Prometics Master Services Agreement

 
Last updated: April 2, 2022
 
This Prometics Master Services Agreement (the “Agreement“) is entered into between Prometics Inc. (“Prometics“) and the legal entity defined as “Customer“. In this Agreement, Customer and Prometics are each referred to as a “party” and collectively as the “parties.” This Agreement includes and incorporates an Order Form, as well as the below Terms and Conditions.
 

---

 

1. Order Forms. All Order Forms signed by the parties will be governed by this Agreement and must include a description of the products and/or services to be provided (the “Service”), the work schedule for performance of the Services, the hourly rates, fees, or other reasonable costs and expenses associated with the Services, the and details regarding any technical support services or setup services to be provided by Prometics to Customer, and the term, if applicable.
 
2. Provision of Service.
   1. Generally. Prometics will provide the Service in accordance with this Agreement and the applicable Order Form. Customer may access and use the Service for its business purposes worldwide. Customer may extend its rights to its affiliates and to contractors acting on Customer’s or its affiliates’ behalf if Customer remains responsible for their compliance.
   2. Free Trial. Prometics offers a 14-day free trial. If you register for a free trial, we will make the applicable Subscription Service available to you on a trial basis free of charge until the end of 14 days, unless Customer executes an Order Form. If we include additional terms and conditions on the trial registration webpage, those will apply as well.
   3. Restrictions. Customer will not: (a) use the Service except as permitted in this Agreement; (b) decompile, disassemble, or reverse engineer the underlying software to the Service (unless this restriction is not permitted under applicable law); (c) sell, rent, lease or use the Service for time sharing purposes; (d) remove any copyright or proprietary notices contained in the Service, or (e) modify, translate, or create derivative works based on the Service or any Software (except to the extent expressly permitted by Prometics or authorized within the Service or Software).
   4. Technical Support. For any Prometics software technical support, Prometics will provide Customer, at no additional charge, technical support services within the Customer Service length of contract and extensions. Prometics will reply to requests for technical support within five (5) business days. For any other Services, Prometics will provide Purchaser with technical support after delivery of the Service for a period of six (6) months. The standard rate is $230 per hour for all time involved in helping Purchaser, which begins as soon as one of Prometics’s technicians responds to the Purchaser’s request. The minimum telephone support charge is 15 minutes. The minimum onsite support charge is 2 hours. Prometics will reply to requests for technical support within five (5) business days.
   5. Acceptance. Customer will accept or reject the Service in accordance with the acceptance criteria specified in the applicable Order Form or, if none is specified, then according to Customer’s reasonable satisfaction. If the Service or any Deliverable does not meet the warranties or criteria of this Agreement or an Order Form, Customer may, at his sole discretion: (a) require Prometics to correct, at no cost to Customer, any defective or nonconforming item or re-perform the non-conforming Service or Deliverable; or (b) correct the defective or nonconforming item itself and charge Prometics for the cost of the correction. If Prometics is unable to correct or re-perform any defective or nonconforming Service or Deliverable, or any part thereof, reported by Customer, Customer shall be entitled to a pro-rata refund of the fees associated with such defective or nonconforming Service or Deliverable.
   6. Reservation of Rights. Except as expressly set forth herein, this Agreement does not grant: (a) Prometics any Intellectual Property Rights in Customer Data; or (b) Customer any Intellectual Property Rights in the Service. Customer owns all right, title, and interest in and to any software, application programming interface, documentation, other work of authorship, invention or other asset created by Customer, (the “Intellectual Property Rights”) even if such asset is intended to interface with software or other assets owned or provided by Prometics or other third parties, and nothing in this Agreement grants Prometics a license or ownership right in any such asset. Customer will retain ownership and all Intellectual Property Rights of any drafts, notes, analyses, and other workpapers prepared or generated by Customer during the course of the Agreement. Customer shall also retain ownership of its Confidential Information and underlying intellectual property, including its knowledge of business principles, and those analytical concepts, approaches, methodologies, models, processes, discoveries, ideas, and formats developed solely by Customer staff during the term of this Agreement.
 
3. Licenses. Prometics hereby grants to Customer and its affiliates during the Term a limited non-exclusive license to use the Software solely in connection with the Service and in accordance with this Agreement. This license is non-transferable, irrevocable, non-sublicensable, and will be fully paid up upon Customer’s payment of the fees.
 
