is any inconsistency between the provisions of these Terms and the terms in any Order Form, these Terms shall prevail.
    11. Non-Exclusive Remedies.  Except as otherwise set forth in these Terms, including Sections 7.2 (Warranty for Services) and 9.4 (Sole Remedy), the exercise by either party of any remedy under these Terms will be without prejudice to its other remedies under these Terms or otherwise.
    12. Equitable Relief. Each party acknowledges that a breach by the other party of any confidentiality or proprietary rights provision of these Terms may cause the non-breaching party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching party may institute an action to enjoin the breaching party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching party may be entitled at law or in equity.
    13. No Third-Party Beneficiaries. These Terms are intended for the sole and exclusive benefit of the signatories and is not intended to benefit any third party. Only the parties to these Terms may enforce them.
    14. Headings. The headings in these Terms are for the convenience of reference only and have no legal effect.

LIST OF EXHIBITS

EXHIBIT A – SERVICE LEVEL AGREEMENT

EXHIBIT B – DATA PROTECTION AGREEMENT

EXHIBIT C – REVISION HISTORY

EXHIBIT A
SERVICE LEVEL AGREEMENT

1. Service Availability.

Dealpath will make the Services under each Order Form available to Customer with 99.90% uptime, measured monthly, excluding Excused Downtime (“Uptime Requirement”). 

 2. Service Availability Calculation.

The percentage uptime for the Services under each Order Form will be calculated as follows (“Availability Percentage”).  Each month in which the Availability Percentage is less than the Uptime Requirement is referred to herein as a Deficient Month.

α=((η – π – ∆) / (η- π)) * 100

Where: 

α = % Availability
η =  Number of hours in a month
π = Excused Downtime as defined below
∆ = Total time of Service unavailability

3. Excused Downtime.

(a) Excused Downtime. “Excused Downtime” occurs when Customer has no or limited access to the Services under an Order Form that arises from (i) scheduled maintenance, (ii) a Force Majeure Event, (iii) any hardware or software not supplied by Dealpath; (iv) from telecommunications or Internet service provider failures; (v) Customer’s use of the Services in an unauthorized or unlawful manner or any interruption resulting from Customer’s misuse, alteration, or damage of the Services; or (vi) Dealpath’s exercise of its rights under the Agreement or the blocking of data communications or other portions of the Services in accordance with its policies.

(b) Scheduled Maintenance. Dealpath will use commercially reasonable efforts to undertake all necessary maintenance in a manner that mitigates impact to Customer and its users and to notify Customer of the required maintenance. Dealpath will use commercially reasonable efforts to provide twenty-four (24) hours’ prior notice for scheduled maintenance not to exceed six (6) hours.  Notice provided under this Section will be via email.

4. Technical Support

(a) Hours of Support.  Dealpath will respond to problems with the Services experienced by Customer or its Authorized Users in accordance with this Section 4. Dealpath will provide coverage parameters specific to the service(s) covered in this Agreement as follows:

  • Telephone support: Dealpath will designate a dedicated account manager who will provide phone support to Customer during normal business hours on weekdays during the hours of 9:00 a.m. – 5:00 p.m. Pacific Time with the exclusion of Federal Holidays. Dealpath will use commercially reasonable efforts to respond to all support requests within 1 business day.

(b) Problem Severity Level Definitions.  Problems reported by Customer to Dealpath support will be assigned a Severity Level in accordance with the following:

Impact Severity Levels
Severity 1            Critical Failure – actual failure of Services where the Services are unavailable to the Customer.
Severity 2Major Degradation – Critical problem causing loss of data or loss of service to core Services functionality.  Services are functioning but in a significantly reduced capacity, may affect multiple users.
Severity 3Minor Service/Application Degradation – does not affect core Services functionality.

(c) Problem Response Times.  Dealpath will use commercially reasonable efforts to meet or exceed the target response and problem resolution times for each Severity Level as set forth in the following:

Severity LevelResponse Time Objective

Restoration

Resolution Objective

Customer Update Frequency

1

 

4 Hours 24 hours to resolve or provide work aroundDaily
24 Hours 3 Business Days to resolve or provide work aroundDaily
31 Day20 Business Days to resolve or provide work aroundWeekly

(*) “Business Days” are defined as non-weekend and non-US holiday days.

5. Service Level Credits

(a) Customer’s sole and exclusive remedy, and Dealpath’s sole and exclusive liability, in connection with the availability of the Services shall be that for each continuous period of downtime lasting longer than one hour that occurs in a calendar Deficient Month, Dealpath will credit Customer 5% of any recurring Fees due for the month in question under the applicable Order Form (monthly fees may be calculated by dividing any annual recurring fees by 12); provided that no more than one such credit will accrue per day. Downtime shall begin to accrue at the earliest of (i) as soon as Customer (with notice to Dealpath) recognizes that downtime is taking place, or (ii) Dealpath otherwise becomes aware that downtime is taking place, and continues until the availability of the Services is restored. In order to receive downtime credit, Customer must notify Dealpath in writing within twenty-four (24) hours from the time of downtime, and failure to provide such notice will forfeit the right to receive downtime credit.  Such credits shall not exceed a total of credits for one (1) week of recurring Fees (pro-rated) under the applicable Order Form for any one (1) calendar Deficient Month and, except as set forth in following sentence, such credits may not be redeemed for cash.  If there will be no subsequent invoice for recurring Fees from Dealpath, Dealpath will refund to Customer the amount of any credit that would have been due to Customer under a subsequent invoice. 

(b) Notwithstanding Section 5(a) above, in the event Customer experiences a Severity Level 1 event five (5) times for the Services under an Order Form within any rolling six (6)-month period, Customer may immediately terminate such Order Form upon written notice.

EXHIBIT B – Data Protection Agreement

This Data Processing Addendum (“Addendum”) forms part of the Terms between Customer and Dealpath.

1. Subject Matter and Duration.

  1. Subject Matter. This Addendum reflects the parties’ commitment to abide by Data Protection Laws concerning the Processing of Customer Personal Data in connection with Dealpath’s execution of the Services under the Terms. All capitalized terms that are not expressly defined in this Addendum will have the meanings given to them in the Terms. If and to the extent language in this Addendum or any of its Exhibits conflicts with the Terms, this Addendum shall control.
  2. Duration and Survival. This Addendum will become legally binding upon the Order Form Effective Date of the initial Order Form, or upon the date that the parties enter into this Addendum if it is completed after the effective such Order Form Effective Date. Dealpath will Process Customer Personal Data until the relationship terminates as specified in the Terms. Dealpath’s obligations and Customer’s rights under this Addendum will continue in effect so long as Dealpath Processes Customer Personal Data.

For the purposes of this Addendum, the following terms and those defined within the body of this Addendum apply.

  1. “Customer Personal Data” means Customer Data that is Personal Data Processed by Dealpath on behalf of Customer.
  2. “Data Protection Laws” means all applicable data privacy, data protection, and cybersecurity laws, rules and regulations to which the Customer Personal Data are subject. “Data Protection Laws” may include, but are not limited to, the California Consumer Privacy Act of 2018 (“CCPA”) and the EU General Data Protection Regulation 2016/679 (“GDPR”).
  3. “Personal Data” shall have the meaning assigned to the terms “personal data” or “personal information” under applicable Data Protection Laws.
  4. “Process” or “Processing” means any operation or set of operations which is performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  5. “Security Incident(s)” means the breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data attributable to Dealpath.
  6. “Services” means any and all services that Dealpath performs under the Terms.
  7. “Subprocessor” means Dealpath’s authorized vendors and third-party service providers that Process Customer Personal Data.

2. Data Use and Processing.

  1. Documented Instructions. Dealpath and its Subprocessors shall Process Customer Personal Data only in accordance with the documented instructions of Customer or as specifically authorized by this Addendum, the Terms, or any applicable Order Form. Dealpath will, unless legally prohibited from doing so, inform Customer in writing if it reasonably believes that there is a conflict between Customer’s instructions and applicable law or otherwise seeks to Process Customer Personal Data in a manner that is inconsistent with Customer’s instructions.
  2. Authorization to Use Subprocessors. To the extent necessary to fulfill Dealpath’s contractual obligations under the Terms or any Order Form, Customer hereby authorizes Dealpath to engage Subprocessors.
  3. Dealpath and Subprocessor Compliance. Dealpath agrees to (i) enter into a written agreement with Subprocessors regarding such Subprocessors’ Processing of Customer Personal Data that imposes on such Subprocessors data protection and security requirements for Customer Personal Data that are consistent with this Addendum; and (ii) remain responsible to Customer for Dealpath’s Subprocessors’ failure to perform their obligations with respect to the Processing of Customer Personal Data.
  4. Right to Object to New Subprocessors. If Customer wants to receive notifications of new Subprocessors Dealpath plans to engage, Customer must contact Dealpath in writing to request to be notified. If Customer signs up to receive notice of Dealpath’s new Subprocessors, Dealpath will notify Customer prior to engaging any new Subprocessors and allow Customer ten (10) days to object. If Customer has legitimate objections to the appointment of any new Subprocessor, the parties will work together in good faith to resolve the grounds for the objection. You can see Dealpath’s existing Subprocessors list here.
  5. Confidentiality. Any person authorized to Process Customer Personal Data must contractually agree to maintain the confidentiality of such information or be under an appropriate statutory obligation of confidentiality.
  6. Personal Data Inquiries and Requests. Dealpath agrees to provide reasonable assistance and comply with reasonable instructions from Customer related to any requests from individuals exercising their rights in Customer Personal Data granted to them under Data Protection Laws.
  7. Sale of Customer Personal Data Prohibited. Dealpath shall not sell Customer Personal Data as the term “sell” is defined by the CCPA.
  8. Data Protection Impact Assessment and Prior Consultation. Where required by Data Protection Laws, Dealpath agrees to provide reasonable assistance at Customer’s expense to Customer where, in Customer’s judgement, the type of Processing performed by Dealpath requires a data protection impact assessment and/or prior consultation with the relevant data protection authorities.
  9. Demonstrable Compliance. Dealpath agrees to provide reasonable information necessary to demonstrate compliance with this Addendum to Customer upon reasonable request.

