Impartner
Master Services Agreement
Impartner
Master Services Agreement
Effective date: June 6, 2024
This Master Services Agreement (“MSA“) is made between Impartner, Inc. (“Impartner“) and the Customer identified on the Order Form (“Customer“). Impartner and Customer are referred to each as a “Party”, or collectively as the “Parties”. The Order Form and MSA, including any attachments, appendices or exhibits (“Exhibits”), which are hereby incorporated by reference, shall constitute the “Agreement” between the Parties. Capitalized terms not defined herein shall have the meaning assigned to them in the Order Form.
1. DEFINITIONS
“Affiliate” means any entity Controlling, Controlled by, or under common Control with a Party.
“Control” means direct or indirect ownership of more than fifty percent (50%) of the voting interests of an entity. An entity shall be deemed an Affiliate only for so long as such Control exists.
“Customer Data” means all electronic data, content, or information submitted by Portal Users to Impartner in connection with Impartner’s provision of the Licensed Services or Support Services.
“DPA” means the data processing addendum attached hereto as Appendix A, and is incorporated into the Agreement by reference herein.
“Documentation” means product descriptions found at https://impartner.com/packages-prm/, which may be updated from time to time by Impartner in its sole discretion. For clarity, as a SaaS provider with standard offerings, the Documentation is intended solely to provide objective criteria for the Parties to agree in advance what constitutes adequate delivery of the Licensed Services. Impartner’s products and services may change over time as Impartner improves its products and services, and the Documentation is not intended to restrict Impartner from so improving its Licensed Services.
“Impartner Materials” means materials made available by Impartner to Customer via the Licensed Services, Support Services, or customer success portal, and includes, without limitation, how-to guides, training content, and FAQs.
“Implementation Services” means work performed by Impartner for initial installation and configuration of the Licensed Services in accordance with an Order Form.
“Licensed Services” means the online, cloud-based software applications, modules and associated content and materials (including Impartner Materials incorporated therein) provided by Impartner to Customer as set forth in an Order Form, as well as any updates, upgrades, improvements, enhancements, integrations or customizations which Impartner may develop and make available to Customer in its sole discretion, but excluding Third-Party Applications.
“Order Form” means an order form, order form amendment, or order form renewal signed by the Parties that sets forth the pricing, Services, Use Limits, applications and modules selected by Customer, along with any Support Services.
“Partners” means Customer’s resellers, channel partners or other members of Customer’s partner networks that provide services and/or sell products or services on behalf of Customer.
“Personal Information” has the meaning ascribed to it under the California Consumer Privacy Act of 2018 (the “CCPA“), and specifically includes “Personal Data,” as defined by Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR“).
“Portal Users” means employees or agents of Customer or a Partner who are authorized to access and use the Licensed Services, and who have been supplied user identifications and login credentials by Customer (“User Credentials”).
“Premier Support” means additional support services that supplement the Standard Support Services, purchased on an annual basis, that may include a dedicated Technical Account Manager, as further described in an Order Form.
“Professional Services” means billable, professional services related to custom functionality, training after implementation, integration with or fixes related to use of the Licensed Services with Third-Party Applications, as outlined in an Order Form that delineates the specific scope of services.
“Standard Support Services” means Impartner’s support ticketing and response system for the Licensed Services’ standard product capabilities as further set forth in the service level agreement attached as Appendix B (the “Service Level Agreement”). Standard Support Services are included as part of the Subscription Fees at no additional cost to Customer.
“Support Services” means all services offered to Customer other than the Licensed Services, and includes the Standard Support Services, Premiere Support, Implementation Services, and Professional Services.
“Third-Party Applications” means any services, software, products, applications, integrations and other features or offerings that are provided by Customer or obtained by Customer from a third party.
2. THE LICENSED SERVICES
2.1 Provision of the Licensed Services. Subject to Customer’s compliance with the terms and conditions of the Agreement (including payment of the applicable Fees (as defined below)), Impartner shall make the Licensed Services available to Customer, Partners, and Portal Users for internal business purposes during the Term.
2.2 Affiliates. A Customer may enter into an Order Form on behalf of itself and its Affiliates, if expressly stated in the applicable Order, and subject to the following conditions: (i) Customer has the authority to enter into the Agreement on behalf of its Affiliates; (ii) Customer remains responsible for its Affiliates’ compliance with the terms of the Agreement and any breach of the Agreement by a Customer Affiliate shall be deemed to be a breach by Customer; (iii) all use limits, as described in the Order Form, and other platform-related limitations of Customer arising from the Agreement shall be applied in the aggregate across Customer and all Customer Affiliates. Notwithstanding the foregoing, Customer is solely entitled to a single instance of the Licensed Services, unless expressly set forth in an Order Form. If additional instances are required, for any reason, including for an Affiliate to have unique functionality independent from the Customer’s instance, additional implementation and/or subscription fees will apply, or the Affiliate may be required to enter into a separate Order Form.
2.3 Licensed Services Requirements. Impartner may make changes (including updates or other improvements) to the Licensed Services, on the condition that such changes do not materially diminish the features or functionality of the Licensed Services or the commitments set forth in the Service Level Agreement. Customer acknowledges, however, that its purchase of the Licensed Services is for the current version of the Licensed Services, and not contingent on the delivery of any future functionality or features, nor dependent on any oral or written comments made by Impartner or its personnel regarding future functionality or features.
2.4 Third-Party Applications. Impartner does not offer licenses to any Third-Party Applications. Customer is responsible for obtaining its own licenses to Third-Party Applications, and Customer agrees to comply with the applicable terms and conditions. Impartner does not make any warranties with respect to any Third-Party Applications. Except for Impartner’s obligations related to Google Ads for Channel (if applicable) Customer maintains all obligations related to the implementation, customization, and exchange of data between Customer and any Third-Party Applications.
Third Party Applications may offer Customer the ability to share Customer Data with Third-Party Applications (for example, through a marketplace, via application program interfaces (each an “API,” or collectively, “APIs“), or otherwise). In the event Customer utilizes Third Party Applications to access or process Customer Data, Customer assumes all risk and liability with such access and processing. Impartner is not responsible for any disclosure, modification or deletion of Customer Data resulting from access by such Third Party Applications. Impartner may treat any requests to access Customer Data by Third Party Applications as written instructions by Customer to access Customer Data, so long as such access requires authentication to Impartner’s platform using Customer’s login credentials to the Licensed Services.
2.5 Google Ads for Channel. This Section applies if Customer purchases Impartner’s Google Ads for Channel. Impartner will create a Google Ads account to establish and run Partners’ advertising campaigns (“Campaigns“) on the Partners’ behalf. Portal Users will not have access to Google Ads accounts that Impartner creates. All campaigns that run through Google Ads for Channel must comply with, and are subject to, the Google Ads Terms & Conditions. Impartner will not commence a Campaign until Impartner has received payment in full for that Campaign. Any fees paid for Google Ads ad campaigns will not count towards the limits of liability delineated in this Agreement.