4. Payment.
   1. Amount. Customer will pay Prometics for the Services and Deliverables at the fees specified in Order Forms signed by Customer. Customer may withhold amounts which it in good faith disputes, provided that Customer promptly notifies Prometics in writing with respect to such disputed amounts. Both parties agree to diligently pursue resolution of any such dispute.
   2. Renewals. Customer is not obligated to enter into renewals. Unless otherwise specified on an Order Form, following the Initial Service Term or a Renewal Service Term, the subscription to the Service will automatically renew, unless either party gives the other written notice of termination at least thirty days prior to the expiration of the then-current Service term.
   3. Invoices. Unless otherwise stated in an Order Form, Prometics will invoice Customer for the Service monthly in arrears, and Customer will pay Prometics within thirty business days of receipt of a correct and undisputed invoice. Unpaid invoices for amounts not in dispute will accrue a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all expenses of collection and may result in immediate termination of the Services.
   4. Taxes. Any and all fees specified in this Agreement are exclusive of sales, excise, VAT, GST or similar taxes. Prometics agrees to invoice and Customer agrees to pay domestic sales and, use, VAT, GST or similar taxes associated with its receipt of the Services or Deliverables, excluding taxes based solely on Prometics’s franchise, net income, real property, personnel or similar taxes.
   5. Tax Withholding. If Customer is required to withhold Withholding Taxes, Customer will do so and will make these payments. Any Withholding Taxes paid by Customer to the tax authority will be deducted from the amount due to Prometics, such that the amount paid to Prometics will be net of the Withholding Taxes. Upon Prometics’s request, Customer shall provide Prometics with a copy of the tax receipt or tax certificate for the Withholding Tax paid.
 