3. Cross-Border Transfers of Personal Data.

  1. Cross-Border Transfers of Personal Data. Customer authorizes Dealpath to transfer Customer Personal Data across international borders, including from the European Economic Area to the United States. Where required, cross-border transfers of Customer Personal Data must be supported by an approved adequacy mechanism.
  2. Standard Contractual Clauses. If Customer Personal Data originating in the European Economic Area, Switzerland, and/or the United Kingdom is transferred by Customer to Dealpath in a country that has not been found to provide an adequate level of protection under applicable Data Protection Laws, the parties agree that the transfer shall be governed by Module Two’s obligations in the Annex to the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (“Standard Contractual Clauses”) as supplemented by Attachment 1 attached hereto, the terms of which are incorporated herein by reference. Each party’s signature to the Order Form shall be considered a signature to the Standard Contractual Clauses to the extent that the Standard Contractual Clauses apply hereunder.

4. Information Security Program. Dealpath agrees to implement appropriate technical and organizational measures designed to protect Customer Personal Data in accordance with Data Protection Laws, as described in Annex II to this Attachment 1 to Exhibit B.

5. Security Incidents.

  1. Notice. Upon becoming aware of a Security Incident, Dealpath agrees to provide notice via e-mail without undue delay and within the time frame required under Data Protection Laws to Customer’s Designated POC. Where possible, such notice will include all available details required under Data Protection Laws for Customer to comply with its own notification obligations to regulatory authorities or individuals affected by the Security Incident.
  2. Investigation. Dealpath will investigate the Security Incident and provide Customer with information concerning the scope, cause, impact of, and mitigation measures referenced in (3) below taken with respect to such Security Incident upon the initial notification referenced in (1) above, or, if not available at such time, promptly thereafter.
  3. Mitigation. Dealpath will take reasonable steps to mitigate the effects of the Security Incident as it relates to Dealpath’s impacted systems.

6. Audits. The parties acknowledge that Dealpath uses third party auditors to verify the adequacy of its Processing of Customer Personal Data. The audit: (i) is performed annually; (ii) is performed against the SOC 2 Type 2 framework; (iii) is performed by an independent third-party security professional at Dealpath’s selection and expense; and (iv) will result in the generation of an audit report affirming that Dealpath’s security controls are compliant with SOC 2 Type 2 (“Report”). Upon request, Dealpath will provide Customer with a copy of its then current Report. If Customer demonstrates that the information contained in the Report is not sufficient for its compliance purposes, then Customer may carry out a follow up audit to ensure Dealpath’s compliance with the terms of this Addendum by having Dealpath complete a data protection questionnaire of reasonable length. Any provision of the Report to, or audit carried out by Customer shall be subject to reasonable confidentiality procedures.

7. Data Deletion. At the expiry or termination of the Terms, Dealpath will, upon Customer’s request, delete or return all Customer Personal Data (excluding any back-up or archival copies which shall be deleted in accordance with Dealpath’s data retention schedule), except where Dealpath is required to retain copies under applicable laws, in which case Dealpath will isolate and protect that Customer Personal Data from any further Processing except to the extent required by applicable laws.

8. Processing Details.

  1. Subject Matter. The subject matter of the Processing is the Services pursuant to the Terms.
  2. Duration. The Processing will continue until the expiration or termination of the Terms.
  3. Categories of Data Subjects. Data subjects whose Customer Personal Data will be Processed pursuant to the Terms.
  4. Nature and Purpose of the Processing. The purpose of the Processing of Customer Personal Data by Dealpath is the performance of the Services.
  5. Types of Customer Personal Data. Customer Personal Data that is Processed pursuant to the Terms.

9. Contact Information. Customer and Dealpath agree to designate a point of contact for urgent privacy and security issues (a “Designated POC”). The Designated POC for both parties are set forth in the applicable Order Form.

Attachment 1 to Exhibit B

Standard Contractual Clauses (Processors)

This Attachment 1 forms part of the Addendum and supplements the Standard Contractual Clauses. Capitalized terms not defined in this Attachment 1 have the meaning set forth in the Addendum.

The parties agree that the following terms shall supplement the Standard Contractual Clauses:

  1. Supplemental Terms. The parties agree that: (i) a new Clause 1(e) is added the Standard Contractual Clauses which shall read: “To the extent applicable hereunder, these Clauses also apply mutatis mutandis to the Parties’ processing of personal data that is subject to the Swiss Federal Act on Data Protection. Where applicable, references to EU Member State law or EU supervisory authorities shall be modified to include the appropriate reference under Swiss law as it relates to transfers of personal data that are subject to the Swiss Federal Act on Data Protection.”; (ii) a new Clause 1(f) is added to the Standard Contractual Clauses which shall read: “To the extent applicable hereunder, these Clauses, as supplemented by Annex III, also apply mutatis mutandis to the Parties’ processing of personal data that is subject to UK Data Protection Laws (as defined in Annex III).”; (iii) the optional text in Clause 7 is deleted; (iv) Option 1 in Clause 9 is struck and Option 2 is kept, and Dealpath must submit the request for specific authorization in accordance with Section 3(d) of the Addendum; (v) the optional text in Clause 11 is deleted; and (vi) in Clauses 17 and 18, the governing law and the competent courts are those of Ireland (for EEA transfers), Switzerland (for Swiss transfers), or England and Wales (for UK transfers).
  2. Annex I. Annex I to the Standard Contractual Clauses shall read as follows:

A. List of Parties

Data Exporter: Customer.
Address: As set forth in the Order Form.
Contact person’s name, position, and contact details: As set forth in the Order Form.
Activities relevant to the data transferred under these Clauses: The Services.
Role: Controller.


Data Importer: Dealpath.
Address: As set forth in the Order Form.
Contact person’s name, position, and contact details: As set forth in the Order Form.
Activities relevant to the data transferred under these Clauses: The Services.
Role: Processor.

B. Description of the Transfer:

Categories of data subjects whose personal data is transferred: The categories of data subjects whose Customer Personal Data is transferred under the Standard Contractual Clauses including, but not limited to, Authorized Users.

Categories of personal data transferred: The categories of Customer Personal Data transferred under the Standard Contractual Clauses including, but not limited to, Authorized Users’ name and email address.

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures: To the parties knowledge, no sensitive data is transferred.

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis): Customer Personal Data is transferred in accordance with the standard functionality of the Services, or as otherwise agreed upon by the parties.

Nature of the processing: The Services.

Purpose(s) of the data transfer and further processing: The Services.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: Dealpath will retain Customer Personal Data in accordance with the Addendum. 

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing: The subject matter, nature and duration identified in the Addendum.

C. Competent Supervisory Authority: The supervisory authority mandated by Clause 13. If no supervisory authority is mandated by Clause 13, then the Irish Data Protection Commission (DPC), and if this is not possible, then as otherwise agreed by the parties consistent with the conditions set forth in Clause 13.

D. Additional Data Transfer Impact Assessment Questions:

Will data importer process any personal data under the Clauses about a non-United States person that is “foreign intelligence information” as defined by 50 U.S.C. § 1801(e)?

Not to Dealpath’s knowledge.

Is data importer subject to any laws in a country outside of the European Economic Area, Switzerland, and/or the United Kingdom where personal data is stored or accessed from that would interfere with data importer fulfilling its obligations under the Clauses? For example, FISA Section 702. If yes, please list these laws:

As of the effective date of the Addendum, no court has found Dealpath to be eligible to receive process issued under the laws contemplated by this question, including FISA Section 702, and no such court action is pending.

Has data importer ever received a request from public authorities for information pursuant to the laws contemplated by the question above? If yes, please explain:

No.