3. PERMITTED USE OF THE LICENSED SERVICES
3.1 Use of Licensed Services. Customer shall: (i) not make the Licensed Services available to anyone other than those authorized under this Agreement; (ii) not use the Licensed Services in any manner that exceeds the scope of the applicable Order Form; (iii) use commercially reasonable efforts to prevent unauthorized access to or use of the Licensed Services; (iv) promptly notify Impartner of any unauthorized access or use of the Licensed Services, passwords, authentication credentials, or any unauthorized use, access, or disclosure of Customer Data; (v) comply, and cause its Portal Users to comply, with the Agreement, and be solely responsible for its Portal Users’ compliance with this Agreement; (vi) be solely responsible for all Customer Data, including the reliability, accuracy, completeness, timeliness, legality, and appropriateness of the Customer Data; (vii) secure and maintain any consents or permissions required to use the Customer Data as required by applicable law; (viii) ensure that the Customer Data does not infringe the rights of any third party, and is not otherwise obscene, threatening, defamatory, racially or ethically offensive, libelous, fraudulent or otherwise unlawful or tortious; (ix) not use the Licensed Services to send or store known viruses, worms, time bombs, Trojan horses, and other harmful, destructive, deceptive or malicious code, files, scripts, agents or programs; and (x) comply with all local, state, federal and foreign laws applicable to Customer’s use of the Licensed Services. Customer may not provide user login credentials to any individuals or entities other than Third Party Applications. In the event Customer shares its login credentials, and/or Customer Data with one or more Third Party Applications, Customer shall be responsible for all actions performed by the Third Party Applications, including API calls to share Customer Data with Third Party Applications, and any such API calls will be considered actions performed by Customer.
3.2 Restrictions. Customer shall not at any time, directly or indirectly, and shall not permit any Portal User to: (i) copy, modify or create derivative works based on the Licensed Services; (ii) rent, lease, lend, sell, license, sublicense, publish, frame, mirror or otherwise distribute any part of the Licensed Services; (iii) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to the source code of the Licensed Services, in whole or in part; (iv) intentionally disable, interfere with, or disrupt the integrity or performance of the Licensed Services; or (v) access or use the Licensed Services in order to build (or assist others in building) a competitive product or service or in any manner beyond the scope of the authorization granted herein.
3.3 Two Factor Authentication. The Licensed Services support access using two-factor authentication (“2FA“), which is known to reduce the risk of unauthorized use of or access to the Licensed Services. Impartner strongly encourages Customer to use, and cause its Partners and Portal Users to use 2FA. Impartner disclaims all responsibility for any damages, losses or liability to Customer, Partners, Portal Users, or any other affected individuals, where such damages, losses, or liability could have been prevented by the use of 2FA.
3.4 Service Suspension. Notwithstanding anything to the contrary in the Agreement, Impartner may suspend Customer’s and/or any Portal User’s access to any portion or all of the Licensed Services if: (i) any charge owing by Customer is thirty (30) days or more overdue, until such amounts are paid in full; (ii) Impartner reasonably determines that: (A) Customer’s or any Portal User’s use of the Licensed Services disrupts or poses a security risk to Impartner or to any other customer or vendor of Impartner; or (B) Customer, or any Portal User, is using the Licensed Services in breach of the Agreement or in violation of applicable law; (iii) Customer ceases to do business in the ordinary course, becomes insolvent or unable to pay debts as they become due, makes an assignment for the benefit of creditors or similar disposition of its assets, or becomes the subject of any bankruptcy, reorganization, liquidation, dissolution, or similar proceeding (each, a “Bankruptcy Event“); (iv) any vendor of Customer, or Google Ads (if Customer is buying Google Ads for Channel), has denied Impartner’s access to, or use of, any Third-Party Applications needed to enable Customer’s access to or use of the Licensed Services; or (v) Impartner’s provision of the Licensed Services to Customer is or becomes prohibited by applicable law. Any suspension described in subclause (i)-(v) is a “Service Suspension.” Impartner shall use commercially reasonable efforts to promptly provide written notice of any Service Suspension to Customer and to provide updates regarding resumption of access to the Licensed Services following any Service Suspension. Impartner shall use commercially reasonable efforts to resume providing access to the Licensed Services as soon as reasonably possible after the event giving rise to the Service Suspension is cured. Impartner will have no liability for any damage, liabilities, losses (including any loss of data or profits) that Customer may incur as a result of a Service Suspension. Customer’s sole remedy for any Service Suspension made pursuant to 3.4(ii)-(v) shall be a pro rata refund of any pre-paid Fees.
4. SUPPORT SERVICES
4.1 General. All Support Services other than Standard Support must be listed in an Order Form.
4.2 Impartner’s Obligations. Impartner shall perform Support Services in a professional and workmanlike manner. Impartner shall be entitled, in its sole discretion, to determine the method and means for performing the Support Services.
4.3 Customer Obligations. Customer acknowledges and agrees that timely performance and delivery of Support Services is dependent upon information and responses provided by Customer. Accordingly, in addition to any specific responsibilities set out in the Order Form, Customer shall: (i) provide the appropriate and necessary resources, and timely and accurate information and documentation, as reasonably requested by Impartner, to allow Impartner to perform the Support Services; (ii) timely review and respond to requests for approval and information; and (iii) make available personnel familiar with Customer’s requirements and with the expertise necessary to permit Impartner to undertake and complete the Support Services. Customer acknowledges that any delay on its part in the performance of its obligations may have an impact on Impartner’s performance of its activities under the Order Form, and Impartner shall not be liable for any delay to the extent caused by Customer’s failure to fulfill any of its obligations under the Agreement or any Order Form.
4.4 Expenses. If applicable, Customer shall reimburse Impartner for all expenses that have been pre-approved in writing by Customer and incurred by Impartner in connection with Support Services, including, but not limited to, transportation expenses, meals, rental cars, lodging, and disbursements to third parties, such as third-party professional and programming service providers. Records of reimbursable expenses including statements and receipts shall be provided to Customer upon request.
5. FEES AND PAYMENT
5.1 Fees. Customer shall pay all fees specified in the applicable Order Form (“Fees“). Except as otherwise set forth herein or in an Order Form, Fees are quoted and payable in United States dollars. If Customer requires a Purchase Order to process an invoice, it is responsible for taking all necessary steps to ensure timely payments are made under this Agreement. Failure to make timely payment shall not be excused due to delays caused by Customer’s Purchase Order process.
