Terms of Service

CloudOpty Inc. Terms of Service

CloudOpty, Inc
Terms of Service
Effective Date: January 1st, 2021

CLOUDOPTY GROUP, INC. (together with its subsidiaries, “CLOUDOPTY” “OUR”, “WE,” OR “US”) OFFERS ITS PRODUCTS AND SERVICES FROM THE DASHBOARD LOCATED AT CONSOLE. CLOUDOPTY AND ALL MOBILE VERSIONS OF THE SAME (THE “DASHBOARD”) SUBJECT TO THE FOLLOWING TERMS OF SERVICE CONDITIONS. 

BY ACCESSING AND USING THE DASHBOARD AND/OR THE CLOUDOPTY CLOUD SERVICES (AS DEFINED BELOW) OR BY CLICKING “I AGREE” DURING THE CUSTOMER ONBOARDING PROCESS, YOU ACKNOWLEDGE AND AGREE TO BE BOUND BY THESE TERMS OF SERVICE AS THE “CUSTOMER” HEREUNDER. THESE TERMS OF SERVICE ARE A LEGALLY BINDING AGREEMENT. IF YOU USE THE DASHBOARD AND/OR THE CLOUDOPTY CLOUD SERVICES ACTING AS THE AGENT FOR A COMPANY OR OTHER ENTITY, YOU REPRESENT THAT YOU HAVE THE LEGAL AUTHORITY TO BIND SUCH COMPANY OR ENTITY AS THE “CUSTOMER” HEREUNDER, AND YOU GUARANTEE COMPLIANCE BY SUCH COMPANY OR ENTITY WITH THESE TERMS OF SERVICE. THESE TERMS OF SERVICE AND ANY APPLICABLE ORDER FORM YOU MAY HAVE ENTERED INTO WITH CLOUDOPTY ARE A LEGALLY BINDING AGREEMENT AND ARE REFERRED TO AS THE “AGREEMENT.”   

CLOUDOPTY RESERVES THE RIGHT AT ANY TIME TO CHANGE, ADD, OR DELETE PORTIONS OF THESE TERMS OF SERVICE. CLOUDOPTY WILL POST CHANGES TO THESE TERMS OF SERVICE, IF ANY, TO THE DASHBOARD BY REPLACING THESE TERMS OF SERVICE WITH UPDATED TERMS OF SERVICE THAT INCLUDE A NEW EFFECTIVE DATE SET FORTH ABOVE. IT IS YOUR RESPONSIBILITY TO CHECK THE DASHBOARD PERIODICALLY FOR CHANGES. FOLLOWING ANY UPDATE TO THE TERMS OF SERVICE, YOU WILL BE ASKED TO ACCEPT SUCH UPDATED TERMS OF SERVICE BY CLICKING “I AGREE”. FAILURE TO ACCEPT ANY SUCH UPDATED TERMS OF SERVICE WILL RESULT IN THE TERMINATION OF THIS AGREEMENT AND THE CLOUDOPTY CLOUD SERVICES BY CLOUDOPTY, AND CUSTOMER’S SOLE REMEDY FOR LOSS OF USE OF THE CLOUDOPTY CLOUD SERVICES IN SUCH CASE WILL BE TO CEASE USING THE CLOUDOPTY CLOUD SERVICES.  

1. As used in this Agreement:

1.1 “Access Credentials” mean login information, passwords, security protocols, and policies through which Users access and use the CLOUDOPTY Cloud Services. 

1.2 “Admin User” means the employees and/or contractors of Customer who are designated to be Administrative Users and have the ability to issue Access Credentials.

1.3 “CLOUDOPTY Analytics” means any information, data, statistics, metadata, inferences, interrelationships, and/or associations generated by the CLOUDOPTY Cloud Services, including without limitation as derived from aggregated anonymized inputs to, and usage of, the CLOUDOPTY Cloud Services across all CLOUDOPTY customers.   In no event will CLOUDOPTY Analytics include any personally identifiable information or Customer Inputs.

1.4 “CLOUDOPTY Cloud Services” means the CLOUDOPTY software as a service offerings, including those designated in the applicable Order Form, which are made generally commercially available by CLOUDOPTY as of the Effective Date, and all Updates thereto made generally commercially available by CLOUDOPTY to its customers during the Term (as defined below).

