Last updated: 2023-06-21
PLEASE READ THIS REDPANDA STANDARD CONTRACT FOR GOOGLE CLOUD (THE “STANDARD CONTRACT”) CAREFULLY BEFORE USING THE SERVICES OFFERED BY REDPANDA DATA, INC. (“LICENSOR”). BY MUTUALLY EXECUTING ONE OR MORE ORDERS (AS DEFINED BELOW) WITH LICENSOR WHICH REFERENCE THIS STANDARD CONTRACT, YOU AND THE ENTITY YOU REPRESENT (“BUYER”) AGREE TO BE BOUND BY THIS STANDARD CONTRACT (TOGETHER WITH ALL ORDERS) TO THE EXCLUSION OF ALL OTHER TERMS. IN ADDITION, ANY ONLINE ORDER FORM WHICH YOU SUBMIT VIA LICENSOR’S STANDARD ONLINE PROCESS AND WHICH IS ACCEPTED BY LICENSOR SHALL BE DEEMED TO BE MUTUALLY EXECUTED. IF THE TERMS OF THIS STANDARD CONTRACT ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO SUCH TERMS. BUYER AGREES THAT IT HAS READ AND AGREES TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS STANDARD CONTRACT, AND YOU REPRESENT THAT YOU ARE AUTHORIZED TO BIND BUYER.
Licensor reserves the right to change, modify or remove portions of this Standard Contract at any time. Licensor will provide you with 75 days’ notice prior to making any material changes by posting a notice on Licensor’s website, by sending you an email and/or by some other means. The most current version of the Standard Contract will be posted at https://redpanda.com/legal/redpanda-standard-contract-for-google-cloud. The updated terms shall become effective upon your renewal.
1. Scope.
1.1 Terms and Conditions. This Standard Contract sets forth the terms and conditions applicable to the licensing of Software from Licensor by Buyer, whether deployed via an Image, SaaS or Google Cloud VPC for BYOC Services, each as either described (a) in a Product Listing in the Store or (b) in an order form, ordering document or other purchase order mutually agreed upon and executed by both Buyer and Licensor or entered into via any online order process, including Licensor’s policies and procedures referenced or incorporated in a detail page therein (the Product Listing or any such order, as applicable, shall be referred to as an “Order”). Buyer’s purchase of the corresponding Subscription on an Order, constitutes each Party’s respective acceptance of this Standard Contract and their entry into this Agreement (defined below). Unless defined elsewhere in this Standard Contract, terms in initial capital letters have the meanings set forth in Section 13. Buyer and Licensor may be referred to collectively as the “Parties” or individually as a “Party”.
1.2 Software Subscription. Buyer will subscribe to a Subscription as set forth in an Order in accordance with this Agreement. Licensor will supply and sell the Subscription to Buyer, or Buyer may purchase the Subscription from Licensor’s authorized reseller (“Reseller”). A Subscription, as described in the applicable Order, may be for (a) Software deployed via an Image (“Imaged Software”), (b) SaaS Software, or (c) Google Cloud for BYOC Services. Software may be targeted for specific geographic regions, and Support Services may vary by geography as set forth in the applicable Order. A Subscription may be provided on a Metered Pricing, Entitlement Pricing or other basis through the functionality available through the Store or as specified in an Order. The fee or rate for the Subscription is set forth in the applicable Order. For Subscriptions provided on a Metered Pricing basis, upon request by Buyer, Licensor will provide sufficient documentation from its books and records to allow Buyer to verify the metered usage charged to Buyer for the Subscription.
1.3 Payment. If Buyer is purchasing the Subscription through the Google Marketplace, then the Google Marketplace payment terms and conditions shall apply. If Buyer has executed an Order with Licensor, all amounts payable in respect of such Subscription and the payment terms therefor, shall be specified in the applicable Order. In the event that such terms are not specified in an Order, then all amounts due for a Subscription shall be due and payable within thirty (30) days following receipt of an invoice from Licensor.
1.4 Taxes. Each Party will be responsible, as required under applicable Laws, for identifying and paying all taxes and other governmental fees and charges (and any penalties, interest and other additions thereto) that are imposed on that Party upon or with respect to the transactions and payments under this Agreement. Applicable taxes and duties may be due in addition to the fees or rates payable by Buyer. Licensor may charge and Buyer will pay, where applicable, national, state or local sales or use taxes, or value added or goods and services tax, or withholding or other taxes (“Taxes”). Where required by local legislation, Google may charge for Taxes in its own name for Subscriptions made by Buyers in the Store, and Buyer will pay such Taxes. Buyer will receive a compliant tax invoice, where required. Licensor will be responsible for all other taxes or fees arising (including interest and penalties) from transactions and the documentation of transactions under this Agreement. Upon request, Buyer will provide such information to Licensor as reasonably required to determine whether Licensor is obligated to collect Taxes from Buyer. Licensor will not collect (or will refund to Buyer), and Buyer will not be obligated to pay (or will be entitled to a refund from Licensor), any such Tax or duty for which Buyer furnishes Licensor a properly completed exemption certificate or a direct payment permit certificate or for which Licensor claims an available exemption from Tax. Licensor will provide Buyer with any forms, documents or certifications as may be required for Buyer to satisfy any information reporting or withholding tax obligations with respect to any payments under this Agreement.
1.5 Agreement. Each Subscription is subject to and governed by this Standard Contract, the applicable Product Listing or Order, the terms and conditions of the NDA (as defined below) (if any), the Privacy and Security Terms for SaaS Subscriptions and BYOC Subscriptions, and any amendments to any of the foregoing as may be agreed upon by the Parties, which together constitute the agreement between Buyer and Licensor (the “Agreement”). Each Subscription is a separate agreement between Buyer and Licensor. In the event of any conflict between the terms and conditions of the various components of this Agreement, the following order of precedence will apply: (a) any amendment agreed upon by the Parties, including amendments agreed to in an applicable Order; (b) the Privacy and Security Terms for SaaS Subscriptions and BYOC Subscriptions; (c) the NDA (if any); (d) this Standard Contract; and (e) the Product Listing.
2. Licenses.
2.1 Licensed Materials.
2.11 If the Subscription is for Imaged Software, Licensor hereby grants to Buyer, subject to Section 2.1.4, a nonexclusive, worldwide (subject to Section 12.6), nontransferable (except in connection with an assignment permitted under Section 12.2 or a divestiture permitted under Section 12.3), non-terminable (except as provided in Section 10) license under all Proprietary Rights in and to the Imaged Software and the Image, to deploy, operate and use the Imaged Software and the Image under Buyer’s own GCP account on GCP infrastructure in accordance with the applicable Order and to allow its Users to access and use the Imaged Software and the Image as so deployed.
2.1.2 If the Subscription is for SaaS Software, Licensor hereby grants to Buyer, subject to Section 2.1.4, a nonexclusive, worldwide (subject to Section 12.6), nontransferable (except in connection with an assignment permitted under Section 12.2 or a divestiture permitted under Section 12.3), non-terminable (except as provided in Section 10) license under all Proprietary Rights in and to the SaaS Software and SaaS Service, to access, receive and use the SaaS Software and SaaS Services in accordance with the applicable Order and to allow its Users to access, receive and use the SaaS Software and SaaS Service.
2.1.3 If the Subscription is for BYOC Services, Licensor hereby grants to Buyer, subject to Section 2.1.4, a nonexclusive, worldwide (subject to Section 12.6), nontransferable (except in connection with an assignment permitted under Section 12.2 or a divestiture permitted under Section 12.3), non-terminable (except as provided in Section 10) license under all Proprietary Rights in and to the Imaged Software and Image, (a) to deploy, operate and use the Imaged Software and Image under Buyer’s own GCP account on Google Cloud Services infrastructure in accordance with the applicable Order, (b) to allow its Users to access and use the Imaged Software and Image as so deployed and (c) to deploy, operate and use the Imaged Software in an Google Cloud VPC with sufficient access to allow Licensor to access, manage, provision and monitor the Imaged Software only for the provision of the BYOC Services.
2.1.4 Buyer may use the Software and, as applicable, the Image or SaaS Service, only: in support of the internal operations of Buyer’s and its Affiliates’ business(es) or organization(s), in connection with Buyer’s and its Affiliates’ products and services (but, for clarity, not as a stand-alone product or service of Buyer or its Affiliates), and in connection with Buyer’s and its Affiliate’s interactions with Users.
2.1.5 Buyer may make a reasonable number of copies of the Documentation as necessary to use such Software, and as applicable the Image, in accordance with the rights granted under this Agreement, provided that Buyer includes all proprietary legends and other notices on all copies. Licensor retains all rights not expressly granted to Buyer under this Agreement.
2.2 Affiliates and Contractors. With respect to Affiliates and Contractors that Buyer allows to use the Licensed Materials: (a) Buyer remains responsible for all obligations hereunder arising in connection with such Affiliate’s or Contractor’s use of the Licensed Materials; and (b) Buyer agrees to be directly liable for any act or omission by such Affiliate or Contractor to the same degree as if the act or omission were performed by Buyer such that a breach by an Affiliate or a Contractor of the provisions of this Agreement will be deemed to be a breach by Buyer. The performance of any act or omission under this Agreement by an Affiliate or a Contractor for, by or through Buyer will be deemed the act or omission of Buyer.
2.3 Restrictions. Except as specifically provided in this Agreement, Buyer and any other User of any Licensed Materials, in whole or in part, may not: (a) copy the Licensed Materials, in whole or in part; (b) distribute copies of Licensed Materials, in whole or in part, to any third party; (c) modify, adapt, translate, make alterations to or make derivative works based on Licensed Materials or any part thereof; (d) except as permitted by Law, decompile, reverse engineer, disassemble or otherwise attempt to derive source code from the Software; (e) use, rent, loan, sub-license, lease, distribute or attempt to grant other rights to any part of the Licensed Materials to third parties; (f) use the Licensed Materials to act as a consultant, service bureau or application service provider; or (g) permit access of any kind to the Licensed Materials to any third party.
2.4 Open Source Software. Subject to the requirements of Section 5.1(d), Software may contain or be provided with components that are subject to the terms and conditions of “open source” software licenses (“Open Source Software”). If Buyer’s use of the Software subjects Buyer to the terms of any license governing the use of Open Source Software, then information concerning such Open Source Software and the applicable license must be incorporated or referenced in the Product Listing or Documentation. To the extent required by the license to which the Open Source Software is subject, the terms of such license will apply in lieu of the terms of this Agreement with respect to such Open Source Software, including without limitation, any provisions governing attribution, access to source code, modification and reverse-engineering.
