DATANYZE AND LICENSEE AGREE THAT THESE DATANYZE LICENSE TERMS AND CONDITIONS (“TERMS”) SHALL GOVERN THE RELATIONSHIP BETWEEN THE PARTIES AS TO ANY DATANYZE PRODUCTS OR SERVICES PROVIDED OR TO BE PROVIDED TO LICENSEE THAT ARE REFLECTED ON A DATANYZE PURCHASE ORDER OR ORDER FORM (“ORDERING DOCUMENT”).
Licensee and Datanyze agree as follows:
“Datanyze” means Datanyze, LLC, and any Datanyze parents or affiliates.
“Licensee” means the party to whom Datanyze is to provide products or services (whether identified as “licensee”, “customer”, “client” or similar designation in the Ordering Document). If “Licensee” includes more than one legal person, the obligations imposed upon each shall be joint and several. The act of, notice from or to, or signature of any one or more of the persons included within “Licensee” shall be binding on all such persons with respect to all rights and obligations under this Agreement, including but not limited to any renewal, extension, termination or modification of this Agreement.
1. SUBSCRIBED SERVICES, GRANT OF LICENSE
1.1 Datanyze, directly or through an affiliate, agrees to provide to Licensee the products and/or services set forth in the Ordering Document (the “Services”). The Services may include information (the “Licensed Materials”), access to and/or use of software or other technology (the “Datanyze Technology”), or other services including premium support. Datanyze will make the Services available to the Licensee via password-protected online access accessible by Licensee with usernames and passwords or as otherwise mutually agreed by the parties. Subject to the terms and conditions herein, Datanyze grants to Licensee a non-exclusive, non-transferrable license to access and use the Services in accordance with this Agreement and during the Term of this Agreement.
1.2 The Services will be provided as they exist and are updated and amended throughout the Term. Information provided as part of any Licensed Materials may be updated on an ongoing basis and provided according to the criteria used to define the scope of the subscribed Services. Licensee understands and acknowledges that the contents of Licensed Materials will change over time as the data is updated, and that at any given time it has a right to access and use the data to which it is subscribed as it exists at that time. Certain portions of the Services may be provided by Datanyze’s third-party licensors, and Datanyze’s ability to provide such information may be subject to the willingness of such licensors to continue to contract with Datanyze. Features and functions of the Datanyze Technology are provided “as is” and as they may be modified, supplemented, or removed from time to time in Datanyze’s sole discretion. Datanyze shall have no liability to Licensee for any modification to any Service, provided that the product or service provided substantially conforms to the description in the Ordering Document.
1.3 Ownership. Licensee acknowledges and agrees that, as between Licensee and Datanyze, the Licensed Materials, the Datanyze Technology, and any related documentation (including, without limitation, the content, layout, functions, design, appearance, trademarks, service marks, copyrights, patents, and other intellectual property comprising the Licensed Materials or Datanyze Technology) are the property of Datanyze, whether or not they are trademarked, copyrighted, or patented. Licensee acknowledges and agrees that this Agreement does not transfer any ownership, right, title, or interest in the Licensed Materials or Datanyze Technology, nor any part thereof, except the limited license provided hereunder, and Licensee expressly disclaims and waives any and all claims to any ownership interest in any such information or materials. This includes, without limitation, any Licensed Materials that Licensee downloads, prints, saves, or incorporates into other materials. Licensee further acknowledges and agrees that the Licensed Materials, in whole or in part, are unique, special, and valuable. Subject to the limited rights expressly granted hereunder, Datanyze, its affiliates and/or its licensors reserve all right, title, and interest in and to the Licensed Materials and Datanyze Technology, including all related intellectual property rights. No rights are granted to Licensee hereunder other than as expressly set forth herein.
1.4 Third-Party Applications. “Third-Party Applications” means computer software programs and other technology that are provided or made available to Licensee or Authorized Users by third parties, including those with which the Datanyze Technology may interoperate, including, for example, Licensee’s CRM, marketing automation software, or sales enablement software, if any. Datanyze may make available certain “Integration Tools”, which consist of Datanyze Technology designed to allow Licensee to use Datanyze Technology and the Licensed Materials in such a way as to interoperate with one or more Third-Party Applications. Datanyze is not responsible for and does not endorse any Third-Party Applications or websites linked to by Datanyze Technology.
1.5 Quality Guarantee. A “Licensed Materials Contact” means a record regarding a natural person, consisting of at a minimum such person’s name and company affiliation, contained in Datanyze’s database and made available to Licensee as part of any of the Services. If at any time during the Term more than 5% of the Licensed Materials Contacts are not employed by (or similarly affiliated with) the specified company, then upon notice from the Licensee, Datanyze shall have 30 days to correct the Licensed Materials in order to make them at least 95% accurate. If Datanyze is unable to achieve 95% accuracy within 30 days, upon notice to Datanyze, Licensee may terminate the Agreement and shall be entitled to a prorated refund of any prepaid Subscription Fees applicable to periods after the date of the first notice under this paragraph.
1.6 Support. Datanyze will provide reasonable assistance and support to assist Licensee and Authorized Users in accessing the Licensed Materials.
2. AUTHORIZED USE OF LICENSED MATERIALS AND DATANYZE TECHNOLOGY, RESTRICTIONS
2.2 Qualification of Authorized Users. Licensee shall not designate any person as an Authorized User unless such person is: (1) a natural person and (2) an employee of Licensee. Licensee may designate a non-employee (i.e., an independent contractor) as an Authorized User provided Licensee takes reasonable steps to ensure such non-employee uses the Services only as permitted under this Agreement. If the employment of any Authorized User that was in effect as of the date such person was designated as an Authorized User terminates, such person’s authorization to access the Services shall be revoked automatically without any further action by Datanyze. In the event of a termination as described in the previous sentence, Licensee shall promptly take all reasonable steps to ensure that such person ceases accessing the Services. Licensee may reassign Authorized User designations at any time subject to the foregoing qualification requirements.
2.3 Authorized Uses, Restrictions. Licensee shall not access or use the Services for any purpose except the business-to-business sales, marketing, recruiting, or business development activities of Licensee. Licensee shall not access or use the Licensed Materials for the benefit of or on behalf of any person or entity except Licensee. Subject to Licensee’s compliance with all applicable laws, rules, and regulations, Licensee may use the Services to: (i) view the Licensed Materials; (ii) communicate with any Licensed Materials Contact in a manner that relates to such person’s profession, business, or employment; and (iii) identify prospective sales opportunities, research Licensee’s existing customers and prospects, and otherwise analyze the Licensed Materials in a manner relating to Licensee’s business-to-business sales, marketing, recruiting, and business development activities. Licensee shall not permit anyone who is not an Authorized User to access or use the Services, including any Licensed Materials or any Authorized User login credentials. Licensee shall not distribute, sublicense, transfer, sell, offer for sale, disclose, or make available any of the Licensed Materials or any part of the Services to any third party. Licensee shall not incorporate any portion of the Services or Licensed Materials into Licensee’s own products or services. Upon expiration or termination of this Agreement for any reason, Licensee shall cease accessing the Services and shall cease using the Licensed Materials in any way. Notwithstanding the foregoing, where Licensee has, through using the Licensed Materials in a manner permissible under this Agreement, received responsive communication from a Licensed Materials Contact, Licensee shall not be required to delete such Licensed Materials Contact record upon expiration or termination hereof, and may continue to use such information in a manner otherwise consistent with this Agreement. Licensee is solely responsible for any communications between Licensee or any Authorized User and any Licensed Materials Contact.