1.5 “CLOUDOPTY Technology” means the computer software, computer code, scripts, neural networks, artificial intelligence, application programming interfaces, methodologies, processes, templates, work flows, diagrams, tools, algorithms, formulas, user interfaces, know-how, trade secrets, techniques, designs, inventions, third party services and other tangible or intangible technical material, information and works of authorship underlying or otherwise used to make available the CLOUDOPTY Cloud Services, including, without limitation, all upgrades, enhancements, modifications, additions and improvements thereto and all derivative works thereof, and Intellectual Property Rights therein and thereto.

1.6 “Customer Inputs” means information, data, text, content, videos, images, audio clips, photos, graphics, and / or other types of content, information and/or data posted, provided and/or uploaded to the CLOUDOPTY Cloud Services by Customer.

1.7 “Documentation” means text and/or graphical materials, whether in print or electronic form, that describe the features, functions and use of the CLOUDOPTY Cloud Services and which are prepared by CLOUDOPTY and delivered by CLOUDOPTY to Customer.

1.8 “Intellectual Property Rights” mean any and all now known or hereafter existing (a) rights associated with works of authorship, including copyrights, mask work rights, and moral rights; (b) trademark, trade dress, or service mark rights (c) trade secret rights; (d) patents, patent rights, and industrial property rights; (e) layout design rights, design rights, and other proprietary rights of every kind and nature other than trademarks, service marks, trade dress, and similar rights; and (f) registrations, applications, renewals, extensions, or reissues of the foregoing, in each case, in any jurisdiction throughout the world.

1.9 “Order Form” means CLOUDOPTY’s standard order form accepted in writing (or electronically) by Customer and CLOUDOPTY, which includes orders placed electronically through the Dashboard. As part of the sign-up process for the CLOUDOPTY Cloud Services, the Customer will be asked to select a product plan, and the selected product plan will constitute the initial Order Form hereunder. Each subsequent product plan selected by the Customer, including each upgrade from an existing product-plan selection, will be deemed a new Order Form for purposes of this Agreement. 

1.10 “Updates” mean all upgrades, enhancements, improvements, maintenance releases, additions, and modifications of the CLOUDOPTY Cloud Services made generally commercially available as part of the CLOUDOPTY Cloud Services during the period in which Customer is using the CLOUDOPTY Cloud Services. Updates may also include new features and/or functionality for which CLOUDOPTY reserves the right to charge an additional fee if Customer elects to activate such new features and/or functionality.

1.11 “User” means Customer’s Admin Users and any other Customer users who have been assigned Access Credentials.

2. CLOUDOPTY CLOUD SERVICES

2.1 CLOUDOPTY Cloud Services.  Subject to and in accordance with this Agreement and the applicable Order Forms, including, without limitation, payment of all applicable fees (if any), CLOUDOPTY shall make the CLOUDOPTY Cloud Services available to Customer pursuant to the terms and conditions of this Agreement.

2.2 Customer Access. Customer acknowledges and agrees that Customer’s Users’ access and use of the CLOUDOPTY Cloud Services is dependent upon access to telecommunications and Internet services.  Customer will be solely responsible for acquiring and maintaining all telecommunications and Internet services and other hardware and software required to access and use the CLOUDOPTY Cloud Services, including, without limitation, all costs, fees, expenses, and taxes of any kind related to the foregoing.  CLOUDOPTY will not be responsible for any loss or corruption of data, lost communications, or any other loss or damage of any kind arising from any such telecommunications or Internet services or any such hardware or software.

2.3 Modifications to the CLOUDOPTY Cloud Services. CLOUDOPTY reserves the right to enhance, improve and modify the CLOUDOPTY Cloud Services on a continuous basis at no cost to Customer.   

3. ACCESS GRANT; LICENSES; OWNERSHIP

3.1 Access Grant.   Subject to Customer’s compliance with the terms and conditions contained in this Agreement, the Documentation, and each Order Form, CLOUDOPTY grants to Customer during the Term a non-exclusive, non-transferable, worldwide, revocable, non-sublicensable right to allow its Users to access and use the CLOUDOPTY Cloud Services. The rights set forth in this Section 3.1 may be exercised by Customer’s third-party contractors and service providers; provided that Customer shall be responsible for any breach of this Agreement by any such third-party contractors and service providers. 

