Terms of Service
GENERAL TERMS AND CONDITIONS
Last Updated: April 10, 2023
These Terms of Service – General Terms and Conditions (these "Terms"), together with any applicable Transaction Documents, form the agreement between Techdinamics and Client regarding the use and provision of the Services.
By accessing the Services, Client agrees to be bound by these Terms and comply with these Terms. If Client does not agree to these Terms, it must not access the Services.
These Terms, together with any applicable Transaction Documents (together, the "Agreement") are the complete agreement between Client and Techdinamics regarding the Services and constitute the legal agreement between Client and Techdinamics for the use of the Services.
1. Definitions
In addition to terms defined elsewhere in these Terms, as used in these Terms (including the Appendixes hereto) and in any Transaction Document, the following terms have the following meanings:
"Affiliate" means any entity which Controls, is Controlled by, or is under common Control with, directly or indirectly, Client or Techdinamics.
"Agreement" means these Terms together with any applicable Transaction Documents.
"Authorized User" means Client's employees, consultants, contractors and agents (i) who are authorized by Client to access and use the Services and Content under the rights granted to Client pursuant to the Agreement; and (ii) for whom access to the Services and Content has been purchased.
"Business Day" means any day except a day that is a Saturday, a Sunday, a statutory holiday in the Province of Ontario, Canada, or any day on which banks are otherwise not open for business in the City of Toronto, Ontario, Canada.
"Client" means the Person accessing the Services in accordance with the Agreement.
"Content" means all Techdinamics' content, information, documents and materials, in any format, made available to Client pursuant to the use of the Services, including any Techdinamics' user manuals, handbooks, and guides relating to the Services.
"Control" (and the terms "Controlled by" and "under common Control with") means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of a Person, whether through the ownership of voting securities, by contract, or otherwise.
"Data Protection Law" means any domestic or international rule, regulation, or legislation that may apply to data protection, privacy or Personal Information.
"Effective Date" means the date that is earlier of: (i) the date that Client first accesses the Services; and (ii) any date specified in a Transaction Document for the commencement of the Services.
"IP Rights" means any and all registered and unregistered rights granted, applied for or otherwise now or hereinafter in existence under or related to any patent, copyright, trademark, trade secret, database protection, or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world.
"Losses" means all claims, actions, proceeding, losses, liabilities, damages, judgments, settlements, awards, penalties, fines and all associated and reasonable costs and expenses.
"Parties" or "parties" means, collectively, Client and Techdinamics.
"Person" means any individual, corporation, partnership, unlimited liability company, government authority, unincorporated organization, trust, association or any other entity.
"Personal Information" means information about an identifiable individual and has the same meaning as set out in the Personal Information Protection and Electronic Documents Act (Canada) ("PIPEDA").
"Services" means the products, solutions, services, software, deliverables and any work product that Techdinamics provides to Client, including those described in a Transaction Document.
"Subcontractor" means a third-party (other than Techdinamics) to whom Techdinamics subcontracts any of the Services, including authorized resellers.
"Techdinamics" means Techdinamics Integrations Inc. and its Affiliated and subsidiary entities.
"techSHIP Platform" means Techdinamics' proprietary product known as "techSHIP", comprising online web-based applications, user interfaces, online platform and the underlying software (including the modifications, enhancements, corrections, and updates to the software) that may be provided to Client by Techdinamics pursuant to the Agreement.
"Terms" means these Terms of Service – General Terms and Conditions, as may be updated, amended or amended and restated from time to time.
"Third-Party Materials" means materials and information, in any form or medium, including any software, documents, data, content, specifications, products, equipment, or components of or relating to the Services that are not proprietary to Techdinamics.
"Transaction Document" means any statement of work, contract, agreement, quote, proposal, support guide or agreement, letter agreement or similar document describing the Services to be performed by Techdinamics that is (i) entered into between Client and Techdinamics, or (ii) delivered by Techdinamics and accepted by Client, as may be updated, amended or amended and restated from time to time.
2. The Services
- On the terms and subject to the conditions set out in the Agreement, during the Term, Techdinamics hereby grants to Client a limited, non-exclusive and non-transferable, right and license to use the Services and Content, solely by Authorized Users and for Client's own internal business purposes.
- The Agreement shall be the only terms and conditions that apply to all Services and Content delivered to Client by Techdinamics. Any other terms and conditions proposed by Client, including those referenced in any Client purchase orders, are explicitly rejected and do not form part of any agreement between Client and Techdinamics.
- Techdinamics agrees to perform the Services as set out in any applicable Transaction Document in a professional manner.
- If the Services include techSHIP Platform, the additional terms set out in Appendix B apply.
- If the Services include web hosting services, the additional terms set out in Appendix C apply.
- If the Services include Client personnel acting as an administrator for the Client to manage security and permissions for any Services (a "Client Administrator"), Client shall cause Client Administrator to comply with the Agreement and any specified control and security procedures mandated by Techdinamics from time to time, including to administer the distribution and use of all Services in accordance with the Agreement and to protect against any unauthorized access to and use of the Services. Any request to change a Client Administrator must be made to Techdinamics and must comply with Techdinamics' security processes and procedures for changing the Client Administrator then in effect.
3. Licensing
- Techdinamics may, in its sole discretion, provide Client access to additional Content that customizes the Services for Client. Such customized Content and Services shall be owned exclusively by Techdinamics and shall be governed by the terms of the Agreement.
- Nothing in the Agreement grants any right, title or interest in or to (including any license under) any IP Rights in or relating to the Services or Content, whether expressly, by implication, estoppel or otherwise. All rights in and to the Services and Content and the IP Rights of Techdinamics that are not expressly granted to Client in the Agreement are hereby reserved by Techdinamics and any of its licensors, as applicable.
- Any and all modifications, revisions, translations, abridgements, rebuilds, expansions or other forms of replacement, rebuild, recast, transformation, improvement or adaption to the Services and Content shall be the sole property of Techdinamics
- Client shall not: (i) license, sublicense, sell, resell, rent, lease, timeshare, transfer, assign, distribute, publish or otherwise commercially exploit or make available in any way, to any Person, the Services and any service or software or other materials or information included with the Services and Content; (ii) copy or make derivative works of, or otherwise modify, any Services or Content; (iii) create Internet "links" to any Services or Content or "frame" or "mirror" any Services or Content on any server or wireless or Internet-based device; or (iv) reverse engineer, disassemble, decompile, decode, adapt or access any Services or Content in order to (A) build a competitive product or service, (B) build a product using ideas, features, functions or graphics similar to any Services or Content, or (C) copy any ideas, features, functions, or graphics of the Services or Content.
4. Client Responsibilities
- Client shall provide Techdinamics' personnel and its Subcontractors full cooperation and timely access to all required Client personnel and systems in order for Techdinamics to perform the Services. Client is responsible and agrees to complete the timely review and response to all documents, requests and approvals required by Client from Techdinamics.
- Techdinamics and its personnel and Subcontractors: (i) may, in performing the Services, rely upon any instructions or information provided by Client or any Persons designated in writing by Client authorized to provide instructions to Techdinamics or any Persons having the apparent authority to provide instructions on behalf of Client; and (ii) will incur no liability or obligation to Client or otherwise for such reliance. In addition, Techdinamics shall not be liable for any default or delay in performance of its obligations under the Agreement to the extent such default or delay is caused, directly or indirectly, by: (A) the failure of Client to comply with any of its obligations hereunder; or (B) any unavailability or work absence of the appropriate Client personnel.
- All Content and other work product delivered in connection with the Services, shall be deemed to be accepted by Client if, within five (5) days following delivery, Client has not provided to Techdinamics written notice identifying in reasonable detail any basis for not approving the Content or work product.
- Client is responsible for all activities relating to Client's access and use of the Services and Content and for compliance with all applicable laws in using the Services, including, without limitation, those relating to data privacy, international communications, and the transmission of data and Personal Information.
- Client agrees not to disclose or provide access to any Services or Content to any Person, except Authorized Users. Client agrees to only use the Services for the purposes permitted by these Terms. Without limiting the generality of the foregoing, Client agrees not to use any Services or Content or provide access to any Services or Content to any Person who competes with Techdinamics.