5. Confidential Information.
   1. Confidential Information . “Confidential Information” includes, but is not limited to, all non-public, confidential or proprietary information disclosed before, on or after the date of this Agreement, by the party disclosing Confidential Information (“Disclosing Party”), or its authorized employees, contractors, agents, outsourcers and auditors who have a need to know or otherwise access the Confidential Information, and who are bound in writing by confidentiality obligations sufficient to protect Confidential Information in accordance with this Section 5 (“Authorized Persons”), to the party receiving Confidential Information (“Receiving Party”), whether disclosed orally or disclosed or accessed in written, electronic or other form or media, and whether or not marked, designated or otherwise identified as “confidential.” Confidential Information includes, without limitation: all information technology systems developed or otherwise granted access by Customer to Prometics, including, without limitation, all hardware, software, computer program(s) (including programming tools, scripts and routines), business facilities, data centers, paper files, servers, back-up systems, computing equipment (including, mobile devices and other equipment with information storage capability), networks, device applications, databases, media, applications, operating systems, equipment, platform and environment on, in or under which any of the foregoing is intended to be installed and operate, including such structural, functional and other features, conditions and components; all personal information provided to Prometics by or at the direction of Customer, including information that: (a) identifies or can be used to identify an individual (including, without limitation, names, signatures, addresses, telephone numbers, e-mail addresses and other unique identifiers); or (b) can be used to authenticate an individual (including, without limitation, employee identification numbers, government-issued identification numbers, passwords or PINs, financial account numbers, credit report information, biometric or health data, answers to security questions and other personal identifiers), including Highly-Sensitive Personal Information (defined below) (“Personal Information”); all information concerning the Customer and its affiliates’, and their customers’, suppliers’ and other third parties’, past, present and future business affairs including, without limitation, finances, customer information, supplier information, products, services, organizational structure and internal practices, forecasts, sales and other financial results, records and budgets, and business, marketing, development, sales and other commercial strategies; Customer’s unpatented inventions, ideas, methods and discoveries, trade secrets, know-how, unpublished patent applications and other confidential intellectual property; all designs, specifications, documentation, components, source code, object code, images, icons, audiovisual components and objects, schematics, drawings, protocols, processes, and other visual depictions, in whole or in part, of any of the foregoing; any third party confidential information (including, without limitation, any Personal Information) included with, or incorporated in, any information provided by the Customer to Prometics or its Authorized Persons; any other information that would reasonably be considered non-public, confidential or proprietary given the nature of the information and the Customer and its affiliates’ businesses; and all notes, analyses, compilations, reports, forecasts, studies, samples, data, statistics, summaries, interpretations and other materials prepared by or for the Prometics or its Authorized Persons that contain, are based on, or otherwise reflect or are derived from, in whole or in part, any of the foregoing. For the purposes of this Agreement and except as required by applicable federal, state or local law or regulation, the term “Confidential Information” shall not include information that: (a) at the time of disclosure is, or thereafter becomes, generally available to and known by the public other than as a result of, directly or indirectly, any act or omission by the Receiving Party or any of its Authorized Persons; (b) at the time of disclosure is, or thereafter becomes, available to the Receiving Party on a non-confidential basis from a third-party source, provided that such third party is not and was not prohibited from disclosing such Confidential Information to the Receiving Party by any legal, fiduciary or contractual obligation; (c) was known by or in the possession of the Receiving Party, as established by documentary evidence, prior to being disclosed by or on behalf of the Disclosing Party pursuant to this Agreement; or (d) was or is independently developed by the Receiving Party, as established by documentary evidence, without reference to or use of, in whole or in part, any of the Disclosing Party’s Confidential Information. “Highly-Sensitive Personal Information” is defined as (1) an individual’s government-issued identification number (including social security number, driver’s license number or state-issued identified number); (2) financial account number, credit card number, debit card number, credit report information, with or without any required security code, access code, personal identification number or password, that would permit access to an individual’s financial account; (3) biometric or health data; (4) Consumer Reports and/or Credit Information; or (5) non-public personal information (as defined in 15 U.S.C. §6809(4)).
   2. Use and Nondisclosure. Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose Confidential Information. The Receiving Party will hold Confidential Information in strict confidence and treat that information with the same degree of care as it uses in dealing with its own confidential information, but no less than a reasonable degree of care. The Receiving Party agrees not to use (except in performance of the Services or as otherwise permitted herein) or divulge to any third person any such Confidential Information. The Receiving Party may share Confidential Information with its Authorized Persons who need to know it and if they have agreed with either party in writing to terms at least as restrictive as those in this Agreement. Other than as allowed in the preceding sentence, the Receiving Party will not disclose or make Confidential Information available to any third party, except as specifically authorized by the Disclosing Party in writing.
   3. Required Disclosure. The Receiving Party may disclose Confidential Information when expressly required to do so by law, but only if it: (a) promptly provides prior notice to the Disclosing Party and an opportunity for the Disclosing Party to seek a protective order; and (b) discloses only the minimum amount of Confidential Information that is necessary to comply with the required disclosure.
   4. Return. Upon the Disclosing Party’s written request, the Receiving Party will promptly return all Confidential Information and copies, or certify in writing that it has securely destroyed all such materials.
   5. Section 1833 Notice. Subject to Section 5.3, consistent with 18 U.S.C.§ 1833(b), the parties have the right to: (a) confidentially disclose trade secrets to federal, state and local Government Officials, or to any attorney, for the sole purpose of reporting or investigating a suspected violation of the law; and (b) disclose trade secrets in a document filed in a lawsuit or other proceeding, but only if the filing is made under seal and protected from public disclosure. Nothing in this Agreement is intended to conflict with 18 U.S.C. § 1833(b) or to create liability for disclosures of trade secrets that are expressly allowed by 18 U.S.C.§ 1833(b).
   6. Equitable Remedy. Both parties agrees that violation of this Section would cause Customer irreparable injury, for which monetary damages would not provide adequate compensation and that in addition to any other remedy, the non-breaching party will be entitled to injunctive relief against such breach or threatened breach, without proving actual damage or posting a bond as security. Each party agrees that any violation of this Section shall be a material breach of this Agreement and shall entitle the non-breaching party to immediately terminate this Agreement for breach without penalty upon notice to the other party, and such termination shall be without prejudice to any other right or remedy Customer the non-breaching party may be entitled, either at law, in equity, or otherwise.
 