5.2 Payment Disputes. Customer may dispute part or the entirety of an invoice by: (i) providing written notice to Impartner of such dispute within ten (10) days of invoice receipt; (ii) providing a reasonably detailed description of the dispute, at least sufficient to allow Impartner to analyze the dispute, as part of the written notice; (iii) only submitting such dispute in good faith; (iv) paying all undisputed amounts when due; and (v) paying all disputed amounts promptly after resolution of such dispute. If any undisputed amounts invoiced pursuant to an Order Form are not received by Impartner by the due date, then such amounts shall accrue interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid. Notwithstanding anything to the contrary in the Agreement, and without limiting any remedies available to Impartner, Customer shall be liable to Impartner for all reasonable expenses, including but not limited to collections and legal fees, associated with Impartner’s efforts to collect on undisputed, overdue Fees. In addition, if Customer fails to make timely payment of undisputed, overdue Fees, in addition to any other remedies set forth in the Agreement, any payment terms which deviate from the following will automatically revert to: (i) Fees being due thirty (30) days from the invoice date, and (ii) Fees being invoiced annually in advance.
5.3 Taxes. Fees do not include any taxes, levies, duties, or similar governmental assessments of any nature, including, but not limited to, value-added, sales, use, or withholding taxes, assessable by any local, state, provincial, federal or foreign jurisdiction (collectively, “Taxes“). Customer is responsible for paying all Taxes associated with purchases under this Agreement, which shall be included as a separate line item on each invoice. If applicable, Customer will provide Impartner with a certificate of exemption or similar documentation required to exempt any transaction under this Agreement from sales and use tax or other tax liability.
6. PROPRIETARY RIGHTS
6.1 Impartner Reservation of Rights. Impartner is and will remain the exclusive owner of all rights, title, and interest, in the Licensed Services, Documentation, and Support Services, any and all improvements or enhancements to the same, and all intellectual property rights embodied therein. Unless expressly stated otherwise in an Order Form, all intellectual property rights in any work arising from or created, produced, developed, or delivered by Impartner, whether alone or jointly with others, in the course of this Agreement will immediately upon creation or performance, vest absolutely in and will be and remain the property of Impartner, and Customer will not acquire any right, title or interest therein, other than the rights and licenses granted under the Agreement. Except for the rights and licenses specified in the Agreement, all other rights are reserved by Impartner.
6.2 Feedback. Impartner encourages Customer to provide suggestions, proposals, ideas, recommendations, or other feedback regarding the Licensed Services, Support Services, and related resources (“Feedback“). Impartner shall own all right, title, and interest to all Feedback, including all intellectual property rights embodied therein. To the extent Customer provides Feedback, Customer agrees to assign, and hereby does assign to Impartner all worldwide right and title to the Feedback, including the right to sue for any past, present, or future infringement; provided that (i) this assignment does not grant rights under any issued patents owned by Customer; and (ii) the Feedback is provided “as is” without any warranties, whether express, implied, or statutory. Customer agrees to cooperate with Impartner and execute such documents (at Impartner’s cost) as may be necessary for Imparter to register, record, enforce, or defend its rights in any Feedback.
6.3 Customer Data. As between the Parties, Customer owns all rights, title and interest in and to all Customer Data and all intellectual property rights embodied therein. Impartner may use Customer Data to provide the Licensed Services during the Term (as defined below) of the Agreement. To the extent Customer Data is combined with data derived or obtained from public sources, the portion of data derived or obtained from such public sources will not be considered Customer Data. Impartner may create and use Usage Data. “Usage Data” means data derived from or compiled through Customer’s or its Portal Users’ use of the Licensed Services, such as statistics indicating frequency of use of the Licensed Services, and will be “De-identified” as defined by the CCPA and/or “Anonymized” as defined by the GDPR. Usage Data will be owned by Impartner and may be used by Impartner for any lawful purpose.
7. CONFIDENTIALITY
7.1 Confidential Information. As used herein “Confidential Information” shall mean all confidential or proprietary information disclosed orally or in writing by one Party to the other that is identified as confidential or whose confidential nature is reasonably apparent under the circumstances. Customer Confidential Information includes Customer Data; Impartner Confidential Information includes the Licensed Services and Documentation; and Confidential Information of each Party shall include the terms and conditions of the Agreement and all Order Forms, as well as business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such Party. Confidential Information shall not include information which: (a) is or becomes a part of the public domain through no fault of the receiving Party; (b) was in the receiving Party’s lawful possession prior to the disclosure; (c) is lawfully disclosed to the receiving Party by a third party without restriction on disclosure or any breach of confidence; or (d) is independently developed by the receiving Party.
7.2 Protection of Confidential Information. Each Party agrees to (i) hold the other’s Confidential Information in confidence, (ii) use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care), and (iii) not use or disclose such Confidential Information other than in connection with the performance of its obligations hereunder or as otherwise authorized by the Agreement. Notwithstanding the foregoing, either Party may disclose any of the other Party’s Confidential Information to its, and its Affiliates’ and Partners’ employees, contractors, consultants, attorneys, accountants, and other advisors (“Representatives“) that have a need to know such Confidential Information in connection with such Party’s performance under the Agreement and that have agreed to be bound by confidentiality obligations similar to those in this Confidentiality section. Each Party shall be liable to the other under the Agreement for any breach of this Confidentiality section by its Representatives. A Party shall notify the disclosing Party in writing of any loss or unauthorized or inadvertent use or disclosure of or access to the disclosing Party’s Confidential Information promptly following the receiving Party’s discovery of such loss, use, disclosure, or access, and shall promptly take measures to minimize the effect of such loss, use, disclosure, or access and to prevent its recurrence.
7.3 Sensitive Personal Information. Customer agrees not to use the Licensed Services to collect, process, or store any Sensitive Personal Information. Customer agrees not to transmit, disclose, or make available Sensitive Personal Information to Impartner, or to Impartner’s third-party service providers pursuant to its relationship with Impartner. For purposes of this provision, Sensitive Personal Information shall have the definition ascribed to it under the CCPA and shall include “special categories of personal data” as defined by the GDPR.
7.4 Term. These confidentiality obligations will remain in effect for the duration of the Agreement plus two (2) years following its termination; provided, however, that all obligations under this Agreement relating to (i) trade secrets will survive for so long as any such Confidential Information remains a trade secret under applicable law, and (ii) financial information will survive for a period of five (5) years following termination of this Agreement.
7.5 Protection of Customer Data. Without limiting the above, Impartner shall maintain appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Customer Data, and if the Parties have entered into a DPA, in accordance with Annex II of said DPA. Impartner shall not (a) modify Customer Data; (b) disclose Customer Data except to provide the Licensed Services to Customer, as compelled by law in accordance with the section herein titled Compelled Disclosure, or as otherwise expressly permitted in writing by Customer; or (c) access Customer Data except to provide the Licensed Services and prevent or address service or technical problems, or at Customer’s request in connection with customer support matters.
7.6 Compelled Disclosure. The receiving Party may disclose the Confidential Information of the disclosing Party if it is compelled by law to do so, provided the receiving Party gives the disclosing Party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the disclosing Party’s cost, if the disclosing Party wishes to contest the disclosure.