3.2 Customer Inputs. To enable CLOUDOPTY to provide the CLOUDOPTY Cloud Services, Customer grants to CLOUDOPTY a non-exclusive, royalty-free license to access, use, and copy the Customer Inputs solely as necessary to provide the CLOUDOPTY Cloud Services for the benefit of Customer. CLOUDOPTY agrees Customer owns all right, title and interest in and to the Customer Inputs and reserves all rights thereto that are not expressly granted to CLOUDOPTY under this Agreement.  CUSTOMER WILL BE RESPONSIBLE FOR MAKING BACK-UP AND ARCHIVAL COPIES OF ALL CUSTOMER INPUTS. IN NO EVENT WILL CLOUDOPTY BE RESPONSIBLE TO CUSTOMER OR ANY OTHER PERSON FOR ANY LOSS, CORRUPTION OR ALTERATION OF CUSTOMER INPUTS, OR FOR ANY LOSS ARISING OUT OF ANY BREACH OF SECURITY, INCLUDING, WITHOUT LIMITATION, ANY SPECIAL, DIRECT, INDIRECT OR OTHER DAMAGES OF ANY KIND.

3.3 Users. Unless otherwise provided in such Customer’s Order Form, Customer, through its Admin Users, may provide for an unlimited number of Users to access and use the CLOUDOPTY Cloud Services. CLOUDOPTY will provide Admin Users with the ability to grant Access Credentials to each User.  Customer will at all times be responsible for all actions taken under Customer’s account.  

3.4 Service Level Agreement. The service levels applicable to the CLOUDOPTY Cloud Services are set and are expressly incorporated herein. Service levels vary based on the pricing plan and service level selected by Customer. Customer’s sole and exclusive remedy, and CLOUDOPTY’s sole and exclusive obligation, for a breach of any terms of the Service Level Agreement, but not for terms elsewhere in this Agreement, is as provided in the Service Level Agreement. 

3.5 Ownership.  The CLOUDOPTY Cloud Services, the CLOUDOPTY Technology, the CLOUDOPTY Analytics, the Documentation and all worldwide Intellectual Property Rights in each of the foregoing and in all derivative works of each of the foregoing, are the exclusive property of CLOUDOPTY and its licensors.  Except for the rights and licenses expressly granted herein, all rights in and to all of the foregoing are reserved by CLOUDOPTY and its licensors. 

3.6 Marketing.  CLOUDOPTY may publicly refer to Customer as a customer of CLOUDOPTY, including on CLOUDOPTY’s website and in sales presentations, and may use Customer’s logo for such purposes. Similarly, Customer may publicly refer to itself as a customer of CLOUDOPTY’s software as a service, including on Customer’s website. 

3.7 Collection and Use of Information. 

(a) Customer acknowledges that CLOUDOPTY may, directly or indirectly through the services of third parties, collect and store information regarding use of the CLOUDOPTY Cloud Services and about equipment on which the CLOUDOPTY Cloud Services is installed or through which it otherwise is accessed and used. 

(b) Customer agrees that CLOUDOPTY may use such information for any purpose related to any use of the CLOUDOPTY Cloud Services by Customer or on Customer’s equipment, including but not limited to: 

(i) Improving the performance of the CLOUDOPTY Cloud Services or developing updates thereto; and

(ii) Verifying Customer’s compliance with the terms of this Agreement and enforcing CLOUDOPTY’s rights, including all Intellectual Property Rights in and to the CLOUDOPTY Cloud Services. 

3.8 Customer Feedback. In the event Customer provides any suggested improvements, enhancements, or feedback with respect to the CLOUDOPTY Cloud Services (collectively, “Feedback”), Customer hereby assigns to CLOUDOPTY all rights, title, and interest in and to such Feedback.