Has data importer ever received a request from public authorities for personal data of individuals located in European Economic Area, Switzerland, and/or the United Kingdom? If yes, please explain:

No.

E. Data Transfer Impact Assessment Outcome: Taking into account the information and obligations set forth in the Addendum and, as may be the case for a party, such party’s independent research, to the parties’ knowledge, the Customer Personal Data originating in the European Economic Area, Switzerland, and/or the United Kingdom that is transferred pursuant to the Standard Contractual Clauses to a country that has not been found to provide an adequate level of protection under applicable Data Protection Laws is afforded a level of protection that is essentially equivalent to that guaranteed by applicable Data Protection Laws.

F. Clarifying Terms: The parties agree that: (i) the certification of deletion required by Clause 8.5 and Clause 16(d) of the Standard Contractual Clauses will be provided upon Customer’s written request; (ii) the measures Dealpath is required to take under Clause 8.6(c) of the Standard Contractual Clauses will only cover Dealpath’s impacted systems; (iii) the audit described in Clause 8.9 of the Standard Contractual Clauses shall be carried out in accordance with Section 7 of the Addendum; (iv) where permitted by applicable Data Protection Laws, Dealpath may engage existing Subprocessors using European Commission Decision C(2010)593 Standard Contractual Clauses for Controllers to Processors and such use of Subprocessors shall be deemed to comply with Clause 9 of the Standard Contractual Clauses; (v) the termination right contemplated by Clause 14(f) and Clause 16(c) of the Standard Contractual Clauses will be limited to the termination of the Standard Contractual Clauses; (vi) unless otherwise stated by Dealpath, Customer will be responsible for communicating with data subjects pursuant to Clause 15.1(a) of the Standard Contractual Clauses; (vii) the information required under Clause 15.1(c) of the Clauses will be provided upon Customer’s written request; and (viii) notwithstanding anything to the contrary, Customer will reimburse Dealpath for all costs and expenses incurred by Dealpath in connection with the performance of Dealpath’s obligations under Clause 15.1(b) and Clause 15.2 of the Standard Contractual Clauses without regard for any limitation of liability set forth in the Terms.

3. Annex II. Annex II of the Standard Contractual Clauses shall read as follows:

Dealpath will maintain the following technical, organizational, and physical safeguards designed to protect the security, confidentiality, integrity, and availability of Customer Personal Data. Dealpath will not materially decrease the overall security of the Services during the Order Form Term.

  • SOC-2 Compliance. Dealpath is SOC 2 Type 2 certified and will remain certified for the duration of the Order Form Term.
  • Password Protection. Customer’s and its Authorized Users’ Services accounts are password protected with verification and notifications through Customer’s corporate email account.
  • Encryption. The Services are delivered and accessible using non-obsolete encryption and hash standards, with all data being encrypted at rest, using AES (reversible encryption) and SHA-2 (irreversible hashing) or better, and in encrypted in transit using HTTPS with Transport Layer Security 1.2 or better.
  • Physical and Logical Security. Dealpath shall use commercially reasonable efforts to restrict logical access to Dealpath’s equipment and/or media containing Customer Personal Data to authorized individuals as required in the applicable Service Schedule. Dealpath shall carry out commercially reasonable measures to limit physical access to Customer Personal Data in its custody or control, which may include use of electronic access control; CCTV; intrusion detection systems; implementing visitor entry control procedures; securing offices, rooms, and facilities; protecting against reasonably anticipated external and environmental threats; and controlling all access points including delivery and loading areas.
  • Software and Virus Protection. Dealpath shall regularly review and update, as necessary, all software, firmware, firewalls and hardware used on Dealpath’s systems in accordance with industry standard practices. Dealpath shall install and maintain commercially reasonable anti-virus software on its systems and update such anti-virus software on a regular basis in accordance with relevant industry practice. Dealpath shall notify the Customer promptly in the event it becomes aware of the actual or potential transmission of any identified computer virus by Dealpath to the Customer.
  • Disaster Recovery. Dealpath shall maintain and implement disaster recovery and avoidance procedures designed to restore, in a commercially reasonable manner, Dealpath’s critical business applications and critical infrastructure at data centers in the event of a disaster event at Dealpath’s facilities (“Disaster Recovery Plan”). On at least an annual basis, Dealpath shall review and update, if necessary, its Disaster Recovery Plan.

Pursuant to Clause 10(b) of the Standard Contractual Clauses, Dealpath will provide Customer assistance with data subject requests in accordance with the Addendum.

4. Annex III. A new Annex III shall be added to the Standard Contractual Clauses and shall read as follows:

The UK Information Commissioner’s Office International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (“UK Addendum”) is incorporated herein by reference.

Table 1: The start date in Table 1 is the effective date of the Addendum. All other information required by Table 1 is set forth in Annex I, Section A of the Clauses.

Table 2: The UK Addendum forms part of the version of the Approved EU SCCs which this UK Addendum is appended to including the Appendix Information, effective as of the effective date of the Addendum.

Table 3: The information required by Table 3 is set forth in Annex I and II to the Clauses.

Table 4: The parties agree that Importer may end the UK Addendum as set out in Section 19.

EXHIBIT CRevision History

Terms of Service – Revision – July 2022

Terms of Service – Revision – February 14, 2020

Terms of Service – Revision – Aug 2019

Dealpath Terms of Service

Last updated on January 2nd, 2024

These Terms of Service (the “Terms”), together with all Order Forms (as defined below), govern Customer’s access and use of the Services (defined below) offered by Dealpath Inc. (“Dealpath”) and Dealpath’s website located at www.dealpath.com and all subdomains thereof (the “Site”), unless Dealpath and Customer (as defined below) have entered into a separate written agreement governing Customer’s access and use of the Services.  These Terms commence upon the Order Form Effective Date of the initial Order Form.