7.7 Obligations on Termination. Upon expiration or termination of the Agreement, each Party will: (a) immediately cease all use of the other Party’s Confidential Information; and (b) upon request, within ten (10) calendar days, unless otherwise specified in the Agreement, confirm in writing to the other Party that it has permanently erased from computer memory, destroyed or returned to the other Party the other Party’s Confidential Information, as well as any copies thereof on any media or in any form. Notwithstanding the foregoing, Impartner may retain Customer Data as required by applicable laws, regulations, court orders, subpoenas or other legal process. Any failure of Impartner to return or destroy electronic copies of Customer Data that are automatically generated through data backup and/or archiving systems shall not be deemed to violate the provisions of this Section 7.7, provided that (i) Impartner shall not use such back-ups or archived copies of Customer Data for any purpose; (ii) such copies shall be subject to the confidentiality obligations set forth herein, and (iii) such Customer Data is deleted in Impartner’s due course and within a commercially reasonable timeframe.
7.8 Remedies. Each Party agrees that the other Party may have no adequate remedy at law if there is a breach or threatened breach of the confidentiality provisions herein and, accordingly, that either Party is entitled (in addition to any legal or equitable remedies available to such Party) to seek injunctive or other equitable relief without the necessity of proof of actual damages to prevent or remedy such breach.
8. WARRANTIES, REMEDIES, AND DISCLAIMERS
8.1 Limited Service Warranty. Upon completion of Implementation Services and for the remainder of the Term, Impartner warrants that the Licensed Services will operate without a Documented Defect (the “Performance Warranty“). “Documented Defect” means a material deviation between the then-current, general release version of the Licensed Services and Documentation. Customer shall promptly notify Impartner of a Documented Defect, and Impartner will use commercially reasonable efforts to promptly repair the Documented Defect. In the event a Documented Defect cannot be repaired within thirty (30) days from the receipt of notice through no fault of Customer, then Customer may terminate those specific services upon notice to Impartner and receive a pro rata refund for the specific Licensed Services that are affected. For clarity, “fault,” as used in the preceding sentence, shall include any unreasonably delayed response/s by Customer to any reasonable implementation-related requests from Impartner. The remedy in this Section 8.1 shall be Customers exclusive remedy for breaches of the Performance Warranty.
8.2 Malicious Code. Impartner warrants that it has taken commercially reasonable steps to prevent the introduction of any malicious code or any other internal components, devices or mechanisms designed to disrupt, disable, harm, or otherwise impair in any material respect the normal and authorized operation of the Licensed Services, including viruses, worms, time bombs, and Trojan horses.
8.3 Disclaimer. EXCEPT AS EXPRESSLY PROVIDED HEREIN, THE LICENSED SERVICES ARE PROVIDED ON AN AS-IS BASIS WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND IMPARTNER SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. IMPARTNER DOES NOT WARRANT THAT THE LICENSED SERVICES WILL SATISFY CUSTOMER’S REQUIREMENTS OR (WITHOUT LIMITING THE PERFORMANCE WARRANTY ABOVE) THAT IT IS WITHOUT DEFECT OR ERROR OR THAT CUSTOMER’S ACCESS THERETO WILL BE UNINTERRUPTED. IN ADDITION, EACH PARTY AGREES THAT IT HAS NOT RELIED UPON ANY REPRESENTATION OR WARRANTY OR ANY OTHER INFORMATION OF ANY KIND MADE BY OR PROVIDED BY THE OTHER PARTY, OR ANY OTHER PERSON ON SUCH PARTY’S BEHALF.
9. INDEMNIFICATION; LIMITATION OF LIABILITY
9.1 Indemnification. Each Party (an “Indemnifying Party“) agrees to defend the other Party, its directors, officers, employees, and agents (collectively, the “Indemnified Party“) against any claims, demands, suits, or proceedings (each, a “Claim“) made or brought against the Indemnified Party by a third party and indemnify the Indemnified Party from any damages finally awarded by a court of competent jurisdiction against the Indemnified Party or amounts agreed to in settlement in connection with any such Claim, to the extent the Claim arises out of or results from: (a) an allegation, in the case of Customer as the Indemnified Party, that the Licensed Services infringe or misappropriate the intellectual property rights, publicity rights, or privacy rights of such third party; or (b) an allegation, in the case of Impartner as the Indemnified Party, that the Customer Data or any other information provided by Customer to Impartner for use in connection with the Licensed Services, infringes or violates the intellectual property rights or privacy rights of a third party, or violates the electronic mail requirements in Section 12. In no event will Impartner have any obligation or liability under subsection (a) for any Claim that is caused by, or results from: (i) Customer’s combination, operation or use of the Licensed Services with software or other materials not supplied by Impartner, including Third-Party Applications; (ii) any alteration or modification of the Licensed Services by Customer; (iii) Customer’s continued allegedly infringing activity after being notified thereof or after being provided modifications that would have avoided the alleged infringement; or (iv) the actions or omissions of any person or entity other than Impartner. In no event will Customer have any obligation or liability under subsection (b) for any Claim that is caused by, or results from: (i) Impartner’s continued allegedly infringing activity after being notified thereof or after being provided modifications that would have avoided the alleged infringement; or (ii) the actions or omissions of any person or entity other than Customer or its Portal Users.
9.2 Remedy for Infringement. Should Customer’s right to use the Licensed Services pursuant to the Agreement be subject to a Claim of infringement, or if Impartner reasonably believes such a Claim of infringement (collectively, “IP Claims“) may arise, Impartner may, at its option and in its sole discretion: (i) procure for Customer the right to continue to access and use the Licensed Services; (ii) modify the Licensed Services to render them non-infringing but substantially functionally equivalent to the Licensed Services prior to such modification; or (iii) if the alternatives described in clauses (i) and (ii) of this paragraph are not commercially practicable, then Impartner may terminate the Agreement and refund to Customer any amounts pre-paid by Customer for the Licensed Services for the unused portion of the subscription term.
9.3 Sole Remedy. CUSTOMER HEREBY AGREES THAT SECTIONS 9.1(a) AND 9.2 TOGETHER SET FORTH IMPARTNER’S SOLE AND EXCLUSIVE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR IP CLAIMS.
9.4 Indemnification Process. In connection with any Claim, (a) the Indemnified Party shall promptly notify the Indemnifying Party in writing of such Claim, provided the Indemnified Party’s failure to provide written notice to the Indemnifying Party shall not affect the Indemnifying Party’s indemnification obligations except to the extent the Indemnifying Party is materially prejudiced thereby; (b) the Indemnifying Party shall control the defense and all related settlement negotiations relating to the Claim, provided, however, that the settlement of such Claim shall not be made without the advance written permission of the Indemnified Party, which shall not be unreasonably withheld; and (c) the Indemnified Party shall provide the Indemnifying Party with the assistance, information and authority reasonably necessary to perform the foregoing.