4. CUSTOMER RESPONSIBILITIES.

4.1 Access Credentials. Customer will be responsible for all acts and omissions of Customer’s Users. Customer agrees to: (1) keep its Access Credentials secure and confidential and not to allow any of Customer’s Users to provide their Access Credentials to anyone else; and (2) not permit others to use Customer’s Access Credentials. Customer will notify CLOUDOPTY immediately if it learns of any unauthorized use of any Access Credentials or any other known or suspected breach of security, including as outlined in Schedule A (Customer Data Processing Addendum). CLOUDOPTY reserves the right to take any action CLOUDOPTY deems necessary or reasonable to ensure the security of the CLOUDOPTY Cloud Services and Customer’s Access Credentials and account, including terminating Customer’s access, changing passwords, or requesting additional information to authorize activities related to Customer’s account. 

4.2 Use Guidelines.  Customer shall comply with all applicable laws, rules and regulations in its use of the CLOUDOPTY Cloud Services.  Customer shall use the CLOUDOPTY Cloud Services solely for Customer’s internal business purposes as contemplated by this Agreement and shall not:  (i) license, sublicense, sell, resell, rent, lease, transfer, assign, copy, reproduce, distribute, time share or otherwise commercially exploit or make the CLOUDOPTY Cloud Services available to any third party, other than as expressly permitted by this Agreement; (ii) disrupt any servers or networks connected to the CLOUDOPTY Cloud Services, or disobey any requirements, procedures, policies or regulations of networks connected to the CLOUDOPTY Cloud Services; (iii) attempt to gain unauthorized access to the CLOUDOPTY Cloud Services or the CLOUDOPTY Technology or any related systems or networks; (iv) remove, alter or obscure any proprietary notices associated with the CLOUDOPTY Cloud Services; (v) use the CLOUDOPTY Cloud Services in violation of (x) any applicable, law, rule, regulation, or guideline (including any United States export laws and regulations), or (y) any contractual agreement by which Customer is bound; (vi) attempt to probe, scan, or test (including without limitation stress testing or penetration testing) the vulnerability of any system or network associated with the CLOUDOPTY Cloud Services or breach any security or authentication measures; (vii) copy, distribute, modify, adapt, hack, disassemble, decompile, decode, or reverse engineer to extract any source code, object code, machine code or any other software code from the CLOUDOPTY Cloud Services or CLOUDOPTY Technology or otherwise attempt to derive or gain unauthorized access to the CLOUDOPTY Cloud Services, the CLOUDOPTY Technology or related systems or networks, or otherwise take action inconsistent with Customer’s acknowledgement that title to CLOUDOPTY Technology, and all Intellectual Property Rights incorporated therein, shall remain the sole and exclusive property of CLOUDOPTY; (viii) access or use the CLOUDOPTY Cloud Services or CLOUDOPTY Technology for purposes of competitive analysis of the CLOUDOPTY Cloud Services or CLOUDOPTY Technology, the development, provision, or use of a competing software service or product, or any other purpose that is to the detriment or commercial disadvantage of CLOUDOPTY; or (ix) utilize the CLOUDOPTY Cloud Services in order to (a) send spam or otherwise duplicative or unsolicited messages in violation of applicable laws; (b) send or store infringing, obscene, threatening, libelous, or otherwise unlawful, unsafe, malicious, abusive or tortious material, including material harmful to children or violative of third party privacy rights; or (c) send or store material containing software viruses, worms, Trojan horses or other harmful computer code, files, scripts, agents or programs or plant malware on CLOUDOPTY’s computer systems, those systems of CLOUDOPTY’s third-party service providers or vendors, or otherwise use the CLOUDOPTY Cloud Services to attempt to upload and/or distribute malware. 