- Client agrees to use its best efforts to ensure that all Authorized Users protect the Services and Content from unauthorized use and disclosure. Client shall notify Techdinamics in writing immediately of any unauthorized access or use of any Services and/or Content.
- Client is responsible for obtaining and maintaining, at its sole expense, all of the hardware, software, and internet connectivity and bandwidth necessary and appropriate for Client to access and use the Services and Content. Client acknowledges that if Client fails to do so, Client's access to or ability to use the Services and Content may be negatively affected or non-existent.
- Client shall not use any Services or Content in any way that infringes upon the intellectual property rights of any Person, including, without limitation, any third-party and/or Techdinamics.
- Client shall maintain complete and accurate books and records relating to its use of the Services and its compliance with the Agreement. During the Term and for a period of two (2) years thereafter, upon Techdinamics' written request, Client shall allow Techdinamics or its authorized representative to inspect and make copies of such books and records; provided that, Techdinamics shall provide Client with at least ten (10) days prior advance notice of any planned inspection. Any such inspection shall take place during regular business hours and shall be carried out so as to not cause unreasonable disruption of Client's business.
5. Fees and Payment
- As compensation for the Services hereunder, Client agrees to pay Techdinamics the fees set out in the applicable Transaction Document (the "Fees") on the dates and in accordance with the payment schedule set out in the applicable Transaction Document. All stated Fees are expressed and payable in United States of America Dollars, and are exclusive of all applicable taxes, duties and other governmental charges which shall be in addition to the Fees, except where explicitly stated otherwise in a Transaction Document.
- Techdinamics reserves the right to revise the Fees set out in any Transaction Document if such Transaction Document is not accepted in writing by Client within thirty (30) days after the issuance of such Transaction Document by Techdinamics.
- Client is responsible for all goods and services tax, sales tax, service, use and excise taxes, and any other similar taxes, duties and charges of any kind imposed by any government authority on any amounts payable by Client under the Agreement (e.g., Canadian Goods and Services Tax/Harmonized Sales Tax), which amounts shall be in addition to the Fees. All income or other taxes that are required to be paid or withheld by Client in connection with the Services hereunder are the sole obligation of Client, and the Fees shall be paid in full in addition to any such other amounts.
- Unless stated otherwise in a Transaction Document, Techdinamics shall submit invoices on its regular invoice cycle to Client for the Fees and Client agrees to remit payment in full the Fees on each such invoice to Techdinamics within fifteen (15) days after the issuing date of such invoice. Client will facilitate payments via credit card or pursuant to any other payment terms Techdinamics may request from time to time, including e-transfer or electronic funds transfer.
- If Client fails to make any payment of any Fees when due, then, in addition to all other remedies which may be available to Techdinamics at law: (i) Techdinamics reserves the right to charge and collect a service fee on any unpaid, past-due amount equal to the lesser of (A) one-and-one-half percent (1.5%) per month; or (B) the highest interest rate legally permitted; (ii) Client shall reimburse Techdinamics for all reasonable collection expenses, including reasonable legal fees and court costs incurred in the collection of delinquent accounts payable; and (C) Techdinamics may immediately suspend the performance of the Services until all past-due amounts and any interest thereon are paid in full, without incurring any obligation or liability to Client or any other Person by reason of such suspension, and such suspension shall not be deemed a termination of the Agreement. If such failure to pay continues for fifteen (15) days following notice from Techdinamics of non-payment, then Techdinamics may terminate the Agreement and the Services.
- Client agrees to reimburse Techdinamics for any of its out-of-pocket expenses incurred in carrying out the Services that Client has agreed to in writing. Such expenses may include, without limitation, mileage and out-of-town travel costs, such as airline tickets, meals, ground transportation and lodging.
- All amounts payable to Techdinamics under the Agreement shall be paid by Client to Techdinamics in full without any set-off, recoupment, counterclaim, deduction, debit, or withholding for any reason (other than credits issued by Techdinamics under Section 14 hereof) and without any deduction or withholding of tax as may be required by applicable law. If any such deduction or withholding is required, Client shall pay the stated amounts payable under the Agreement in full in addition to such deduction or withholding.
6. Term and Termination
- (The Agreement shall commence on the Effective Date and will continue until terminated in accordance with these Terms or any express termination or expiration provision or date specified in a Transaction Document (the "Term").
- For certainty, if Techdinamics begins performance of the Services or any part thereof prior to the Effective Date set out in any Transaction Document, the Effective Date shall be from such earlier performance. In such case, the Fees shall commence to the date of such earlier performance based on the actual hours of Techdinamics in providing the Services, expressed as total of the Fees set out in the Transaction Document, or, if such calculation cannot be made, based on Techdinamics listed fees for such Services.
- Except as otherwise provided in any Transaction Document, either party may provide notice of its intention not to renew the Agreement beyond the initial stated expiration or termination date in the applicable Transaction Document or renewal period, so long as such notice is delivered at least thirty (30) days before the initial stated expiration or termination date in the applicable Transaction Document or end of renewal period. If such notice is not provided, the Agreement shall automatically renew for successive periods, each being the same in length as the initial period stated in the applicable Transaction Document. For certainty, if such notice is validly delivered, the Agreement shall remain in full force and effect until its expiry at the end of the then period. Notwithstanding the foregoing, if Client desires not to renew the Agreement pursuant to this subsection (c), all payment obligations by Client must be current at the time of delivery of a non-renewal notice in order for such notice to be valid and effective.
- Techdinamics may, directly or indirectly, by any means, suspend, terminate, or otherwise deny access to, or use of, all or any part of the Services or Content by Client and terminate the Agreement, without incurring any obligation or liability, if: (i) Techdinamics receives or is subject to a government order that expressly or by reasonable implication requires Techdinamics to do so or if the delivery of the Services is otherwise prohibited by applicable law; (ii) Techdinamics believes, in its sole discretion, that: (A) Client has accessed or used the Services beyond the scope of the rights granted or for a purpose not authorized under the Agreement, or (B) Client has been, or is likely to be involved in any fraudulent, misleading, or unlawful activities in connection with the Services; or (iii) in accordance with Section 5(e) above.
- Either party may terminate the Agreement if the other party commits a breach of any term of the Agreement which remains uncured after the thirtieth (30th) day following delivery of written notice of the breach from the non-breaching party; provided that, such thirty (30) day period shall be increased to one hundred and twenty (120) days if the default is reasonably curable within one hundred and twenty (120) days and so long as the party attempting to cure the breach demonstrates to the non-breaching party's reasonable satisfaction that the breaching party is diligently attempting to accomplish such a cure within the initial thirty (30) day period.
- Client agrees and acknowledges that if the Agreement is terminated for any reason, Techdinamics will be released from any and all liabilities and obligations arising from the Agreement, including the obligation to provide the Services. Client waives the right to pursue any and all remedies against Techdinamics based on, without limitation, causes of action which relate to Client's subsequent lack of access to the Services or any part thereof.
- Techdinamics may terminate the Agreement without notice if Client (i) acknowledges itself as insolvent; (ii) ceases to carry on business in the ordinary course; (iii) makes a general assignment for the benefit of its creditors; (iv) has issued against it a bankruptcy order or otherwise becomes subject to any voluntary or involuntary proceeding under any domestic or foreign bankruptcy law; (v) commences or institutes or is subject to any application, proceeding, or other action under any law relating to its bankruptcy, insolvency, winding-up, reorganization, administration, plan of arrangement, relief or protection of debtors or compromise of debts; or (vi) has a receiver, interim receiver, receiver and manager, trustee, custodian, conservator, or other similar official appointed for it or for all or any part of its assets.
- Upon any expiration or termination of the Agreement: (i) all rights, licenses, consents and authorizations granted by Techdinamics to Client under the Agreement will immediately terminate; (ii) Client shall immediately cease all use of any Services or Content; (iii) Techdinamics may disable all Client access to the Services and Content; and (iv) all Fees and charges related to all work performed by Techdinamics, including without limitation, any reimbursable expenses incurred by Techdinamics, up to the effective date of the termination or expiration will immediately become due and payable to Techdinamics in accordance with these Term without demand thereon. In the event Client terminates the Agreement prior to the completion of the Services to be rendered under the Agreement which calls for milestone, progress or objective based billing of Fees, Client shall pay Techdinamics for all Services rendered and reimbursable expenses incurred by Techdinamics as set forth in the applicable Transaction Document as if such milestone, progress or objective based billing point has been completed.