9.5 Limitation of Liability.
9.5.1 IN NO EVENT SHALL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER FOR ANY LOST PROFITS OR REVENUES OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES, HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
9.5.2 EXCEPT FOR THEIR OBLIGATIONS UNDER Section 3.1 (USE OF SERVICES), section 3.2 (restrictions), SECTION 5 (fees and payment), SECTION 7 (CONFIDENTIALITY), SECTION 9 (INDEMNIFICATION), and any data processing addendum included in the agreement, IN NO EVENT SHALL EITHER PARTY’S LIABILITY TO THE OTHER PARTY FOR DAMAGES UNDER THIS AGREEMENT FOR ANY CAUSE WHATSOEVER, AND REGARDLESS OF THE FORM OF THE ACTION, EXCEED THE FEEs PAID BY CUSTOMER FOR THE APPLIcABLE LICENSED SERVICES DURING THE 12-MONTH PERIOD IMMEDIATELY PRECEDING THE INCIDENT UNDER THE APPLICABLE ORDER FORM (the “BASE CAP“).
9.5.3 WITH RESPECT TO THEIR OBLIGATIONS UNDER SECTION 7 (CONFIDENTIALITY), SECTION 9 (INDEMNIFICATION), and any data processing addendum included in the agreement, IN NO EVENT SHALL EITHER PARTY’S LIABILITY TO THE OTHER FOR DAMAGES UNDER THIS AGREEMENT FOR ANY CAUSE WHATSOEVER, AND REGARDLESS OF THE FORM OF THE ACTION, EXCEED five times (5x) the BASE CAP.
10. INSURANCE
Impartner shall maintain during the term of this Agreement the following insurance coverages:
10.1 Workers compensation. Worker’s compensation as prescribed by applicable law, and employers’ liability insurance in an amount of no less than $1,000,000 per accident;
10.2 Commercial liability. Commercial general liability insurance, the limits of which shall not be less than $1,000,000 per occurrence and $2,000,000 annual aggregate;
10.3 Automobile. Automobile bodily injury and property damage liability insurance, the limit of which shall not be less than $1,000,000 per occurrence;
10.4 Umbrella. Umbrella or excess liability insurance, the limits of which insurance shall not be less than $6,000,000; and
10.5 Tech errors and omissions/Cyber. Tech errors and omissions/Cyber insurance the limits which shall not be less than $5,000,000.
11. TERM AND TERMINATION
11.1 Term of Agreement. Unless otherwise terminated earlier under Section 8.1 (Limited Service Warranty) or 11.2 (Termination for Cause), the Agreement commences on the Effective Date (as defined in the Order Form) and continues until the expiration of any of the term(s) specified in an Order Form (“Term“).
11.2 Termination for Cause. A Party may terminate the Agreement for cause (i) upon thirty (30) days’ written notice to the other Party of a material breach if such breach remains uncured at the expiration of such period, or (ii) immediately upon a Bankruptcy Event of either Party.
11.3 Refund or Payment upon Termination. Upon any termination for cause by Customer under Section 11.2 (Termination for Cause), Impartner shall refund Customer any prepaid Fees covering the unused portion of the Term. Upon any termination for cause by Impartner, without limiting any other remedies available to Impartner, Customer shall pay any unpaid Fees covering the remainder of the Term within thirty (30) days after the effective date of termination. Except as provided in this Section, in no event shall any termination relieve Customer of its obligation to pay any Fees payable to Impartner for any period prior to the effective date of termination.
11.4 Surviving Provisions. All provisions which, by their nature, are intended to survive the termination or expiration of the Agreement shall survive.
12. COMPLIANCE WITH LAW
The Parties shall comply with all applicable laws, rules, and regulations in connection with the Licensed Services. For clarity, for emails sent to U.S. residents by Customer via the Licensed Services, Customer shall comply with all requirements of the federal Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (the “CAN SPAM Act“), all rules and official guidance promulgated by the Federal Trade Commission pursuant to the CAN SPAM Act, the Federal Communications Commission’s rules and orders regulating the transmission of commercial e-mail to wireless devices, and all other applicable U.S. federal, state and local laws and regulations.
13. GENERAL PROVISIONS
13.1 Export Compliance; Sanctioned Countries. Each Party shall comply with the export laws and regulations of the United States and other applicable jurisdictions in providing and using the Licensed Services. Without limiting the foregoing, each Party represents that it is not named on any U.S. government list of persons or entities prohibited from receiving exports, and Customer shall not permit Portal Users to access or use the Licensed Services in violation of any U.S. export embargo, prohibition or restriction. Furthermore, Customer represents and warrants that (i) all Portal Users are prohibited from residing in, or operating from, any country that is sanctioned by either the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) or the United Nations Security Council (“Prohibited Countries“), and (ii) it will not knowingly permit any data pertaining to residents of any Prohibited Countries to be processed by the Licensed Services, including by prohibiting Portal Users from processing any such data via the Licensed Services.
13.2 Force Majeure. Except with respect to the payment of Fees hereunder, neither Party shall be liable to the other Party for a failure or delay in performing any obligation hereunder that is directly caused by conditions beyond that Party’s reasonable control, including acts of God, Pandemic (as defined below), war, terrorism, civil commotion, strikes, labor disputes and governmental actions or restriction (“Force Majeure Event“), provided the Party seeking to be excused from performance promptly notified the other Party of the Force Majeure Event, takes commercial reasonably action to mitigate the effects of the Force Majeure Event, and promptly resumes performance when the Force Majeure Event has subsided. When a Party’s delay or non-performance continues for a period of thirty (30) days or more, the other Party may terminate the Agreement without penalty. Any prepaid amounts shall be refunded on a prorated basis. “Pandemic” shall mean a global transmissible health emergency as declared by the World Health Organization that results in specific governmental restrictions that makes the performance of a party’s obligations under this Agreement illegal or impossible.
13.3 Relationship of the Parties. The Parties are independent contractors. The Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between them.
13.4 No Third-Party Beneficiaries. There are no third-party beneficiaries to the Agreement.
13.5 Notices. Except as otherwise specified in the Agreement, all notices, permissions and approvals hereunder shall be in writing and delivered to the addresses set forth on the first page of the Agreement and shall be deemed to have been given upon: (i) personal delivery, (ii) the second business day after overnight delivery, or (iii) receipt of acknowledgment by recipient if sent by email. Any legal notices sent to Impartner by email must additionally be sent to legal.notice@impartner.com, and any notices sent by email related to invoices or billing must additionally be sent to accounts.receivable@impartner.com.
13.6 Waiver and Cumulative Remedies. No failure or delay by either Party in exercising any right under the Agreement shall constitute a waiver of that right. Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a Party at law or in equity.
13.7 Severability. If any provision of the Agreement is held by a court of competent jurisdiction to be contrary to law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of the Agreement shall remain in effect.
13.8 Assignment. Neither Party may assign its rights or obligations under this Agreement without the other Party’s prior written consent. Notwithstanding the foregoing, either Party may assign its rights and obligations under this Agreement to an Affiliate as part of a reorganization, or to a purchaser of its business entity or substantially all of its assets or business to which rights and obligations pertain without the other Party’s consent, provided that: (a) the purchaser is not insolvent or otherwise unable to pay its debts as they become due; (b) the purchaser is not a competitor of the other Party; and (c) any assignee is bound hereby. Other than the foregoing, any attempt by either Party to transfer its rights or obligations under this Agreement will be void.