2.4 Permitted Use of Datanyze Technology, Restrictions. Licensee is permitted to use the Datanyze Technology solely for the purpose of accessing and using the Licensed Materials as permitted by this Agreement. Licensee will not (i) reverse assemble, reverse engineer, decompile, or otherwise attempt to derive source code from any of the Datanyze Technology; (ii) reproduce, modify, create, or prepare derivative works of any of the Datanyze Technology or related documentation; (iii) distribute or display any of the Datanyze Technology or related documentation other than to Authorized Users; (iv) share, sell, rent, or lease or otherwise distribute access to the Datanyze Technology, or use the Datanyze Technology to operate any timesharing, service bureau, or similar business; (v) create any security interest in the Datanyze Technology; (vi) alter, destroy, or otherwise remove any proprietary notices or labels on or embedded within or on the Datanyze Technology or related documentation; (vii) disclose the results of any Datanyze Technology or program benchmark tests to any third parties without Datanyze’s prior written consent; or (viii) use automated means, such as bots or crawlers, to access any Datanyze Technology or extract information therefrom (except such means as are included within the Datanyze Technology, such as Integration Tools, or such other means as are expressly approved in advance in writing by Datanyze). Licensee may use Datanyze Technology only in accordance with this Agreement and not for the benefit of any third party, except with Datanyze’s express prior written permission.
2.5 Limitations on Use of the Services. Licensee shall use the Services in a responsible and professional manner consistent with the intended and permissible uses herein and consistent with standard industry practice. Licensee shall not override or circumvent, or attempt to override or circumvent, any security feature, control, or use limits of the Datanyze Technology. Licensee will not use the Licensed Materials or Datanyze Technology for commercial purposes not permitted under this Agreement and shall not designate any person as an Authorized User if Licensee has reason to believe such person is likely to use the Services on behalf of a third party or otherwise in violation of this Agreement. Datanyze may use technological means to place reasonable use limits to prohibit excessive use, including excessive downloads or screen views that indicate a violation of this Agreement, such as sharing with third parties or attempting to circumvent limitations to purchased credits (if applicable). If Licensee’s access to the Services is limited under this paragraph, it may request that the limit be removed, and Datanyze may remove or modify a particular limitation if it determines in its sole and absolute discretion that the proposed use by Licensee is in good faith and otherwise consistent with this Agreement.
2.6 Identification of Licensed Materials. Licensee shall not integrate Licensed Materials into any CRM, marketing automation, or sales enablement system for the purpose of allowing persons who are not Authorized Users to access or use the Licensed Materials. Any Licensed Materials that are downloaded and/or integrated into any CRM system must be maintained with identifying information indicating that such materials originated with Datanyze by, for example, maintaining a leadsource of “Datanyze.”
2.7 Unauthorized Access and Use. In the event Datanyze has a reasonable belief that Licensee or any Authorized User is engaged in any unauthorized access or use of the Licensed Materials or Datanyze Technology in violation of this Agreement, Datanyze, in its sole discretion, may immediately suspend Licensee’s access to the Licensed Materials and/or Datanyze Technology until such violation is resolved to Datanyze’s reasonable satisfaction. Datanyze will have no liability to Licensee for such period of suspension and a suspension shall have no effect on the Term of this Agreement nor on Licensee’s obligation to pay the Subscription Fee.
2.8 Data Credits. “Data Credits” entitle the Licensee to certain access and/or functionality within the Datanyze Technology. Use of a Data Credit is required for an Authorized User to view a contact or company record in the Datanyze Technology. Licensee must purchase an initial allotment of Data Credits, and additional Data Credits may be purchased for an additional fee. The content of any particular record obtained through use of a Data Credit (including the available data points or the accuracy of any particular data point) is “AS IS”; once a Data Credit is used, the use cannot be revoked and no replacement credits or refunds will be provided based on the amount or quality of a particular record. Once a Data Credit is redeemed, Licensee will be able to view the corresponding contact or company record in the Datanyze Technology until such record is updated or modified which may impact Licensee’s ability to continue to view such record without the use of another Data Credit. At the discretion of Datanyze, Data Credits may be withheld until full payment of the Subscription Fee is received from Licensee.
2.8.1 For annual subscriptions, Data Credits shall remain valid for the entirety of the annual subscription period. Any Data Credits that remain unused at the end of such annual subscription period shall automatically expire.
2.8.2 For monthly subscriptions, Data Credits are made available to Licensee at the beginning of each monthly period (commencing on the effective date of this Agreement). Any unused Data Credits at the end of each monthly period shall automatically expire.
3. TERM AND TERMINATION
3.1 Term. The Initial Term of the Agreement is that which is set forth in the Ordering Document (together with any period of extension under Section 3.2 hereof, the “Term”). The Agreement is not cancellable and shall remain in effect until it expires or is earlier terminated according to its terms.
3.2 Automatic Extension of the Term.
3.2.1 Annual Subscription. If Licensee purchases an annual subscription to the Services, on the date that is 60 days prior to the last day of the Term (the “Extension Date”), the Term will automatically extend for one year, unless either party, on or before the Extension Date, notifies the other in writing that the Term shall not so extend. In the event that the Term is extended under this paragraph: (1) Licensee shall remain subscribed during such period of extension to the Services to which it was subscribed as of the Extension Date, and (2) the Subscription Fees to be paid to Datanyze for such Services during such period of extension shall be equal to the amount of the Subscription Fee applicable to all Services to which Licensee was subscribed as of the Extension Date, plus 10% of such fee, plus any applied discount. Subscription Fees for the period of extension hereunder shall be due upon extension of the Term, and shall be payable as invoiced. Datanyze will invoice Subscription Fees for any period of extension in a manner substantially consistent with the payment schedule that applied to the Agreement as of the Extension Date.
3.2.2 Monthly Subscription. If Licensee purchases a monthly subscription to the Services, the Term will automatically extend on a monthly basis (which shall be assessed and measured from the effective date of the Agreement) until either party elects to cancel.
3.3 Termination. Either party may terminate this Agreement immediately, without further obligation to the other party, in the event of a material breach of this Agreement by the other party that is not remedied within twenty-one (21) days after the breaching party’s receipt of written notice of such breach. The parties may terminate this Agreement at any time upon their mutual Agreement. Datanyze can terminate this Agreement immediately, without further obligation to Licensee, for convenience at any time with or without notice to Licensee.