4.3 Restrictions. 

(a) Customer agrees that, during the period in which Customer is using the CLOUDOPTY Cloud Services and ending on the fourth (4th) anniversary of the last date of Customer’s use of the CLOUDOPTY Cloud Services (the “Restricted Period”), Customer will not directly or indirectly, and Customer will ensure that Customer’s Users do not directly or indirectly, (i) render services to any third party for the purposes of competing with the CLOUDOPTY Cloud Services or CLOUDOPTY Technology; or (ii) interfere with business relationships (whether formed heretofore or hereafter) between CLOUDOPTY and its customers or potential customers. Customer acknowledges and agrees that CLOUDOPTY will suffer irreparable harm in the event that Customer breaches any of Customer’s obligations under this Section 4.3(a) of this Agreement and that monetary damages would be inadequate to compensate CLOUDOPTY for such breach.  Accordingly, Customer agrees that, in the event of a breach or threatened breach by Customer of any of Customer’s obligations under Section 4.3(a) of this Agreement, CLOUDOPTY will be entitled to obtain from any court of competent jurisdiction preliminary and permanent injunctive relief, and expedited discovery for the purpose of seeking relief, in order to prevent or to restrain any such breach.  CLOUDOPTY will be entitled to recover its costs incurred in connection with any action to enforce Section 4.3(a) of this Agreement, including reasonable attorneys’ fees and expenses, to the maximum extent permitted by applicable law.

(b) During the period in which Customer is using the CLOUDOPTY Cloud Services and for four (4) years thereafter, Customer shall not, and shall not assist any other person or entity to, directly or indirectly, recruit or solicit (other than by general advertisement not directed specifically to any person or persons) for employment or engagement as an independent contractor any person then or within the prior 12 months employed or engaged by CLOUDOPTY or any third-party contractor to CLOUDOPTY and involved in any respect with the CLOUDOPTY Cloud Services or the performance of this Agreement. In the event of a violation of this Section 4.3(b), CLOUDOPTY will be entitled to liquidated damages equal to the compensation paid by CLOUDOPTY to the applicable employee or contractor during the prior 12 months.

4.4 Customer Input Restrictions. The CLOUDOPTY Cloud Services includes the ability for the Customer to upload Customer Inputs. Customer is responsible for all Customer Inputs. Customer represents, warrants and covenants Customer has all rights and licenses necessary to upload the Customer Inputs and to grant the licenses granted hereunder. Customer represents, warrants and covenants that the Customer Inputs:

(i) will not and do not infringe the patent, copyright, trademark, trade secret, or other intellectual property or proprietary right of others;

(ii) will not and do not violate the privacy, publicity, or other rights of third parties or any other law, statute, ordinance or regulation; 

(iii) are not and will not become unlawful, tortious, fraudulent, defamatory or harmful to minors, obscene, or pornographic;

(iv) will not and do not violate Customer’s own privacy policy or collect information from Users in any manner to which such Users have not consented;

(v) will not and do not disclose or provide information protected under any law, agreement or fiduciary relationship, including but not limited to, proprietary or confidential information of others; and

(vi) will not and do not contain any viruses, Trojan horses, spyware, malware, worms, time bombs, cancelbots, or other disabling devices or other harmful component intended to damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data or personal information. 

4.5 Third Party Services. If and to the extent Customer uses the CLOUDOPTY Cloud Services to access or use any third party’s websites, platforms, content, products, services, or information (“Third Party Services”), or CLOUDOPTY accesses or uses Third Party Services on Customer’s behalf to facilitate the performance of the CLOUDOPTY Cloud Services, Customer shall ensure, and be solely responsible for ensuring, that such access and use, including through keys, passwords, credentials or tokens issued or otherwise made available by Customer or the Third Party Service provider, is authorized by the terms of access and use for such Third Party Services.

5. FEES AND PAYMENT.

5.1 Fees. If the Customer elects to use or upgrade to a paid version of the CLOUDOPTY Cloud Services, Customer will pay to CLOUDOPTY the fees set forth in the Dashboard or in each Order Form in accordance with the payment schedule set forth in the Dashboard or such Order Form, as applicable. Unless otherwise specified in the Dashboard or any Order Form, Customer will be required to pay the fees set forth in the Dashboard, or in the Customer’s Order Form, within thirty (30) days of the invoice date.  All fees are nonrefundable, except as expressly otherwise set forth herein, and will be paid in U.S. dollars and exclude all applicable sales, use, and other taxes. Any fees that are not paid when due are subject to interest at one percent (1.0%) per month or the maximum rate permitted by applicable law, whichever is less, from the due date until paid.  Customer further acknowledges and agrees that the CLOUDOPTY Cloud Services include features that are designed to optimize cost, performance, compliance, and scalability across multiple cloud-computing and cloud-storage providers utilized by the Customer, and therefore CLOUDOPTY may incur charges on Customer’s behalf with such cloud-computing and cloud-storage providers. The Customer acknowledges and agrees that any fees or charges incurred by CLOUDOPTY on behalf of the Customer with such cloud-computing and cloud-storage providers are solely the obligation of the Customer, and CLOUDOPTY will not be responsible for paying any such amounts on behalf of the Customer or otherwise.   