13.9 Governing Law; Venue. The Agreement, and any disputes arising out of or related hereto, shall be governed exclusively by the internal laws of the State of Utah, without regard to its conflicts of laws rules. The state and federal courts located in Salt Lake City, Utah shall have exclusive jurisdiction to adjudicate any dispute arising out of or relating to the Agreement. Each Party hereby consents to the exclusive jurisdiction of such courts.
13.10 Entire Agreement. The Agreement, including all Exhibits, constitutes the entire agreement between the Parties and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. In the event of conflict between the documents comprising the Agreement, the order of precedence shall be: (i) DPA, if applicable, (ii) other Exhibits, (iii) Order Form, and then (iv) the MSA. No modification, amendment, or waiver of any provision of the Agreement shall be effective unless in writing that specifically references the Agreement and is signed by the Party against whom the modification, amendment or waiver is to be asserted. Notwithstanding any language to the contrary therein, no terms or conditions stated in any Customer purchase order or in any other Customer order documentation shall be incorporated into or form any part of the Agreement, and all such terms or conditions shall be null and void.
Data Processing Addendum
This Data Processing Addendum (“DPA”), is made pursuant to the order form to which it is attached (the “Order Form“), by and between Impartner, Inc. (“Impartner“) and the customer indicated on page 1 of the Order Form (“Customer,” or “Data Controller“). This DPA will govern the Order Form as well as any subsequent order forms, amendments, and/or renewals, unless otherwise expressly agreed in writing between the parties. The Order Form and any exhibits attached thereto, including this DPA, shall be referred to collectively herein as the “Agreement.”
This DPA reflects the parties’ agreement with regard to the Processing of Personal Data. All capitalized terms in this DPA have the meaning assigned to them in the Order Form, Master Services Agreement, and any other exhibits attached thereto, unless expressly defined otherwise in this DPA. In the event of any conflict/s between the Order Form, Master Services Agreement, and Data Processing Addendum, unless expressly indicated otherwise, the order of precedence shall be: (i) Data Processing Addendum, (ii) Order Form, and (iii) Master Services Agreement. Any exhibits will be incorporated by reference and shall take the precedence of the document to which it has been addended.
In the course of providing the Services to Customer pursuant to the Agreement, Impartner may Process Personal Data on behalf of Customer and the parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
Introduction
- Customer is a Controller or Processor of certain Personal Data and wishes to appoint Impartner as a Processor or sub- processor to Process this Personal Data on Customer’s behalf.
- The parties have entered into this DPA to ensure that Impartner conducts such data Processing in accordance with Customer’s instructions and Applicable Data Protection Law requirements, and with full respect for the fundamental data protection rights of the Data Subjects whose Personal Data will be Processed.
Definitions
In this DPA, the following terms shall have the following meanings. Other capitalized terms used in this DPA are defined in the context in which they are used or shall have the meanings given such terms in the Order Form or Master Services Agreement.
“Applicable Data Protection Law” shall mean: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or “GDPR”) and any data protection laws in any European Union Member State including laws implementing such Regulation, (ii) the California Consumer Privacy Act of 2018 (“CCPA”), including any regulations promulgated thereunder, as amended from time to time; (iii) the UK GDPR, and (iv) any other applicable data protection law.
“Controller” means the entity which determines the purposes and means of the Processing of Personal Data.
“Data Subject” means the identified or identifiable person to whom Personal Data relates.
“EU Standard Contractual Clauses” / “EU SCCs” means Module Two of the standard contractual clauses for the transfer of Personal Data, in accordance with Applicable Data Protection Law, to Controllers and Processors established in Third Countries, the approved version of which is in force at the date of signature of this Agreement that are in the European Commission’s Decision 2021/914 of 4 June 2021, as such standard contractual clauses are available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en, and as may be amended or replaced by the European Commission from time to time, and as further defined in clause 4 of this DPA.
“Personal Data” means any information relating to (i) an identified or identifiable natural person and, (ii) an identified or identifiable legal entity (where such information is protected similarly as personal data or personally identifiable information under Applicable Data Protection Law), where for each (i) or (ii), such data is Customer Data.
“Processing” (and “Process“) means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor” means the entity which Processes Personal Data on behalf of the Controller.
“Supervisory Authority(ies)” shall carry the meaning of that term in the GDPR.
“UK Standard Contractual Clauses” / “UK SCCs” means the standard contractual clauses for controllers to processors approved by the UK Government, which at the date of this DPA is the UK International Data Transfer Agreement available at https://ico.org.uk/media/for-organisations/documents/4019538/international-data-transfer-agreement.pdf or the UK Addendum to the EU SCCs available at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf, as each may be amended or replaced by the Information Commissioner’s Office and/or UK Government from time to time.
DATA PROTECTION
- Relationship of the parties. Customer appoints Impartner as a Processor, or service provider, to Process the Personal Data that is the subject matter of the Agreement (the “Data“). Accordingly, the parties acknowledge and agree that with regard to the Processing of Personal Data, Customer is the Controller and Impartner is the Processor. Each party shall comply with the obligations that apply to it under Applicable Data Protection Law. Customer hereby represents and warrants that Customer complies with the requirements in the Applicable Data Protection Law in collecting and transferring the data to Impartner and permitting Impartner to act as a processor of the Data. Customer agrees that it will not disclose any special categories of personal information to Impartner.
- Purpose limitation. Customer hereby instructs Impartner to Process Personal Data and to transfer Personal Data to any country or territory as necessary for the provision of the Service and consistent with the Agreement. Customer’s instructions for the Processing of Personal Data shall comply with Applicable Data Protection Law. Customer shall have sole responsibility for the accuracy, quality, and legality of the Data and the means by which Customer acquires the Impartner shall Process the Data as a Processor only as necessary to perform its obligations under the Agreement, and in accordance with the documented instructions of Customer (the “Permitted Purpose“), except where otherwise required by any EU (or any EU Member State) or UK law applicable to Impartner, in which case Impartner shall to the extent permitted by Applicable Data Protection Law inform Customer of that legal requirement before the relevant Processing of that Data. In no event shall Impartner Process the Data for its own purposes or those of any third party except as set forth in the Agreement. Impartner shall also inform Customer if in its opinion an instruction of Customer infringes or violates Applicable Data Protection Law. Impartner shall not sell the Data, nor process, retain, use, or disclose the Data (i) for any purposes other than the Permitted Purpose, or (ii) outside of the direct business relationship between Impartner and Customer.
- Details of the Processing. Annex I to this DPA sets out certain information regarding Impartner’s Processing of the Data as required by Article 28(3) of the GDPR. Either party may make reasonable amendments to Annex I by written notice to the other party from time to time as such party reasonably considers necessary to meet those requirements. Nothing in Annex I (including as amended pursuant to this Section 3) confers any right or imposes any obligation on any party to this DPA.