3.3.1 Monthly Subscription. Licensee can cancel its monthly subscription at any time provided Licensee must submit a valid notice of cancellation prior to the commencement of a new monthly period in order to avoid being charged for the next monthly period’s Subscription Fee. If Licensee submits a valid notice of cancellation prior to the commencement of a new monthly period, then cancellation will become effective at the end of the then-current monthly subscription period.
3.4 Effect of Termination.
3.4.1 Expiration or Termination for any Reason. Upon expiration or termination of this Agreement for any reason, Licensee acknowledges and agrees that its access to the Licensed Materials may be automatically terminated, all passwords and individual accounts removed, and all information that has been uploaded into Datanyze’s systems by Licensee destroyed. Upon expiration or termination of this Agreement for any reason, unless otherwise provided herein, Licensee agrees to destroy any and all copies of Licensed Materials and any information it has obtained from the Licensed Materials, whether in hard copy or electronic form.
3.4.2 Termination by Datanyze. If this Agreement is terminated by Datanyze due to a material breach by Licensee, all Subscription Fees payable to be paid to Datanyze for the remainder of the then-current Term shall be immediately due and payable to Datanyze, and Licensee shall promptly remit all such fees to Datanyze.
3.4.3. Termination by Licensee. If this Agreement is terminated by Licensee due to an uncured material breach by Datanyze, Datanyze shall promptly refund the pro-rata amount of any pre-paid Subscription Fees attributable to periods after the date of such termination. Other than for termination due to an uncured material breach by Datanyze, no refunds of any type will be issued to Licensee or permitted hereunder.
4. FEES AND TAXES
4.1 Licensee shall pay all fees stated in the Ordering Document and any other fees applicable to its subscription to Services as provided hereunder (the “Subscription Fee”). All Subscription Fees are due and payable at the beginning of each subscription period (e.g. monthly, annual). All amounts payable by Licensee under this Agreement will be paid to Datanyze without setoff or counterclaim, and without any deduction or withholding. Datanyze’s acceptance of partial payment or any payment of less than the full amount payable at any given time shall not constitute a waiver or release of Datanyze’s right to unpaid amounts.
4.2 Subscription Fees will be stated at the time of purchase or sign-up, as applicable. Subscription Fees are non-refundable except in the specific circumstances described in these Terms. Datanyze only accepts credit cards for payment of Subscription Fees. If Licensee’s subscription involves a recurring payment of a fee, unless Licensee notifies Datanyze before a charge that Licensee wants to cancel or does not want to automatically renew Licensee’s subscription, Licensee understands it will automatically continue and Licensee authorizes Datanyze, or a third party through which Licensee transacts (without notice to Licensee, unless required by applicable law) to collect the then-applicable fees and any taxes, using any credit card Datanyze has on record for Licensee. If all credit cards Datanyze has on file for Licensee are declined for payment of Subscription Fees, Datanyze may cancel Licensee’s subscription.
4.3 Licensee is responsible for any applicable taxes, including, without limitation, any sales, use, levies, duties, or any value added or similar taxes payable with respect to Licensee’s subscription and assessable by any local, state, provincial, federal, or foreign jurisdiction. Unless expressly specified otherwise in the Ordering Document, all fees, rates, and estimates exclude sales taxes. If Datanyze believes any such tax applies to Licensee’s subscription and Datanyze has a duty to collect and remit such tax, the same may be set forth on an invoice to Licensee unless Licensee provides Datanyze with a valid tax exemption certificate, direct pay permit, or multi-state use certificate, and shall be paid by Licensee immediately or as provided in such invoice. Datanyze is solely responsible for taxes based upon Datanyze’s net income, assets, payroll, property, and employees.
5. DATA PROTECTION AND CONFIDENTIALITY
5.2 “Confidential Information” of a party means such party’s (or its affiliate’s): inventions, discoveries, improvements, and copyrightable material not yet patented, published, or copyrighted; special processes and methods, whether for production purposes or otherwise, and special apparatus and equipment not generally available or known to the public; current engineering research, development, design projects, research and development data, technical specifications, plans, drawings and sketches; business information such as product costs, vendor and customer lists, lists of approved components and sources, price lists, production schedules, business plans, and sales and profit or loss information not yet announced or not disclosed in any other way to the public; and any other information or knowledge not generally available to the public. “Confidential Information” does not include the Licensed Materials (which are subject to other restrictions under this Agreement) nor otherwise include business contact or firmographic information regarding third parties. All business terms of this Agreement, including, but not limited to, pricing and access, shall be considered Confidential Information of Datanyze.
5.3 Each party shall keep in confidence all Confidential Information of the other party obtained prior to or during the Term of this Agreement, and shall protect the confidentiality of such information in a manner consistent with the manner in which such party treats its own confidential material, but in no event with less than reasonable care. Without the prior written consent of the other party, a party shall not disclose or make available any portion of the other party’s Confidential Information to any person, firm, association, or corporation, or use such Confidential Information, directly or indirectly, except for the performance of this Agreement. The foregoing restrictions shall not apply to Confidential Information that: (a) was known to such party (as evidenced by its written record) or was in the public domain prior to the time obtained by such party; (b) was lawfully disclosed to such party by a third party who did not receive it directly or indirectly from such party and who is under no obligation of secrecy with respect to the Confidential Information; or (c) became generally available to the public, by publication or otherwise, through no fault of such party. The parties shall take all necessary and appropriate steps in order to ensure that its employees and subcontractors adhere to the provisions of this section. All Confidential Information shall be returned to the disclosing party or destroyed upon receipt by the receiving party of a written request from the disclosing party.
5.4 Personal Information. To the extent that either party transmits or receives personal information under this Agreement, such party shall comply with all applicable laws, rules, and regulations regarding privacy and the lawful processing of personal information. To the extent that personal data obtained by Licensee under this Agreement is subject to the E.U. General Data Protection Regulation (the “GDPR”), each party agrees that it is a “controller” with respect to such data as defined in the GDPR and agrees to comply with all applicable provisions. Notwithstanding anything in this Agreement to the contrary, Licensee shall not use any information subject to the GDPR unless it is for a purpose that constitutes a “legitimate interest” (including direct marketing) as defined in the GDPR, or Licensee has another lawful basis to process such information. Within the Datanyze Technology, Datanyze may publish a list of persons who have requested that their personal information be removed from Datanyze’s database. Licensee agrees to review such list on a regular basis (no less frequently than once per month) and to remove from its possession any Licensed Materials Contact records relating to such persons in its possession, unless Licensee has established an independent lawful basis to process such person’s personal information. To the extent that any Services may involve Datanyze receiving personal data from Licensee that is subject to the UK/EU GDPR, the attached Appendix A shall set out the status and responsibilities of the parties in relation to such personal data. To the extent that any Services may involve Licensee receiving personal data from Datanyze that is subject to the UK/EU GDPR, the attached Controller-to-Controller Data Processing Addendum attached as Appendix B shall set out the status and responsibilities of the parties in relation to such personal data.