  1. DEFINITIONS
    1. Authorized User” means an individual which Customer (or, when applicable, Dealpath at Customer’s request) has authorized to use the Services, including without limitation (i) to whom Customer (or, when applicable, Dealpath at Customer’s request) has assigned a unique username-password combination to access and use the Services; and (ii) who has registered to access and use the Services.
    2. Customer” means the company or other legal entity identified as customer in the applicable Order Form.
    3. Customer Data” means all data and information input or submitted by Customer, or Authorized Users on Customer’s behalf, into the Services.
    4. Fees” means the fees described in the applicable Order Form.
    5. Intellectual Property Rights” means patent rights (including, without limitation, patent applications and disclosures), trademark rights, copyrights, trade secrets, moral rights, know-how, and any other intellectual property rights recognized in any country or jurisdiction in the world.
    6. Order Form” means an order form duly executed by Dealpath and Customer which explicitly references these Terms. Each Order Form shall be deemed incorporated by reference into these Terms upon mutual execution.
    7. Order Form Initial Term” means the initial term of an Order Form as set forth therein.
    8. Order Form Renewal Period” means the renewal period of an Order Form as set forth therein.
    9. Order Form Term” means, with respect to an Order Form, the Order Form Initial Term together with any Order Form Renewal Periods.
    10. Professional Services” means any professional services expressly set forth in an applicable Order Form, which may include implementation services performed by Dealpath to configure and rollout the Services to Customer, as described in the applicable Order Form.
    11. Service Level Agreement” means service level agreement set forth in Exhibit A.
    12. Services” means Dealpath’s proprietary cloud-based collaboration and workflow platform for real estate investment professionals as more particularly described and identified in the applicable Order Form.
  2. SERVICES
    1. Services. Dealpath will use commercially reasonable efforts to provide the Services to Customer in accordance with these Terms, including the Service Level Agreement, and the applicable Order Form.  Subject to Customer’s compliance with these Terms, Dealpath hereby grants Customer a limited, non-exclusive, non-transferable, non-sublicensable, worldwide license to access and use the Services during the applicable Order Form Term solely for Customer’s business purposes, and such access and use is expressly limited to: (i) the number of Authorized Users for which Customer has paid the applicable Fees; and (ii) the scope of access and functionality designated in the Order Form for each category of Authorized User.
    2. Authorized Users.  An Authorized User may be an employee, independent contractor, or service provider of Customer; provided that each Authorized User must be an individual and may only use the Service on behalf of the Customer.  Customer will at all times be responsible and liable hereunder, for all actions or omissions (i) of any Authorized User or (ii) under an Authorized User’s account, whether such action or omission was by an Authorized User or by another party, and whether or not such action or omission was authorized by an Authorized User.  During the Order Form Initial Term or any Order Form Renewal Period, as applicable, Customer may, in its discretion, add additional Authorized Users in accordance with the process and prices described in the relevant Order Form. Upon each Order Form Renewal Period, subject to written notice at least thirty (30) days prior to the start of an Order Form Renewal Period, Customer may decrease its number of Authorized Users for each User Category and the applicable Fees will be adjusted accordingly.
    3. Professional Services. If an Order Form expressly includes Professional Services, Dealpath will use commercially reasonable efforts to perform the Professional Services for Customer in accordance with these Terms and the applicable Order Form.  Dealpath’s sole and exclusive liability and Customer’s sole and exclusive remedy for any failure to provide the Professional Services in accordance with these Terms or the applicable Order Form will be to re-perform the non-conforming Professional Services such that they are in accordance with these Terms and the applicable Order Form.
    4. Restrictions. Customer shall not allow access to or use of the Site or Services by anyone other than Authorized Users, and shall not allow an Authorized User to access the Site or Service beyond the functionality scope set forth for the User Category designated for such Authorized User. Customer will not at any time, and will not permit any individual or entity (including, without limitation, Authorized Users) to, directly or indirectly: (i) use the Services in any manner beyond the scope of rights expressly granted in these Terms; (ii) copy, modify, distribute, or create derivative works of the Site, Services, or any software used to provide the Services; (iii) reverse engineer, disassemble, decompile, decode or otherwise attempt to derive or gain improper access to any software component of the Services, in whole or in part; (iv) frame, mirror, sell, resell, reproduce, loan, publish, distribute, assign, transfer, rent, or lease use of the Services to any third-party, provide access to the Site or Services on a time-share or service bureau basis, or otherwise allow any third-party to use the Services for any purpose other than for the benefit of Customer in accordance with these Terms; (v) use the Services in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any third-party, or that violates any applicable law; (vi) interfere with, or disrupt the integrity or performance of, the Services, or any data or content contained therein or transmitted thereby; (vii) access or search the Services (or download any data or content contained therein or transmitted thereby) through the use of any engine, software, tool, agent, device or mechanism (including spiders, robots, crawlers or any other similar data mining tools) other than software or Services features provided by Dealpath for use expressly for such purposes; (viii) transfer any of its rights hereunder except as set forth in Section 11.9 (Assignment), (ix) use the Services to transmit any bulk unsolicited commercial communications, or (x) use the Services for benchmarking or competitive analysis, or to develop, commercialize, license or sell any product, service or technology that could, directly or indirectly, compete with the Services.
    5. Acceptable Use Policies. Customer acknowledges and agrees that Dealpath has no obligation to monitor or police communications or data transmitted through the Site or Services and that Dealpath shall not be responsible for the content of any such communications or transmissions. However, Dealpath has the right to monitor the foregoing for the purpose of operating the Site and Services, to ensure compliance with these Terms, and to comply with applicable law or other legal requirements. Customer and its Authorized Users shall use the Site or Services exclusively for authorized and legal purposes, consistent with all applicable laws, regulations and the rights of others. Customer and its Authorized Users shall not use the Site or Services to transmit any bulk unsolicited commercial communications.
    6. Third-Party Services.  Certain features and functionalities within the Services may allow Customer and its Authorized Users to interface or interact with, access and/or use compatible third-party services, products, technology, data, and content (collectively, “Third-Party Services”) through the Services.  Dealpath makes the APIs available to Customer to connect with Third-Party Services that are set forth in the applicable Order Form, and such APIs are provided hereunder as part of the Services.  However, Dealpath does not provide any aspect of the Third-Party Services and is not responsible for any compatibility issues, errors or bugs in the Third-Party Services caused in whole or in part by the Third-Party Services or any update or upgrade thereto.  Customer is solely responsible for maintaining the Third-Party Services and obtaining any associated licenses and consents necessary for Customer to use the Third-Party Services in connection with the Services.
    7. Data Protection and Security. Each Party will comply with its obligations set forth in the Data Protection Addendum attached hereto as Exhibit B.
  3. CUSTOMER OBLIGATIONS
    1. Cooperation and Assistance. Customer shall at all times provide Dealpath with good faith cooperation and assistance and make available such information, facilities, Customer personnel and equipment as may be reasonably required by Dealpath in order to provide the Services (and, if applicable, Professional Services), including, but not limited to, providing Customer Data, security access, information and, as necessary, software interfaces to Customer’s business applications (provided that such cooperation, assistance and resources shall be at all times subject to and in accordance with Customer’s facility, workplace, internet usage, and other internal policies, as then in effect). Additionally, Customer shall be solely responsible for acquiring and maintaining all telecommunications and Internet services and other hardware and software required to access and use the Services, including, without limitation, any and all costs, fees, expenses, and taxes of any kind related to the foregoing.
    2. Enforcement. Customer shall keep confidential and not disclose to any third-parties (except for third-party Authorized Users), and shall ensure that Authorized Users keep confidential and do not disclose to any third-parties (except for third-party Authorized Users), any user identifications, account numbers and account profiles. Customer shall ensure that all Authorized Users comply with these Terms, including, without limitation, with Customer’s obligations and the restrictions set forth in Sections 2.4 (Restrictions) and 2.5 (Accept Use Policies). Customer shall promptly notify Dealpath of any reasonable suspicion or reasonably alleged violation of these Terms by Customer or an Authorized User and shall reasonably cooperate with Dealpath with respect to: (a) investigation by Dealpath of any such suspected or alleged violation of these Terms and (b) any action by Dealpath to enforce these Terms. Dealpath may suspend or terminate any Authorized User’s access to the Services upon notice to Customer in the event that Dealpath reasonably determines that such Authorized User violated these Terms or of any other agreement between Dealpath and such Authorized User pursuant to which such Authorized User is permitted to access and use the Services.
    3. Customer Data. Customer hereby grants Dealpath a right and license to copy, use, display, perform and modify the Customer Data solely to perform its obligations under these Terms, including to provide the Services and Professional Services.  Customer is responsible for providing all Customer Data in the appropriate format and the means by which the Customer Data was acquired, and for providing any notices, and obtaining any necessary rights, consents, and licenses for Dealpath to use the Customer Data in accordance with these Terms.
    4. Marketing Support.  Customer grants to Dealpath a non-exclusive, non-transferable (except as permitted under Section 11.9 – Assignment), limited right to use Customer’s name, trademarks, and logos (collectively, the “Customer Marks”) on Dealpath’s websites and in the production of marketing materials, provided that (i) such use is in accordance with the trademark and logo use guidelines that Customer provides to Dealpath, and (ii) such consent/grant may be given, withheld, or withdrawn at any time in Customer’s sole and absolute discretion. All goodwill developed from such use shall be solely for the benefit of Customer.
  4. FEES; EXPENSES; TAXES
    1. Fees. In consideration for Dealpath providing the Services and, if applicable, Professional Services, Customer shall pay to Dealpath the Fees in accordance with the terms set forth in the applicable Order Form.
    2. Invoices; Payment; Late Payment. Unless otherwise set forth in an Order Form, (a) Dealpath shall invoice Customer annually for all Fees and applicable Taxes (as defined in Section 4.3 – Taxes), and including any related interest and/or penalties, due in that period, and (b) each invoice is due and payable thirty (30) days following Customer’s receipt of a duly issued invoice. If Dealpath has not received payment within thirty (30) days after the due date and Customer has not reasonably disputed an invoice, interest shall accrue on such undisputed past due amounts at the rate of one and one-half percent (1.5%) per month, but in no event greater than the highest rate of interest allowed by applicable law, calculated from the date such amount was due until the date that payment is received by Dealpath, and Dealpath may suspend Services until all payments are made in full.