6. Security.
   1. General. During the term of this Agreement, Prometics will: (a) maintain appropriate, industry-standard technical and organizational measures to protect any data and information, including Personal Data, that it collects, accesses, processes or receives from Customer under the terms of this Agreement against unauthorized or unlawful transfer, processing or alteration and against accidental access, loss, damage, processing, use, transfer or destruction; and (b) comply with the Security Requirements.
   2. During the term of this Agreement, Prometics will: (a) maintain appropriate, industry-standard technical and organizational measures to protect any data and information that it collects, accesses, processes or receives from Purchaser under the terms of this Agreement against unauthorized or unlawful transfer, processing or alteration and against accidental access, loss, damage, processing, use, transfer or destruction; and (b) comply with the Security Requirements (as described in Exhibit A).
   3. Security Incidents.
      1. Notification and Timing. If Prometics becomes aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Purchaser Data (a “Security Incident”), Prometics will promptly notify Customer in writing of any: Security Incident as soon as practicable, but no later than twenty-four (24) hours of Prometics becoming aware of the Security Incident. This notification is required even if Prometics has not conclusively established the nature or extent of the Security Incident. Prometics will not communicate with any third party regarding a Security Incident except as specified in writing by Customer, or as required by law.
      2. Required Information. Prometics will describe the known details of the incident, the status of Prometics’s investigation, and, if applicable, the potential number of persons affected. Prometics will be solely responsible for all costs associated with any Security Incident, which includes, if applicable, for notices to and credit monitoring for affected individuals.
      3. Remediation. Prometics shall use best efforts to immediately remedy any Security Incident and prevent any further Security Incident at Prometics’s expense in accordance with applicable Data Protection and Privacy Laws. In the event of any Security Incident, Prometics shall promptly use its best efforts to prevent a recurrence of any such Security Incident.
 
7. Data Transfer. Prometics will: (a) comply with all federal, state, and local and/or quasi-governmental laws, rules, regulations, orders, ordinances and requirements relating to privacy and data protection or to obtaining, using or disclosing Highly-Sensitive Personal Information, including, without limitation, Title V of the Gramm-Leach-Bliley Act, Pub. L. No. 106-102, 113 Stat. 1338 (1999), 15 U.S.C. § 6801, et seq. (“GLBA”), the California Consumer Privacy Act, California Civil Code § 1798.100, et. seq. and its corresponding regulations (“CCPA”), the Fair Credit Reporting Act, 15 U. S. C. § 1681 et. seq. (“FCRA”) and (“Data Protection and Privacy Laws; (b) process any Personal Data transferred to or collected by Prometics (i) only as a data processor, as these terms are defined in the EU General Data Protection Regulation (2016/679), on behalf of Customer, and (ii) for the limited and specific purpose of performing Prometics’s obligations under the Agreement; (c) comply with Customer’s instructions regarding processing of any Personal Data; and (d) comply with the Data Processing Addendum.
 
8. Term and Termination.
   1. Term. This Agreement will remain in effect for the Term indicated in the Order Form, and as renewed on an automatic annual basis unless 30 days’ notice is given by either party.
   2. Termination.
      1. For Breach. Either party may terminate this Agreement if the other party fails to cure any material breach of this Agreement within thirty days after written notice of breach. If Customer terminates this Agreement for Prometics’s breach, Prometics will promptly issue Customer a pro-rata refund to Customer of any prepaid but unused fees for the terminated period.
      2. For Convenience. Either party may terminate this Agreement at any time for any reason by providing Prometics the other party with at least thirty (30) days prior written notice of such termination and the date on which such termination will be effective.
      3. Of an Order Form. Unless an Order Form states otherwise, Customer may modify or terminate any Order Form with ten (10) days’ written notice to Prometics. If Customer terminates an Order Form other than for Prometics’s breach, Customer will pay Prometics the fees due under the Order Form for Setup Services actually provided by Prometics and accepted by Customer in accordance with this Agreement and the Order Form as of the effective date of termination.
   3. Effect of Termination.
      1. Generally. Unless otherwise specified in the termination notice, termination is effective immediately. Each party will return the other party’s Confidential Information or destroy it and certify its destruction. Termination of this Agreement terminates all outstanding Order Forms. Except where an exclusive remedy may be specified, the exercise by either party of any remedy, including termination, will be without prejudice to any other remedies it may have under this Agreement, by law or otherwise.
 