2.5 No Additional Terms. No shrink-wrap, click-acceptance or other terms and conditions outside this Agreement provided with any Licensed Materials or any part thereof (“Additional Terms”) will be binding on Buyer or its Users, even if use of the Licensed Materials, or any part thereof, requires an affirmative “acceptance” of such Additional Terms before access to or use of the Licensed Materials, or any part thereof, is permitted. All such Additional Terms will be of no force or effect and will be deemed rejected by Buyer in their entirety. For clarity, the Software, Subscription type (Image, SaaS or BYOC), fee structure (Entitlement Pricing or Metered Pricing), technical requirements for use of the Software, Support Services, as well as any information regarding Open Source Software set forth or referenced in the Order or Documentation, are not Additional Terms subject to this Section.
2.6 High-Risk Activities. The Software is not designed or developed for use in high-risk, hazardous environments requiring fail-safe performance, including without limitation in the operation of nuclear facilities, aircraft navigation or control systems, air traffic control, or weapons systems, or any other application in which the failure of the Software could lead to severe physical or environmental damages (“High Risk Activities”). Buyer will not use the Software for High Risk Activities.
3. Services.
3.1 SaaS Service. If Buyer is purchasing a SaaS Subscription, Licensor will provide the SaaS Services to Buyer in accordance with the Order promptly following purchase of the Subscription and continuing until completion of the Subscription. Licensor will provide Buyer all license keys, access credentials and passwords necessary for access and use of the Software and SaaS Services (“Keys”) as set forth in the Order.
3.2 BYOC Service If Buyer is purchasing a BYOC Subscription, Licensor will provide the BYOC Services to Buyer in accordance with the Order promptly following purchase of the Subscription and continuing until completion of the Subscription. Buyer will provide Licensor all access credentials and passwords necessary for access and use of the Software via the Google Cloud VPC as set forth in the Order.
3.3 Service Level Agreement. Subject to Buyer’s payment of all applicable fees, Licensor will use commercially reasonable efforts to provide the SaaS Services and BYOC Services purchased to Buyer in accordance with Licensor’s then-current Redpanda Cloud Service Level Agreement, as updated and amended from time to time.
3.4 Support Services. Licensor will provide sufficient Documentation to allow a reasonably competent user to access and use the Software, and Licensor will provide Support Services to Buyer in accordance with the support plan set forth or incorporated into the Order.
4. Proprietary Rights.
4.1 Licensed Materials. Subject to the licenses granted herein, Licensor will retain all right, title and interest it may have in and to the Licensed Materials, including all Proprietary Rights therein. Nothing in this Agreement will be construed or interpreted as granting to Buyer any rights of ownership or any other proprietary rights in or to the Licensed Materials.
4.2 Feedback. If Buyer provides any suggestions, ideas, enhancement requests, recommendations or feedback regarding the Licensed Materials or Support Services (“Feedback”), Licensor may use and incorporate Feedback in Licensor’s products and services. Buyer will have no obligation to provide Feedback, and all Feedback is provided by Buyer “as is” and without warranty of any kind.
5. Warranties.
5.1 Licensed Materials. Licensor represents and warrants that: (a) for Subscriptions with Entitlement Pricing, the Software, and as applicable the Image, SaaS Services or BYOC Service, will conform, in all material respects, to the Documentation during the Warranty Period; (b) Imaged Software will not contain any automatic shut-down, lockout, “time bomb” or similar mechanisms that could interfere with Buyer’s exercise of its rights under this Agreement (for clarity, the foregoing does not prohibit license keys that expire at the end of the Subscription); (c) Licensor will use industry standard practices designed to detect and protect the Software against any viruses, “Trojan horses”, “worms”, spyware, adware or other harmful code designed or used for unauthorized access to or use, disclosure, modification or destruction of information within the Software or interference with or harm to the operation of the Software or any systems, networks or data, including as applicable using anti-malware software and keeping the anti-malware software up to date prior to making the Software (including any Software provided through Support Services) available to Buyer, and for SaaS Software, scanning the SaaS Software on a regular basis; (d) the Software, and Buyer’s use thereof as permitted under this Agreement, will not be subject to any license or other terms that require that any Buyer Data, Buyer Materials or any software, documentation, information or other materials integrated, networked or used by Buyer with the Software, in whole or in part, be disclosed or distributed in source code form, be licensed for the purpose of making derivative works, or be redistributable at no charge; and (e) the Software, and as applicable the Image, SaaS Services or BYOC Service, will conform, to the extent applicable, with then-current Web Content Accessibility Guidelines (WCAG) and any other applicable accessibility Laws.
5.2 Services. Licensor represents and warrants that the Services will be performed in a professional manner with a level of care, skill and diligence performed by experienced and knowledgeable professionals in the performance of similar services.
5.3 Remedies. If any Software or Service fails to conform to the foregoing warranties, Licensor promptly will, at its option and expense, correct the Software and re-perform the Services as necessary to conform to the warranties. If Licensor does not correct the Software or re-perform the Services to conform to the warranties within a reasonable time, not to exceed 30 days, as Buyer’s sole remedy and Licensor’s exclusive liability (except as provided in Section 9), Buyer may terminate the Subscription and this Agreement without further liability and Licensor will provide Buyer with a refund of any fees prepaid to Licensor by Buyer, prorated for the unused portion of the Subscription, as well as, if applicable, any service credits available under Licensor’s Support Services or other policies.
5.4 Special Remedy for Certain Entitlement Pricing Subscriptions. This Section applies only to a Subscription with Entitlement Pricing that is $100,000 or more other than an Excluded Subscription. “**Excluded Subscription” **means a Subscription: (a) with Metered Pricing; (b) for software for which Licensor also offers free trial use, whether subject to the Standard Contract or other terms and conditions; (c) that is a renewal of an expiring subscription, or a new subscription for software previously licensed from Licensor by Buyer, whether on a paid, free or trial basis, and whether subject to the Standard Contract or other terms and conditions; or (d) that increases the quantity of Buyer’s then-current use of such software (e.g., additional hosts, CPU capacity, users or other metric of quantity). If, for any Subscription with Entitlement Pricing that is $100,000 or more other than an Excluded Subscription, Buyer reports a breach of the warranty set forth in Section 5.1(a) during the first 30 days of the Warranty Period, and if, following the process set forth in Section 5.3, the Software does not operate as warranted under Section 5.1(a), then as Buyer’s sole remedy and Licensor’s exclusive liability in lieu of the remedy available under Section 5.3, Buyer may terminate the Subscription or this Agreement without further liability and Licensor will provide Buyer with a full refund of all fees paid to Licensor by Buyer for the Subscription.
5.5 Warranty Exclusions. Licensor will have no liability or obligation with respect to any warranty to the extent attributable to any: (a) use of the Software by Buyer in violation of this Agreement or applicable Law; (b) unauthorized modifications to the Licensed Materials made by Buyer or its Personnel; (c) use of the Software in combination with third-party equipment or software not provided or made accessible by Licensor or contemplated by the Order or Documentation; or (d) use by Buyer of Software in conflict with the Documentation, to the extent that such nonconformity would not have occurred absent such use or modification by Buyer.
5.6 Compliance with Laws. Each Party represents and warrants that it will comply with all applicable international, national, state and local laws, ordinances, rules, regulations and orders, as amended from time to time (“Law” or “Laws”) applicable to such Party in its performance under this Agreement.
5.7 Power and Authority. Each Party represents and warrants that: (a) it has full power and authority to enter in and perform this Agreement and that the execution and delivery of this Agreement has been duly authorized; and (b) this Agreement and such Party’s performance hereunder will not breach any other agreement to which the Party is a party or is bound or violate any obligation owed by such Party to any third party.
5.8 Disclaimer. EXCEPT FOR THE WARRANTIES SPECIFIED IN THIS AGREEMENT, NEITHER PARTY MAKES ANY WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, REGARDING THE LICENSED MATERIALS, SERVICES, BUYER MATERIALS AND BUYER DATA, AND EACH PARTY HEREBY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. Licensor does not warrant: (a) that the Licensed Materials will meet Buyer’s requirements; or (b) that the operation of the Software will be uninterrupted or error free.
6. Confidentiality.
6.1 Confidential Information. “Confidential Information” means any nonpublic information directly or indirectly disclosed by either Party (the “Disclosing Party”) to the other Party (the “Receiving Party”) or accessible to the Receiving Party pursuant to this Agreement that is designated as confidential or that, given the nature of the information or the circumstances surrounding its disclosure, reasonably should be considered as confidential, including without limitation technical data, trade secrets, know-how, research, inventions, processes, designs, drawings, strategic roadmaps, product plans, product designs and architecture, security information, marketing plans, pricing and cost information, marketing and promotional activities, business plans, customer and supplier information, employee and User information, business and marketing plans, and business processes, and other technical, financial or business information, and any third party information that the Disclosing Party is required to maintain as confidential. Confidential Information will not, however, include any information which: (a) was publicly known or made generally available to the public prior to the time of disclosure; (b) becomes publicly known or made generally available after disclosure through no fault of the Receiving Party; (c) is in the possession of the Receiving Party, without restriction as to use or disclosure, at the time of disclosure by the Disclosing Party; (d) was lawfully received, without restriction as to use or disclosure, from a third party (who does not have an obligation of confidentiality or restriction on use itself); or (e) is developed by the Receiving Party independently from this Agreement and without use of or reference to the Disclosing Party’s Confidential Information or Proprietary Rights. Except for rights expressly granted in this Agreement, each Party reserves all rights in and to its Confidential Information. The Parties agree that the Licensed Materials are Confidential Information of Licensor.
6.2 Obligations. The Parties will maintain as confidential and will avoid disclosure and unauthorized use of Confidential Information of the other Party using reasonable precautions. Each Party will protect such Confidential Information with the same degree of care that a prudent person would exercise to protect its own confidential information of a like nature, and to prevent the unauthorized, negligent, or inadvertent use, disclosure, or publication thereof or access thereto. Each Party will restrict Confidential Information to individuals who need to know such Confidential Information and who are bound to confidentiality obligations at least as protective as the restrictions described in this Section 6. Except as necessary for the proper use of the Software, the exercise of a Party’s rights under this Agreement, performance of a Party’s obligations under this Agreement or as otherwise permitted under this Agreement, neither Party will use Confidential Information of the other Party for any purpose except in fulfilling its obligations or exercising its rights under this Agreement. Each Party will promptly notify the other Party if it becomes aware of any unauthorized use or disclosure of the other Party’s Confidential Information, and reasonably cooperate with the other Party in attempts to limit disclosure.