5.5 Related Information. Datanyze may access, collect, and use any information from or relating to Licensee and Licensee’s use of the Services (“Related Information”) for customer and technical support, for regulatory and third party compliance purposes, to protect and enforce Datanyze’s rights, to monitor compliance with and investigate potential breaches of the terms of this Agreement, and to recommend additional products or services to Licensee. Datanyze may share this information with Datanyze’s partners or affiliates for the same purposes. Licensee grants Datanyze and Datanyze affiliates the perpetual right to use Related Information and any feedback provided by Licensee for purposes such as to test, develop, improve, and enhance Datanyze’s products and services, and to create and own derivative works based on Related Information and feedback, so long as neither Licensee, Authorized User nor any other individual is identifiable as the source of such information.
5.6 Licensee Data. Licensee is solely responsible for all data, graphics, images, files, information, text, voice content, recordings, and other content and materials that are collected, uploaded, posted, delivered, provided, or otherwise transmitted or stored by Licensee in connection with Licensee’s use of the Services (collectively, “Licensee Data”), and Licensee represents and warrants that it has all rights necessary to grant the licenses herein without violation of any third party rights, including without limitation, any privacy rights, publicity rights, copyrights, trademarks, contract rights, or any other intellectual property or proprietary rights. Licensee shall be solely responsible for making any required notices (including without limitation any privacy notices required by applicable local, state, federal, and international laws and regulations) and for obtaining any required consents sufficient to authorize Datanyze’s performance of its obligations and exercise of its rights as set forth in this Agreement.
6. REPRESENTATIONS AND WARRANTIES
6.1 Each party represents and warrants that: (1) it is duly organized and validly existing and authorized to do business in the jurisdictions where it operates; and (2) it has the requisite power and authority to enter this Agreement and entering and complying with its obligations under this Agreement does not violate any legal obligation by which such party is bound.
6.2 Licensee represents and warrants, and covenants that it will not, in connection with this Agreement, including its use of or access to the Services, engage in, encourage, or permit conduct that violates or would violate any applicable law, rule, or regulation or any right of any third party.
7.1 Remedies not Exclusive. No remedy provided in this Agreement shall be deemed exclusive of any other remedy that a party may have at law or in equity unless it is expressly stated herein that such remedy is exclusive.
7.2 Provisional Remedies. Each party recognizes that the unauthorized disclosure of Confidential Information or, as to Licensee, Licensed Materials, may cause irreparable harm to the other party for which monetary damages may be insufficient, and in the event of such disclosure, such other party shall be entitled to seek an injunction, temporary restraining order, or other provisional remedy as appropriate without being required to post bond or other security.
7.3 Liquidated Damages. Licensee acknowledges that the Licensed Materials are for its own use only, and that the disclosure to a third party of a list of Licensed Materials Contacts will cause damage to Datanyze in an amount that is difficult to quantify. In order to avoid the time and expense of quantifying damages, if Licensee, negligently or intentionally, discloses a list of Licensed Materials Contacts to a third party or permits a third party to access any Licensed Materials Contact records through use of login credentials to Datanyze Technology issued to any Authorized User, Datanyze shall be entitled to damages from Licensee in the liquidated amount equal to $2.00 per Licensed Materials Contact record that is so disclosed or made available.
8. ATTORNEY FEES, DISPUTE RESOLUTION, CLASS ACTION WAIVER
8.1 Attorney Fees. In the event of any dispute arising under this Agreement, the prevailing party shall be entitled to recover its reasonable costs and expenses actually incurred in endeavoring to enforce the terms of this Agreement, including reasonable attorney fees.
8.2 Mandatory Arbitration. Except for Litigation Claims (defined below), any dispute, claim, or controversy arising out of or relating to this Agreement, including, without limitation (1) claims relating to the breach, termination, enforcement, interpretation or validity thereof, (2) claims alleging tortious conduct (including negligence) in connection with the negotiation, execution, or performance thereof, or (3) the determination of the scope or applicability of this agreement to arbitrate, shall be settled by arbitration administered by JAMS pursuant to its Comprehensive Arbitration Rules and Procedures and in accordance with the Expedited Procedures in those Rules or pursuant to JAMS’ Streamlined Arbitration Rules and Procedures. The arbitration shall be heard by a single arbitrator and shall be conducted in Seattle, Washington. Judgment on the Award may be entered in any court having jurisdiction. This section shall not preclude parties from seeking provisional remedies in aid of arbitration from a court of appropriate jurisdiction. The arbitrator shall have the power to award any remedy provided under applicable law, except that the arbitrator shall have no power to award: (1) punitive, exemplary, or multiple damages under any legal theory; (2) mandatory or prohibitory injunctive relief, except for temporary relief in aid of the arbitration or to secure the payment of an award; or (3) any damages in excess of the limits set forth in this section or Section 10 (Limitation of Liability) of this Agreement.
8.3 Class Action Waiver. No party shall commence or seek to prosecute or defend any dispute, controversy, or claim based on any legal theory arising out of or relating to this Agreement, or the breach thereof, other than on an individual, non-class, non-collective action basis. No party shall seek to prosecute or defend any dispute, controversy, or claim arising out of or relating to this Agreement, or the breach thereof, in a representative or private attorney general capacity. The arbitrator shall not have the power to consolidate any arbitration under this Agreement with any other arbitration, absent agreement of all parties involved, or otherwise to deal with any matter on a non-individual, class, collective, representative, or private attorney general basis.
8.4 Litigation Claims. The following claims (“Litigation Claims”) shall be litigated and not arbitrated: (a) claims against a party to this Agreement under the provisions involving claims by third parties; (b) claims by a party for the unauthorized use, or the misuse, by the other party of the first party’s intellectual property or confidential, proprietary, or sensitive information; (c) claims by Datanyze to collect Subscription Fees; and (d) claims for a provisional remedy (such as a temporary restraining order or preliminary injunction) in aid of an arbitration under this Agreement. The Litigation Claims are not subject to arbitration and are expressly excluded by the parties from arbitration.
9.1 Licensee agrees to indemnify, defend, and hold harmless Datanyze and its officers, directors, employees, shareholders, agents, partners, successors, and permitted assigns from and against any and all actual or threatened claims of third parties arising out of or in connection with (1) Licensee’s access or use of the Licensed Materials in violation of any law, (2) Licensee’s violation of any provision of this Agreement, (3) Licensee’s sending of any information, messages, or materials to any Licensed Materials Contact (including, but not limited to, through e-mail, mail, or fax) in violation of any law or the rights of any third party, or (4) the use of any Licensed Materials or Datanyze Technology by any third party to whom Licensee has granted access (including access obtained through use of the usernames and passwords assigned to Licensee and its personnel).
9.2 Datanyze shall indemnify Licensee for any damages finally awarded by any court of competent jurisdiction against Licensee in, or for amounts paid by Licensee under a settlement approved by Datanyze in writing of, any legal proceeding brought by a third party alleging that the Licensed Materials or Datanyze Technology infringes upon or violates the intellectual property rights of any such third party.