9. Representations and Warranties
   1. General. Each party represents and warrants to the other that it has full right and power to enter into and perform under this Agreement, without any third-party consents or conflicts with any other agreement.
   2. By Customer. Customer represents, covenants, and warrants that Customer will use the Services only in compliance with all applicable laws and regulations for all other Services. Although Prometics has no obligation to monitor Customer’s use of the Services, Prometics may do so and may prohibit any use of the Services it believes may be (or alleged to be) in violation of the foregoing.
   3. By Prometics. Prometics represents and warrants:
      1. Performance Warranty. The Service and Deliverables will be of professional quality and performed consistently with generally accepted industry standards. Prometics will provide the Service and Deliverables in accordance with its generally published specifications, this Agreement, and any applicable Order Form. However, Prometics does not warrant that the Services will be uninterrupted or error free; nor does it make any warranty as to the results that may be obtained from use of the Services. EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT OR AN ORDER FORM, THE SERVICES AND IMPLEMENTATION SERVICES ARE PROVIDED “AS IS” AND PROMETICS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
      2. Compliance with Laws. The Service, Deliverables, and Prometics’s performance hereunder will comply at all times with all applicable federal, state, and foreign laws, regulations, directives and rules, whether in effect now or in the future, including, without limitation, Data Protection Laws and Privacy, in its performance under the Agreement and provision of the Services. Prometics will comply with all applicable non-discrimination, human rights, child labor, and other employment and occupational health and safety laws and regulations including those related to employment practices, performance management discipline, wages, unfair dismissal, and worker classification.
      3. No Virus. Use of the Service and any Deliverables will not contain or introduce into any Customer systems any viruses, worms, time bombs, Trojan horses, disabling code or other harmful, malicious, or destructive code, files, scripts, agents or programs. Prometics represents and warrants that it has processes and controls in place to ensure that the Services and the Deliverables are free from all of the foregoing.
      4. No Additional Terms. Use of the Service and any Deliverables, including any installed software provided as part of the Service to Customer, shall not subject Customer to any third party terms or conditions.
      5. No Infringement. To the best of Prometics’s knowledge, the Service and the Deliverables, and Customer’s use thereof, does not and will not infringe, violate, or misappropriate the intellectual property rights of any third party.
      6. Tax Compliance. Prometics will comply with all tax laws, including tax withholding requirements, social security taxes, federal, state and local income taxes, unemployment, workers’ compensation, and disability insurance, health care and other charges, and tax filings and payments on compensation received hereunder. Prometics will assume full and sole responsibility for Prometics’s compensation and expenses.
      7. Litigation. There is no pending or threatened litigation that would have a material adverse impact on its performance under the Agreement.
   4. Remedy of Defects. If Customer reports a breach of the Performance Warranty, Prometics will, at no charge to Customer, correct, repair or re-perform the Service or Deliverable so that it conforms to the Performance Warranty. If Prometics is unable to correct, repair, or re-perform any defective or nonconforming Service or Deliverable, or any part thereof, reported by Customer, Customer shall be entitled to a pro-rata refund of the fees associated with such defective or nonconforming Service or Deliverable. If Prometics does not cause the Service or Deliverable to operate as warranted within ten days after Customer’s notice, then Customer may terminate this Agreement and Prometics will refund to Customer any prepaid fees for the terminated period and for the period in which the Service or Deliverable did not meet the warranty.
   5. Warranty Disclaimer. EXCEPT FOR THE WARRANTIES SET FORTH IN THIS AGREEMENT AND ANY ORDER FORM, EACH PARTY EXPRESSLY DISCLAIMS ANY AND ALL OTHER WARRANTIES OF ANY KIND OR NATURE, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 
10. Mutual Indemnification. Each party will defend, indemnify, and hold harmless the other party, its subsidiaries and affiliates, and their respective officers, directors, employees, members, agents, and successors in interest (“Indemnified Parties”) from and against any and all claims, actions, proceedings, damages, liabilities, and expenses (including settlement costs and reasonable attorneys’ fees) incurred by Indemnified Parties arising from any third party claims related to: (a) an allegation that the Service or any Deliverables infringes or misappropriates any third-party’s rights, including Intellectual Property Rights; (b) Prometics’s and its Subcontractor’s or Customer’s breach of warranty, this Agreement or an Order Form, negligence, willful misconduct, fraud, misrepresentation, violation of law, including Data Protection and Privacy Laws; (c) any obligation imposed by law on Customer to pay any withholding taxes, social security, unemployment or disability insurance, or similar items in connection with compensation received by Prometics under this Agreement; (d) any property damage, personal injury or death related to Prometics’s and its Subcontractor’s performance of the Service or any Deliverable; (e) Prometics’s failure to provide necessary notices and obtain necessary consents to grant the rights to Customer for Services and Deliverables hereunder; or (f) any claim or action that arises from an alleged violation of Prometics’s standard published policies then in effect or otherwise from Customer’s use of the Services or the Deliverables.
 