    3. Taxes. All Fees and other amounts stated or referred to in these Terms are exclusive of all taxes, duties, levies, tariffs, and other governmental charges (including, without limitation, VAT) (collectively, “Taxes”). Customer shall be responsible for payment of all Taxes and any related interest and/or penalties resulting from Customer’s use of the Services, other than any taxes based on Dealpath’s income.
  5. PROPRIETARY RIGHTS.
    1. Services and Data. Dealpath shall own and retain all right, title and interest in and to: (a) the Services, and all improvements, enhancements, updates, and modifications thereto, and any derivative works of the foregoing; (b) any underlying software, algorithms, interfaces, databases, tools, know-how, processes, methods, applications, inventions or other technology used to deliver the Services or Professional Services, or otherwise developed by or on behalf of Dealpath in connection with providing Implementation  or Professional Services; and (c) all Intellectual Property Rights in and to any of the foregoing (collectively, “Dealpath IP”). 
    2. Customer Data.  Customer shall own and retain all right, title and interest in and to the Customer Data; provided that Dealpath may collect, generate, process and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies, including without limitation learnings, analytics, algorithms, data and other information derived therefrom (collectively, “Usage Data”). Usage Data shall not incorporate any Customer Data and shall be in an aggregated and de-identified form. Dealpath shall own all right, title and interest in and to Usage Data, and all Intellectual Property Rights therein, which shall be deemed a part of Dealpath IP. Dealpath agrees that it will not use Usage Data for the benefit of a third party in a manner that would permit reverse engineering of Usage Data such that Customer (or its Authorized Users) can be identified as the source of such data.
    3. Feedback. From time to time Customer or its employees, contractors, or representatives may provide Dealpath with suggestions, comments, feedback or the like with regard to the Services or other products or services of Dealpath (collectively, “Feedback”).  To the extent that Customer provides to Dealpath any Feedback, Customer grants Dealpath a non-exclusive, worldwide, perpetual, irrevocable, fully-paid, royalty-free, sublicensable and transferable license to use, copy, modify, create derivative works based upon and otherwise exploit, freely and without restriction, the Feedback for any purpose.
    4. DMCA/Copyright Policy. Dealpath respects copyright law and expects Customer to do the same. It is Dealpath’s policy to terminate in appropriate circumstances access to the Services to customers (and its authorized users) who repeatedly infringe or are believed to be repeatedly infringing the rights of copyright holders. Please see Dealpath’s Copyright Policy at www.dealpath.com, for further information.
  6. CONFIDENTIALITY
    1. Definition. “Confidential Information” means any business or technical information disclosed by one party to the other party that: (i) if disclosed in writing, is marked “confidential” or “proprietary” at the time of disclosure; (ii) if disclosed orally, is identified as “confidential” or “proprietary” at the time of disclosure, and is summarized in a writing sent by the disclosing party to the receiving party within thirty (30) days after any such disclosure; or (iii) under the circumstances, a person exercising reasonable business judgment would understand to be confidential or proprietary. For clarity, and regardless of the circumstances and manner of disclosure, subject to Dealpath’s rights set forth elsewhere in these Terms, Customer Data is considered to be Confidential Information of Customer, and the Services and other Dealpath IP are Dealpath’s Confidential Information.  The terms and conditions of Order Forms hereunder shall be deemed the Confidential Information of Dealpath.
    2. Exclusions. The obligations and restrictions set forth in Section 6.3 (Use and Nondisclosure) will not apply to any information that: (i) is or becomes generally known to the public through no fault of or breach of these Terms by the receiving party; (ii) is rightfully known by the receiving party at the time of disclosure; (iii) is independently developed by the receiving party without access to the disclosing party’s Confidential Information; or (iv) the receiving party rightfully obtains from a third party who, after due inquiry, has the right to disclose such information without breach of any confidentiality obligation to the disclosing party.
    3. Use and Nondisclosure. A receiving party will not use the disclosing party’s Confidential Information except to perform its obligations and exercise its rights hereunder, and, except with the disclosing party’s prior written consent, will not disclose such Confidential Information to any third party except to those of its employees, agents, contractors, and subcontractors who have a bona fide need to know such Confidential Information for the performance or enforcement of these Terms; provided that each such employee, agent, contractor, and subcontractor is bound by a written agreement that contains use and disclosure restrictions consistent with the terms set forth in this Section 6 (Confidentiality). Each receiving party will protect the disclosing party’s Confidential Information from unauthorized use and disclosure using efforts equivalent to the efforts that the receiving Party ordinarily uses with respect to its own confidential information of like importance and in no event less than a reasonable standard of care. The provisions of this Section 6.3 (Use and Nondisclosure) will remain in effect for a period of three (3) years after the expiration or termination of these Terms; provided that with respect to Confidential Information that is a trade secret, the provisions of this Section 6.3 (Use and Nondisclosure) will remain in effect for so long as such Confidential Information is deemed a trade secret under applicable law.
    4. Permitted Disclosures. The provisions of this Section 6 (Confidentiality) will not restrict either party from disclosing the other party’s Confidential Information: (i) pursuant to the order or requirement of a court, administrative agency, or other governmental body; provided that the party required to make such a disclosure gives reasonable notice to the other party to enable it to contest such order or requirement or limit the scope of such request; (ii) on a confidential basis to its legal or professional financial advisors and to potential investors or acquirors; or (iii) as required under applicable securities regulations.
  7. WARRANTY
    1. Mutual Warranties.  Each party hereby represents and warrants to the other party that: (i) it is duly organized, validly existing and in good standing under its jurisdiction of organization and has the right to enter into these Terms and (ii) the execution, delivery and performance of these Terms and the consummation of the transactions contemplated hereby are within the corporate powers of such party and have been duly authorized by all necessary corporate action on the part of such party, and constitute a valid and binding agreement of such party.
    2. Warranty for Services. Dealpath represents and warrants that the Services will be in material accordance with the Service Level Agreement. Dealpath’s sole and exclusive liability and Customer’s sole and exclusive remedy for any breach of the warranty set forth in this Section 7.2 (Warranty for Services) will be as set forth in Section 5 of the Service Level Agreement.
    3. Customer Warranty. Customer represents and warrants that: (i) it has, and will continue to have, during the applicable Order Form Term, the legal right and authority to access, use and disclose to Dealpath any Customer Data; (ii) Dealpath has the right to use Customer Data in accordance with the terms of this Agreement; (iii) all Customer Data will be and remain true, accurate, and complete; and (iv) Dealpath’s use of the Customer Data in accordance with these Terms will not violate any applicable laws or regulations or cause a breach of any agreement or obligations between Customer and any third party.
    4. Disclaimer. EXCEPT AS EXPRESSLY PROVIDED IN SECTION 7, THE SERVICES AND PROFESSIONAL SERVICES ARE PROVIDED ON AN “AS IS” BASIS, AND DEALPATH MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHATSOEVER, EXPRESS OR IMPLIED, IN CONNECTION WITH THESE TERMS, THE SERVICES OR PROFESSIONAL SERVICES, AND DEALPATH HEREBY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY, ACCURACY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT, AND NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE. DEALPATH DISCLAIMS ANY WARRANTY THAT THE SERVICES OR PROFESSIONAL SERVICES WILL BE ERROR FREE OR UNINTERRUPTED OR THAT ALL ERRORS WILL BE CORRECTED. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM DEALPATH OR ELSEWHERE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THESE TERMS. Customer assumes sole responsibility and liability for results obtained from the use of the Services and for conclusions drawn from such use. Dealpath shall have no liability for any claims, losses, or damages caused by errors or omissions in any Customer Data or other information provided to Dealpath by Customer in connection with the Services or any actions taken by Dealpath at Customer’s direction. Dealpath shall have no liability for any claims, losses or damages arising out of or in connection with Customer’s or any Authorized User’s use of any third-party products, services, software or web sites that are accessed via links from within the Services.
  8. TERM AND TERMINATION
    1. Term. These Terms are effective as of the Effective Date of the first Order Form the Customer and Dealpath enter into and, unless earlier terminated in accordance with Section 8.2 (Termination for Cause), continue until all Order Forms have expired or are terminated pursuant to these Terms and applicable Order Forms.
    2. Termination for Cause. Either party may terminate these Terms (together with all Order Forms) upon written notice if the other party breaches any material term of these Terms and fails to correct the breach within thirty (30) days following written notice from the non-breaching specifying the breach; provided that the cure period for any default with respect to payment shall be ten (10) business days. Either party may terminate an individual Order Form upon written notice if the other party breaches any material term of such Order Form and fails to correct the breach within thirty (30) days following written notice from the non-breaching specifying the breach; provided that the cure period for any default with respect to payment shall be ten (10) business days.
    3. Rights and Obligations Upon Expiration or Termination. Termination of these Terms will automatically terminate all outstanding Order Forms. Upon expiration or termination of each Order Form: (i) Customer’s and its Authorized Users’ right to access and use the Services under such Order Form shall immediately terminate; (ii) Customer and its Authorized Users shall immediately cease all use of the Services under such Order Form; and (iii) each party shall make no further use of any Confidential Information, materials, or other items (and all copies thereof) belonging to the other party (unless otherwise authorized to do so hereunder based on a separate Order Form), and each party will promptly return to the other party (or destroy) all Confidential Information of the other party in its possession or control, except for any archived electronic communications which may be stored confidentially; and (iv) each party will promptly return to the other party (or destroy) all Confidential Information of the other party in its possession or control, provided that Dealpath may retain copies in accordance with its standard data retention policies of with regard to any archived electronic communications which may be stored confidentially; and (v) upon request, Dealpath shall at no additional cost make the Customer Data available to for download for a period of sixty (60) days following expiration/termination (Customer may request longer timeframes and/or different formats which, if approved by Dealpath, may be subject to additional cost).
    4. Survival. The rights and obligations of Dealpath and Customer contained in Sections 1 (Definitions), 2.5 (Acceptable Use Polices), 2.7 (Data and Security), 4 (Fees, Expenses and Taxes), 5 (Proprietary Rights), 6 (Confidentiality), 7.4 (Disclaimer) 8.3 (Rights and Obligations Upon Expiration or Termination), 8.4 (Survival), 9 (Indemnification), 10 (Limitation of Liability), and 11 (General) shall survive any expiration or termination of these Terms and Order Forms.
  9. INDEMNIFICATION