6.3 Compelled Disclosure. If and to the extent required by Law, including regulatory requirements, discovery request, subpoena, court order or governmental action, the Receiving Party may disclose or produce Confidential Information but will give reasonable prior notice (and where prior notice is not permitted by applicable Law, notice will be given as soon as the Receiving Party is legally permitted) to the Disclosing Party to permit the Disclosing Party to intervene and to request protective orders or confidential treatment therefor or other appropriate remedy regarding such disclosure. Disclosure of any Confidential Information pursuant to any legal requirement will not be deemed to render it non-confidential, and the Receiving Party’s obligations with respect to Confidential Information of the Disclosing Party will not be changed or lessened by virtue of any such disclosure.
6.4 NDA. Buyer and Licensor may agree that a separate nondisclosure agreement between Buyer and Licensor (or the respective Affiliates of Buyer and Licensor) (“NDA”) will apply to the Subscription, in which case the terms and conditions thereof are incorporated herein by reference and will apply instead of Subsections 6.1 through 6.3 of this Section 6.
7. Additional Obligations and Responsibilities. This Section 7 applies to Subscriptions for SaaS Software, SaaS Services and BYOC Services only.
7.1 SaaS Acceptable Use. Buyer will not intentionally use the SaaS Software or SaaS Services to: (a) store, download or transmit infringing or illegal content, or any viruses, “Trojan horses” or other harmful code; (b) engage in phishing, spamming, denial-of-service attacks or fraudulent or criminal activity; (c) interfere with or disrupt the integrity or performance of the Software or data contained therein or on Licensor’s system or network; or (d) perform penetration testing, vulnerability testing or other security testing on the Software or Licensor’s systems or networks or otherwise attempt to gain unauthorized access to the Software or Licensor’s systems or networks.
7.2 BYOC Services.
7.2.1 Generally. Licensor will use commercially reasonable efforts to access the Imaged Software and provide to Buyer with the BYOC Services as set forth in the Order, which shall consist generally of Licensor providing to Licensor solely through the Google Cloud VPC, Support Services, monitoring and alerting services and provisioning of the Imaged Software (including provisioning additional nodes), each as described in greater detail in the Order.
7.2.2Shared Responsibility for Deployment. Buyer acknowledges that the BYOC Services are implemented in a manner that divides the responsibility for the Imaged Software between the Buyer Cloud Environment and the Licensor Cloud Environment, and that accordingly each Party must undertake certain technical and organizational measures in order to protect the Imaged Software, the Services, the Buyer Data and Buyer Materials. Without limiting the foregoing, Buyer acknowledges and agrees that (a) in order to utilize the BYOC Services, Buyer must have an account for Google Cloud Services; (b) Licensor does not host the Buyer Cloud Environment into which the Imaged Software is deployed or in which Buyer Data may be stored; (c) the BYOC Services are not designed to archive or permanently retain Buyer Data, but merely to provide an environment to facilitate Buyer’s processing of Buyer Data within the Buyer Cloud Environment; and (d) Licensor and the BYOC Services do not provide backup services or disaster recovery to enable recovery of Buyer Data. Accordingly, and without limiting the foregoing, but subject to Section 8 of the Standard Contract, Licensor is not responsible for any loss, destruction, alteration, or corruption of Buyer Data or Buyer Materials, except to the extent caused by the gross negligence or willful misconduct of Licensor.
7.2.3 Buyer Responsibilities. Buyer acknowledges and agrees that Buyer is responsible for (a) protecting the security of all Buyer credentials used to access the Subscription to the Services; (b) securing the Buyer Cloud Environment (with such steps to include without limitation the regular rotation of access keys and other industry standard steps to preclude unauthorized access); (c) backing up and securing Buyer Data and Buyer Materials under Buyer’s control within the Buyer Cloud Environment; and (d) ensuring that Licensor does not have access to Buyer Materials or Buyer Data that is not necessary for Licensor to provide the BYOC Services, and Buyer expressly assumes the risks associated with the foregoing responsibilities.
7.2.4 Licensor Responsibilities. Licensor acknowledges and agrees that, as between the Parties and except to the extent caused by the action or intentional or negligent inaction of Buyer or Buyer’s Users, including without limitation any customizations or configurations of the Imaged Software by Buyer or anything specified to be Buyer’s responsibility, Licensor is primarily responsible for (a) the operation of elements of the Services residing within the Licensor Cloud Environment; and (b) implementing reasonable technical and organizational measures designed as specified in the Standard Contract to protect the security of the foregoing.
7.2.5 Buyer Data and Buyer Materials. As set forth in greater detail in the Order, in connection with the BYOC Services, Buyer shall provide to Licensor the following Buyer Data from the Google Cloud VPC implementation of the Imaged Software: (a) Grafana telemetry (e.g., CPU, disk, usage); (b) systems logs (e.g., syslog/journalctl) for debugging, (c) HTTP Admin for command and control.
7.2.6 Security. Licensor and Buyer will, consistent with industry standard practices, implement and maintain administrative and technical safeguards and other security measures in respect of the BYOC Services: (a) Buyer established encryption with WebAssembly, (b) audited cloud environment, and (c) security audit logs.
7.3 Buyer Data and Buyer Materials.
7.3.1 Buyer is and will continue to be the sole and exclusive owner of all Buyer Materials, Buyer Data and other Confidential Information of Buyer, including all Proprietary Rights therein. Nothing in this Agreement will be construed or interpreted as granting to Licensor any rights of ownership or any other proprietary rights in or to the Buyer Data and Buyer Materials.
7.3.2 Buyer will obtain all necessary consents, authorizations and rights and provide all necessary notifications in order to provide Buyer Data to Licensor and for Licensor to use Buyer Data in the performance of its obligations in accordance with the terms and condition of this Agreement, including any access or transmission to third parties with whom Buyer shares or permits access to Buyer Data.
7.3.3 The Parties agree that Buyer Data and Buyer Materials are Confidential Information of Buyer. Buyer hereby grants to Licensor a nonexclusive, nontransferable (except in connection with an assignment permitted under Section 12.2), revocable license, under all Proprietary Rights, to reproduce and use Buyer Materials and Buyer Data solely for the purpose of, and to the extent necessary for, performing Licensor’s obligations under this Agreement. In no event will Licensor access, use or disclose to any third party any Buyer Data or any Buyer Materials for any purpose whatsoever (including, without limitation, the marketing of Licensor’s other products or services) other than as necessary for the purpose of providing the Software and Services to Buyer and performing its obligations under this Agreement. Licensor will not aggregate, anonymize or create any data derivatives of Buyer Data other than as necessary to provide the Software or Services and to perform its obligations in accordance with the terms and conditions of this Agreement.
7.3.4 Buyer will have full access to, and has the right to review and retain, the entirety of Buyer Data contained in the Software. At no time will any computer or electronic records containing Buyer Data be stored or held in a form or manner not readily accessible to Buyer through the ordinary operation of the Software. Licensor will provide to Buyer all passwords, codes, comments, Keys and documentation necessary for such access and use of the Software, and Buyer will be entitled to delete, or have Licensor delete, Buyer Data as expressly specified by Buyer.
7.4 System Data. To the extent that System Data identifies or permits, alone or in conjunction with other data, identification, association, or correlation of or with Buyer, its Affiliates, Users, customers, suppliers or other persons interacting with any of the foregoing, or any Confidential Information of Buyer or any device as originating through or interacting with Buyer or its Affiliates (“Identifiable System Data”), Licensor may only collect and use Identifiable System Data internally to provide and improve the Software and Services and Licensor’s other products and services. Licensor will not target any data analysis at, or otherwise use any Identifiable System Data to derive or attempt to derive information regarding, Buyer and its Affiliates, their businesses, operations, finances, users, customers, prospective customers, suppliers or other persons interacting with Buyer and its Affiliates. Licensor will not target any development efforts, marketing, communications or promotions arising from its use of Identifiable System Data at Buyer and its Affiliates or any other person on the basis of the intended recipient’s relationship with Buyer or any of its Affiliates. Licensor will not use or disclose any Identifiable System Data for any other purpose unless otherwise agreed in writing by the Parties.
7.5 Use of Other Data. Notwithstanding the foregoing, nothing in this Agreement will restrict: (a) Licensor’s use of System Data or data derived from System Data that does not identify or permit, alone or in conjunction with other data, identification, association, or correlation of or with (i) Buyer, its Affiliates, Users, customers, suppliers or other persons interacting with Buyer and its Affiliates or any Confidential Information of Buyer, or (ii) any device (e.g. computer, mobile telephone, or browser) used to access or use the Software as originating through Buyer or its Affiliates or interacting with Buyer or its Affiliates; or (b) either Party’s use of any data, records, files, content or other information related to any third party that is collected, received, stored or maintained by a Party independently from this Agreement.
7.6 Security. Licensor will, consistent with industry standard practices, implement and maintain physical, administrative and technical safeguards and other security measures: (a) to maintain the security and confidentiality of Buyer Data; and (b) to protect Buyer Data from known or reasonably anticipated threats or hazards to its security, availability and integrity, including accidental loss, unauthorized use, access, alteration or disclosure. Without limiting the foregoing, Licensor will provide the SaaS Services in compliance with the Security Addendum attached hereto. Licensor and Buyer will, consistent with industry standard practices, implement and maintain the following administrative and technical safeguards and other security measures in respect of the BYOC Services: (a) Buyer established encryption with WebAssembly, (b) audited cloud environment, and (c) security audit logs.
7.7 Data Protection Legislation.
7.7.1 Each Party will comply with all data protection Laws, and any implementations of such Laws, applicable to its performance under this Agreement. The Parties acknowledge and agree that they will consider in good faith implementing any codes of practice and best practice guidance issued by relevant authorities as they apply to applicable country specific data protection Laws or their implementations.