11. Limitation of Liability.
    1. Limitation on Indirect Liability. NEITHER PARTY WILL BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY OR PUNITIVE DAMAGES HOWEVER ARISING WHETHER OR NOT THAT PARTY WAS AWARE OF THE POSSIBILITY OF THOSE DAMAGES AND DESPITE THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY STATED IN THIS AGREEMENT.
    2. Limitation on Amount of Liability. EXCEPT FOR DAMAGES RESULTING FROM (i) GROSS NEGLIGENCE, (ii) WILLFUL MISCONDUCT, (iii) A BREACH OF A PARTY’S CONFIDENTIALITY OR DATA SECURITY OBLIGATIONS HEREUNDER OR (iv) A PARTY’S INDEMNIFICATION OBLIGATIONS, NEITHER PARTY’S LIABILITY TO THE OTHER PARTY ARISING OUT OF THIS AGREEMENT WILL EXCEED THE AMOUNT ACTUALLY PAID OR PAYABLE TO PROMETICS UNDER THIS AGREEMENT.
 
12. Disputes.
    1. Informal Resolution. Before filing a claim, each party agrees to try to resolve the dispute by contacting the other party. If a dispute is not resolved within thirty days of notice, Prometics or Customer may bring a formal proceeding.
    2. Filing a Claim. Either party may bring a lawsuit in the federal or state courts of San Francisco County, California solely for injunctive relief to stop unauthorized or inappropriate use of Confidential Information or infringement of Intellectual Property Rights without first engaging in the informal dispute notice process described above. For other claims, either party may bring a lawsuit in the federal or state courts of San Francisco County, California after following the information dispute notice process described above. Both Prometics and Customer consent to venue and personal jurisdiction there.
 
13. Subcontractors. Prometics may subcontract to a third party (each, a “Subcontractor”) any Services to be performed hereunder with Customer’s written consent. Any such Subcontractor shall be required to comply with all applicable terms and conditions of this Agreement. Prometics shall be responsible for obligations, Services, and functions performed by Subcontractors to the same extent as if Prometics’s employees performed such Services and functions, and for purposes of the Agreement, such Services shall be deemed Services performed by Prometics. Additionally, Prometics will assess the financial conditions of the Subcontractors on a routine basis to ensure such Subcontractors’ financial condition enables them to perform the Services under this Agreement.
 