- Upon termination or expiration of the Agreement, the rights and obligations of the parties set forth in Section 4 (Client Responsibilities), Section 5 (Fees and Payment), this Section 6 (Term and Termination), Section 7 (Confidentiality), Section 10 (Intellectual Property Rights), Section 13 (Non-Solicitation), Section 17(c) (Representations, Warranties and Covenants), Section 18 (Limitation of Liability), Section 20 (Indemnification), Section 22 (Remedies and Dispute Resolution), Section 23 (Waiver of Jury Trial), Section 24 (Relationship of the Parties), Section 27 (Entire Agreement; Updates and Variations), Section 30 (Priority of Documentation), Section 34 (Governing Law; Forum) and the general provisions of Section 35 (General), as well as any other terms and conditions in these Terms and in any Transaction Document that, by their nature, are intended to survive termination or expiration of the Agreement, shall survive such termination or expiration.
7. Confidentiality
- Client and its employees and agents may have access to private and confidential information owned or controlled by Techdinamics, including the confidential and proprietary information and materials referenced in any applicable Transaction Document, as well as information relating to Techdinamics' technology, trade secrets, data, best practices, methodology, algorithms, programs, software, security keys, specifications, drawings, business information, pricing and other data, as well as the existence of any dispute between the parties. Similarly, Techdinamics and its employees, agents and Subcontractors may have access to private and confidential information owned or controlled by Client relating to technical or business information of a proprietary nature or relating to Client's business operations. All such Techdinamics information and Client information shall be referred to herein as "Confidential Information".
- The Confidential Information acquired by either party under the Agreement through its employees, agents, independent contractors and subcontractors shall be and remain the disclosing party's exclusive property and the receiving party and its employees, agents and subcontractors shall: (i) not copy or disclose such Confidential Information to others without the disclosing party's prior written approval; (ii) return all tangible copies of such Confidential Information to the disclosing party promptly upon request; (iii) destroy all electronic copies of such Confidential Information promptly upon request; (iv) not access or use any Confidential Information other than as necessary to exercise its rights or perform its obligations under and in accordance with the Agreement; and (v) safeguard the Confidential Information from unauthorized use, access, or disclosure using at least the degree of care it uses to protect its similarly sensitive information and in no event less than a reasonable degree of care.
- The receiving party shall ensure its employees', agents', independent contractors' and subcontractors' compliance with the terms this Section 7, and shall be responsible and liable for any of its employees', agents', independent contractors' and subcontractors' non-compliance with the terms of this Section 7.
- Nothing herein shall limit either party's use or dissemination of information which: (i) is at the time of disclosure, or thereafter becomes, a part of the public domain through no act or omission of the other party, its employees or agents; (ii) was in the other party's possession as shown by written records prior to the disclosure and had not been obtained either directly or indirectly from a third-party under an obligation not to disclose such information; (iii) was independently developed by the other party without use of the Confidential Information, as evidenced by written records; or (iv) is required by law or auditing standards to be disclosed, but only to the extent and for the purposes of such required disclosure, including for making court filings and demonstrating compliance with the Agreement.
- Techdinamics assumes no obligation to divulge to Client any information for or related to which Techdinamics has previously undertaken an obligation of confidentiality for the benefit of any Person other than Client. Techdinamics shall be permitted to identify Client as a recipient of the Techdinamics Services and programs and solutions.
- On termination or expiration of the Agreement, each party shall promptly return to the other party any Confidential Information of that other party that is in its possession or control, or alternatively, may certify in writing to its permanent destruction. Techdinamics shall have the right to retain Client's Confidential Information in Techdinamics' systems, back-ups and monitoring tools. Techdinamics shall continue to apply its standard security measures to such Confidential Information and shall not use such Confidential Information any purposes other than for purposes of fulfilling its obligations under the Agreement.
8. Data Security
- Techdinamics is responsible for maintaining commercially reasonable administrative, physical, and technical safeguards to protect the security, confidentiality, and integrity of all Client Data.
- Techdinamics does not own any data, information, Personal Information, or material that Client submits while using the Services ("Client Data"), except for any feedback that Client provides. Client agrees not to provide any feedback that is covered by any third-party IP Rights. Client shall have the sole responsibility for all aspects of Client Data, including, without limitation, its accuracy, legality, ownership, transmission and use. Subject to the foregoing, Client hereby irrevocably grants all rights and permissions in or relating to Client Data as are necessary or useful for Techdinamics to perform and exercise its rights and perform its obligations under the Agreement, including to enforce the Agreement.
- Techdinamics shall have no obligation to retain any copy of Client Data for longer than ninety (90) days after termination or expiration of the Agreement.
- Techdinamics hereby agrees to notify Client as soon as it becomes aware of any actual or suspected unauthorized access of any of its systems and platforms that access, process or store Client Data provided under, related to, or produced under the Agreement.
9. Data Protection
- Techdinamics acknowledges that in the performance of the Services under the Agreement, it may process Personal Information owned or controlled by Client. Client, or any Person acting on Client's behalf, shall not transfer any Personal Information to Techdinamics that is not in compliance with Data Protection Law or any other legislation that is applicable to the Personal Information. It is the full and sole responsibility of Client to ensure that the Personal Information being transferred to or processed by Techdinamics is in compliance with Data Protection Law, including but not limited to the General Data Protection Regulation ("GDPR"), if applicable.
- Techdinamics uses administrative, physical and technical safeguards to ensure a comparable level of protection afforded under PIPEDA when processing Personal Information on behalf of Client data controller. In the performance of the Services under the Agreement, Techdinamics will only process Personal Information transferred to it by Client to fulfill the purposes of the Agreement and to carry out the Services and for no other purpose, except as otherwise agreed upon in writing between Techdinamics and Client in a Transaction Document. Techdinamics will process the Personal Information as long as necessary to provide the Services, or as otherwise agreed upon in a Transaction Document.
- In the circumstances where Techdinamics collects or processes Personal Information relating to Client in the capacity of a controller, Techdinamics will process such Personal Information in accordance with PIPEDA and its privacy statement, which is available upon request from Techdinamics. Where appropriate and/or where requested by Techdinamics, Client will ensure its employees and other relevant individuals are made aware of this privacy statement.
- When Client is located or operates within the European Union, or is otherwise subject to the requirements of the GDPR, Techdinamics and Client will determine whether the Personal Information should be processed in accordance with Appendix E – the GDPR Standard Contractual Clauses. Techdinamics will otherwise process Personal Information in accordance with PIPEDA or as agreed upon in writing with Client in a Transaction Document, for example, a data protection agreement.
- Client understands and agrees that Personal Information may be held on servers located outside of Canada or the European Economic Area (EEA) and be provided to and used by Techdinamics or others engaged with Techdinamics in providing the Services. Techdinamics may provide Personal Information to its overseas offices as required to provide the Services or administrative functions related to the Services. Client expressly consents to Techdinamics' use of its overseas personnel on this basis. Techdinamics will provide a list of its entities, upon Client's reasonable request, who will be processing the Personal Information under the Agreement. Techdinamics may also send data, including Personal Information, outside of Canada or the EEA to other datacenters for disaster recovery.
10. Intellectual Property Rights
- Any and all right, title, and interest in and to the Services and Content, including all IP Rights therein, are and will remain with Techdinamics. With respect to any Third-Party Materials, the applicable third-party providers own all right, title and interest, including all IP Rights, in and to the Third-Party Materials.
- Techdinamics shall retain the right to reuse the ideas, concepts, know-how, and techniques derived from the rendering of the Services so long as it does not require the disclosure of any of Client's Confidential Information.
- Techdinamics retains and shall be entitled to any and all protections afforded under Provincial, State, and Federal and International statutory, common law and civil law with respect to its IP Rights, including for any materials which were prepared, developed or used by Techdinamics prior to or outside the course of completing the Services performed under the terms of the Agreement.
- In the event (and to the extent) that any deliverable contains any items or elements which are Techdinamics' IP Rights, Techdinamics grants to Client a limited, non-exclusive, non-transferable, license to use such Techdinamics' IP Rights in such deliverables, only to the extent necessary to fulfill the scope of work described in the Agreement and only during the Term. These protections shall not cover Confidential Information of Techdinamics.