7.7.2 Without limiting the generality of the foregoing, if Licensor is collecting or furnishing Personal Information to Buyer or if Licensor is processing, storing or transferring Personal Information on behalf of Buyer, then Licensor and Buyer and/or their Affiliate(s), as applicable, will agree to supplemental privacy and security terms consistent with applicable Law, and if the Personal Information is regarding individuals in the European Economic Area, Licensor and Buyer agree to be bound by the attached Data Processing Addendum or other terms and conditions agreed upon by Buyer and Licensor that reflect their respective legal obligations with respect to Personal Information and any applicable data transfer mechanisms. For purposes of this Agreement, “Personal Information” means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity or any data, data element or information that is subject to breach notification, data security obligations or other data protection Laws. For the avoidance of doubt, no Personal Information should be processed or transferred under this Agreement without Privacy and Security Terms necessary for compliance with applicable Law.
7.8 Remedies. Each Party agrees that in the event of a breach or threatened breach of this Section 7, the non-breaching Party will be entitled to injunctive relief against the breaching Party in addition to any other remedies to which the non-breaching Party may be entitled. Either Party may terminate this Agreement immediately upon written notice to the other Party if the other Party breaches any of the provisions set forth in this Section 7.
8. Limitations of Liability.
8.1 Disclaimer; General Cap. SUBJECT TO SECTIONS 8.2, 8.3 AND 8.4, IN NO EVENT WILL (a) EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND (b) EITHER PARTY’S AGGREGATE LIABILITY UNDER THIS AGREEMENT, WHETHER SUCH DAMAGES ARE BASED IN CONTRACT, TORT OR OTHER LEGAL THEORY, EXCEED THE GREATER OF (i) IN THE CASE OF A SUBSCRIPTION WITH ENTITLEMENT PRICING, THE FEES AND OTHER AMOUNTS PAID AND REQUIRED TO BE PAID BY BUYER FOR THE SUBSCRIPTION, AND, IN THE CASE OF A SUBSCRIPTION WITH METERED PRICING, THE FEES AND OTHER AMOUNTS PAID AND REQUIRED TO BE PAID UNDER THIS AGREEMENT IN THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO THE DAMAGES, OR (ii) $500,000.
**8.2 Exception for Gross Negligence, Willful Misconduct or Fraud. **THE EXCLUSIONS OF AND LIMITATIONS ON LIABILITY SET FORTH IN SECTION 8.1(a) AND (b) WILL NOT APPLY TO A PARTY’S GROSS NEGLIGENCE, WILLFUL MISCONDUCT, OR FRAUD.
8.3 Exception for Certain Indemnification Obligations. THE EXCLUSIONS OF AND LIMITATIONS ON LIABILITY SET FORTH IN SECTIONS 8.1(a) AND (b) WILL NOT APPLY TO ANY COSTS OF DEFENSE AND ANY AMOUNTS AWARDED AGAINST THE INDEMNIFIED PARTY BY A COURT OF COMPETENT JURISDICTION OR AGREED UPON PURSUANT TO SETTLEMENT AGREEMENT THAT ARE SUBJECT TO SUCH PARTY’S INDEMNIFICATION AND DEFENSE OBLIGATIONS UNDER THIS AGREEMENT.
8.4 Special Cap for Security Breach.
8.4.1 FOR SAAS AND BYOC SUBSCRIPTIONS, THE EXCLUSIONS OF AND LIMITATIONS ON LIABILITY SET FORTH IN SECTIONS 8.1(a) AND (b) WILL NOT APPLY TO, AND INSTEAD SECTION 8.4.2 WILL APPLY TO: (a) BUYER’S COSTS OF INVESTIGATION, NOTIFICATION, REMEDIATION AND MITIGATION RESULTING FROM ANY UNAUTHORIZED ACCESS, USE OR DISCLOSURE OF BUYER DATA RESULTING FROM BREACH OF LICENSOR’S OBLIGATIONS UNDER ANY PRIVACY AND SECURITY TERMS, INCLUDING NOTICE OF BREACH TO AFFECTED INDIVIDUALS, INDUSTRY SELF-REGULATORY AGENCIES, GOVERNMENT AUTHORITIES AND THE PUBLIC, AND CREDIT AND IDENTITY THEFT MONITORING SERVICES FOR AFFECTED INDIVIDUALS AND LICENSOR’S OBLIGATIONS WITH RESPECT THERETO PURSUANT TO SECTION 9.5; AND (b) ANY LIABILITIES ARISING FROM CLAIMS BROUGHT BY THIRD PARTIES AGAINST BUYER ARISING FROM ANY UNAUTHORIZED ACCESS, USE OR DISCLOSURE OF BUYER DATA RESULTING FROM BREACH OF LICENSOR’S OBLIGATIONS UNDER ANY PRIVACY AND SECURITY TERMS, INCLUDING OUT-OF-POCKET COSTS OF DEFENSE AND ANY AMOUNTS AWARDED AGAINST BUYER BY A COURT OF COMPETENT JURISDICTION OR AGREED UPON PURSUANT TO A SETTLEMENT AGREEMENT.
8.4.2 FOR SAAS AND BYOC SUBSCRIPTIONS, LICENSOR’S AGGREGATE LIABILITY UNDER THIS AGREEMENT FOR ANY UNAUTHORIZED ACCESS, USE OR DISCLOSURE OF BUYER DATA RESULTING FROM BREACH OF LICENSOR’S OBLIGATIONS UNDER ANY PRIVACY AND SECURITY TERMS, INCLUDING BUYER’S COSTS SET FORTH IN SECTION 8.4.1 AND LICENSOR’S INDEMNIFICATION AND DEFENSE OBLIGATIONS PURSUANT TO SECTION 9.1(b) AND ITS OBLIGATIONS PURSUANT TO SECTION 9.5, WHETHER SUCH DAMAGES ARE BASED IN CONTRACT, TORT OR OTHER LEGAL THEORY, WILL NOT EXCEED (IN LIEU OF AND NOT IN ADDITION TO THE AMOUNT SET FORTH IN SECTION 8.1) THE GREATER OF (i) IN THE CASE OF A SUBSCRIPTION WITH ENTITLEMENT PRICING, FIVE TIMES THE FEES AND OTHER AMOUNTS PAID AND REQUIRED TO BE PAID BY BUYER FOR THE SUBSCRIPTION, AND, IN THE CASE OF A SUBSCRIPTION WITH METERED PRICING, FIVE TIMES THE FEES AND OTHER AMOUNTS PAID AND REQUIRED TO BE PAID UNDER THIS AGREEMENT IN THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO THE DAMAGES OR (ii) $2 MILLION.
9. Indemnification.
9.1 Licensor Indemnity. Licensor will, at its expense, indemnify, defend and hold harmless Buyer and its Affiliates and their respective officers, directors, employees, agents and representatives (collectively “Buyer Indemnified Parties”) from and against any and all claims, actions, proceedings and suits brought by a third party, and any and all liabilities, losses, damages, settlements, penalties, fines, costs and expenses (including reasonable attorneys’ fees) (“Claims”), to the extent arising out of or relating to an allegation of any of the following: (a) infringement, misappropriation or violation of any Proprietary Rights by the Licensed Materials or Buyer’s use thereof as permitted under this Agreement; and (b) any unauthorized access, use or disclosure of Buyer Data resulting from breach of Licensor’s obligations under any Privacy and Security Terms.
9.2 Buyer Indemnity. Buyer will, at its expense, indemnify, defend and hold harmless Licensor and its Affiliates and their respective officers, directors, employees, agents and representatives (collectively “Licensor Indemnified Parties”) from and against any and all Claims to the extent arising out of or relating to an allegation of any of the following: (a) infringement, misappropriation or violation of any Proprietary Rights by the Buyer Materials or Buyer Data or Licensor’s use thereof as permitted under this Agreement; and (b) any unauthorized or unlawful receipt, processing, transmission or storage of Buyer Data by Licensor in the performance of its obligations as permitted under this Agreement resulting from breach of Buyer’s obligations under Section 7.3.2.
9.3 Process. The party(ies) seeking indemnification pursuant to this Section 9 (each, an “Indemnified Party” and collectively, the “Indemnified Parties”) will give the other Party (the “Indemnifying Party”) prompt notice of each Claim for which it seeks indemnification, provided that failure or delay in providing such notice will not release the Indemnifying Party from any obligations hereunder except to the extent that the Indemnifying Party is prejudiced by such failure. The Indemnified Parties will give the Indemnifying Party their reasonable cooperation in the defense of each Claim for which indemnity is sought, at the Indemnifying Party’s expense. The Indemnifying Party will keep the Indemnified Parties informed of the status of each Claim. An Indemnified Party may participate in the defense at its own expense. The Indemnifying Party will control the defense or settlement of the Claim, provided that the Indemnifying Party, without the Indemnified Parties’ prior written consent: (a) will not enter into any settlement that; (i) includes any admission of guilt or wrongdoing by any Indemnified Party; (ii) imposes any financial obligations on any Indemnified Party that Indemnified Party is not obligated to pay under this Section 9; (iii) imposes any non-monetary obligations on any Indemnified Party; and (iv) does not include a full and unconditional release of any Indemnified Parties; and (b) will not consent to the entry of judgment, except for a dismissal with prejudice of any Claim settled as described in (a). The Indemnifying Party will ensure that any settlement into which it enters for any Claim is made confidential, except where not permitted by applicable Law.
9.4 Infringement Remedy. In addition to Licensor’s obligations under Section 9.1, if the Software or other Licensed Materials is held, or in Licensor’s opinion is likely to be held, to infringe, misappropriate or violate any Proprietary Rights, or, if based on any claimed infringement, misappropriation or violation of Proprietary Rights, an injunction is obtained, or in Licensor’s opinion an injunction is likely to be obtained, that would prohibit or interfere with Buyer’s use of the Licensed Materials under this Agreement, then Licensor will at its option and expense either: (a) procure for Buyer the right to continue using the affected Licensed Materials in accordance with the license granted under this Agreement; or (b) modify or replace the affected Licensed Materials so that the modified or replacement Licensed Materials are reasonably comparable in functionality, interoperability with other software and systems, and levels of security and performance and do not infringe, misappropriate or violate any third-party Proprietary Rights. If, in such circumstances, Licensor cannot not successfully accomplish any of the foregoing actions on a commercially reasonable basis, Licensor will notify Buyer and either Party may terminate the Subscription and this Agreement, in which case Licensor will refund to Buyer any fees prepaid to Licensor by Buyer prorated for the unused portion of the Subscription. For clarity, Licensor’s indemnification and defense obligations under this Section include infringement Claims based on use of the Licensed Materials by Buyer Indemnified Parties following an initial infringement Claim except that, if Licensor responds to an infringement Claim by accomplishing the solution in (b), Licensor will have no obligation to defend and indemnify Buyer for infringement Claims arising from Buyer’s use after the accomplishment of (b) of the infringing Licensed Materials for which Licensor provided modified or replacement Licensed Materials.