5.2 Taxes.  Customer will make all payments to CLOUDOPTY free and clear of, and without reduction for, any withholding taxes; any such taxes imposed on payments of fees to CLOUDOPTY, other than taxes on CLOUDOPTY’s income, will be Customer’s sole responsibility, and if requested by CLOUDOPTY, Customer will provide CLOUDOPTY with official receipts issued by the appropriate taxing authority, or such other evidence as CLOUDOPTY may reasonably request, to establish that such taxes have been paid.

6. CONFIDENTIALITY AND DATA PROTECTION

6.1 Confidential Information.  Each party (the “Disclosing Party”) may from time to time during the Term disclose to or learn from the other party (the “Receiving Party”) certain information regarding the Disclosing Party’s business, including without limitation, technical, marketing, financial, employee, planning, and other confidential or proprietary information whether disclosed orally, in writing or visually, that is either marked or designated as confidential or is identified in writing as confidential at the time of disclosure or which the Receiving Party knew or should have known, under the circumstances, was considered confidential or proprietary by the Disclosing Party (“Confidential Information”). For the avoidance of doubt, the CLOUDOPTY Cloud Services and the CLOUDOPTY Technology constitutes Confidential Information of CLOUDOPTY and Customer Inputs constitute the Confidential Information of Customer.

6.2 Protection of Confidential Information.  The Receiving Party will not use any Confidential Information of the Disclosing Party for any purpose not expressly permitted by this Agreement, and will disclose the Confidential Information of the Disclosing Party only to the employees and contractors of the Receiving Party who have a need to know such Confidential Information for purposes of this Agreement and who are under a duty of confidentiality no less restrictive than the Receiving Party’s duty hereunder.  The Receiving Party will (a) protect the Disclosing Party’s Confidential Information from unauthorized use, access, or disclosure in the same manner as the Receiving Party protects its own confidential or proprietary information of a similar nature and with no less than reasonable care; and (b) promptly advise the Disclosing Party upon becoming aware of any loss, disclosure, or duplication of the Confidential Information or of any breach of this Agreement, including, without limitation, the misappropriation of the Confidential Information. Both parties acknowledge and agree that the Disclosing Party may be irreparably harmed by any violation of this Section 6 (Confidentiality) and that the use of the Confidential Information for any purpose other than that stated herein may, among other things, enable the Receiving Party or other third parties receiving such Confidential Information to compete unfairly with the Disclosing Party.  Therefore, in the event of a breach or threatened breach, the Disclosing Party shall be entitled, in addition to all other rights and remedies available at law or in equity, to seek (i) an injunction restraining such breach; or (ii) a decree for specific performance of the applicable provision of this Agreement. Notwithstanding the termination or expiration of this Agreement, the obligations of the Receiving Party, with respect to the Confidential Information of Disclosing Party, shall be in full force and effect as follows: (A) in the case of any information or materials that constitute a trade secret within the meaning of applicable law, for as long as such information and materials remain as a trade secret, or (B) in the case of any other information or materials, during the Term and for five (5) years following the termination or expiration of this Agreement.

6.3 Exceptions.  The Receiving Party’s obligations under this subsection will not apply to any portion of the Disclosing Party’s Confidential Information if the Receiving Party can document that such information: (a) was already lawfully known to the Receiving Party at the time of disclosure by the Disclosing Party; (b) is disclosed to the Receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the Receiving Party has become, generally available to the public; or (d) was independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information.  In addition, the Receiving Party will be allowed to disclose Confidential Information of the Disclosing Party to the extent that such disclosure is (i) approved in writing by the Disclosing Party, (ii) necessary for the Receiving Party to enforce its rights under this Agreement in connection with a legal proceeding; or (iii) required by law or by the order of a court or similar judicial or administrative body, provided that the Receiving Party, as permitted by applicable law, rules and regulations, notifies the Disclosing Party of such required disclosure in writing promptly, and cooperates with the Disclosing Party, at the Disclosing Party’s reasonable request and expense, in any lawful action to contest or limit the scope of such required disclosure.