- Unless otherwise stated in the Agreement, the reproduction, distribution, or transfer, by any means or methods, whether direct or indirect, of any of Techdinamics' IP Rights, Confidential Information, and proprietary information and those of Techdinamics' agents and any Third-Party Materials by Client is strictly prohibited.
11. Export Restrictions
No Services or Content may be accessed, used, exported, or redistributed in any form in or to any country prohibited by Canadian export laws or any other laws governing Techdinamics in the delivery of the Services or to residents or nationals of any such countries. Client agrees to comply with all applicable national and international laws that apply to the Services and Content, including without limitation Canadian export laws.
12. Security
Each party agrees that its respective personnel, when using or accessing the premises or technology systems of the other party, shall comply with all applicable security policies and security requirements in effect at such premises, copies of which shall be provided in advance. If any agent, employee, contractor or representative of a party shall fail or refuse to abide by such policies, the said agent, employee, contractor or representative may be prohibited from using or accessing such premises or systems. Material additions and changes to Client security policies after the Effective Date must be communicated immediately to Techdinamics.
13. Non-Solicitation
During the Term and for two (2) years thereafter, without Techdinamics' prior written consent, neither Client nor any of its Affiliates shall, directly or indirectly, solicit for partnership or employment, offer partnership or employment to, or employ or engage in any capacity, including as an employee, partner, consultant, independent contractor or advisor, any Person who (a) is employed or engaged by Techdinamics or its Affiliates and involved in providing the Services, or (b) was employed or engaged by Techdinamics or its Affiliates within the twelve (12) months preceding such solicitation, offer, or employment and engagement and was involved in providing the Services.
14. System Maintenance; Downtime
- The Services and Content will be inaccessible at certain times for scheduled system maintenance ("Maintenance Time"). While Techdinamics seeks to schedule Maintenance Time during non-peak hours and to provide twenty-four (24) hours advance notice to Client, these practices cannot be guaranteed. In addition, the Services and Content may be subject to limitations, interruptions, outages, and other problems inherent in the use of the internet and electronic communications including, without limitation, any failure, interruption, outage or other problem with any software, hardware, system, network, facility, or other matter not supplied by Techdinamics under the Agreement ("Outages"). Techdinamics is not responsible for any liabilities or Losses of Client resulting from any such Outages or any Maintenance Time.
- If the Services and Content become inaccessible for reasons within Techdinamics' control in excess of a total of forty-five (45) minutes during a calendar month in the Term, other than for Maintenance Time and excluding any time associated with Outages ("Downtime"), Techdinamics will provide Client, upon Client's written request, the following service fee credit for any such Downtime: Techdinamics will provide Client a credit of five percent (5%) of Client's monthly service Fee for each 30 minutes of Downtime (provided that, for certainty, such forty-five (45) minute threshold has been exceeded) up to a maximum credit of twenty-five percent (25%) of Client's monthly service Fee. Techdinamics will have no obligation to provide credits for Downtime unless: (i) Client reports the Service interruption to Techdinamics immediately upon becoming aware of it; and (ii) requests the credit in writing within ten (10) days of the Service becoming inaccessible. The maximum amount of service fee credits for Downtime over the entire Term is equal to one (1) month of Fees. THIS CREDIT SHALL BE CLIENT'S SOLE AND EXCLUSIVE REMEDY FOR DOWNTIME.
- Client agrees to provide assistance to Techdinamics in resolving Service errors. If Client fails to assist Techdinamics in resolving any such Service errors, such period of time in which Client fails to cooperate with Techdinamics shall not count as Downtime.
- If Techdinamics' performance of the Services and the Agreement is delayed or otherwise not provided due to causes beyond the reasonable control of Techdinamics, such as fire, explosion, strike, shortage of energy sources, facilities, material or labour, delay or lack of communication facilities, breakdown or accident, compliance with or other action taken to carry out the intent or purpose of any law, regulation, or other requirement of any government authority, epidemics and pandemics, and the unavailability of any services of any Subcontractor used by Techdinamics, Techdinamics shall not be deemed to have breached the Agreement and it shall have such additional time to perform its obligations as may be reasonably necessary under the circumstances.
15. Changes to the Services
Techdinamics reserves the right, in its sole discretion, to make any changes to the Services and Content that it deems necessary or useful to: (a) maintain or enhance: (i) the quality or delivery of the Services to its customers; (ii) the competitive strength of or market for the Services; or (iii) the cost efficiency or performance of the Services; or (B) to comply with any applicable law. In addition, either party may, at any time during the Term, request in writing changes to the scope of the Services in accordance with the change procedure set forth in Appendix D. No requested changes will be effective unless and until memorialized in a written Change Order (as defined in Appendix D) signed by the parties.
16. Chargebacks
- Techdinamics has no liability or responsibility to Client whatsoever, whether financial or otherwise, for processes or flows to the Services introduced by Client that were not tested by Techdinamics during any user acceptance testing or during the post-monitoring support period for the Services.
- If Client is a techSHIP Platform user, under no circumstances shall Techdinamics be responsible for any carrier contracts or carrier rates supplied or any misbilled amounts by a carrier.
- Subject to as provided above in this Section 16, if Client has a chargeback event related to the Services that arises due to the fault of Techdinamics and reports it to Techdinamics in accordance with the Agreement, then Techdinamics will provide reimbursement for such chargeback event of up to a maximum amount of one (1) monthly billing period of Fees for the affected Services. Subject chargebacks will only be for cost of product subject to the chargeback event and will not include amounts attributed to markups, additional services or otherwise. The maximum amount of reimbursement for chargeback events over the entire Term is equal to one month (1) of Fees. THIS REIMBURSEMENT SHALL BE CLIENT'S SOLE AND EXCLUSIVE REMEDY FOR CHAREBACK EVENTS.
- Client agrees to report the chargeback events within the following timelines, otherwise there shall be no reimbursement for the chargeback event: (i) Electronic Data Interchange: ninety (90) days from the initial transaction; (ii) Transportation: thirty (30) days from the first Carrier invoice; and (iii) Other: thirty (30) days from the initial incident.
- Techdinamics will review the chargeback information and respond to Client within sixty (60) days after Client reported the chargeback event.
17. Representations, Warranties and Covenants
- Each party represents and warrants to the other that: (i) it has all requisite power and capacity to enter into and perform the Agreement; (ii) the entering into of the Agreement has been duly authorized by all necessary action on its part; and (iii) the Agreement will constitute the legal, valid and binding obligation of such party, enforceable against it in accordance with its terms.
- By accessing and using the Services and Content, Client: (i) represents and warrants to Techdinamics that Client is not restricted from receiving or using the Services and Content, including compliance with all applicable Canadian export laws and other host country import laws; (ii) agrees that Client shall not export, redistribute, or re-export any Services or Content, or any process or service that is a direct product of any Services or Content; and (iii) represents and warrants to Techdinamics that Client owns or otherwise has, and will have, the necessary rights and consents in and relating to any Client Data such that, as received by Techdinamics in accordance with the Agreement, Techdinamics does not and will not infringe, misappropriate, or otherwise violate any IP Rights or any privacy or other applicable laws or rights of any third-party.
- EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN THIS SECTION 17 AND ELSEWHERE IN THE AGREEMENT, ALL SERVICES AND CONTENT ARE PROVIDED BY TECHDINAMICS "AS IS" AND TECHDINAMICS HEREBY DISCLAIMS ALL OTHER CONDITIONS AND WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, AND TECHDINAMICS SPECIFICALLY DISCLAIMS ALL IMPLIED CONDITIONS AND WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE OR TRADE PRACTICE. WITHOUT LIMITING THE FOREGOING, TECHDINAMICS MAKES NO CONDITION OR WARRANTY OF ANY KIND THAT THE SERVICES OR CONTENT, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL: (I) MEET CLIENT'S OR ANY OTHER PERSON'S REQUIREMENTS; (II) OPERATE WITHOUT INTERRUPTION; (III) ACHIEVE ANY INTENDED RESULT; (IV) BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, OR OTHER SERVICE; OR (V) BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE. ALL THIRD-PARTY MATERIALS ARE PROVIDED "AS IS" AND ANY REPRESENTATION OR WARRANTY OF OR CONCERNING ANY THIRD-PARTY MATERIALS IS STRICTLY BETWEEN CLIENT AND THE THIRD-PARTY OWNER OR DISTRIBUTOR OF THE THIRD-PARTY MATERIALS.