14. Miscellaneous.
    1. Entire Agreement. This Agreement supersedes any prior agreements or understandings between the parties. This Agreement, including all Order Forms, constitutes the entire Agreement between the parties related to this subject matter, and any change to its terms must be in writing and signed by the parties. If the terms of this Agreement conflict with the terms of an Order Form, then the terms of this Agreement will control. This Agreement hereby incorporates by reference any and all attachments to this Agreement.
    2. Governing Law. THE AGREEMENT WILL BE GOVERNED BY CALIFORNIA LAW EXCEPT FOR ITS CONFLICTS OF LAWS PRINCIPLES. EACH PARTY SUBMITS TO THE PERSONAL AND EXCLUSIVE JURISDICTION OF THE FEDERAL AND STATE COURTS IN SAN FRANCISCO, CALIFORNIA.
    3. Severability. Unenforceable provisions will be modified to reflect the parties’ intention and only to the extent necessary to make them enforceable, and the remaining provisions of the Agreement will remain in full effect.
    4. Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (not to be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety (including all exhibits and Order Forms), without consent of the other party, in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. Any purported assignment in violation of this paragraph is void and constitutes a material breach of this Agreement. In the event of a permitted assignment, the assigning party shall provide written notice of the assignment to the other party. This Agreement inures to the benefit of and is binding on each of the parties, their successors, permitted assigns, and legal representatives.
    5. Force Majeure. Neither Customer nor Prometics will be liable for inadequate performance to the extent caused by any act of God, court order, war, or any other cause not within the party’s reasonable control that could not have been avoided through the exercise of reasonable care and diligence (a “Force Majeure Event”), provided that the delayed party (i) gives the other party prompt notice of the event, and (ii) following its own disaster recovery plan, takes reasonable steps to resume performance as soon as possible. If Prometics is unable to provide the Service for a period of five (5) consecutive days as a result of a continuing Force Majeure Event, Customer may cancel the Service and this Agreement or an Order Form at no penalty or cost, and will receive a refund of any prepaid fees. Fees to be paid by Customer hereunder shall be equitably adjusted to reflect the period in which performance was affected.
    6. No Third-Party Beneficiaries. There are no third-party beneficiaries to this Agreement.
    7. Relationship of the Parties. The parties intended relationship is that of independent contractors, not employees, legal partners or agents.
    8. Counterparts. This Agreement may be executed in counterparts, each of which shall be deemed an original, but all of which together shall be deemed to be one and the same agreement. A signed copy of this Agreement delivered by facsimile, e-mail or other means of electronic transmission is deemed to have the same legal effect as delivery of an original signed copy of this Agreement.
    9. Waivers. No waiver by any party of any of the provisions hereof shall be effective unless explicitly set forth in writing and signed by the party so waiving. No waiver by any party shall operate or be construed as a waiver in respect of any failure, breach or default not expressly identified by such written waiver, whether of a similar or different character, and whether occurring before or after that waiver. No failure to exercise, or delay in exercising, any right, remedy, power or privilege arising from this Agreement shall operate or be construed as a waiver thereof; nor shall any single or partial exercise of any right, remedy, power or privilege hereunder preclude any other or further exercise thereof or the exercise of any other right, remedy, power or privilege.
    10. Disputes. To the extent permitted by law, in connection with any claim, cause of action, proceeding, or other dispute concerning this Agreement (each, a “Dispute”), the Parties expressly, intentionally, and deliberately waive any right each may otherwise have to trial by jury. In the event that the waiver of jury trial set forth in the previous sentence is not enforceable under the law applicable to the Agreement, the Parties agree that any Dispute, including any question of law or fact relating thereto, shall, at the written request of either Party, be determined by judicial reference pursuant to the law applicable to the Agreement. The Parties shall select a single neutral referee, who shall be a retired state or federal judge. In the event that the Parties cannot agree upon a referee, the court shall appoint the referee. The referee shall report a statement of decision to the court. Nothing in this Section shall limit the right of either Party at any time to seek any equitable relief available to them. Each Party shall bear the fees and expenses of the referee equally, unless the referee order otherwise. The referee shall also determine all issues relating to the applicability, interpretation, and enforceability of this Section. The Parties acknowledge that if a referee is selected to determine the Dispute, then the Dispute will not be decided by a jury.
    11. Notices. All notices, requests, consents, claims, demands, waivers and other communications hereunder shall be in writing and shall be deemed to have been given: (a) when delivered by hand (with written confirmation of receipt); (b) when received by the addressee if sent by an internationally recognized courier (receipt requested); (c) on the date sent by facsimile or e-mail of a PDF document (with confirmation of transmission) if sent during normal business hours of the recipient, and on the next business day if sent after normal business hours of the recipient; or (d) on the third (3rd) day after the date mailed, by certified or registered mail, return receipt requested, postage prepaid.
    12. Disaster Recovery and Business Continuity. Prometics shall maintain business continuity plans (“BCP”) for business processes and disaster recovery plans (“DRP”) for all technology required to provide the Services under this Agreement. Prometics will perform BCP and DRP testing in accordance to Customer’s expectations based on criticality of services or applications Prometics supports. Prometics will meet the service level agreement, if any, as defined by Customer for the Services and/or applications provided by Prometics. Prometics will provide Customer a written description of all BCP and DRP test results, upon request, in sufficient detail to allow Customer to assess the success of each test. Upon the occurrence of any disaster requiring use of the BCP/DRP, Prometics will promptly (i) notify Customer of the disaster and (ii) use all commercially reasonable efforts to provide Customer access to the recovered Services in accordance with the service level applicable to each instance of service as agreed in the corresponding Order Form.
    13. Audit. Once per year, or more often if requested by Customer’s regulators, and upon reasonable notice of not less than 30 days, Prometics shall provide to Customer, at Customer’s expense, access to any documentation, books, records, and reports related to Prometics’s duties, obligations and performance of Services contemplated in this Agreement, or that address Customer’s vendor management and diligence requirements, and Customer may require remediation as necessary.
    14. Insurance. Prometics shall, at its own expense, procure and maintain in full force and effect during the term of this Agreement, policies of insurance, of the types and in the minimum amounts as follows, with responsible insurance carriers, covering the operations of Prometics pursuant to this Agreement: comprehensive general liability insurance in the minimum amount of Five Hundred Thousand Dollars ($500,000) per occurrence, covering at least bodily injury, property damage and broad form contractual liability; professional liability, including errors and omissions liability insurance in the minimum amount of One Million Dollars ($1,000,000 USD) covering losses resulting from errors, and omissions; and excess umbrella aggregate liability of One Million Dollars ($1,000,000 USD) per occurrence. Upon request, Prometics shall provide or cause to be provided to Customer a certificate of insurance from an authorized insurance agent certifying that such coverage is in effect.
    15. Equal Opportunity. If applicable, the parties shall abide by the requirements of 41 CFR §§ 60-1.4(a), 60-300.5(a) and 60- 741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity or expression, or national origin. Moreover these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, national origin protected veteran status or disability. If applicable, both parties shall also comply with any applicable requirements set forth in 41 CFR Section 61-300.10, regarding veterans’ employment reports and 29 CFR Part 471, Appendix A to Subpart A, regarding posting a notice of employee rights.
    16. Publicity and Trademarks. Neither party shall use the trademark(s) (whether registered or not) of the other party in publicity releases or advertising or in any other manner, including customer lists, without securing the prior written approval of the other, except that they may use the other party’s name or logo without obtaining written approval. If approval is granted by a party, the granting party may withdraw its approval at any time upon written notice to the other party.
    17. Survival. The terms and conditions of this Agreement or an Order Form that by their sense and context are intended to survive will survive the termination of this Agreement or an Order Form, as applicable, including but not limited to, Sections 2.5, 2.6, 5, 6, 7, 8.3, 9.3.5, 10, 11, 12, 13, 14 and 15.