9.3 As a condition to any right to indemnification under this agreement, the indemnified party must (a) promptly give the indemnifying party written notice of the claim or proceeding, (b) give the indemnifying party sole control of the defense and settlement of the claim or proceeding (except that the indemnifying party may not settle any claim or proceeding unless it unconditionally releases the indemnified party of all liability), and (c) give the indemnifying party all reasonable assistance, at the indemnifying party’s expense. This section states the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy against, the other party for any claim or proceeding subject to indemnification hereunder.
10. LIMITATION OF LIABILITY
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND EXCEPT FOR INSTANCES OF A PARTY’S OR ITS AGENT’S GROSS NEGLIGENCE OR INTENTIONAL MISCONDUCT, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY PUNITIVE, EXEMPLARY, MULTIPLE, INDIRECT, CONSEQUENTIAL, SPECIAL, OR LOST PROFITS DAMAGES ARISING FROM OR RELATING TO THIS AGREEMENT, WHETHER FORESEEABLE OR UNFORESEEABLE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. LICENSEE’S SOLE AND EXCLUSIVE REMEDY FOR ANY UNCURED BREACH BY DATANYZE OF ITS OBLIGATIONS UNDER THIS AGREEMENT IS TERMINATION BY WRITTEN NOTICE TO DATANYZE, AND REFUND OF A PRORATED PORTION OF THE SUBSCRIPTION FEES THAT LICENSEE HAS PAID. DATANYZE’S MAXIMUM LIABILITY TO LICENSEE SHALL BE THE AMOUNTS ACTUALLY PAID TO DATANYZE BY LICENSEE UNDER THIS AGREEMENT IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO LICENSEE’S CAUSE OF ACTION.
11. DISCLAIMER OF WARRANTIES
EXCEPT FOR ANY EXPRESS REPRESENTATIONS AND WARRANTIES STATED HEREIN, THE LICENSED MATERIALS, DATANYZE TECHNOLOGY, AND ANY OTHER SERVICES ARE PROVIDED “AS IS” AND ON AN “AS AVAILABLE” BASIS, AND NEITHER PARTY MAKES ANY ADDITIONAL REPRESENTATION OR WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW), OR STATUTORY, AS TO ANY MATTER WHATSOEVER AND EACH PARTY EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUALITY, ACCURACY, TITLE, AND NON-INFRINGEMENT. NEITHER PARTY WILL HAVE THE RIGHT TO MAKE OR PASS ON ANY REPRESENTATION OR WARRANTY ON BEHALF OF THE OTHER PARTY TO ANY THIRD PARTY.
During the Term of this Agreement and for a period of two (2) years after its expiration or termination, Licensee shall maintain complete and accurate records of Licensee’s use of the Licensed Materials and Datanyze Technology sufficient to verify compliance with this Agreement. Licensee shall permit Datanyze and its auditors, upon reasonable advance notice and during normal business hours, to examine such records and any systems used by Licensee in connection with the Licensed Materials. The scope of any such audit will be limited to verification of Licensee’s compliance with the terms of this Agreement. Any audit performed under this paragraph shall be at Datanyze’s expense, unless the audit uncovers material non-compliance with this Agreement, in which case, Licensee shall reimburse Datanyze for its reasonable out-of-pocket expenses incurred in performing such audit.
13. MISCELLANEOUS PROVISIONS
13.1 Marketing. Licensee hereby authorizes Datanyze to use Licensee’s name and logo for its marketing efforts unless and until such authorization is revoked in writing.
13.2 Assignment. Either party hereto may assign this Agreement to a successor-in-interest pursuant to an acquisition of such party (whether by merger, stock sale, or asset sale) without the other party’s consent, provided however that (1) Licensee’s assignment hereof shall be effective only after fourteen (14) days’ written notice to Datanyze, and (2) Licensee may not assign this agreement to any competitor of Datanyze without Datanyze’s express written consent. Datanyze may assign this Agreement to an affiliate without Licensee’s consent. No rights or obligations under this Agreement may be assigned or delegated except as provided in this section without the prior written consent of the other party, and any assignment or delegation in violation of this section shall be void.
13.3 Notices. Licensee shall provide an email address for notices under this Agreement. All notices or other communications permitted or required to be given hereunder shall be sent by electronic mail to the email address provided by the other party for such purpose and shall be deemed given when sent. Copies of all notices to Datanyze shall be sent to email@example.com. If Licensee fails to provide an email address for notices, Datanyze may provide notices hereunder by any means reasonably calculated to provide Licensee with actual notice thereof.
13.4 Governing Law, Jurisdiction. This Agreement shall be construed in accordance with and governed for all purposes by the laws of the State of Washington without regard to choice of laws principles. Each party irrevocably consents to the personal jurisdiction of the state and federal courts located in the State of Washington for purposes of any lawsuit seeking to enforce this Agreement. The parties acknowledge that this Agreement evidences a transaction involving interstate commerce. Notwithstanding the foregoing, any arbitration conducted pursuant to the terms of this Agreement shall be governed by the Federal Arbitration Act (9 U.S.C. §§ 1-16).
13.5 Currency. All monetary amounts specified in this Agreement are in United States dollars unless otherwise expressly stated.
13.6 Suggestions and Feedback. Datanyze shall have a royalty-free, worldwide, transferable, sub-licenseable, irrevocable, perpetual license to use or incorporate into the Services any suggestions, enhancement requests, recommendations or other feedback provided by Licensee, including Authorized Users, relating to the operation of the Services.
13.7 Entire Agreement. This Agreement constitutes the entire Agreement of the parties and supersedes all prior communications, understandings, and agreements relating to the subject matter hereof, whether oral or written.
13.8 Amendment. Datanyze may, in its discretion, change the Terms and all elements of them and any aspect of the Services, without notice to Licensee. If any change to the Terms is found invalid, void, or for any reason unenforceable, that change is severable and does not affect the validity and enforceability of any remaining changes and the remainder of the Terms. Licensee’s continued use of the Services after Datanyze changes the Terms constitutes Licensee’s acceptance of the changes. If Licensee does not agree to any changes, Licensee must not use the Services and must cancel its subscription at the end of the applicable subscription Term.
13.9 Force Majeure. Neither Datanyze nor any of its affiliates will be liable for any delay or failure to perform any obligation under this Agreement where the delay or failure results from any cause beyond its reasonable control, including, but not limited to, acts of God, labor disputes or other industrial disturbances, electrical or power outages, utilities or other telecommunications failures, earthquake, storms or other elements of nature, blockages, embargoes, riots, acts or orders of government, acts of terrorism, or war.
Version: February 11, 2022
APPENDIX A: DATA PROTECTION
- In this Schedule:
- The terms controller, processor, data subject, personal data, personal data breach, processing and appropriate technical and organisational measures have the meanings given to them in the Data Protection Legislation;
- “Data Protection Legislation” means all applicable data protection and privacy legislation in force from time to time in the UK including the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018) (and regulations made thereunder);
- “Protected Data”means personal data which Licensee provides to Datanyze and which Datanyze processes, in the capacity of a processor on behalf of the Licensee, in connection with its provision of Services which is subject to the Data Protection Legislation.