18. Limitation of Liability
- IN NO EVENT WILL TECHDINAMICS, ANY OF ITS AFFILIATES, SUBCONTRACTORS, LICENSORS, SERVICE PROVIDERS, OR SUPPLIERS, OR ANY OF THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SHAREHOLDERS OR SUBCONTRACTORS, BE LIABLE TO CLIENT OR TO ANY THIRD-PARTY UNDER OR IN CONNECTION WITH THE AGREEMENT AND THE SERVICES AND CONTENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT, STRICT LIABILITY, AND OTHERWISE, FOR ANY: (I) LOSS OF PRODUCTION, USE, BUSINESS, REVENUE, OR PROFIT OR DIMINUTION IN VALUE; (II) IMPAIRMENT, INABILITY TO USE, OR LOSS, INTERRUPTION, OR DELAY OF THE SERVICES, OTHER THAN FOR THE ISSUANCE OF ANY APPLICABLE SERVICE FEE CREDITS UNDER SECTION 14; (III) LOSS, DAMAGE, CORRUPTION, OR RECOVERY OF DATA; (IV) BREACH OF DATA OR SYSTEM SECURITY; (V) CONSEQUENTIAL, INCIDENTAL, INDIRECT, SPECIAL, AGGRAVATED, PUNITIVE, OR EXEMPLARY DAMAGES, IN EACH CASE, REGARDLESS OF WHETHER SUCH PERSONS WERE ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES, OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE, AND NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE; OR (VI) DAMAGES THAT COULD HAVE BEEN AVOIDED, USING REASONABLE DILIGENCE, BY CLIENT OR SUCH OTHER THIRD-PARTY.
- IN NO EVENT WILL THE COLLECTIVE AGGREGATE LIABILITY OF TECHDINAMICS OR ANY OF ITS AFFILIATES TO CLIENT OR TO ANY THIRD-PARTY UNDER OR IN CONNECTION WITH THE AGREEMEN, THE SERVICES AND CONTENT, UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT, STRICT LIABILITY, AND OTHERWISE, EXCEED AN AMOUNT EQUAL TO THE FEES (EXCLUDING UNAMORTIZED PREPAID FEES, IF ANY) PAID BY CLIENT TO TECHDINAMICS IN THE SIX (6) MONTH PERIOD PRCEDING ANY CLAIM.
- Client agrees that the Services do not replace the need for Client to maintain regular data backups or redundant data archives. Techdinamics has no obligation or liability for any loss, alteration, destruction, damage, corruption, or recovery of Client Data.
19. Compliance with Laws
Each party shall comply with all applicable laws in connection with the performance of its obligations under the Agreement.
20. Indemnification
Client shall indemnify, defend and hold harmless Techdinamics from and against any and all Losses suffered or incurred by Techdinamics, directly or indirectly, in connection with: (a) any data provided by Client; (b) any other materials or information (including any documents, data, specifications, software, content or technology) provided by or on behalf of Client, including Techdinamics' compliance with any specifications or directions provided by or on behalf of Client to the extent prepared without contribution by Techdinamics; (c) any breach of Client's representations, warranties, covenants or obligations under the Agreement; and (d) the negligence or wilful misconduct by Client or any third-party on behalf of Client in connection with the Agreement.
21. Insurance
Techdinamics shall, at its sole cost and expense, take out and keep in full force and effect, adequate insurance coverage sufficient in kind and in scope to comply with its obligations hereunder.
22. Remedies and Dispute Resolution
If a dispute arises out of or relates to the Agreement, or the breach thereof, then the parties agree to use the dispute resolution process set forth in Appendix A attached hereto. Such procedure shall not limit or impair the right of a party to seek equitable relief (including, but not limited to, injunctive relief) for any breach or alleged breach of the Agreement, including, without limitation, for any breach or alleged breach of any obligations set forth in Section 7 (Confidentiality), Section 8 (Data Security) and Section 13 (Non-Solicitation) and for the protection of a party's proprietary rights. The parties agree that a party need not invoke the procedures set forth in Appendix A prior to seeking such equitable relief in such circumstances.
23. Waiver of Jury Trial
EACH OF THE PARTIES HEREBY AND INTENTIONALLY WAIVE THE RIGHT ANY OF THEM MAY HAVE TO A TRIAL BY JURY IN RESPECT OF ANY LITIGATION BASED ON THE AGREEMENT, OR ARISING OUT OF, UNDER OR IN CONNECTION WITH THE AGREEMENT, OR ANY COURSE OF CONDUCT, COURSE OF DEALING, STATEMENTS (WHETHER VERBAL OR WRITTEN), OR ACTIONS OF ANY PARTY. THIS PROVISION IS A MATERIAL INDUCEMENT FOR THE PARTIES ENTERING INTO THE AGREEMENT.
24. Relationship of the Parties
The relationship between the parties is that of independent contractors. Nothing contained in the Agreement shall be construed as creating any agency, partnership, joint venture, or other form of joint enterprise, employment, or fiduciary relationship between the parties, and neither party shall have authority to contract for or bind the other party in any manner whatsoever. For certainty, each party shall pay and accept full and exclusive liability for the assessments or contributions imposed on such party's personnel and employees, including by the Employment Insurance Act (Canada), Canada Pension Plan Act, Income Tax Act (Canada), the Workplace Safety and Insurance Act (Ontario), as applicable, and similar laws.
25. Techdinamics Independent of Resellers
26. Assignment
Client may not assign or otherwise transfer any of its rights, or delegate or otherwise transfer any of its obligations, under the Agreement, in whole or in part, without the prior written consent of Techdinamics.
27. Entire Agreement; Amendments, Updates and Variations
- The Agreement (including the Appendixes to these Terms) and any documents incorporated by reference herein, contain the entire agreement between the parties in respect of the Services and Content and supersedes all prior agreements, negotiations, representations, requests for proposals, proposals, letters of intent, and understandings between the parties, whether oral or written.
- No variation to the Agreement shall be effective unless it is made in accordance with the Agreement.
- Techdinamics reserves the right in its sole discretion to revise and update these Terms from time to time. Any and all such modifications are effective immediately upon posting and apply to all continued delivery and access of the Services and Content. Client agrees to periodically review these Terms in order to be aware of any such modifications and Client's continued use and access to the Services shall constitute its acceptance of such revisions and updates.
- The scope of Services may be changed by agreement of the parties pursuant to Section 15 and Appendix D.
- Any Transaction Document may only be amended by mutual written agreement of Techdinamics and Client.
28. Consents and Approvals
Where either party has a right of consent or approval in respect of any matter in connection with the Agreement, unless otherwise specifically provided herein, it shall not unreasonably withhold such consent or approval and shall endeavour to respond to the other party's request for such consent or approval in a timely manner. The foregoing requirement shall not apply in respect of a request to amend or renew the provisions of the Agreement, including any change in the scope of Services set forth in any Transaction Document, which change shall be completed pursuant to Section 15 and Appendix D.
29. Notices
Subject to as provided in a Transaction Document, all notices required by or relating to the Agreement shall be in writing and sent to the party providing such notice and shall be sufficiently given if delivered in person or email address to the address and person for the other party set out in any Transaction Document. Any such notice shall be deemed to have been given and received on the day on which it was delivered or transmitted (or, if such day is not a Business Day, on the next following Business Day). Any Party may at any time change its address for service from time to time by giving notice to the other in accordance with these Terms.
30. Priority of Documentation
- Whenever the terms and conditions of these Terms, on the one hand, conflict with the terms and conditions of any Transaction Document, on the other hand, these Terms shall supersede and prevail over such conflicting terms and conditions contained in any Transaction Document.
- Whenever the contents of an Appendix to these Terms which contains terms and conditions related to a type of Service broadly, on the one hand, conflict with any terms and conditions related to a specific type of Service described in any Transaction Document specifically, on the other hand, the more specific description in the Transaction Document shall supersede and prevail over such conflicting terms contained in any Appendix to these Terms.