    1. Indemnification by Dealpath. Dealpath shall defend (or settle), indemnify and hold harmless Customer, its officers, directors and employees (collectively, “Customer Indemnitees”), from and against any court costs, reasonable attorneys’ fees, damages and liabilities awarded in final judgment against Customer Indemnitees, and amounts agreed to in settlement, with respect to each of the foregoing, to the extent arising from any third-party claim, allegation, or suit against Customer Indemnitees that the Services, as provided by Dealpath to Customer pursuant to these Terms, infringe, misappropriate, or otherwise violate any Intellectual Property Right of any third party.  In connection with Dealpath’s obligations under this Section 9.1 (Indemnification by Dealpath), Customer will: (a) provide Dealpath with prompt written notice of such claim (provided that any delay that does not materially prejudice Dealpath’s ability to defend the claim will not relieve Dealpath of its indemnification obligations); (b) provide reasonable cooperation to Dealpath, at Dealpath’s expense, in the defense and settlement of such claim; and (c) afford Dealpath sole authority to defend or settle such claim. Customer shall not enter into any stipulated judgment or settlement that purports to bind Dealpath without Dealpath’s express written authorization, which shall not be unreasonably withheld or delayed. 
    2. Injunctions. If Customer’s use of the Services is, or in Dealpath’s opinion is likely to be, enjoined due to the type of claim specified in Section 9.1 (Indemnification by Dealpath), then Dealpath may at its sole option and expense: (i) replace or modify the Services to make them non-infringing and of equivalent functionality; (ii) procure for Customer the right to continue using the Services; or (iii) if Dealpath is unable to accomplish either (i) or (ii) despite using its reasonable efforts, terminate the applicable Order Form or these Terms altogether and refund to Customer all unused prepaid fees applicable to the Services.
    3. Exclusions. Notwithstanding the terms of Section 9.1 (Indemnification by Dealpath), Dealpath will have no liability for any infringement or misappropriation claim of any kind to the extent that it results from: (i) Customer’s breach of these Terms, negligence, willful misconduct, or fraud; (ii) the combination, operation or use of the Services with equipment, devices, software or data not supplied by Dealpath, if a claim would not have occurred but for such combination, operation or use; (iii) Customer Data; (iv) Customer’s or an Authorized User’s use of the Services other than in accordance with these Terms; (v) Customer’s failure to use any enhancements, modifications, or updates to the Services made available by Dealpath to Customer, or Customer’s continued use of a prior version of the Services that has been superseded by a non-infringing version subsequently released by the provider.
    4. Sole Remedy. THE PROVISIONS OF SECTION 9.1, 9.2 AND 9.3 STATE DEALPATH AND ITS LICENSORS SOLE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO ANY ALLEGED OR ACTUAL INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS BY THE SERVICES.
    5. Indemnification by Customer. Customer shall defend (or settle), indemnify and hold harmless Dealpath, its officers, directors and employees (collectively, “Dealpath Indemnitees”), from and against any court costs, reasonable attorneys’ fees, damages and liabilities awarded in final judgment against Dealpath Indemnitees, and amounts agreed to in settlement, with respect to each of the foregoing, to the extent arising from any third-party claim, allegation, or suit based on Customer Data, including but not limited to any claim that Customer Data is infringing, misappropriating, or violating any Intellectual Property Rights or the publicity, privacy, or other rights of any third-party, applicable law, or was collected or disclosed in violation of these Terms. In connection with Customer’s obligations under this Section 9.5 (Indemnification by Customer) Dealpath will: (a) provide Customer with prompt written notice of such claim (provided that any delay that does not materially prejudice Customer’s ability to defend the claim will not relieve Customer of its indemnification obligations); (b) provide reasonable cooperation to Customer, at Customer’s expense, in the defense and settlement of such claim; and (c) afford Customer sole authority to defend or settle such claim. Dealpath shall not enter into any stipulated judgment or settlement that purports to bind Customer without Customer’s express written authorization, which shall not be unreasonably withheld or delayed.
  10. LIMITATION OF LIABILITY.
    1. Exclusion of Damages. EXCEPT FOR LIABILITY ARISING FROM CUSTOMER’S MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS IN THE SERVICES, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY LOSS OF INCOME, DATA, PROFITS, REVENUE OR BUSINESS INTERRUPTION, OR OTHER ECONOMIC LOSS, OR ANY INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES, WHETHER OR NOT SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND WHETHER ANY CLAIM FOR RECOVERY IS BASED ON THEORIES OF CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE AND STRICT LIABILITY) OR OTHERWISE.
    2. Total Liability. EXCEPT FOR CUSTOMER’S PAYMENT OBLIGATIONS, LIABILITY ARISING FROM CUSTOMER’S MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS IN THE SERVICES, DEALPATH’S IP INDEMNIFICATION OBLIGATIONS IN SECTION 9.1 AND CUSTOMER’S CUSTOMER DATA INDEMNIFICATION OBLIGATIONS IN SECTION 9.5, IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY TO THE OTHER PARTY AND ANY THIRD PARTY RELATED TO THESE TERMS OR CUSTOMER’S ACCESS TO AND USE OF THE SERVICES AND/OR PROFESSIONAL SERVICES EXCEED THE TOTAL FEES OWED BY CUSTOMER IN THE TWELVE-MONTH PERIOD PRECEDING THE CLAIM OR ACTION, REGARDLESS OF THE FORM OR THEORY OF THE CLAIM OR ACTION.
    3. Basis of Bargain. THE LIMITATIONS OF LIABILITY AND EXCLUSIONS OF DAMAGES SET FORTH IN THIS SECTION 10 (LIMITATION OF LIABILITY) ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN DEALPATH AND CUSTOMER AND WILL APPLY TO THE MAXIMUM EXTENT ALLOWED UNDER APPLICABLE LAW.
  11. GENERAL
    1. Subcontractors. Dealpath may use subcontractors and other third-party providers in connection with the performance of its own obligations hereunder (“Subcontractors”) as it deems appropriate; provided that the Dealpath remains responsible and liable for the acts and omissions of each such Subcontractor to the same extent Dealpath would be liable in accordance with the terms and limitations of these Terms had Dealpath directly engaged in such acts or omissions.
    2. Governing Law. These Terms and all matters arising out of or relating to these Terms shall be governed by the laws of the State of California, without regard to its conflict of law provisions. Any legal action or proceeding relating to these Terms shall be brought exclusively in the state or federal courts located in San Francisco, California. Dealpath and Customer hereby agree to submit to the jurisdiction of, and agree that venue is proper in, those courts in any such legal action or proceeding.
    3. Waiver. The waiver by either party of any default or breach of these Terms shall not constitute a waiver of any other or subsequent default or breach. No waiver of any provision of these Terms will be effective unless it is in writing and signed by the party granting the waiver.
    4. Notices. Dealpath may give notice to Customer by means of a general notice through the Services interface, email to Customer’s e-mail address on record with Dealpath, or by written communication sent by first class postage prepaid mail or nationally recognized overnight delivery service to Customer’s address on record with Dealpath. Customer may give notice to Dealpath by written communication sent by first class postage prepaid mail or nationally recognized overnight delivery service to the address on the Order Form. Notice shall be deemed to have been given upon receipt or, if earlier, two (2) business days after mailing, as applicable. For notices made by e-mail, the date of receipt will be deemed the date on which such notice is transmitted.
    5. Severability. In the event any provision of these Terms is held to be invalid or unenforceable, the remaining provisions of these Terms shall remain in full force and effect.
    6. Force Majeure. Neither party shall be liable hereunder by reason of any failure or delay in the performance of its obligations hereunder (except for the payment of money) on account of events beyond the reasonable control of such party, which may include without limitation denial-of-service attacks, strikes, shortages, riots, insurrection, epidemics, pandemics, fires, flood, storm, explosions, acts of God, war, terrorism, governmental action, labor conditions, earthquakes and material shortages (each a “Force Majeure Event”). Upon the occurrence of a Force Majeure Event, the non-performing party will be excused from any further performance of its obligations effected by the Force Majeure Event for so long as the event continues and such party continues to use commercially reasonable efforts to resume performance.
    7. Compliance with Laws. Each party agrees to comply with all applicable laws and regulations with respect to its activities hereunder, including, but not limited to, any export laws and regulations of the United States. Customer affirms that it is not named on, owned by, or acting on behalf of any U.S. government denied-party list, and it agrees  to comply fully with all relevant export control and sanctions laws and regulations of the United States (“Export Laws”) to ensure that neither the Services nor any technical data related thereto, is: (i) used, exported or re-exported directly or indirectly in violation of Export Laws; or (ii) used for any purposes prohibited by the Export Laws, including, but not limited to, nuclear, chemical, or biological weapons proliferation, missile systems or technology, or restricted unmanned aerial vehicle applications.
    8. Relationship Between the Parties. Nothing in these Terms shall be construed to create a partnership, joint venture or agency relationship between the parties. Neither party will have the power to bind the other or to incur obligations on the other’s behalf without such other party’s prior written consent.
    9. Assignment. Neither Party may assign or transfer these Terms, in whole or in part, without the other party’s prior written consent; provided that: (i) Dealpath may assign these Terms without Customer’s prior written consent to a successor entity in connection with a merger, acquisition, consolidation, by operation of law, or sale of all or substantially all of Dealpath’s assets to which these Terms relate; and (ii) Customer may assign these Terms without Dealpath’s prior written consent to a successor entity who is not a direct or indirect competitor of Dealpath in connection with a merger, acquisition, consolidation, by operation of law, or sale of all or substantially all of Customer’s assets to which these Terms relate.  Any attempted assignment or transfer without such consent will be null and of no effect.  Subject to the foregoing, these Terms will bind and inure to the benefit of the parties, their successors and permitted assigns.
    10. Entire Agreement. These Terms (together with all Order Forms) constitute the complete and exclusive agreement between the parties concerning its subject matter and supersede all prior or contemporaneous agreements or understandings, written or oral, concerning the subject matter of these Terms. These Terms may not be modified or amended except in a writing signed by a duly authorized representative of Dealpath and Customer. If there is any inconsistency between the provisions of these Terms and the terms in any Order Form, these Terms shall prevail. If accepted by Dealpath in lieu of or in addition to Dealpath’s Order Form, Customer’s purchase order shall be binding only as to the following terms: (a) the Services ordered and (b) the appropriately calculated fees due. Other terms shall be void.
    11. Non-Exclusive Remedies.  Except as otherwise set forth in these Terms, including Sections 7.2 (Warranty for Services) and 9.4 (Sole Remedy), the exercise by either party of any remedy under these Terms will be without prejudice to its other remedies under these Terms or otherwise.
    12. Equitable Relief. Each party acknowledges that a breach by the other party of any confidentiality or proprietary rights provision of these Terms may cause the non-breaching party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching party may institute an action to enjoin the breaching party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching party may be entitled at law or in equity.
    13. No Third-Party Beneficiaries. These Terms are intended for the sole and exclusive benefit of the signatories and is not intended to benefit any third party. Only the parties to these Terms may enforce them.
    14. Headings. The headings in these Terms are for the convenience of reference only and have no legal effect.