6.4 Destruction of Confidential Information.  The Receiving Party will destroy or permanently erase, as appropriate, all physical and electronic copies of Confidential Information of the Disclosing Party in the Receiving Party’s possession or control promptly upon the written request of the Disclosing Party or the expiration or termination of this Agreement, whichever comes first; provided that any electronic copies stored in connection with the Receiving Party’s back-up and recovery operations conducted in the ordinary course of business may be retained and will continue to be subject to the terms herein.  At the Disclosing Party’s request, the Receiving Party will certify in writing that it has fully complied with its obligations under this subsection.

6.5 Confidentiality of Agreement.  Neither party will disclose any terms of any Order Form, or any amendment, modification or waiver to this Agreement, to anyone other than its attorneys, accountants, and other professional advisors under a duty of confidentiality except (a) as required by law; (b) pursuant to a mutually agreeable press release; (c) in connection with a proposed merger, financing, or sale of such party’s business (provided that any third party to whom the terms of this Agreement are to be disclosed signs a confidentiality agreement, or is otherwise subject to confidentiality obligations, in each case no less strict than those set forth in this Agreement); or (d) as provided in Subsection 3.6.

6.6 Data Protection.  If and to the extent the Customer Inputs include any Personal Data, CLOUDOPTY and Customer shall comply with their respective obligations outlined in Schedule A (Customer Data Processing Addendum) attached hereto. For the purposes of this Subsection 6.6, the terms “Processes” and “Personal Data” shall have the meanings assigned in Schedule A. Any Personal Data that constitutes Confidential Information shall be subject to the terms of Schedule A.

6.7 No Protected Health Information. Customer shall not provide, transmit, disclose, or otherwise make available to CLOUDOPTY any “Protected Health Information” as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Customer agrees that CLOUDOPTY is not a “Business Associate” or “Subcontractor” under HIPAA, and Customer shall not use the CLOUDOPTY Cloud Services in any manner that would require CLOUDOPTY or the CLOUDOPTY Cloud Services to comply with HIPAA, the Health Information Technology for Economic and Clinical Health (“HITECH”) Act, their enabling regulations, or similar state laws or regulations. If Customer transmits or otherwise makes any Protected Health Information available to CLOUDOPTY through the CLOUDOPTY Cloud Services, Customer will reimburse CLOUDOPTY for any costs that CLOUDOPTY incurs to extract, delete, remove, and otherwise remediate such information from the CLOUDOPTY Cloud Services.  As used in this paragraph, the terms “Business Associate,” “Protected Health Information,” and “Subcontractor” shall have the meanings ascribed to them under HIPAA, the HITECH Act, and their enabling regulations.