9.5 Security Breach Remedy. In the case of a SaaS or BYOC Subscription, in addition to Licensor’s obligations under Section 9.1, if any unauthorized access, use or disclosure of any Buyer Data results from breach of Licensor’s obligations under any Privacy and Security Terms, Licensor will pay the reasonable and documented costs incurred by Buyer for investigation, notification, remediation and mitigation concerning such unauthorized access, use or disclosure of Buyer Data, including notice of breach to affected individuals, industry self-regulatory agencies, government authorities and the public, and credit and identity theft monitoring services for affected individuals.
9.6 Limitations.
9.6.1 Licensor will have no liability or obligation under this Section 9 with respect to any infringement Claim to the extent attributable to any: (a) modifications to the Licensed Materials not provided by Licensor or its Personnel; (b) use of the Software in combination with third-party equipment or software not provided or made accessible by Licensor or not specifically referenced for use with the Licensed Materials by the Order or Documentation; or (c) use of the Licensed Materials by Buyer in breach of this Agreement. Licensor’s liability under this Section 9 with respect to any infringement Claim that is attributable to use of the Software in combination with third-party equipment or software provided or made accessible by Licensor or specifically referenced by the Order or Documentation is limited to Licensor’s proportional share of defense costs and indemnity liability based on the lesser of: (i) the value of the contribution of the Licensed Materials to the total value of the actual or allegedly infringing combination; or (ii) the relative contribution of the Licensed Materials to the actual or allegedly infringed claims (e.g., the Licensed Materials are alleged to satisfy one limitation of a claim with four separate limitations and Licensor would be responsible for a 25% share of the defense and indemnity obligations).
9.6.2 Buyer will have no liability or obligation under this Section 9 with respect to any infringement Claim to the extent attributable to any: (a) modifications to the Buyer Materials or Buyer Data not provided by Buyer or its Personnel; or (b) use of the Buyer Materials or Buyer Data by Licensor in breach of this Agreement.
9.6.3 This Section 9 states the entire liability of Licensor with respect to infringement, misappropriation or violation of Proprietary Rights of third parties by any Licensed Materials or any part thereof or by any use thereof by Buyer, and this Section 9 states the entire liability of Buyer with respect to infringement, misappropriation or violation of Proprietary Rights of third parties by any Buyer Materials, Buyer Data or any part thereof or by any use, receipt, storage or processing thereof by Licensor.
9.7 Not Limiting. The foregoing indemnities will not be limited in any manner whatsoever by any required or other insurance coverage maintained by a Party.
10. Term and Termination.
10.1 Term. This Agreement will continue in full force and effect until conclusion of the Subscription, unless terminated earlier by either Party as provided by this Agreement.
10.2 Termination for Convenience. Buyer may terminate the Subscription or this Agreement without cause at any time upon notice to Licensor or using the termination or cancellation functionality available through the GCP. If a Subscription with Metered Pricing, Buyer will pay for all Software usage up to the time of termination. If a Subscription with Entitlement Pricing, Buyer will not be entitled to refund of fees nor relieved of any future payment obligations for any unused portion of the Subscription.
10.3 Termination for Cause. Either Party may terminate the Subscription or this Agreement if the other Party materially breaches this Agreement and does not cure the breach within 30 days following its receipt of written notice of the breach from the non-breaching Party. In the case of a SaaS Subscription, termination by Licensor pursuant to this Section does not prejudice Buyer’s right, and Licensor’s obligation, to extract or assist with the retrieval or deletion of Buyer Data as set forth in Section 10.4.2 following such termination.
10.4 Effect of Termination.
10.4.1 Upon termination or expiration of the Subscription or this Agreement, Buyer’s right to use the Software licensed under such Subscription will terminate, and Buyer’s access to the Software and Service provided under such Subscription may be disabled and discontinued. Termination or expiration of any Subscription purchased by Buyer from Licensor will not terminate or modify any other Subscription purchased by Buyer from Licensor.
10.4.2 Within 30 days following termination or expiration of any SaaS Subscription for any reason and on Buyer’s written request at any time before termination or expiration, Licensor will extract from the SaaS Services and return to Buyer all Buyer Data, or if Buyer is able directly to retrieve or delete Buyer Data from the SaaS Service, then for a period of 30 days following termination or expiration of this Agreement for any reason, Buyer may retrieve or delete Buyer Data itself with support from Licensor as reasonably requested by Buyer. If Buyer retrieves or deletes Buyer Data itself, Licensor will assist Buyer, as reasonably requested by Buyer, in validating whether the retrieval or deletion was successful. Buyer Data must be provided or extractable in a then-current, standard nonproprietary format. Notwithstanding anything herein to the contrary, Licensor’s duty to return or enable Buyer’s retrieval or deletion of the Buyer Data pursuant to this Section 10.4.2 will not be discharged due to the occurrence of any Force Majeure event. Following delivery to Buyer of the Buyer Data and Buyer’s confirmation thereof, or Buyer’s retrieval or deletion of Buyer Data and Licensor’s validation thereof, Licensor will permanently delete and remove Buyer Data (if any) from its electronic and hard copy records and will, upon Buyer’s request, certify to such deletion and removal to Buyer in writing. If Licensor is not able to delete any portion of the Buyer Data or Buyer’s Confidential Information, it will remain subject to the confidentiality, privacy and data security terms of this Agreement.
10.4.3 Sections 4 (Proprietary Rights), 6 (Confidentiality), 7.2.1 (Buyer Data and Buyer Materials), 8 (Limitations of Liability), 9 (Indemnification), 10.4 (Effect of Termination), 11 (Insurance), 12 (General) and 13 (Definitions) and any perpetual license granted under this Agreement, together with all other provisions of this Agreement that may reasonably be interpreted or construed as surviving expiration or termination, will survive the expiration or termination of this Agreement for any reason; but the nonuse and nondisclosure obligations of Section 6 will expire five years following the expiration or termination of this Agreement, except with respect to, and for as long as, any Confidential Information constitutes a trade secret.
11. Insurance.
11.1 Coverages. Each Party will obtain and maintain appropriate insurance necessary for implementing and performing under this Agreement in accordance with applicable Laws and in accordance with the requirements of this Section 11. Subject to Licensor’s right to self-insure as described below, Licensor will at its own cost and expense, acquire and continuously maintain the following insurance coverage during the term of this Agreement and for one year after:
11.1.1 Commercial General Liability insurance, including all major coverage categories, including premises-operations, property damage, products/completed operations, contractual liability, personal and advertising injury with limits of $1,000,000 per occurrence and $2,000,000 general aggregate, and $5,000,000 products/completed operations aggregate;
11.1.2 Professional Liability insurance, covering liabilities for financial loss resulting or arising from acts, errors or omissions in rendering Services in connection with this Agreement including acts, errors or omissions in rendering computer or information technology Services, proprietary rights infringement, data damage/destruction/corruption, failure to protect privacy, unauthorized access, unauthorized use, virus transmission and denial of service from network security failures with a minimum limit of $2,000,000 each claim and annual aggregate;
11.1.3 If a SaaS or BYOC Subscription, Cyber Liability or Technology Errors and Omissions, with limits of $2,000,000 each claim and annual aggregate, providing for protection against liability for: (a) system attacks; (b) denial or loss of service attacks; (c) spread of malicious software code; (d) unauthorized access and use of computer systems; (e) liability arising from loss or disclosure of personal or corporate confidential data; (f) cyber extortion; (g) breach response and management coverage; (h) business interruption; and (i) invasion of privacy; and
11.1.4 If a SaaS or BYOC Subscription, Computer Crime Insurance with limits of $1,000,000 and Employee Theft/Buyer Insurance Coverage with limits of $500,000.
11.2 Umbrella Insurance; Self-Insurance. The limits of insurance may be satisfied by any combination of primary and umbrella/excess insurance. In addition, either Party may satisfy its insurance obligations specified in this Agreement through a self-insured retention program. Upon request by Buyer, Licensor will provide evidence of Licensor’s self-insurance program in a formal declaration (on Licensor’s letterhead, if available) that declares Licensor is self-insured for the type and amount of coverage as described in Section 11.1. Licensor’s declaration may be in the form of a corporate resolution or a certified statement from a corporate officer or an authorized principal of Licensor. The declaration also must identify which required coverages are self-insured and which are commercially insured.
11.3 Certificates and Other Requirements. Prior to execution of this Agreement and annually thereafter during the term, Buyer may request that Licensor furnish to Buyer a certificate of insurance evidencing the coverages set forth above. Licensor’s Commercial General Liability and any umbrella insurance relied upon to meet the obligations in this Section will be primary and non-contributory coverage and the policies will not contain any intra-insured exclusions as between insured persons or organizations. Licensor’s Commercial General Liability policy will provide a waiver of subrogation in favor of Buyer and its Affiliates. The stipulated limits of coverage above will not be construed as a limitation of any potential liability to Buyer, and failure to request evidence of this insurance will not be construed as a waiver of Licensor’s obligation to provide the insurance coverage specified.
12. General.
12.1 Applicable Law. This Agreement will be governed and interpreted under the laws of the State of New York, excluding its principles of conflict of laws. The Parties agree that the exclusive forum for any action or proceeding will be in New York County, New York, and the Parties consent to the jurisdiction of the state and federal courts located in New York County, New York. The Parties agree that the United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement.
12.2 Assignment. Neither Party may assign or transfer this Agreement or any rights or delegate any duties herein without the prior written consent of the other Party, which will not be reasonably withheld, delayed or conditioned. Notwithstanding the foregoing, and without gaining the other Party’s written consent, either Party may assign this Agreement, in whole or part, and delegate its obligations to its Affiliates or to any entity acquiring all or substantially all of its assets related to the Order or the assigning Party’s entire business, whether by sale of assets, sale of stock, merger or otherwise. Any attempted assignment, transfer or delegation in contravention of this Section will be null and void. This Agreement will inure to the benefit of the Parties hereto and their permitted successors and assigns.