LIST OF EXHIBITS

EXHIBIT A – SERVICE LEVEL AGREEMENT

EXHIBIT B – DATA PROTECTION AGREEMENT

EXHIBIT C – REVISION HISTORY

EXHIBIT A
SERVICE LEVEL AGREEMENT

1. Service Availability.

Dealpath will make the Services under each Order Form available to Customer with 99.90% uptime, measured monthly, excluding Excused Downtime (“Uptime Requirement”). 

 2. Service Availability Calculation.

The percentage uptime for the Services under each Order Form will be calculated as follows (“Availability Percentage”).  Each month in which the Availability Percentage is less than the Uptime Requirement is referred to herein as a Deficient Month.

α=((η – π – ∆) / (η- π)) * 100

Where: 

α = % Availability
η =  Number of hours in a month
π = Excused Downtime as defined below
∆ = Total time of Service unavailability

3. Excused Downtime.

(a) Excused Downtime. “Excused Downtime” occurs when Customer has no or limited access to the Services under an Order Form that arises from (i) scheduled maintenance, (ii) a Force Majeure Event, (iii) any hardware or software not supplied by Dealpath; (iv) from telecommunications or Internet service provider failures; (v) Customer’s use of the Services in an unauthorized or unlawful manner or any interruption resulting from Customer’s misuse, alteration, or damage of the Services; or (vi) Dealpath’s exercise of its rights under the Agreement or the blocking of data communications or other portions of the Services in accordance with its policies.

(b) Scheduled Maintenance. Dealpath will use commercially reasonable efforts to undertake all necessary maintenance in a manner that mitigates impact to Customer and its users and to notify Customer of the required maintenance. Dealpath will use commercially reasonable efforts to provide twenty-four (24) hours’ prior notice for scheduled maintenance not to exceed six (6) hours.  Notice provided under this Section will be via email.

4. Technical Support

(a) Hours of Support.  Dealpath will respond to problems with the Services experienced by Customer or its Authorized Users in accordance with this Section 4. Dealpath will provide coverage parameters specific to the service(s) covered in this Agreement as follows:

  • Telephone support: Dealpath will designate a dedicated account manager who will provide phone support to Customer during normal business hours on weekdays during the hours of 9:00 a.m. – 5:00 p.m. Pacific Time with the exclusion of Federal Holidays. Dealpath will use commercially reasonable efforts to respond to all support requests within 1 business day.

(b) Problem Severity Level Definitions.  Problems reported by Customer to Dealpath support will be assigned a Severity Level in accordance with the following:

Impact Severity Levels
Severity 1            Critical Failure – actual failure of Services where the Services are unavailable to the Customer.
Severity 2Major Degradation – Critical problem causing loss of data or loss of service to core Services functionality.  Services are functioning but in a significantly reduced capacity, may affect multiple users.
Severity 3Minor Service/Application Degradation – does not affect core Services functionality.

(c) Problem Response Times.  Dealpath will use commercially reasonable efforts to meet or exceed the target response and problem resolution times for each Severity Level as set forth in the following:

Severity LevelResponse Time Objective

Restoration

Resolution Objective

Customer Update Frequency

1

4 Hours 24 hours to resolve or provide work aroundDaily
24 Hours 3 Business Days to resolve or provide work aroundDaily
31 Day20 Business Days to resolve or provide work aroundWeekly

(*) “Business Days” are defined as non-weekend and non-US holiday days.

5. Service Level Credits

(a) Customer’s sole and exclusive remedy, and Dealpath’s sole and exclusive liability, in connection with the availability of the Services shall be that for each continuous period of downtime lasting longer than one hour that occurs in a calendar Deficient Month, Dealpath will credit Customer 5% of any recurring Fees due for the month in question under the applicable Order Form (monthly fees may be calculated by dividing any annual recurring fees by 12); provided that no more than one such credit will accrue per day. Downtime shall begin to accrue at the earliest of (i) as soon as Customer (with notice to Dealpath) recognizes that downtime is taking place, or (ii) Dealpath otherwise becomes aware that downtime is taking place, and continues until the availability of the Services is restored. In order to receive downtime credit, Customer must notify Dealpath in writing within twenty-four (24) hours from the time of downtime, and failure to provide such notice will forfeit the right to receive downtime credit.  Such credits shall not exceed a total of credits for one (1) week of recurring Fees (pro-rated) under the applicable Order Form for any one (1) calendar Deficient Month and, except as set forth in following sentence, such credits may not be redeemed for cash.  If there will be no subsequent invoice for recurring Fees from Dealpath, Dealpath will refund to Customer the amount of any credit that would have been due to Customer under a subsequent invoice. 

(b) Notwithstanding Section 5(a) above, in the event Customer experiences a Severity Level 1 event five (5) times for the Services under an Order Form within any rolling six (6)-month period, Customer may immediately terminate such Order Form upon written notice.

EXHIBIT B – Data Protection Agreement

This Data Processing Addendum (“Addendum”) forms part of the Agreement between Customer and Dealpath.

1. Subject Matter and Duration.

(a) Subject Matter. This Addendum reflects the Parties’ commitment to abide by Data Protection Laws concerning the Processing of Customer Personal Data in connection with Dealpath’s execution of the Services under the Agreement. All capitalized terms that are not expressly defined in this Addendum will have the meanings given to them in the Agreement. If and to the extent language in this Addendum or any of its Exhibits conflicts with the Agreement, this Addendum shall control.

(b)  Duration and Survival. This Addendum will become legally binding upon the Effective Date, or upon the date that the Parties enter into this Addendum if it is completed after the Effective Date. Dealpath will Process Customer Personal Data until the relationship terminates as specified in the Agreement. Dealpath’s obligations and Customer’s rights under this Addendum will continue in effect so long as Dealpath Processes Customer Personal Data.

2. Definitions.

For the purposes of this Addendum, the following terms and those defined within the body of this Addendum apply.

(a) “Customer Personal Data” means Personal Data Processed by Dealpath on behalf of Customer.

(b) “Data Protection Laws” means all applicable data privacy, data protection, and cybersecurity laws, rules and regulations to which the Customer Personal Data are subject. “Data Protection Laws” shall include, but not be limited to, the California Consumer Privacy Act of 2018 (“CCPA”) and the EU General Data Protection Regulation 2016/679 (“GDPR”).

(c) “Personal Data” shall have the meaning assigned to the terms “personal data” and/or “personal information” under applicable Data Protection Laws.

(d) “Process” or “Processing” means any operation or set of operations which is performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

(e) “Security Incident(s)” means the breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data attributable to Dealpath.

(f) “Services” means any and all services that Dealpath performs under the Agreement.

(g) “Subprocessor” means Dealpath’s authorized vendors and third-party service providers that Process Customer Personal Data.