 
Exhibit A
 
Prometics Security Requirements

1. Organizational management and dedicated staff responsible for the development, implementation and maintenance of Prometics’s information security program.
2. Audit and risk assessment procedures for the purposes of periodic review and assessment of risks to Prometics’s organization, monitoring and maintaining compliance with Prometics’s policies and procedures, and reporting the condition of its information security and compliance to internal senior management.
3. Data security controls which include, at a minimum, logical segregation of data, restricted (e.g. role-based) access and monitoring, and utilization of commercially available industry standard encryption technologies for Personal Data that is transmitted over public networks (i.e. the Internet) or when transmitted wirelessly or at rest or stored on portable or removable media (i.e. laptop computers, CD/DVD, USB drives, back-up tapes).
4. Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g. granting access on a need-to-know and least privilege basis, use of unique IDs and passwords for all users, periodic review and revoking/changing access promptly when employment terminates or changes in job functions occur).
5. Password controls designed to manage and control password strength, expiration and usage including prohibiting users from sharing passwords and requiring that Prometics’s passwords that are assigned to its employees: (i) be at least eight (8) characters in length, (ii) not be stored in readable format on Prometics’s computer systems; (iii) must have defined complexity; (iv) must have a history threshold to prevent reuse of recent passwords; and (v) newly issued passwords must be changed after first use.
6. System audit or event logging and related monitoring procedures to proactively record user access and system activity.
7. Physical and environmental security of data centers, server room facilities and other areas containing Personal Data designed to: (i) protect information assets from unauthorized physical access, (ii) manage, monitor and log movement of persons into and out of Prometics’s facilities, and (iii) guard against environmental hazards such as heat, fire and water damage.
8. Operational procedures and controls to provide for configuration, monitoring and maintenance of technology and information systems, including secure disposal of systems and media to render all information or data contained therein as undecipherable or unrecoverable prior to final disposal or release from Prometics’s possession.
9. Change management procedures and tracking mechanisms designed to test, approve and monitor all material changes to Prometics’s technology and information assets.
10. Incident management procedures design to allow Data to investigate, respond to, mitigate and notify of events related to Prometics’s technology and information assets.
11. Network security controls that provide for the use of enterprise firewalls, and intrusion detection systems and other traffic and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.
12. Vulnerability assessment, patch management and threat protection technologies, and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.
13. Business resiliency/continuity and disaster recovery procedures designed to maintain service and/or recovery from foreseeable emergencies or disasters.