12.3 Divestiture. If Buyer divests a portion of its business to one or more organizations that are not Affiliates of Buyer, or if an entity ceases to be an Affiliate of Buyer (such divested business unit or such entity, a “Divested Affiliate”), Licensor agrees to allow such Divested Affiliate to continue to use the Software, and Buyer may elect that (a) such Divested Affiliate continue, as if it were a Buyer Affiliate, to use the Software under Buyer’s account or Store account, if applicable, if an Image Subscription and under Buyer’s account with Licensor if a SaaS Subscription or BYOC Subscription for the remainder of the Subscription, or (b) such Divested Affiliate may obtain its own Subscription to the Software for a period of 90 days after the effective date of such divestiture under the same terms and conditions as this Agreement and the same pricing as set forth in the Order. Use by a Divested Affiliate after the conclusion of the Subscription or 90 day period, as applicable, will require a separately purchased subscription from Licensor through an account or Store account, if applicable, of that Divested Affiliate or its then-current Affiliates.
12.4 Entire Agreement. This Agreement constitutes the entire agreement between the Parties relating to the subject matter hereof, and there are no other representations, understandings or agreements between the Parties relating to the subject matter hereof. This Agreement is solely between Buyer and Licensor. Neither Google nor any of its Affiliates are a party to this Agreement and none of them will have any liability or obligations hereunder. The terms and conditions of this Agreement will not be changed, amended, modified or waived unless such change, amendment, modification or waiver is in writing and signed by authorized representatives of the Parties. NEITHER PARTY WILL BE BOUND BY, AND EACH SPECIFICALLY OBJECTS TO, ANY PROVISION THAT IS DIFFERENT FROM OR IN ADDITION TO THIS AGREEMENT (WHETHER PROFFERED ORALLY OR IN ANY QUOTATION, PURCHASE ORDER, INVOICE, SHIPPING DOCUMENT, ONLINE TERMS AND CONDITIONS, ACCEPTANCE, CONFIRMATION, CORRESPONDENCE, OR OTHERWISE), UNLESS SUCH PROVISION IS SPECIFICALLY AGREED TO IN A WRITING SIGNED BY BOTH PARTIES.
12.5 Force Majeure. Neither Party will be liable hereunder for any failure or delay in the performance of its obligations in whole or in part, on account of riots, fire, flood, earthquake, explosion, epidemics, war, strike or labor disputes (not involving the Party claiming force majeure), embargo, civil or military authority, act of God, governmental action or other causes beyond its reasonable control and without the fault or negligence of such Party or its Personnel and such failure or delay could not have been prevented or circumvented by the non-performing Party through the use of alternate sourcing, workaround plans or other reasonable precautions, including, in the case of a SaaS Services or BYOC Service, Licensor’s Business Continuity Plan, as required under this Agreement (a “Force Majeure Event”). A Force Majeure Event will not excuse or suspend Licensor’s obligation to invoke and follow its Business Continuity Plan in a timely fashion, and to the extent that such Business Continuity Plan was designed to cover the specific force majeure, or events caused by the Force Majeure Event, the foregoing will excuse Licensor’s performance under this Agreement only for the period of time from the occurrence of the Force Majeure Event until Licensor invokes its Business Continuity Plan. If a Force Majeure Event continues for more than 14 days for any Subscription with Entitlement Pricing, Buyer may cancel the unperformed portion of the Subscription and receive a pro rata refund of any fees prepaid by Buyer to Licensor for such unperformed portion.
12.6 Export Laws. Each Party will comply with all applicable customs and export control Laws of the United States and/or such other country, in the case of Buyer, where Buyer or its Users use the Software or Services, and in the case of Licensor, where Licensor provides the Software or Services. Each Party certifies that it and its Personnel are not on any of the relevant U.S. Government Lists of prohibited persons, including but not limited to the Treasury Department’s List of Specially Designated Nationals and the Commerce Department’s list of Denied Persons. Neither Party will export, re-export, ship, or otherwise transfer the Licensed Materials, Services or Buyer Data to any country subject to an embargo or other sanction by the United States.
12.7 Government Rights. As defined in FARS §2.101, the Software and Documentation are “commercial items” and according to DFARS §252.227 and 7014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation”. Consistent with FARS §12.212 and DFARS §227.7202, any use, modification, reproduction, release, performance, display or discourse of such commercial software or commercial software documentation by the U.S. government will be governed solely by the terms of this Agreement and will be prohibited except to the extent expressly permitted by the terms of this Agreement.
12.8 Headings. The headings throughout this Agreement are for reference purposes only, and the words contained therein will in no way be held to explain, modify, amplify or aid in the interpretation, construction or meaning of the provisions of this Agreement.
12.9 No Third-Party Beneficiaries. Except as specified in Section 9 with respect to Buyer Indemnified Parties and Licensor Indemnified Parties, nothing express or implied in this Agreement is intended to confer, nor will anything herein confer, upon any person other than the Parties and the respective successors or assigns of the Parties, any rights, remedies, obligations or liabilities whatsoever.
12.10 Notices. To be effective, notice under this Agreement must be given in writing. Each Party consents to receiving electronic communications and notifications from the other Party in connection with this Agreement. Each Party agrees that it may receive notices from the other Party regarding this Agreement: (a) by email to the email address designated by such Party as a notice address for the Standard Contract; (b) by personal delivery; (c) by registered or certified mail, return receipt requested; or (d) by nationally recognized courier service. Notice will be deemed given upon written verification of receipt.
**12.11 Nonwaiver.**Any failure or delay by either Party to exercise or partially exercise any right, power or privilege under this Agreement will not be deemed a waiver of any such right, power or privilege under this Agreement. No waiver by either Party of a breach of any term, provision or condition of this Agreement by the other Party will constitute a waiver of any succeeding breach of the same or any other provision hereof. No such waiver will be valid unless executed in writing by the Party making the waiver.
12.12 Publicity. Neither Party will issue any publicity materials or press releases that refer to the other Party or its Affiliates, or use any trade name, trademark, service mark or logo of the other Party or its Affiliates in any advertising, promotions or otherwise, without the other Party’s prior written consent.
12.13 Relationship of Parties. The relationship of the Parties will be that of independent contractors, and nothing contained in this Agreement will create or imply an agency relationship between Buyer and Licensor, nor will this Agreement be deemed to constitute a joint venture or partnership or the relationship of employer and employee between Buyer and Licensor. Each Party assumes sole and full responsibility for its acts and the acts of its Personnel. Neither Party will have the authority to make commitments or enter into contracts on behalf of, bind, or otherwise oblige the other Party.
12.14 Severability. If any term or condition of this Agreement is to any extent held invalid or unenforceable by a court of competent jurisdiction, the remainder of this Agreement will not be affected thereby, and each term and condition will be valid and enforceable to the fullest extent permitted by Law.
12.15 Subcontracting. Licensor may use Subcontractors in its performance under this Agreement, provided that: (a) Licensor remains responsible for all its duties and obligations hereunder and the use of any Subcontractor will not relieve or reduce any liability of Licensor or cause any loss of warranty under this Agreement; and (b) Licensor agrees to be directly liable for any act or omission by such Subcontractor to the same degree as if the act or omission were performed by Licensor such that a breach by a Subcontractor of the provisions of this Agreement will be deemed to be a breach by Licensor. The performance of any act or omission under this Agreement by a Subcontractor for, by or through Licensor will be deemed the act or omission of Licensor. Upon request, Licensor will identify to Buyer any Subcontractors performing under this Agreement, including any that have access to Buyer Data, and such other information reasonably requested by Buyer about such subcontracting.
13. Definitions.
13.1 “Affiliate” means, with respect to a Party, any entity that directly, or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with such Party.
13.2 “Buyer Cloud Environment” means the cloud environment provided by Google Cloud Services through which the Imaged Software is deployed.
13.3 “Buyer Data” means all data, records, files, information or content, including text, sound, video, images and software, that is (a) input or uploaded by Buyer or its Users to or collected, received, transmitted, processed, or stored by Buyer or its Users using the Software, SaaS Services or BYOC Service in connection with this Agreement, or (b) derived from (a). Buyer Data is Confidential Information of Buyer.
13.4 “Buyer Materials” means any property, items or materials, including Buyer Data, furnished by Buyer to Licensor for Licensor’s use in the performance of its obligations under this Agreement.
13.5 “BYOC” means “bring your own cloud”.
13.6 “BYOC Services” means Imaged Software deployed on Buyer’s own GCP, but managed by Licensor through a Google Cloud VPC.
13.7 “Contractor” means any third party contractor of Buyer or other third party performing services for Buyer, including outsourcing suppliers.
13.8 “Documentation” means the user guides, manuals, instructions, specifications, notes, documentation, printed updates, “read-me” files, release notes and other materials related to the Software (including all information included or incorporated by reference in the applicable), its use, operation or maintenance, together with all enhancements, modifications, derivative works, and amendments to those documents, that Licensor publishes or provides under this Agreement.
13.9 “**Entitlement Pricing” **means any pricing model for Imaged Software, SaaS Software or BYOC Subscriptions where Buyer purchases a quantity of usage upfront, include prepaid and installment payment pricing models.
13.10 **“Google” **means Google Inc.; Google Ireland Limited, a company incorporated in Ireland; Google Commerce Limited, a company incorporated in Ireland; Google Asia Pacific Pte. Limited, a company incorporated in Singapore; and, other authorized Affiliates of Google Inc. as necessary in the discretion of Google.
13.11 “GCP” means the cloud computing services offered by Google as they may be updated from time to time.
13.12 “Google Cloud VPC” means an Google Cloud virtual private cloud within the Google Cloud Services.
13.13 “Image” means the specific machine image in which Imaged Software is delivered to Buyer using the image functionality of GCP, including the Imaged Software, the operating system and all applications, services and information included therein.
13.14 “Imaged Software” means a way that the Software offered under an Order may be provisioned to Buyer where the Software is delivered in a machine image using the image functionality of GCP. Buyer deploys and runs the Image containing the Imaged Software under Buyer’s own GCP account on GCP infrastructure.
13.15 “Licensed Materials” means the Software, Documentation and any other items, materials or deliverables that Licensor provides, or is obligated to provide, under this Agreement.