3. Data Use and Processing.

(a) Documented Instructions. Dealpath and its Subprocessors shall Process Customer Personal Data only in accordance with the documented instructions of Customer or as specifically authorized by this Addendum, the Agreement, or any applicable Statement of Work. Dealpath will, unless legally prohibited from doing so, inform Customer in writing if it reasonably believes that there is a conflict between Customer’s instructions and applicable law or otherwise seeks to Process Customer Personal Data in a manner that is inconsistent with Customer’s instructions.

(b) Authorization to Use Subprocessors. To the extent necessary to fulfill Dealpath’s contractual obligations under the Agreement or any Statement of Work, Customer hereby authorizes Dealpath to engage Subprocessors.

(c) Dealpath and Subprocessor Compliance. Dealpath agrees to (i) enter into a written agreement with Subprocessors regarding such Subprocessors’ Processing of Customer Personal Data that imposes on such Subprocessors data protection and security requirements for Customer Personal Data that are consistent with this Addendum; and (ii) remain responsible to Customer for Dealpath’s Subprocessors’ failure to perform their obligations with respect to the Processing of Customer Personal Data.

(d) Right to Object to New Subprocessors. Where required by Data Protection Laws and provided that Customer signs up for notifications at https://www.dealpath.com/dealpath-sub-processors/, Dealpath will email the contact email address(es) provided (Customer’s POC) prior to engaging any new Subprocessors that Process Customer Personal Data and allow Customer ten (10) days to object. If Customer has legitimate objections to the appointment of any new Subprocessor, the Parties will work together in good faith to resolve the grounds for the objection.

You can see the full list of Subprocessors here.

(e) Confidentiality. Any person authorized to Process Customer Personal Data must contractually agree to maintain the confidentiality of such information or be under an appropriate statutory obligation of confidentiality.

(f) Personal Data Inquiries and Requests. Dealpath agrees to provide reasonable assistance and comply with reasonable instructions from Customer related to any requests from individuals exercising their rights in Customer Personal Data granted to them under Data Protection Laws.

(g) Sale of Customer Personal Data Prohibited. Dealpath shall not sell Customer Personal Data as the term “sell” is defined by the CCPA.

(h) Data Protection Impact Assessment and Prior Consultation. Where required by Data Protection Laws, Dealpath agrees to provide reasonable assistance at Customer’s expense to Customer where, in Customer’s judgement, the type of Processing performed by Dealpath requires a data protection impact assessment and/or prior consultation with the relevant data protection authorities.

(i) Demonstrable Compliance. Dealpath agrees to provide reasonable information necessary to demonstrate compliance with this Addendum to Customer upon reasonable request.

4. Cross-Border Transfers of Personal Data.

(a) Cross-Border Transfers of Personal Data. Customer authorizes Dealpath to transfer Customer Personal Data across international borders, including from the European Economic Area to the United States. Where required, cross-border transfers of Customer Personal Data must be supported by an approved adequacy mechanism.

(b) Privacy Shield Certification. Dealpath is in the process of becoming, or Dealpath is currently, Privacy Shield certified, will maintain its Privacy Shield certification during the term of the Agreement and will Process the Customer Personal Data in accordance with the Privacy Shield principles. Dealpath will provide written notification to Customer’s POC before it withdraws from or otherwise no longer maintains a current certification to Privacy Shield.

(c) Standard Contractual Clauses. To the extent Dealpath is not currently Privacy Shield certified or if Privacy Shield is invalidated, Customer and Dealpath will use the Standard Contractual Clauses in this Attachment 1 to Exhibit B as the adequacy mechanism supporting the transfer of Customer Personal Data. The Parties agree that: (i) the audits described in Clause 5(f) and Clause 12(2) of the Standard Contractual Clauses shall be carried out in accordance with Section 7 of this Addendum; (ii) Pursuant to Clause 5(h) of the Standard Contractual Clauses, Dealpath may engage new Subprocessors in accordance with Section 3(b) – (d) of this Addendum; and (iii) the subprocessor agreements referenced in Clause 5(j) and certification of deletion referenced in Clause 12(1) of the Standard Contractual Clauses shall be provided by Dealpath only upon Customer’s written request. Each Party’s signature to the Agreement shall be considered a signature to the Standard Contractual Clauses to the extent the Standard Contractual Clauses apply hereunder.

5. Information Security Program.

(a) Dealpath agrees to implement appropriate technical and organizational measures designed to protect Customer Personal Data in accordance with Data Protection Laws, as described in Appendix 2 to this Attachment 1 to Exhibit B.

6. Security Incidents.

(a) Notice. Upon becoming aware of a Security Incident, Dealpath agrees to provide notice via e-mail without undue delay and within the time frame required under Data Protection Laws to Customer’s POC. Where possible, such notice will include all available details required under Data Protection Laws for Customer to comply with its own notification obligations to regulatory authorities or individuals affected by the Security Incident.

(b) Investigation. Dealpath will investigate the Security Incident and provide Customer with information concerning the scope, cause, impact of, and mitigation measures referenced in (c) below taken with respect to such Security Incident upon the initial notification referenced in (a) above, or, if not available at such time, promptly thereafter.

(c) Mitigation. Dealpath will take reasonable steps to mitigate the effects of the Security Incident.

7. Audits.

(a) Audits. The Parties acknowledge that Dealpath uses third-party auditors to verify the adequacy of its Processing of Customer Personal Data. The audit: (i) is performed annually; (ii) is performed against the SOC 2 Type 2 framework; (iii) is performed by an independent third-party security professional at Dealpath’s selection and expense; and (iv) will result in the generation of an audit report affirming that Dealpath’s security controls are compliant with SOC 2 Type 2 (“Report”). Upon request, Dealpath will provide Customer with a copy of its then current Report. If Customer demonstrates that the information contained in the Report is not sufficient for its compliance purposes, then Customer may carry out a follow up audit to ensure Dealpath’s compliance with the terms of this Addendum by having Dealpath complete a data protection questionnaire of reasonable length. Any provision of the Report to, or audit carried out by Customer shall be subject to reasonable confidentiality procedures.

8. Data Deletion.

(a) Data Deletion. At the expiry or termination of the Agreement, Dealpath will, upon Customer’s request, delete or return all Customer Personal Data (excluding any back-up or archival copies which shall be deleted in accordance with Dealpath’s data retention schedule), except where Dealpath is required to retain copies under applicable laws, in which case Dealpath will isolate and protect that Customer Personal Data from any further Processing except to the extent required by applicable laws.

(b) Customer can choose to engage Dealpath’s Professional Services at any point to request an export of all Customer Personal Data and any other of Customer’s Services account information (such as tasks, files, comments, and deal activity logs). The requested information will be exported and delivered to the Customer contact specified in writing by Customer (email accepted) in a common file format.

9. Processing Details.

(a) Subject Matter. The subject matter of the Processing is the Services pursuant to the Agreement.

(b) Duration. The Processing will continue until the expiration or termination of the Agreement.

(c) Categories of Data Subjects. Data subjects whose Customer Personal Data will be Processed pursuant to the Agreement.

(d) Nature and Purpose of the Processing. The purpose of the Processing of Customer Personal Data by Dealpath is the performance of the Services.

(e) Types of Customer Personal Data. Customer Personal Data that is Processed pursuant to the Agreement.

Attachment 1 to Exhibit B

Standard Contractual Clauses (Processors)

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.

Name of the data exporting organisation: Customer (as defined in the Addendum).
……………………………………………………………
(the data exporter)

And

Name of the data importing organisation: Dealpath (as defined in the Addendum).
(the data importer)
each a “Party”; together “the Parties”,

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

Clause 1
Definitions

For the purposes of the Clauses:

(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

(b) ‘the data exporter’ means the controller who transfers the personal data;

(c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

(d) ‘the subprocessor’ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

(e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2
Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3
Third-Party beneficiary clause

  1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
  2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
  3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
  4. The Parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4
Obligations of the data exporter

The data exporter agrees and warrants:

(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;

(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;

(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

(e) that it will ensure compliance with the security measures;

(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

(j) that it will ensure compliance with Clause 4(a) to (i).

Clause 5
Obligations of the data importer

The data importer agrees and warrants:

(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;

(d) that it will promptly notify the data exporter about:

(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorised access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;

(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;

(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;

(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;

(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.

Clause 6
Liability

1. The Parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any Party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.

2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.

3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.

Clause 7
Mediation and jurisdiction

1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

(b) to refer the dispute to the courts in the Member State in which the data exporter is established.

2. The Parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8
Cooperation with supervisory authorities

1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

2. The Parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).

Clause 9
Governing Law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10
Variation of the contract

The Parties undertake not to vary or modify the Clauses. This does not preclude the Parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11
Subprocessing

1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement.

2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.

3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.

4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.

Clause 12
Obligation after the termination of personal data processing services

1. The Parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.

EXHIBIT CRevision History

Terms of Service – Revision – July 2022

Terms of Service – Revision – February 14, 2020

Terms of Service – Revision – Aug 2019

Schedule A Meeting

Get a personalized demo of Dealpath from one of our experts