31. Subcontracting
Techdinamics reserves the right to utilize Subcontractors to perform its obligations under the Agreement.
32. Publicity
Both Techdinamics and Client may use the other as a favorable reference and indicate to third-parties that such party provides or receives (as applicable) services hereunder. The parties may disclose the existence and general nature of the Agreement, but the Fees and other information set forth in any Transaction Document shall be considered Confidential Information. Techdinamics, in connection with its marketing activities, can disclose to prospective clients general information of Client, including the use of Client's trademarks, service marks and trade names.
33. Cooperation
The parties shall cooperate with and assist one another and take such action and execute such further assurances as may be reasonably necessary to implement and carry into effect the Agreement to its full extent.
34. Governing Law; Forum
- The Agreement (for certainty, including these Terms and each applicable Transaction Document) shall be governed by and construed in accordance with the laws of the Province of Ontario, Canada, and the federal laws of Canada applicable therein, without giving effect to any choice or conflict of law provision, principle, or rule (whether of the laws of the Province of Ontario, Canada or any other jurisdiction) and notwithstanding Client's domicile, residence, or physical location.
- Subject to Appendix A, any action, litigation or proceeding arising out of or relating to the Agreement and the Services and Content will be instituted in the courts of the Province of Ontario, Canada and each party irrevocably submits to the exclusive jurisdiction of such courts in any such action, litigation or proceeding. Client waives any and all objections to the exercise of jurisdiction over it by such courts and to the venue of such courts. Each Party agrees that a final judgment in any such action, litigation or proceeding is conclusive and may be enforced in any other jurisdictions in any manner provided by law.
35. General
- In the Agreement, wherever reference is made to a specific Law, the reference shall be deemed to include any successor, replacement, substituted or amended version thereof.
- All headings herein are included solely for convenience and do not affect the interpretation hereof.
- The Appendices attached to the Agreement form part of the Agreement are incorporated by reference.
- Unless the context clearly indicates otherwise, words used in the singular include the plural and words used in the plural include the singular. Where used in the Agreement, the word "including" shall be deemed to mean "including without limiting the generality of the foregoing".
- Unless otherwise specified in a Transaction Document, all references to monetary amounts in the Agreement are expressed in the currency of the United States of America and all amounts payable pursuant to the Agreement shall be paid in United States of America currency.
- Each provision contained in the Agreement is distinct and severable and a declaration of invalidity or unenforceability of any such provision or part thereof by a court of competent jurisdiction shall not affect the validity or enforceability of any of the other provisions of the Agreement.
- No rule of strict construction shall be applied against any party with respect to the Agreement.
- the Agreement shall accrue to benefit of and be binding upon the parties and their respective successors and permitted assigns.
- The Agreement is for the sole benefit of the parties and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer upon any other Person any legal or equitable right, benefit or remedy of any nature whatsoever under or by reason of the Agreement.
- No waiver by any party of any of the provisions hereof shall be effective unless explicitly set forth in writing and signed by the party so waiving. Except as otherwise set forth in the Agreement, no failure to exercise, or delay in exercising, any rights, remedy, power or privilege arising from the Agreement shall operate or be construed as a waiver thereof; nor shall any single or partial exercise of any right, remedy, power or privilege hereunder preclude any other or further exercise thereof or the exercise of any other right, remedy, power or privilege.
APPENDIX A
DISPUTE RESOLUTION PROCESS
The following procedures shall be used to resolve any disputes, claims or controversies ("Disputes") between the Parties.
- Discussions Between Management
The parties shall first employ the full resources of the Executive Committee to resolve all disputes expeditiously and informally. The Executive Committee shall be composed of Techdinamics' Chief Operating Officer and Client's Chief Operating Officer or another designated individual with comparable authority (the "Executive Committee") who shall act in good faith to resolve the Dispute for a period of 15 days following a party having given notice of a Dispute (or such longer period as may be mutually agreed upon). In the event that such Dispute cannot be resolved by the Executive Committee within such time period, the parties shall each involve another senior executive officer of the respective parties, each of whom shall review and discuss the Dispute between them and attempt to resolve it by agreement for an additional 15 day period (or such longer period as may be mutually agreed upon). If such Dispute cannot be resolved by the foregoing method within such period of time (including any mutually agreed upon extension thereof), the parties shall resort to the mediation procedure set forth below.
- Mediation
- If the process outlined in above fails to produce a solution acceptable to both parties, either party may request to submit a Dispute to mediation by providing written notice to the other party. In the mediation process, the parties will try to resolve their differences voluntarily with the aid of an arm's length, independent mediator, who shall attempt to facilitate negotiations. The mediation shall take place in Toronto, Ontario, Canada. The language of the mediation shall be English. The mediator shall be selected by agreement of the parties. If the parties cannot otherwise agree on a mediator, a mediator shall be designated by the ADR Institute of Ontario (Canada) on application of any party.
- The mediation shall be conducted as specified by the mediator and agreed upon by the parties. The parties agree to discuss their differences in good faith and to attempt, with the assistance of the mediator, to reach an amicable resolution of the Dispute.
- The mediation shall be confidential. The mediator may not testify for either party in any later proceeding relating to the Dispute. No recording or transcript shall be made of the mediation proceedings.
- Each party shall bear its own costs in the mediation. The fees and expenses of the mediator shall be shared equally by the parties.
- Arbitration
- If a Dispute has not been resolved within 30 days after the written notice beginning the mediation process (or a longer period, if the parties agree to extend the mediation period), the mediation shall terminate, and the parties agree that the dispute shall be settled by arbitration.
- The arbitration shall be conducted in the City of Toronto, Ontario, Canada in accordance with the Arbitration Act, 1991, (Ontario).
- The Parties shall attempt to mutually agree on a single duly qualified arbitrator; provided that, if they cannot mutually agree on a single arbitrator within twenty (20) days after the date on which the arbitration provisions in this Appendix come into effect, any Party may commence proceedings in the Ontario (Canada) Superior Court of Justice requesting the appointment of a single duly qualified arbitrator, which arbitrator must be a Person who is independent to each of the Parties.
- The arbitrator shall conduct the arbitration proceedings in relation to the Dispute before such arbitrator in the English language and in accordance with the applicable rules of the Arbitration Act, 1991 (Ontario).
- Any issue concerning the extent to which any Dispute is subject to arbitration, or concerning the applicability, interpretation, or enforceability of these procedures, including any contention that all or part of these procedures are invalid or unenforceable, shall be governed by the arbitration rules and resolved by the arbitrator.
- To the extent permitted by the arbitration rules and the arbitrator, the parties may appear by electronic means.
- Forthwith following the conclusion of such arbitration proceedings, the arbitrator shall set forth his or her decision in writing (which decision shall enumerate in reasonable detail the basis therefor) and a copy of such decision shall be sent by the arbitrator to each Party.
- Any judgment or award rendered by the arbitrator shall be final, conclusive and binding (clerical errors and omissions and fraud only excepted) and judgment may be entered on any final, unappealable arbitration award.
- Each Party shall bear its own costs in the arbitration. The fees and expenses of the arbitration shall be shared equally by the parties; provided that, at the end of the arbitration proceeding, the arbitrator shall have the right to allocate the fees of the arbitrator among the Parties in such manner as the arbitrator may determine, acting reasonably.
- The Parties agree that any arbitration proceedings, as well as the fact such proceedings occurred, shall be kept confidential by the Parties and may only be disclosed to their personal representatives and legal, accounting and other professional advisors or as required by all then applicable laws and insofar as is necessary to confirm, correct, vacate or enforce any agreement or award made pursuant thereto.
APPENDIX B
TECHSHIP PLATFORM ADDENDUM
Techdinamics' techSHIP Platform is a cloud application hosted on the Amazon Web Services ("AWS") platform. At the present time techSHIP Platform is deployed in both US and Canadian data centers.
- Functionality. Techdinamics represents and warrants that the techSHIP Platform will perform materially in accordance with the then current version of the applicable documentation describing techSHIP Platform and that Techdinamics will not decrease the functionality of the techSHIP Platform during the Term.
- Vulnerability/Patching. To protect both systems and data from being compromised by external or internal entities, Techdinamics follows the following procedure to ensure known system vulnerabilities are addressed: On regular bases, but not less than once every quarter, the Techdinamics technical team reviews the available patches and alerts related to the operating system, application development framework (in-house applications), and server level updates. When appropriate, the required patches are installed, first in development, and then in production environments.