13.16 “Licensor Cloud” means the cloud environment provide by Google Cloud Services through which Licensor provides the BYOC Services.
13.17 “Metered Pricing” means any pricing model for Imaged Software, SaaS Software or BYOC Subscriptions where Buyer pays as it goes based on the quantity of its usage of the Software.
13.18 “Personal Data” is as defined by the General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”) and the EU GDPR as it forms part of the law of England and Wales by virtue of section 3 of the European Union (Withdrawal) Act 2018).
13.19 “Personnel” means a Party or its Affiliate’s directors, officers, employees, non-employee workers, agents, auditors, consultants, contractors, subcontractors and any other person performing services on behalf of such Party (but excludes the other Party and any of the foregoing of the other Party).
13.20 “Privacy and Security Terms” means Section 7.6, the attached Security Addendum and any other terms and conditions regarding the privacy and security of data agreed upon by the Parties that are a part of this Agreement, whether in an addendum or amendment to this Standard Contract.
13.21 **“Product Listing” **means an offer by Licensor or a Reseller, as set forth in the detail page in the Store, to license Software for a specific use capacity and provide Support Services subject to this Standard Contract, including Licensor’s policies and procedures referenced or incorporated in the detail page.
13.22 “Proprietary Rights” means all intellectual property and proprietary rights throughout the world, whether now known or hereinafter discovered or invented, including, without limitation, all: (a) patents and patent applications; (b) copyrights and mask work rights; (c) trade secrets; (d) trademarks; (e) rights in data and databases; and (f) analogous rights throughout the world.
13.23 “SaaS” means a way that the Software offered by Licensor under an Order may be provisioned to Buyer where the Software is delivered to Buyer on a software-as-a-service basis. The SaaS Licensor deploys the hosted Software under Licensor’s account on the GCP infrastructure and is responsible for granting Buyer access to and use of the Software and SaaS Service.
13.24 **“SaaS Services” **means the SaaS Software as deployed and hosted by Licensor on the Google Cloud Service infrastructure, any software and other technology provided or made accessible by Licensor that Buyer is required or has the option to use in order to access, receive and use the SaaS Software as hosted by Licensor, including any software or technology that Buyer is required or has the option to install, operate and use on Buyer’s systems for its use of the SaaS Software, and all related services, functions or responsibilities of Licensor inherent in, and necessary for, the proper performance of such software-as-a-service.
13.25 “SaaS Software” means Software deployed via SaaS.
13.26 “SaaS Subscription” means a Subscription for SaaS Services.
13.27 “Services” means all services and tasks that Licensor provides, or is obligated to provide, under this Agreement, including without limitation Support Services.
13.28 “Software” means the computer software identified in the applicable Order and any other software, including any patches, bug fixes, corrections, remediation of security vulnerabilities, updates, upgrades, modifications, enhancements, derivative works, new releases and new versions of the Software that Licensor provides, or is obligated to provide, under this Agreement.
13.29 “Store” means the software marketplace operated by Google located at https://cloud.google.com/cloud/services as it may be updated from time to time.
13.30 **“Subcontractor” **means any third party subcontractor or other third party to whom Licensor delegates any of its duties and obligations under this Agreement.
13.31 “Subscription” means a subscription ordered by Buyer in the Store or via an Order and fulfilled by Licensor for the licensing and provision of Imaged Software, SaaS Software or BYOC Service listed in an Order.
13.32 “Support Services” means the support and maintenance services for the Software that Licensor provides, or is obligated to provide, as described in the Order.
13.33 “System Data” means data and data elements collected by the SaaS Software, SaaS Service, BYOC Services or Licensor’s computer systems regarding configuration, environment, usage, performance, vulnerabilities and security of the SaaS Software, SaaS Services or BYOC Services that may be used to generate logs, statistics and reports regarding performance, availability, integrity and security of the SaaS Software or from the BYOC Service.
13.34 “User” means an employee, non-employee worker or other member of Buyer or any of its Affiliates’ workforces, Contractor of Buyer or any of its Affiliates or other person or software program or computer systems authorized by Buyer or any of its Affiliates to access and use the Software as permitted under this Agreement.
13.35 “Warranty Period” means, in the case of SaaS Software or BYOC Services with Entitlement Pricing for the term of the Subscription and, in the case of Imaged Software with Entitlement Pricing, 30 days after Buyer’s purchase of the Subscription or the term of the Subscription, whichever is shorter. Security Addendum for
Standard Contract for Google Cloud
(Basic Security Requirements)
This Security Addendum (this “Security Addendum”) is part of the Standard Contract for Google Cloud (the “Standard Contract”) between Licensor and Buyer and governs the treatment of Confidential Information of Buyer in the case of a SaaS Subscription or BYOC Services. All capitalized terms used but not defined in this Addendum have the meanings given to them in the Standard Contract.
1. Security Program. Licensor will, consistent with industry standard practices, implement and maintain a security program: (a) to maintain the security and confidentiality of Confidential Information; and (b) to protect Confidential Information from known or reasonably anticipated threats or hazards to its security, availability and integrity, including accidental loss, unauthorized use, access, alteration or disclosure. Licensor will safeguard Buyer’s Confidential Information with at least the degree of care it uses to protect its own confidential information of a like nature and no less than a reasonable degree of care. Without limitation, Licensor’s policies will require, and the safeguards to be implemented by Licensor, will include at a minimum, but without limitation to, the following:
1.1 appropriate administrative controls, such as communication of all applicable information security policies, information security and confidentiality training, and assignment of unique access credentials (which shall be revoked upon termination);
1.2 controls to ensure the physical safety and security of all facilities (including third party locations) where Confidential Information may be processed or stored, including, at a minimum, locked doors and keys/key cards to access any facility and a business continuity plan that is regularly reviewed and updated;
1.3 controls to limit access to Licensor’s systems and Confidential Information, including a password policy for all Personnel that access Confidential Information and a prohibition on the use of shared credentials for users and/or systems; and
1.4 regular testing and evaluation of the effectiveness of the safeguards for the protection of Confidential Information.
**2. Security Requirements. **Without limiting Licensor’s duties and obligations under Section 1 of this Security Addendum, Licensor will comply with the following requirements:
2.1 Licensor Systems; Access
2.1.1 Licensor shall not and shall not permit a third party to access, use or disclose Confidential Information except as specifically authorized in the Standard Contract or this Security Addendum.
2.1.2 Licensor will safeguard Confidential Information in a controlled environment consistent with industry standards.
2.1.3 Licensor shall establish, maintain and enforce the security access principles of “segregation of duties” and “least privilege” with respect to Confidential Information.
2.1.4 Licensor will maintain a list of systems where Confidential Information is processed and stored and maintain a list of Personnel who have access to those systems.
2.1.5 Licensor will have in place industry standard policies and processes to limit access to Personal Information including: (i) a unique individual user-id will be used for each user that accesses Confidential Information; (ii) any temporary password issued will be unique and must be changed upon first use; (iii) no Confidential Information, nor a subset of Confidential Information (such as part of a user’s Social Security Number), will be used in either the user-id or the initial temporary password; and (iv) it will establish a process to ensure timely revocation of access when access is no longer allowed for an individual (e.g. separation, role change).
2.1.6 Licensor will have in place industry standard end user authentication processes including that passwords will not be displayed, printed stored in clear text and will be required to be at least six characters, case sensitive, different from user-ids and will be a combination of at least uppercase, lowercase and numerals. The process for users to change their passwords will meet the following requirements: (i) passwords are not sent in email (except for temporary/one-time use passwords); (ii) users receive a separate notification upon password and/or profile changes such as an email or mail; and (iii) password resets require authentication of individual identity.
2.1.7 Licensor will time out an authenticated session and require re-authentication should the session expire. If using cookies for authenticated session management, the cookies must be marked as secure, and any authentication material must be encrypted.
2.1.8 Upon Buyer’s request, Licensor shall provide Buyer a copy of or online viewing access to a summary of its policies, processes and administrative controls by which Confidential Information is used, disclosed, stored, processed or otherwise transmitted or handled, and any material modifications to such policies, processes and controls.
2.2 Personnel.
2.2.1 Access to Confidential Information will be restricted to authorized Personnel and provided only on a need to know basis. Personnel having access to Confidential Information shall be bound by a written agreement with Licensor with requirements and restrictions no less than those set forth herein. Each Personnel must pass a background check consistent with industry standards before having access to Confidential Information.
2.2.2 Licensor shall provide security awareness training to all Personnel authorized by Licensor to have access to Confidential Information (“Authorized Personnel”). Such training shall be: (i) consistent with industry standards; (ii) designed, at a minimum, to educate all such individuals on maintaining the security, confidentiality and integrity of Personal Information consistent with this Security Addendum; and (iii) be provided no less than annually.
2.2.3 Licensor shall have in place a process by which Authorized Personnel and other user accounts are created and deleted in a secure and timely fashion.
2.3 Records and Risk Assessments.
2.3.1 Licensor agrees to maintain and enforce retention policies for any and all reports, logs, audit trails and any other documentation that provides evidence of security, systems, and audit processes and procedures in accordance with all applicable Laws.
2.3.2 Licensor will conduct regular penetration testing or other appropriate security testing and security assessments that verify its information security practices as to the use, handling and storage of Confidential Information. Upon request from Buyer, Licensor will provide Buyer a copy of or online viewing access to reports summarizing such testing and audits. If Licensor engages an independent third party to conduct audits, upon request by Buyer, Licensor will provide to Buyer a copy of or online viewing access the audit reports or certifications issued (or a summary of the audit reports if use or distribution of the reports is restricted by the third party auditor) as a result of such audits. If Licensor conducts its own risk assessment, then Licensor will provide Buyer with a copy of or online viewing access to its report of such assessment, including at a minimum a summary of Licensor’s security program, including the safeguards, controls, policies and procedures with respect to infrastructure, software, people, procedures, and data used to provide the SaaS Services (“Security Program”) as verified against Licensor’s actual practices and any material vulnerabilities or issues identified in the audit. Any such reports are Licensor’s Confidential Information.