- International transfers. Impartner shall not transfer any Personal Data of European Economic Area (“EEA“) / UK Data Subjects (nor permit such Personal Data to be transferred) outside of the EEA / UK unless (i) it has first obtained Customer’s prior written consent; and (ii) it takes such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law. Such measures may include (without limitation) transferring the Personal Data to a recipient in a country that the European Commission / UK authorities have decided provides adequate protection for Personal Data, or to a recipient that has achieved binding corporate rules authorization in accordance with Applicable Data Protection Law, or to a recipient that has executed the Standard Contractual Clauses adopted or approved by the European Commission or UK Government. Customer hereby consents to the transfer of Personal Data to Impartner in the United States and the parties agree that the EU / UK Standard Contractual Clauses will apply to any such transfer, as appropriate.
a. The EU SCCs shall be deemed incorporated in this Agreement as follows:
-
- Clause 7 of the EU SCCs, the “Docking Clause (Optional)”, shall be deemed incorporated;
- in Clause 9 of the EU SCCs, the Parties choose Option 2, ‘General Written Authorisation’, with a time period of 10 days;
- the optional wording in Clause 11 of the EU SCCs shall be deemed not incorporated;
- in Clause 17 of the EU SCCs, the Data Exporter and Data Importer agree that the EU SCCs shall be governed by the laws of the Netherlands and choose Option 1 to this effect;
- in Clause 18 of the EU SCCs, the Data Exporter and Data Importer agree that any disputes shall be resolved by the courts of the Netherlands;
- Annexes I.A, I.B, I.C, II and III of the EU SCCs shall be deemed completed with the information set out in Annex I, Annex II and Annex III to this DPA.
b. Where the UK SCCs apply (i.e., for transfers from UK to countries, which were not recognized as providing adequate protections by UK authorities), they will be deemed incorporated in accordance with Annex IV to this DPA.
- Confidentiality of Processing. Impartner shall ensure that any person that it authorizes to Process the Data (including Impartner’s staff, agents and subcontractors) (an “Authorized Person“) shall be subject to a strict duty of confidentiality (whether a contractual duty or a statutory duty) and shall not permit any person to Process the Data who is not under such a duty of confidentiality. Impartner shall ensure that all Authorized Persons Process the Data only as necessary for the Permitted Purpose.
- Security. Impartner shall implement appropriate technical and organizational measures to protect the Data from (i) accidental or unlawful destruction, and (ii) loss, alteration, unauthorized disclosure of, or access to the Data (a “Security Incident“). Such measures shall take into account the state of the art, the costs of implementation and the nature, scope, context and purpose of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. Such measures may include those listed in Annex II to this DPA.
- Sub-processing.
7.1 Impartner may subcontract any processing of the Data to a third-party subcontractor (“Sub-Processor“) in accordance with Applicable Data Protection Law. A list of Impartner’s current authorized Sub-Processors (the “List“) will be made available to Customer, either attached hereto, at a link provided to Customer, via email or through another means made available to Customer. Such List may be updated by Impartner from time to time. Impartner may provide a mechanism to subscribe to notifications of new authorized Sub-Processors and Customer agrees to subscribe to such notifications where available. At least ten (10) days before enabling any third party other than existing authorized Sub-Processors to access or participate in the processing of Personal Data, Impartner will add such third party to the List and notify Customer via email. Customer may object to such an engagement by informing Impartner within ten (10) days of receipt of the aforementioned notice by Customer, provided such objection is in writing and based on reasonable grounds relating to data protection. Customer acknowledges that certain sub-processors are essential to providing the Services and that objecting to the use of a sub-processor may prevent Impartner from offering the Services to Customer.
7.2 If Customer reasonably objects to an engagement in accordance with Section 7.1, and Impartner cannot provide a commercially reasonable alternative within a reasonable period of time, Customer may discontinue the use of the affected Service by providing written notice to Impartner. Discontinuation shall not relieve Customer of any fees owed to Impartner under the Agreement.
7.3 If Customer does not object to the engagement of a third party in accordance with Section 7.1 within ten (10) days of notice by Impartner, that third party will be deemed an authorized Sub-Processor for the purposes of this DPA.
7.4 Impartner will enter into a written agreement with the authorized Sub-Processor imposing on the authorized Sub-Processor data protection obligations comparable to those imposed on Impartner under this Addendum with respect to the protection of Personal Data. In case an authorized Sub-Processor fails to fulfill its data protection obligations under such written agreement with Impartner, Impartner will remain liable to Customer for the performance of the authorized Sub-Processor’s obligations under such agreement.
7.5 If Customer and Impartner have entered into Standard Contractual Clauses, (i) the above authorizations will constitute Customer’s prior written consent to the subcontracting by Impartner of the Processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Sub-Processors that must be provided by Impartner to Customer pursuant to Clause 5(j) of the UK SCCs or Clause 9(c) of the EU SCCs may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by Impartner beforehand, and that such copies will be provided by Impartner only upon request by Customer.
- Cooperation and Data Subjects’ rights. Impartner shall provide all reasonable and timely assistance (including by appropriate technical and organizational measures) to Customer to enable Customer to respond to: (i) any request from a Data Subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable); and (ii) any other correspondence, inquiry or complaint received from a Data Subject, regulator or other third party in connection with the Processing of the Data. In the event that any such request, correspondence, inquiry or complaint is made directly to Impartner, Impartner shall promptly inform Customer. To the extent legally permitted, Customer shall be responsible for any costs arising from Impartner’s provision of the assistance described in this paragraph. Communications pertaining to the foregoing shall be sent to dataprocessing@impartner.com.
- Data Protection Impact Assessment. If Impartner believes or becomes aware that its Processing of the Data is likely to result in a high risk to the data protection rights and freedoms of Data Subjects, it shall promptly inform Customer and provide Customer with all such reasonable and timely assistance as Customer may require in order to conduct a data protection impact assessment and, if necessary, consult with its relevant data protection authority.
- Security incidents. Upon becoming aware of a Security Incident, Impartner shall inform Customer without undue delay after becoming aware of the Security Incident, and shall provide all such timely information and cooperation as Customer may require in order for Customer to fulfil its data breach reporting obligations under (and in accordance with the timescales required by) Applicable Data Protection Law. Impartner shall further take all such measures and actions as are necessary to remedy or mitigate the effects of the Security Incident and shall keep Customer apprised of all developments in connection with the Security Incident.
- Deletion or return of Data. Upon termination or expiry of the Agreement, Impartner shall (at Customer’s election) destroy or return to Customer all Data (including all copies of the Data) in its possession or control (including any Data subcontracted to a third party for Processing). This requirement shall not apply to the extent that Impartner is required by any Applicable Data Protection Law to retain some or all of the Data.