- Access Control. Access to different systems in techSHIP Platform and data is limited to only those of Client who need access techSHIP Platform to complete their business functions, including limiting access via defined IP addresses specific to Client. User roles are used to separate different levels of access. User access to applications and data is restricted by a combination of username (using email address) and password. The passwords have a pre-set level of complexity (minimum length, upper/lower characters, special characters). Passwords are stored as encrypted. Authorized Users can reset the password using the self-service portal. Data between the web client and backend application are transmitted using HTTPS protocol. At the present time TLC 1.2 is used for encryption.
- Monitoring / Logs. Server and application logs are being used to keep track of changes in the application and server. The server hardware (disks, controllers, memory, and CPU) is monitored for hardware faults using AWS monitoring tools. Changes to the techSHIP Platform configurations are visible to users on the techSHIP Platform portal. These logs are used to help identify changes made on the portal configuration. On the server-side, logs are used to monitor for abnormal events. These logs are reviewed periodically to identify security violations and abnormalities. Performance monitoring helps to identify bottlenecks and other performance-associated issues. Performance monitoring is achieved through monitoring modules such as scripts, utilities, and/or 3rd party applications. Server load logs are monitored and reviewed regularly.
APPENDIX C
HOSTING SERVICES ADDENDUM
- Notice Regarding Hosting Services. Where the Services call for hosting Client applications or data, Client acknowledges that the hosting service may be contracted by Techdinamics from a third-party vendor on behalf of Client as a pass-through Service. Techdinamics assumes no liability for such hosted services more than the limitation of liability given by the third-party provider of these services under such third-party's standard terms. All service levels and service level credits, if any, with respect to such hosting vendor will be defined and set forth in the applicable Transaction Document (including hosting services agreement). Any fees and early termination charges or cancellation provisions will likewise be specified in the appropriate Transaction Document (including hosting services agreement).
- Change. Techdinamics reserves the right to change third-party hosting providers in its reasonable judgment where appropriate. If Techdinamics elects to change hosting providers during the Term, it shall do so on reasonable advance written notice to Client and at its own cost and exercise reasonable efforts to minimize disruption to Client's use of the Services.
APPENDIX D
CHANGES TO THE SERVICES
- Definitions
As used in this Appendix, "Change Order" shall mean a written instrument executed by the parties stating their mutual agreement to: (i) a change in any Service(s) provided pursuant to any Transaction Document; (ii) the amount of any related adjustment to the Fees to be charged to Client as set out in any Transaction Document; and (iii) any other changes to specific terms relating to the Services in any Transaction Document.
- Change Order Request Procedure
- Both Techdinamics and Client may, in writing, request a change to any specific scope of Services under any Transaction Document (a "Change Request").
- If Client delivers a Change Request, on or before the tenth (10) Business Day following the date on which Techdinamics received the Change Request, Techdinamics will submit a detailed proposal (the "Change Order Proposal") which shall include: (i) if Techdinamics accepts the requested change(s) to the Services, in whole or in part; (ii) the resulting increase or decrease, if any, in the Fees to be charged to Client; and (iii) any other information reasonably requested by Techdinamics.
- If Techdinamics wishes to make a Change Request, it shall submit a Change Order Proposal to Client that shall include an explanation of the proposed change(s) to the Services.
- If the Change Order Proposal is satisfactory to Client, the parties shall, within five (5) Business Days of Client receiving such Change Order Proposal, execute a Change Order.
- If within five (5) Business Days of Client receiving a Change Order Proposal the parties cannot agree on terms of the change, the parties may resolve such dispute in accordance with Appendix A or agree that there shall be no change.
- Until a Change Order has been executed by the parties, the terms and conditions under the Agreement shall apply, including Client's continued agreement to pay Techdinamics the Fees as and when due in accordance with the terms of the Agreement.
APPENDIX E
STANDARD CONTRACTUAL CLAUSES
SECTION I
Clause 1
Purpose and scope
- The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)[1] for the transfer of personal data to a third country.
-
- the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter “entity/ies”) transferring the personal data, as listed in Annex I.A. (hereinafter each “data exporter”), andThe Parties:
- the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A. (hereinafter each “data importer”)
have agreed to these standard contractual clauses (hereinafter: “Clauses”).
- These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.
- The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.
Clause 2
Effect and invariability of the Clauses
- These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46 (2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.
- These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.
Clause 3
Third-party beneficiaries
- Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:
- Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;
- Clause 8 - Clause 8.1(b), 8.9(a), (c), (d) and (e);
- Clause 9 - Clause 9(a), (c), (d) and (e)
- Clause 12 - Clause 12(a), (d) and (f);
- Clause 13;
- Clause 15.1(c), (d) and (e);
- Clause 16(e);
- Clause 18 - Clause 18(a) and (b);
- Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.
Clause 4
Interpretation
- Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.
- These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
- These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.
Clause 5
Hierarchy
In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.
Clause 6
Description of the transfer(s)
The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.
Clause 7 - Optional
Docking clause
- An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.
- Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.
- The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.
SECTION II – OBLIGATIONS OF THE PARTIES
Clause 8
Data protection safeguards
The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.
8.1 Instructions
- The data importer shall process the personal data only on documented instructions from the data exporter. The data exporter may give such instructions throughout the duration of the contract.
- The data importer shall immediately inform the data exporter if it is unable to follow those instructions.
8.2 Purpose limitation
The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I.B, unless on further instructions from the data exporter.
8.3 Transparency
On request, the data exporter shall make a copy of these Clauses, including the Appendix as completed by the Parties, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including the measures described in Annex II and personal data, the data exporter may redact part of the text of the Appendix to these Clauses prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand the its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information. This Clause is without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.
8.4 Accuracy
If the data importer becomes aware that the personal data it has received is inaccurate, or has become outdated, it shall inform the data exporter without undue delay. In this case, the data importer shall cooperate with the data exporter to erase or rectify the data.
8.5 Duration of processing and erasure or return of data
Processing by the data importer shall only take place for the duration specified in Annex I.B. After the end of the provision of the processing services, the data importer shall, at the choice of the data exporter, delete all personal data processed on behalf of the data exporter and certify to the data exporter that it has done so, or return to the data exporter all personal data processed on its behalf and delete existing copies. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit return or deletion of the personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process it to the extent and for as long as required under that local law. This is without prejudice to Clause 14, in particular the requirement for the data importer under Clause 14(e) to notify the data exporter throughout the duration of the contract if it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under Clause 14(a).
8.6 Security of processing
- The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter “personal data breach”). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonymisation, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.
- The data importer shall grant access to the personal data to members of its personnel only to the extent strictly necessary for the implementation, management and monitoring of the contract. It shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
- In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the breach, including measures to mitigate its adverse effects. The data importer shall also notify the data exporter without undue delay after having become aware of the breach. Such notification shall contain the details of a contact point where more information can be obtained, a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), its likely consequences and the measures taken or proposed to address the breach including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide all information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.
- The data importer shall cooperate with and assist the data exporter to enable the data exporter to comply with its obligations under Regulation (EU) 2016/679, in particular to notify the competent supervisory authority and the affected data subjects, taking into account the nature of processing and the information available to the data importer.
8.7 Sensitive data
Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offences (hereinafter “sensitive data”), the data importer shall apply the specific restrictions and/or additional safeguards described in Annex I.B.
8.8 Onward transfers
The data importer shall only disclose the personal data to a third-party on documented instructions from the data exporter. In addition, the data may only be disclosed to a third-party located outside the European Union[2] (in the same country as the data importer or in another third country, hereinafter “onward transfer”) if the third-party is or agrees to be bound by these Clauses, under the appropriate Module, or if:
- the onward transfer is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;
- the third-party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 Regulation of (EU) 2016/679 with respect to the processing in question;
- the onward transfer is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or
- the onward transfer is necessary in order to protect the vital interests of the data subject or of another natural person.
Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.
8.9 Documentation and compliance
- The data importer shall promptly and adequately deal with enquiries from the data exporter that relate to the processing under these Clauses.
- The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data importer shall keep appropriate documentation on the processing activities carried out on behalf of the data exporter.