2.3.3 Licensor shall remedy material issues identified from the testing and audits in a timely manner.
**2.4 Business Continuity. **Licensor will establish and implement plans and risk controls, consistent with industry standards, for continuity of its performance under this Agreement (“Business Continuity Plan”). Licensor’s Business Continuity Plan will include safeguards to resume the SaaS Service, and recover and make available Buyer Data, within a reasonable time after a security breach or any significant interruption or impairment of operation or any loss, deletion, corruption or alteration of data. Licensor will review its Business Continuity Plan on a regular basis and update it in response to changes within its company and industry standards. Upon request, Licensor will provide Buyer a summary of its Business Continuity Plan that covers access and processing of Buyer’s Confidential Information.
2.5 Personal Information.
2.5.1 Licensor understands and acknowledges that, to the extent that performance of its obligations hereunder involves or necessitates the processing of Personal Information relating to individuals, it shall act only on instructions and directions from Buyer as set out in the Standard Contract. Licensor shall comply within a reasonable time frame (which shall in no event be longer than any time frame for compliance required by Law) with all such instructions and directions.
2.5.2 Licensor shall as soon as reasonably practicable in the circumstances, and in any event within three days of becoming aware of any data subject access request, serve notice on Buyer of any request made by a data subject to access Personal Information processed by Licensor on behalf of Buyer and, if required by Buyer, permit Buyer to handle such request and at all times cooperate with and assist Buyer to execute its obligations under the Law in relation to such data subject access requests.
3. Data Security Breach Notification.
3.1 Licensor will inform Buyer promptly upon discovery of any compromise, unauthorized access to, alteration, loss, use or disclosure of any Confidential Information or any other breach of the confidentiality, security or integrity of Confidential Information (each, a “Security Incident”), provided that such notification is not prohibited by legal authorities. Licensor will investigate and conduct a root cause analysis on the Security Incident and take all reasonable steps to prevent further compromise, access, alteration, loss, use or disclosure of such Confidential Information. Licensor will provide Buyer written details and regular updates regarding Licensor’s internal investigation of each Security Incident, and Licensor will cooperate and work together with Buyer to formulate and execute a plan to rectify all Security Incidents.
3.2 Licensor shall be responsible for all its costs related to or arising from any Security Incident, including without limitation investigating the Security Incident. At Buyer’s request and cost, Licensor will reasonably cooperate with Buyer, at Licensor’s expense, in complying with its obligations under applicable Law pertaining to responding to a Security Incident.
3.3 Licensor’s obligation to report or respond to a Security Incident under this Section is not an acknowledgement by Licensor of any fault or liability with respect to the Security Incident. Buyer must notify Licensor promptly about any possible misuse of its accounts or authentication credentials or any security incident related to the SaaS Service.
4. General.
4.1 Buyer shall retain ownership of Confidential Information. Licensor shall not obtain any ownership interest in Confidential Information.
4.2 Licensor shall not retain Confidential Information beyond the expiration or termination of the Standard Contract, except as provided in this Security Addendum, the Standard Contract or by Law. Upon completion of the Services, Confidential Information shall be promptly returned, deleted or destroyed as required under the Standard Contract. If Licensor cannot promptly return, deleted or destroy Confidential Information, Licensor shall protect such Confidential Information in accordance with this Security Addendum for so long as Licensor retains such Confidential Information.
4.3 If Licensor subcontracts its obligations under this Security Addendum, Licensor shall enter into a written agreement with its subcontractor that (i) imposes in all materials respects the same obligations on the subcontractor that are imposed on Licensor under this Security Addendum (“Subcontractor Obligations”), and (ii) does not allow further subcontracting of its obligations. Without limiting the foregoing, Licensor shall remain liable to Buyer for its obligations under this Security Addendum, including any misuse or mishandling of Confidential Information by its subcontractors. Licensor will be responsible for the compliance of the subcontractors with the terms of this Addendum.
4.4 Licensor shall comply with and shall cause each of its subcontractors to comply with all applicable Laws including all data protection and security Laws whether in effect at the time of execution of this Security Addendum or coming into effect thereafter. This Security Addendum does not limit other obligations of Licensor, including under any Laws that apply to Licensor or its performance under this Agreement.
4.5 This Security Addendum and all provisions herein shall survive as long as Licensor and/or subcontractor retains any Confidential Information.
General Data Protection Regulation Data Processing Addendum for
Standard Contract for Google Cloud (European Economic Area & Switzerland)
This Data Processing Addendum (this “Addendum”) is part of the Standard Contract for Google Cloud (the “Standard Contract”) between Licensor (who is the data processor) and Buyer (who is the data controller) and governs Licensor’s processing of Personal Data to the extent such Personal Data relates to natural persons in the European Economic Area or Switzerland in connection with Licensor’s provision of the Services it provides pursuant to the Standard Contract. All capitalized terms used but not defined in this Addendum have the meanings given to them in the Standard Contract.
Processing of Personal Data
1. Instructions from the Controller. Notwithstanding anything in the Standard Contract to the contrary, Licensor will only process Personal Data in order to provide the Services to Buyer, in accordance with Buyer’s written instructions, or as required by applicable Law. Licensor will promptly inform Buyer if following Buyer instructions would result in a violation of applicable data protection Law or where Licensor must disclose Personal Data in response to a legal obligation (unless the legal obligation prohibits Licensor from making such disclosure).
2. Confidentiality. Licensor will restrict access to Personal Data to those authorized persons who need such information to provide the Services. Such authorized persons are obligated to maintain the confidentiality of any Personal Data.
3. Sensitive Information. Buyer will inform Licensor if Personal Data falls into any special categories of personal data as defined in Article 9(1) of Regulation (EU) 2016/679.
4. Security. Licensor will implement appropriate technical and organizational measures to ensure a level of security appropriate to the Personal Data provided by Buyer and processed by Licensor. Such security measures will be at least as protective as the security requirements set forth in Section 8.5 of the Standard Contract.
5. Sub-processors. Buyer agrees that Licensor, a processor, may engage other processors (“Sub-processors”) to assist in providing the Services consistent with the Standard Contract. Licensor will make a list of such Sub-processors available to Buyer prior to transferring any Personal Data to such Sub-processors. Licensor will notify Buyer of any changes to the list of Sub-processors in order to give Buyer an opportunity to object to such changes.
6. Sub-processor Liability. Where Licensor engages another processor for carrying out specific processing activities on behalf of Buyer, the same data protection obligations as set out in this Addendum will be imposed on that other processor by way of a contract or other legal act under European Union or Member State Law, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the European Union data protection Law. Where that other processor fails to fulfil its data protection obligations, Licensor shall remain fully liable to the Buyer for the performance of that other processor’s obligations.
7. Access Requests. Licensor has implemented and will maintain appropriate technical and organizational measures needed to enable Buyer to respond to requests from data subjects to access, correct, transmit, limit processing of, or delete any relevant Personal Data held by Licensor.
8. Recordkeeping. Upon a request issued by a supervisory authority for records regarding Personal Data, Licensor will cooperate to provide the supervisory authority with records related to processing activities performed on Buyer’s behalf, including information on the categories of Personal Data processed and the purposes of the processing, the use of service providers with respect to such processing, any data disclosures or transfers to third parties and a general description of technical and organizational measures to protect the security of such data.
9. Cooperation. Licensor will cooperate to the extent reasonably necessary in connection with Buyer’s requests related to data protection impact assessments and consultation with supervisory authorities and for the fulfillment of Buyer’s obligation to respond to requests for exercising a data subject’s rights in Chapter III of Regulation (EU) 2016/679. Licensor reserves the right to charge Buyer for its reasonable costs in collecting and preparing Personal Data for transfer and for any special arrangements for making the transfer.
10. Third Party Requests. If Licensor receives a request from a third party in connection with any government investigation or court proceeding that Licensor believes would require it to produce any Personal Data, Licensor will inform Buyer in writing of such request and cooperate with Buyer if Buyer wishes to limit, challenge or protect against such disclosure, to the extent permitted by applicable Law.
11. Transfer of Personal Data; Appointment. Buyer authorizes Licensor to transfer, store or process Personal Data in the United States or any other country in which Licensor or its Sub-processors maintain facilities. Buyer appoints Licensor to perform any such transfer of Personal Data to any such country and to store and process Personal Data in order to provide the Services. Licensor will conduct all such activity in compliance with the Standard Contract, this Addendum, applicable Laws and Buyer instructions.
12. Retention. Personal Data received from Buyer will be retained only for so long as may be reasonably required in connection with Licensor’s performance of the Standard Contract or as otherwise required under applicable Law.
13. Deletion or Return. When instructed by Buyer, Licensor will delete any Personal Data or return it to Buyer in a secure manner and delete all remaining copies of Personal Data after such return except where otherwise required under applicable Law. Licensor will relay Buyer’s instructions to all Sub-processors.
14. Breach Notification. After becoming aware of a Personal Data breach, Licensor will notify Buyer without undue delay of: (a) the nature of the data breach; (b) the number and categories of data subjects and data records affected; and (c) the name and contact details for the relevant contact person at Licensor.
15. Audits. Upon request, Licensor will make available to Buyer all information necessary, and allow for and contribute to audits, including inspections, conducted by Buyer or another auditor mandated by Buyer, to demonstrate compliance with Article 28 of Regulation (EU) 2016/679. For clarity, such audits or inspections are limited to Licensor’s processing of Personal Data only, not any other aspect of Licensor’s business or information systems. If Buyer requires Licensor to contribute to audits or inspections that are necessary to demonstrate compliance, Buyer will provide Licensor with written notice at least 60 days in advance of such audit or inspection. Such written notice will specify the things, people, places or documents to be made available. Such written notice, and anything produced in response to it (including any derivative work product such as notes of interviews), will be considered Confidential Information and, notwithstanding anything to the contrary in the Standard Contract, will remain Confidential Information in perpetuity or the longest time allowable by applicable Laws after termination of the Standard Contract. Such materials and derivative work product produced in response to Buyer’s request will not be disclosed to anyone without the prior written permission of Licensor unless such disclosure is required by applicable Law. If disclosure is required by applicable Law, Buyer will give Licensor prompt written notice of that requirement and an opportunity to obtain a protective order to prohibit or restrict such disclosure except to the extent such notice is prohibited by applicable Laws or order of a court or governmental agency. Buyer will make every effort to cooperate with Licensor to schedule audits or inspections at times that are convenient to Licensor. If, after reviewing Licensor’s response to Buyer’s audit or inspection request, Buyer requires additional audits or inspections, Buyer acknowledges and agrees that it will be solely responsible for all costs incurred in relation to such additional audits or inspections.