- In this Schedule:
- Data Protection
- Both parties will comply with all applicable requirements of the Data Protection Legislation in relation to the Protected Data. This Schedule is in addition to, and does not relieve, remove, or replace, a party’s obligations or rights under the Data Protection Legislation.
- The parties acknowledge that for the purposes of the Data Protection Legislation, in relation to Protected Data, the Licensee is the Controller and Datanyze is the Processor. Paragraph 3 sets out the scope, nature, and purpose of processing by Datanyze, the duration of the processing and the types of Protected Data and categories of data subject.
- Without prejudice to the generality of paragraph 2.1, Licensee will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Protected Data to Datanyze for the duration and purposes of this Agreement.
- Without prejudice to the generality of paragraph 2.1, Datanyze shall, in relation to any Protected Data processed in connection with the performance by Datanyze of its obligations under this Agreement:
- process that Protected Data only on the documented written instructions of Licensee unless Datanyze is required by applicable law to otherwise process that ProtectedData. Where Datanyze is relying on applicable law as the basis for processing Protected Data, Datanyze shall promptly notify Licensee of this before performing the processing required by the applicable law unless the applicable law prohibits Datanyze from so notifying Licensee;
- put in place appropriate technical and organizational measures to protect against unauthorized or unlawful processing of Protected Data and against accidental loss or destruction of, or damage to, Protected Data;
- ensure that all personnel who have access to and/or process Protected Data are obliged to keep the Protected Data confidential;
- assist Licensee, at Licensee’s cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
- at the written direction of Licensee, delete or return Protected Data and copies thereof to Licensee on termination of this Agreement unless required by applicable law to store the Protected Data; and
- maintain complete and accurate records and information to demonstrate its compliance with this Schedule and allow for audits by Licensee to audit compliance with this Schedule 1 where reasonably requested by Licensee.
- Licensee consents to Datanyze appointing third party processors to process the Protected Data, provided that Datanyze remains responsible for the acts and omission of any such third party processors as if they were the acts and omissions of Datanyze. If such entities are deemed sub-processors, Licensee hereby consents to the usage of Datanyze’s respective affiliates and third party service providers as sub-processors.
- Licensee authorizes Datanyze to store or process Protected Data in the United States or any other country in which Datanyze or its sub-processors maintain facilities. Licensee appoints Datanyze to perform any such transfer of Protected Data to any such country and to store and process Protected Data in order to provide the Services or by documented instructions of Licensee. Any such transfer shall be effected by way of a legally enforceable safeguarding mechanism that is permitted under the Data Protection Legislation, including but not limited to the Standard Contractual Clauses.
- Processing, Protected Data and Data Subjects
This paragraph includes details of the processing of Protected Data by Datanyze as required by Article 28(3) GDPR.
|Subject matter of Protected Data||Business contact information (which may include the following or a subset: name, work email address, title, work phone number) relating to Licensee personnel provided by Licensee to Datanyze for the purpose of accessing the Services.|
|Duration of processing||For the duration of the Term unless (i) a longer retention period is required for audit, legal, or regulatory purposes; or (ii) Licensee instructs Datanyze in writing to (a) keep certain Protected Data longer or (b) return certain Protected Data earlier.|
|Nature and purpose of processing||To create authorized user accounts in Datanyze’s system, to provision access, identify segregated system user accounts, monitor system functionality and security, and related purposes, and for the provision of the specific services contemplated by the parties under this Agreement.|
|Types of personal data processed||Business contact information (which may include the following or a subset: name, work email address, title, work phone number) relating to Licensee personnel provided by Licensee to Datanyze for the purpose of accessing the Services.|
|Categories of data subjects||Licensee personnel designated by Licensee as Authorized Users of the Services.|
Appendix B: Controller-to-Controller Data Processing Addendum
This Controller-to-Controller Data Processing Addendum (“Addendum“) amends and is incorporated into the software license agreement (together with any amendments and attached or referencing service orders, statements of work, attachments, schedules, or exhibits, the “Agreement”) between Datanyze LLC or one of its Affiliates (“Supplier”) and Customer as identified in the corresponding Ordering Document for the purchase of Services and will be applicable when Customer is Processing Datanyze Personal Data (as defined below) as an independent Controller, where such Processing is regulated by Applicable Laws.
1.1. For the purpose of this Addendum (i) “Personal Data” means any information relating to an identified or identifiable natural person located in the European Economic Area (“EEA”) or the United Kingdom; (ii) “Data Subject” means an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, address, title, or an online identifier. In the context of the Agreement, (iii)“Datanyze Personal Data” means Personal Data that Supplier provides to Customer in the course of providing the Services that is subject to Applicable Laws; (iv) “Processing”, “Process”, “Processed” means any operation or set of operations which is performed on Datanyze Personal Data, individually or in sets, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; (v) “Affiliate” means a business entity that directly, or through one or more intermediaries, controls or is controlled by or is under common control with a party. One entity is deemed to control the other if it directly or indirectly (a) owns more than fifty percent (50%) of the equity of the other entity or (b) controls more than fifty percent (50%) of the voting rights of the other entity; (vi) “Applicable Law(s)” means all laws applicable to the Processing of Datanyze Personal Data, which may include EU Data Protection Laws, other laws of the European Union or any Member State thereof, the UK GDPR, and the laws of any other country or state to which the Datanyze, Customer, or the Datanyze Personal Data is subject. For the avoidance of doubt, all terms herein (whether in capital letters or lowercase) not otherwise defined but used in this Addendum, shall have the meaning given to them in the Agreement, or if undefined in both documents, shall have the meaning as per the European General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016) (as amended from time to time, “GDPR”).
2. Roles of the Parties. The parties acknowledge that in regards to any Datanyze Personal Data that is transferred between the parties that Supplier is an independent Controller and Customer is an independent Controller, not a joint Controller with Supplier. Each party shall comply with its obligations under Applicable Laws (including, but not limited to, Articles 13 and 14 of GDPR), and this Addendum, when processing Personal Data.
3. Data Transfers; Standard Contractual Clauses. If Supplier transfers Datanyze Personal Data originating from the EEA to Customer when the Customer is located in countries outside the EEA that have not received a binding adequacy decision by the European Commission, such transfers shall be made in compliance with applicable data transfer legal requirements. The parties acknowledge and agree to abide by the obligations set out in the Standard Contractual Clauses (European Commission Decision 2021/914 of 4 June 2021), found in Schedule 1, for any transfers of Datanyze Personal Data to a Customer outside of the EEA. For the purpose of Processing Datanyze Personal Data under this Addendum and the incorporation of the Standard Contractual Clauses, Module 1 of the Standard Contractual Clauses shall be applicable.