- The data importer shall make available to the data exporter all information necessary to demonstrate compliance with the obligations set out in these Clauses and at the data exporter’s request, allow for and contribute to audits of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non-compliance. In deciding on a review or audit, the data exporter may take into account relevant certifications held by the data importer.
- The data exporter may choose to conduct the audit by itself or mandate an independent auditor. Audits may include inspections at the premises or physical facilities of the data importer and shall, where appropriate, be carried out with reasonable notice.
- The Parties shall make the information referred to in paragraphs (b) and (c), including the results of any audits, available to the competent supervisory authority on request.
Clause 9
Use of sub-processors
- OPTION 1: SPECIFIC PRIOR AUTHORISATION The data importer shall not sub-contract any of its processing activities performed on behalf of the data exporter under these Clauses to a sub-processor without the data exporter’s prior specific written authorisation. The data importer shall submit the request for specific authorisation at least 30 days prior to the engagement of the sub-processor, together with the information necessary to enable the data exporter to decide on the authorisation. The list of sub-processors already authorised by the data exporter can be found in Annex III. The Parties shall keep Annex III up to date.
OPTION 2: GENERAL WRITTEN AUTHORISATION The data importer has the data exporter’s general authorisation for the engagement of sub-processor(s) from an agreed list. The data importer shall specifically inform the data exporter in writing of any intended changes to that list through the addition or replacement of sub-processors at least 30 days in advance, thereby giving the data exporter sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). The data importer shall provide the data exporter with the information necessary to enable the data exporter to exercise its right to object. - Where the data importer engages a sub-processor to carry out specific processing activities (on behalf of the data exporter), it shall do so by way of a written contract that provides for, in substance, the same data protection obligations as those binding the data importer under these Clauses, including in terms of third-party beneficiary rights for data subjects.[3] The Parties agree that, by complying with this Clause, the data importer fulfils its obligations under Clause 8.8. The data importer shall ensure that the sub-processor complies with the obligations to which the data importer is subject pursuant to these Clauses.
- The data importer shall provide, at the data exporter’s request, a copy of such a sub-processor agreement and any subsequent amendments to the data exporter. To the extent necessary to protect business secrets or other confidential information, including personal data, the data importer may redact the text of the agreement prior to sharing a copy.
- The data importer shall remain fully responsible to the data exporter for the performance of the sub-processor’s obligations under its contract with the data importer. The data importer shall notify the data exporter of any failure by the sub-processor to fulfil its obligations under that contract.
- The data importer shall agree a third-party beneficiary clause with the sub-processor whereby - in the event the data importer has factually disappeared, ceased to exist in law or has become insolvent - the data exporter shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.
Clause 10
Data subject rights
- The data importer shall promptly notify the data exporter of any request it has received from a data subject. It shall not respond to that request itself unless it has been authorised to do so by the data exporter.
- The data importer shall assist the data exporter in fulfilling its obligations to respond to data subjects’ requests for the exercise of their rights under Regulation (EU) 2016/679. In this regard, the Parties shall set out in Annex II the appropriate technical and organisational measures, taking into account the nature of the processing, by which the assistance shall be provided, as well as the scope and the extent of the assistance required.
- In fulfilling its obligations under paragraphs (a) and (b), the data importer shall comply with the instructions from the data exporter.
Clause 11
Redress
- The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.
- In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them.
- Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to:
- lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13;
- refer the dispute to the competent courts within the meaning of Clause 18.
- The Parties accept that the data subject may be represented by a not-for-profit body, organisation or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.
- The data importer shall abide by a decision that is binding under the applicable EU or Member State law.
- The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws.
Clause 12
Liability
- Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.
- The data importer shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data importer or its sub-processor causes the data subject by breaching the third-party beneficiary rights under these Clauses.
- Notwithstanding paragraph (b), the data exporter shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data exporter or the data importer (or its sub-processor) causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter and, where the data exporter is a processor acting on behalf of a controller, to the liability of the controller under Regulation (EU) 2016/679 or Regulation (EU) 2018/1725, as applicable.
- The Parties agree that if the data exporter is held liable under paragraph (c) for damages caused by the data importer (or its sub-processor), it shall be entitled to claim back from the data importer that part of the compensation corresponding to the data importer’s responsibility for the damage.
- Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.
- The Parties agree that if one Party is held liable under paragraph (e), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its / their responsibility for the damage.
- The data importer may not invoke the conduct of a sub-processor to avoid its own liability.
Clause 13
Supervision
- The supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located, as indicated in Annex I.C, shall act as competent supervisory authority.
- The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.
SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES
Clause 14
Local laws and practices affecting compliance with the Clauses
- The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.
- The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:
- the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;
- the laws and practices of the third country of destination– including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards[4];
- any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.
- The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.
- The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.
- The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a).
- Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.
Clause 15
Obligations of the data importer in case of access by public authorities
15.1 Notification
- The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it:
- receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or
- becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.
- If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.
- Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.).
- The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.
- Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.
15.2 Review of legality and data minimisation
- The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).
- The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.
- The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.
SECTION IV – FINAL PROVISIONS
Clause 16
Non-compliance with the Clauses and termination
- The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.
- In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).
- The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:
- the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;
- the data importer is in substantial or persistent breach of these Clauses; or
- the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.
In these cases, it shall inform the competent supervisory authority of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. - Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
- Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.
Clause 17
Governing law
These Clauses shall be governed by the law of the EU Member State in which the data exporter is established. Where such law does not allow for third-party beneficiary rights, they shall be governed by the law of another EU Member State that does allow for third-party beneficiary rights. The Parties agree that this shall be the law as stated in Annex I C.
Clause 18
Choice of forum and jurisdiction
- Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.
- The Parties agree that those shall be the courts as determined in Annex I C.
- A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence.
- The Parties agree to submit themselves to the jurisdiction of such courts.
[1] Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union institution or body as controller, reliance on these Clauses when engaging another processor (sub-processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295 of 21.11.2018, p. 39), to the extent these Clauses and the data protection obligations as set out in the contract or other legal act between the controller and the processor pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned.
[2] The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union's internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses.
[3] This requirement may be satisfied by the sub-processor acceding to these Clauses under the appropriate Module, in accordance with Clause 7.
[4] As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time-frame. This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular, the Parties have to take into account whether their practical experience is corroborated and not contradicted by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice, such as case law and reports by independent oversight bodies.
APPENDIX
ANNEX I
[Details to be included in a Transaction Document]
- LIST OF PARTIES
Data exporter(s):
- Name: …
Address: …
Contact person’s name, position and contact details: …
Activities relevant to the data transferred under these Clauses: …
Signature and date: …
Role (controller/processor): …
- …
Data importer(s):
- Name: …
Address: …
Contact person’s name, position and contact details: …
Activities relevant to the data transferred under these Clauses: …
Signature and date: …
Role (controller/processor): …
- …
- DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred
………………………..
Categories of personal data transferred
………………………..
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
………………………..
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
…………………………
Nature of the processing
…………………………
Purpose(s) of the data transfer and further processing
………………………..
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
……………………..
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
……………………..
- COMPETENT SUPERVISORY AUTHORITY
Identify the competent supervisory authority/ies in accordance with Clause 13 and the law/courts in accordance with Clauses 17, 18
………………………….
ANNEX II - TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
[Details to be included in a Transaction Document]
Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.
[Examples of possible measures:
Measures of pseudonymisation and encryption of personal data
Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services
Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing
Measures for user identification and authorisation
Measures for the protection of data during transmission
Measures for the protection of data during storage
Measures for ensuring physical security of locations at which personal data are processed
Measures for ensuring events logging
Measures for ensuring system configuration, including default configuration
Measures for internal IT and IT security governance and management
Measures for certification/assurance of processes and products
Measures for ensuring data minimisation
Measures for ensuring data quality
Measures for ensuring limited data retention
Measures for ensuring accountability
Measures for allowing data portability and ensuring erasure]
For transfers to (sub-) processors, also describe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter
ANNEX III – LIST OF SUB-PROCESSORS
[Details to be included in a Transaction Document]
The controller has authorised the use of the following sub-processors:
- Name: …
Address: …
Contact person’s name, position and contact details: …
Description of processing (including a clear delimitation of responsibilities in case several sub-processors are authorised): …