- Audit. Impartner will submit to audits and inspections in relation to the Processing of Data, at Customer’s sole cost and expense, and will provide Customer with whatever information it needs to ensure that they are both meeting their obligations under Article 28 of GDPR. Customer agrees that its requests to audit Impartner may be satisfied by Impartner presenting up- to-date attestations, reports or extracts from independent bodies, including without limitation external or internal auditors, Impartner’s data protection officer, data protection or quality auditors or other mutually agreed to third parties) or certification by a regulatory body by way of an IT security or data protection audit. Customer shall not exercise its audit rights under this DPA more than once per year, and no such audit may be exercised in a manner that (i) disrupts Impartner’s normal business operations, or (ii) causes Impartner to breach any obligation of confidentiality to another customer or to any other third party, whether imposed by regulation or contract.
- Sub-processor Audits. Customer may not audit Impartner’s sub-processors without Impartner’s and Impartner’s sub- processor’s prior agreement. Customer agrees that its requests to audit sub-processors may be satisfied by Impartner or Impartner’s sub-processors presenting up-to-date attestations, reports or extracts from independent bodies, including without limitation external or internal auditors, Impartner’s data protection officer, the IT security department, data protection or quality auditors or other mutually agreed to third parties) or certification by way of an IT security or data protection audit. Onsite audits at sub-processors premises may be performed by Impartner or a mutually agreed to auditor under a confidentiality agreement acting on behalf of Customer.
- Limitation of Liability. Each party’s liability arising out of or related to this DPA, whether in contract, tort or under any other theory of liability, is subject to the ‘Limitation of Liability’ section of the Agreement.
- Processing for Statistical Purposes. Impartner may Process Data for statistical purposes following the termination or expiration of the Agreement. Any such Processing shall be subject to appropriate safeguards, such as those provided in GDPR Article 89 related to the rights and freedoms of Data Subject. Those measures may include, without limitation, pseudonymization or that the Processing does not permit the identification of Data Subjects.
- Miscellaneous:
a. Headings. Headings in this DPA are for convenience of reference only and will not constitute a part of or otherwise affect the meaning or interpretation of this DPA.
b. Entire Agreement. This DPA (including all schedules and appendices thereto) and the Agreement constitute the entire agreement between the parties relating to the subject matter of this DPA and supersede all prior agreements, understandings, negotiations and discussions of the parties in relation to the subject matter of this DPA.
c. Severability. The provisions of this DPA are severable. If any phrase, clause or provision is invalid or unenforceable in whole or in part, such invalidity or unenforceability will affect only such phrase, clause or provision, and the rest of this DPA will remain in full force and effect.
d. Notices. Any notice or other communication under this DPA given by either party to the other will be deemed to be properly given if given in writing and delivered (i) in person, (ii) by electronic mail to the email addresses agreed to between the parties, or (iii) in accordance with the Notice provision of the Agreement. Either party may from time to time change its address for notices under this Section by giving the other party notice of the change in accordance with this Section.
e. Third-party Rights. The provisions of this DPA will endure to the benefit of and will be binding upon the parties and their respective successors and assigns.
f. Counterparts. This DPA may be executed in counterparts, each of which will be deemed an original, but all of which together will constitute one and the same instrument. Execution of an Agreement incorporating the terms of this DPA shall be deemed to be execution of this DPA including all attachments.
g. Governing Law. This DPA will be governed by and construed in accordance with the governing law of the Agreement, without regard to its conflict of laws principles, except to the extent that Applicable Data Protection Law(s) require otherwise, in which event this DPA will be governed in accordance with Applicable Data Protection Law.
h. Signatures. This DPA has been signed on behalf of each of the parties by a duly authorized signatory.
ANNEX I: DETAILS OF PROCESSING OF PERSONAL DATA
A. LIST OF PARTIES
-
- Data exporter(s):
Name: Party identified as Customer in the DPA
Address: The address listed on page 1 of the Order Form
Contact Person’s name, position and contact details: Listed on page 1 of the Order Form
Activities relevant to the data transferred under EU SCCs: Primary business point of contact for relationship with Data Importer.
Signature and date: Reflected in DPA
Role (controller/processor): Controller
-
- Data importer:
Name: Impartner, Inc.
Address: 10897 S River Front Parkway, Ste #500, South Jordan, UT 84095
Contact Person’s name, position and contact details: Shane Walters, Privacy Officer, dataprocessing@impartner.com
Activities relevant to the data transferred under EU SCCs: Responsible for Data Importer’s data privacy program
Signature and date: Reflected in DPA
Role (controller/processor): Processor
B. DESCRIPTION OF TRANSFER
Categories of data subjects whose Personal Data is transferred:
Customer may provide Impartner, or allow Impartner access to, Personal Data associated with the following categories of Data Subjects:
-
- Employees, agents, advisors, subcontractors or contact persons of Customer;
- Customer’s clients, channel partners, prospects, business partners, and vendors (who are natural persons); and
- Other authorized users of the Services.
Categories of Personal Data transferred:
The personal data transferred concern the following categories of data:
-
- Personal details, names, user names, passwords, email addresses of users
- Personal data within emails which identifies or may be reasonably linked or linkable to an individual
- Data Subjects’ metadata including sent, to, from, date, time, subject which may be considered Personal Data
- File attachments sent by Data Exporter or Data Exporter’s partners which may contain Personal Data
- Personal Data sent by users of their own accord in free text fields or in files uploaded
- Personal Data Information offered by users as part of support enquiries
- Technical operational data including without limitation IP addresses, logins, search queries; which may include Personal Data; and
- Other data added by Controller from time to time
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
Data Exporter agrees that it will not disclose any special categories of Personal Data or Personal Data classified as “sensitive” (or similar classification) to Data Importer.
The frequency of the transfer
Data Exporter transfers Personal Data as often as necessary to adequately provide Services outlined in the Agreement. This may involve transfers in multiple instances, e.g., to update recipient lists at which Services are aimed.
Nature and purpose of the processing
Data Importer is engaged to provide the Services to Data Exporter which involve the Processing of Personal Data. The scope of the Services is set out in the Agreement, and the Personal Data will be Processed by Data Importer to deliver those Services and to comply with the terms of the Agreement and this DPA.
The period for which the personal data will be retained
The Personal Data will be retained per the requirements of the Master Services Agreement and this DPA, and shall be as long as necessary to perform the Services.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
Subject matter and nature of transfers to sub-processors are outlined in Annex III of the DPA, for each relevant sub-processor. Duration of transfers is same as the duration of transfers to the Data Importer.
C. COMPETENT SUPERVISORY AUTHORITY
For purposes of the EU SCCs, the competent supervisory authority is the Dutch Data Protection Authority, unless expressly agreed otherwise in the DPA.
ANNEX II: TECHNICAL AND ORGANISATIONAL MEASURES
Impartner’s Technical and Organisational Measures including Technical and Organisational Measures to Ensure the Security of the Data is available here.
ANNEX III: LIST OF SUB-PROCESSORS
The controller has authorised the use of sub-processors listed here.
ANNEX IV: UK ADDENDUM TO EU STANDARD CONTRACTUAL CLAUSES
Impartner’s UK Addendum to EU Standard Contractual Clauses is available here.
APPENDIX B: SERVICE LEVEL AGREEMENT
Impartner’s Service Level Agreement is available here.