4.1 Without prejudice to any other obligations under this Addendum or the Agreement, the parties will secure Datanyze Personal Data (i) with at least reasonable care and skill; and (ii) in accordance with good industry practice and Applicable Laws and regulations.
4.2 The term of this Addendum corresponds to the term of the Agreement and any subsequent agreements referencing it between the parties. Provisions which by their nature are intended to survive termination or expiration of this Addendum, will continue and survive any termination or expiration of this Addendum.
4.3 Notwithstanding anything to the contrary in the Agreement, in the event of a conflict between the terms of this Addendum and the terms of the Agreement, the terms of this Addendum shall prevail with respect to data privacy and security matters.
4.4 The effective date of this Addendum is the first date when services are provided to Customer by Supplier. The Addendum will continue in effect until the Agreement and any subsequent agreements referencing it between the parties have terminated or been expired.
STANDARD CONTRACTUAL CLAUSES
Controller to Controller
Purpose and scope
(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) () for the transfer of personal data to a third country.
(b) The Parties:
(i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter ‘entity/ies’) transferring the personal data, as listed in Annex I.A (hereinafter each ‘data exporter’), and
(ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A (hereinafter each ‘data importer’)
have agreed to these standard contractual clauses (hereinafter: ‘Clauses’).
(c) These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.
(d) The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.
Effect and invariability of the Clauses
(a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.
(b) These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.
(a) Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:
(i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;
(ii) Clause 8 – Module One: Clause 8.5 (e) and Clause 8.9(b); Module Two: Clause 8.1(b), 8.9(a), (c), (d) and (e); Module Three: Clause 8.1(a), (c) and (d) and Clause 8.9(a), (c), (d), (e), (f) and (g); Module Four: Clause 8.1 (b) and Clause 8.3(b);
(iii) Clause 9 – Module Two: Clause 9(a), (c), (d) and (e); Module Three: Clause 9(a), (c), (d) and (e);
(iv) Clause 12 – Module One: Clause 12(a) and (d); Modules Two and Three: Clause 12(a), (d) and (f);
(v) Clause 13;
(vi) Clause 15.1(c), (d) and (e);
(vii) Clause 16(e);
(viii) Clause 18 – Modules One, Two and Three: Clause 18(a) and (b); Module Four: Clause 18.
(b) Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.
(a) Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.
(b) These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
(c) These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.
In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.
Description of the transfer(s)
The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.
Clause 7 – Optional
SECTION II – OBLIGATIONS OF THE PARTIES
Data protection safeguards
The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.
8.1 Purpose limitation
The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I.B. It may only process the personal data for another purpose:
(i) where it has obtained the data subject’s prior consent;
(ii) where necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or
(iii) where necessary in order to protect the vital interests of the data subject or of another natural person.
(a) In order to enable data subjects to effectively exercise their rights pursuant to Clause 10, the data importer shall inform them, either directly or through the data exporter:
(i) of its identity and contact details;
(ii) of the categories of personal data processed;
(iii) of the right to obtain a copy of these Clauses;
(iv) where it intends to onward transfer the personal data to any third party/ies, of the recipient or categories of recipients (as appropriate with a view to providing meaningful information), the purpose of such onward transfer and the ground therefore pursuant to Clause 8.7.
(b) Paragraph (a) shall not apply where the data subject already has the information, including when such information has already been provided by the data exporter, or providing the information proves impossible or would involve a disproportionate effort for the data importer. In the latter case, the data importer shall, to the extent possible, make the information publicly available.
(c) On request, the Parties shall make a copy of these Clauses, including the Appendix as completed by them, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including personal data, the Parties may redact part of the text of the Appendix prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information.
(d) Paragraphs (a) to (c) are without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.
8.3 Accuracy and data minimisation
(a) Each Party shall ensure that the personal data is accurate and, where necessary, kept up to date. The data importer shall take every reasonable step to ensure that personal data that is inaccurate, having regard to the purpose(s) of processing, is erased or rectified without delay.
(b) If one of the Parties becomes aware that the personal data it has transferred or received is inaccurate, or has become outdated, it shall inform the other Party without undue delay.
(c) The data importer shall ensure that the personal data is adequate, relevant and limited to what is necessary in relation to the purpose(s) of processing.
8.4 Storage limitation
The data importer shall retain the personal data for no longer than necessary for the purpose(s) for which it is processed. It shall put in place appropriate technical or organisational measures to ensure compliance with this obligation, including erasure or anonymisation () of the data and all back-ups at the end of the retention period.
8.5 Security of processing
(a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the personal data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter ‘personal data breach’). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subject. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.
(b) The Parties have agreed on the technical and organisational measures set out in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.
(c) The data importer shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
(d) In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the personal data breach, including measures to mitigate its possible adverse effects.
(e) In case of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, the data importer shall without undue delay notify both the data exporter and the competent supervisory authority pursuant to Clause 13. Such notification shall contain i) a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), ii) its likely consequences, iii) the measures taken or proposed to address the breach, and iv) the details of a contact point from whom more information can be obtained. To the extent it is not possible for the data importer to provide all the information at the same time, it may do so in phases without undue further delay.
(f) In case of a personal data breach that is likely to result in a high risk to the rights and freedoms of natural persons, the data importer shall also notify without undue delay the data subjects concerned of the personal data breach and its nature, if necessary in cooperation with the data exporter, together with the information referred to in paragraph (e), points ii) to iv), unless the data importer has implemented measures to significantly reduce the risk to the rights or freedoms of natural persons, or notification would involve disproportionate efforts. In the latter case, the data importer shall instead issue a public communication or take a similar measure to inform the public of the personal data breach.
(g) The data importer shall document all relevant facts relating to the personal data breach, including its effects and any remedial action taken, and keep a record thereof.
8.6 Sensitive data
Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions or offences (hereinafter ‘sensitive data’), the data importer shall apply specific restrictions and/or additional safeguards adapted to the specific nature of the data and the risks involved. This may include restricting the personnel permitted to access the personal data, additional security measures (such as pseudonymisation) and/or additional restrictions with respect to further disclosure.
8.7 Onward transfers
The data importer shall not disclose the personal data to a third party located outside the European Union () (in the same country as the data importer or in another third country, hereinafter ‘onward transfer’) unless the third party is or agrees to be bound by these Clauses, under the appropriate Module. Otherwise, an onward transfer by the data importer may only take place if:
(i) it is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;
(ii) the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 of Regulation (EU) 2016/679 with respect to the processing in question;
(iii) the third party enters into a binding instrument with the data importer ensuring the same level of data protection as under these Clauses, and the data importer provides a copy of these safeguards to the data exporter;
(iv) it is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings;
(v) it is necessary in order to protect the vital interests of the data subject or of another natural person; or
(vi) where none of the other conditions apply, the data importer has obtained the explicit consent of the data subject for an onward transfer in a specific situation, after having informed him/her of its purpose(s), the identity of the recipient and the possible risks of such transfer to him/her due to the lack of appropriate data protection safeguards. In this case, the data importer shall inform the data exporter and, at the request of the latter, shall transmit to it a copy of the information provided to the data subject.
Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.
8.8 Processing under the authority of the data importer
The data importer shall ensure that any person acting under its authority, including a processor, processes the data only on its instructions.
8.9 Documentation and compliance
(a) Each Party shall be able to demonstrate compliance with its obligations under these Clauses. In particular, the data importer shall keep appropriate documentation of the processing activities carried out under its responsibility.
(b) The data importer shall make such documentation available to the competent supervisory authority on request.
Use of sub-processors
Data subject rights
(a) The data importer, where relevant with the assistance of the data exporter, shall deal with any enquiries and requests it receives from a data subject relating to the processing of his/her personal data and the exercise of his/her rights under these Clauses without undue delay and at the latest within one month of the receipt of the enquiry or request. () The data importer shall take appropriate measures to facilitate such enquiries, requests and the exercise of data subject rights. Any information provided to the data subject shall be in an intelligible and easily accessible form, using clear and plain language.
(b) In particular, upon request by the data subject the data importer shall, free of charge:
(i) provide confirmation to the data subject as to whether personal data concerning him/her is being processed and, where this is the case, a copy of the data relating to him/her and the information in Annex I; if personal data has been or will be onward transferred, provide information on recipients or categories of recipients (as appropriate with a view to providing meaningful information) to which the personal data has been or will be onward transferred, the purpose of such onward transfers and their ground pursuant to Clause 8.7; and provide information on the right to lodge a complaint with a supervisory authority in accordance with Clause 12(c)(i);
(ii) rectify inaccurate or incomplete data concerning the data subject;
(iii) erase personal data concerning the data subject if such data is being or has been processed in violation of any of these Clauses ensuring third-party beneficiary rights, or if the data subject withdraws the consent on which the processing is based.
(c) Where the data importer processes the personal data for direct marketing purposes, it shall cease processing for such purposes if the data subject objects to it.
(d) The data importer shall not make a decision based solely on the automated processing of the personal data transferred (hereinafter ‘automated decision’), which would produce legal effects concerning the data subject or similarly significantly affect him/her, unless with the explicit consent of the data subject or if authorised to do so under the laws of the country of destination, provided that such laws lays down suitable measures to safeguard the data subject’s rights and legitimate interests. In this case, the data importer shall, where necessary in cooperation with the data exporter:
(i) inform the data subject about the envisaged automated decision, the envisaged consequences and the logic involved; and
(ii) implement suitable safeguards, at least by enabling the data subject to contest the decision, express his/her point of view and obtain review by a human being.
(e) Where requests from a data subject are excessive, in particular because of their repetitive character, the data importer may either charge a reasonable fee taking into account the administrative costs of granting the request or refuse to act on the request.
(f) The data importer may refuse a data subject’s request if such refusal is allowed under the laws of the country of destination and is necessary and proportionate in a democratic society to protect one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679.
(g) If the data importer intends to refuse a data subject’s request, it shall inform the data subject of the reasons for the refusal and the possibility of lodging a complaint with the competent supervisory authority and/or seeking judicial redress.
(a) The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.
(b) In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them.
(c) Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to:
(i) lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13;
(ii) refer the dispute to the competent courts within the meaning of Clause 18.
(d) The Parties accept that the data subject may be represented by a not-for-profit body, organisation or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.
(e) The data importer shall abide by a decision that is binding under the applicable EU or Member State law.
(f) The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws.
(a) Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.
(b) Each Party shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages that the Party causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter under Regulation (EU) 2016/679.
(c) Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.
(d) The Parties agree that if one Party is held liable under paragraph (c), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage.
(e) The data importer may not invoke the conduct of a processor or sub-processor to avoid its own liability.
(a) The supervisory authority of the Member State in which the representative within the meaning of Article 27(1) of Regulation (EU) 2016/679 is established, as indicated in Annex I.C, shall act as competent supervisory authority.
(b) The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.
SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES
Local laws and practices affecting compliance with the Clauses
(a) The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.
(b) The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:
(i) the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;
(ii) the laws and practices of the third country of destination– including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards ();
(iii) any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.
(c) The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.
(d) The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.
(e) The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a).
(f) Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.
Obligations of the data importer in case of access by public authorities
(a) The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it:
(i) receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or
(ii) becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.
(b) If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.
(c) Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.).
(d) The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.
(e) Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.
15.2 Review of legality and data minimisation
(a) The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).
(b) The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.
(c) The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.
SECTION IV – FINAL PROVISIONS
Non-compliance with the Clauses and termination
(a) The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.
(b) In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).
(c) The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:
(i) the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;
(ii) the data importer is in substantial or persistent breach of these Clauses; or
(iii) the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.
In these cases, it shall inform the competent supervisory authority of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.
(d) Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
(e) Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.
These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this shall be the law of Ireland.
Choice of forum and jurisdiction
(a) Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.
(b) The Parties agree that those shall be the courts of Ireland.
(c) A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence.
(d) The Parties agree to submit themselves to the jurisdiction of such courts.
A. LIST OF PARTIES
Name: Datanyze LLC
Address: 2530 Meridian Parkway, Suite 300, Durham, North Carolina 27713
Contact person’s name, position and contact details: James Henry, Associate General Counsel, firstname.lastname@example.org
Activities relevant to the data transferred under these Clauses: The provision of the Services contemplated in the Agreement, including Customer’s business-to-business sales, marketing, recruiting, and/or business development activities.
Signature and date: /s/
Role (controller/processor): Controller
Name: see Ordering Document
Address: see Ordering Document
Contact person’s name, position and contact details: see Ordering Document
Activities relevant to the data transferred under these Clauses: see Agreement
Signature and date:
Role (controller/processor): Controller
B. DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred
Individuals located in the EEA or UK and associated or potentially associated with business organizations.
Categories of personal data transferred
Business contact information including, but not limited to, first and/or last name, business address, business email address, business phone number, employer, business role, professional title, and other similar information.
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
No sensitive data transferred. Safeguards outlined in Annex II.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
Typically, one-off but continuous transfers are conceivable depending on the nature of the services requested by Customer.
Nature of the processing
The nature of the processing includes but is not limited to collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data, whether or not by automated means.
Purpose(s) of the data transfer and further processing
The provision of the Services contemplated in the Agreement, including Customer’s business-to-business sales, marketing, recruiting, and/or business development activities.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
For the duration of the Term of the Agreement, unless (i) a longer retention period is required for audit, legal, or regulatory purposes or (ii) Customer has received responsive communication from a Licensed Materials Contact, as further described and in accordance with Section 2.3 of the Agreement.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
For the duration of the Agreement or as otherwise agreed upon in writing or required by applicable law.
C. COMPETENT SUPERVISORY AUTHORITY
Identify the competent supervisory authority/ies in accordance with Clause 13
Ireland’s Data Protection Commission
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.
The Data Importer shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
- the pseudonymisation and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.