7. WARRANTIES

THE CLOUDOPTY CLOUD SERVICES WILL MATERIALLY CONFORM TO THE DOCUMENTATION. IF CUSTOMER BELIEVES THE CLOUDOPTY CLOUD SERVICES DO NOT MATERIALLY CONFORM TO THE DOCUMENTATION, CUSTOMER MUST PROVIDE CLOUDOPTY NOTICE OF SUCH NONCONFORMITY WITHIN THIRTY (30) DAYS OF THE FIRST INSTANCE OF SUCH NONCONFORMITY. CLOUDOPTY WILL HAVE THIRTY (30) DAYS AFTER RECEIVING SUCH NOTICE TO CORRECT SUCH NONCONFORMITY IF CLOUDOPTY, IN ITS SOLE DISCRETION, DETERMINES THAT SUCH NONCONFORMITY EXISTS. IF CLOUDOPTY DETERMINES THAT SUCH NONCONFORMITY EXISTS, BUT IS UNABLE TO CORRECT SUCH NONCONFORMITY WITHIN SUCH THIRTY (30) DAY PERIOD, CUSTOMER’S SOLE REMEDY WILL BE TO TERMINATE THIS AGREEMENT AND CLOUDOPTY WILL PROVIDE A REFUND TO CUSTOMER ON A PRO RATA BASIS OF ANY PREPAID FEES PAID BY CUSTOMER FOR THE REMAINDER OF THE THEN-CURRENT SUBSCRIPTION TERM. THE FOREGOING REPRESENTS CUSTOMER’S SOLE AND EXCLUSIVE REMEDY IN THE EVENT THE CLOUDOPTY CLOUD SERVICES DO NOT MATERIALLY CONFORM TO THE DOCUMENTATION.  EXCEPT AS PROVIDED IN THE FIRST SENTENCE OF THIS SECTION 7, THE CLOUDOPTY CLOUD SERVICES ARE PROVIDED “AS IS”, “AS AVAILABLE”, AND WITHOUT ANY REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, NON-INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE, AND CLOUDOPTY HEREBY DISCLAIMS THE SAME. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, CLOUDOPTY NEITHER WARRANTS THAT THE CLOUDOPTY CLOUD SERVICES WILL BE PROVIDED IN AN UNINTERRUPTED, SECURE OR ERROR-FREE MANNER, NOR DOES CLOUDOPTY MAKE ANY WARRANTY AS TO THE RESULTS OBTAINED FROM THE CLOUDOPTY CLOUD SERVICES OR AS TO THE ACCURACY OR RELIABILITY OF ANY CONTENT CONTAINED IN OR PROVIDED THROUGH THE CLOUDOPTY CLOUD SERVICES. USE OF ANY MATERIAL AND DATA OBTAINED THROUGH THE USE OF THE CLOUDOPTY CLOUD SERVICES SHALL BE AT CUSTOMER’S OWN DISCRETION AND RISK AND CUSTOMER WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO CUSTOMER’S (OR ANY OTHER USER’S) COMPUTER SYSTEM, MOBILE DEVICE, OR DATA THAT RESULTS FROM THE USE OF THE CLOUDOPTY CLOUD SERVICES OR THE DOWNLOAD OF ANY SUCH MATERIAL OR DATA. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY CLOUDOPTY, ITS AGENTS OR EMPLOYEES WILL CREATE A WARRANTY. ANY USE OF THE CLOUDOPTY CLOUD SERVICES IS AT CUSTOMER’S OWN RISK. CLOUDOPTY shall not be responsible for ensuring and does not represent or warrant that: (i) the CLOUDOPTY Cloud Services will meet Customer’s requirements; or (ii) all deficiencies in the CLOUDOPTY Cloud Services can be found or corrected. CLOUDOPTY will not be responsible for any loss or corruption of data.

8. INDEMNIFICATION

CUSTOMER AGREES TO DEFEND, INDEMNIFY AND HOLD HARMLESS CLOUDOPTY, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SERVICE PROVIDERS, CONTRACTORS, CLIENTS, SUPPLIERS, RESELLERS, AND LICENSORS, FROM AND AGAINST ANY AND ALL COSTS, FEES, LOSS, CLAIM OR LIABILITY (INCLUDING WITHOUT LIMITATION ALL ATTORNEYS’ FEES AND EXPENSES) WHICH THEY MAY INCUR IN CONNECTION WITH (A) CUSTOMER’S BREACH OF THIS AGREEMENT OR ANY OTHER RULES OR GUIDELINES PROVIDED TO CUSTOMER BY CLOUDOPTY, OR (B) CUSTOMER’S USE OF THE CLOUDOPTY CLOUD SERVICES.

9. LIMITATION OF LIABILITY

9.1 UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY (WHETHER IN CONTRACT, TORT, NEGLIGENCE OR OTHERWISE) WILL CLOUDOPTY, OR ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SERVICE PROVIDERS, CONTRACTORS, CLIENTS (OTHER THAN CUSTOMER), SUPPLIERS, RESELLERS, OR LICENSORS BE LIABLE TO CUSTOMER OR ANY THIRD PARTY FOR ANY LOST PROFITS, LOST SALES OR BUSINESS, LOST, CORRUPTED, OR STOLEN DATA, BUSINESS INTERRUPTION, LOSS OF GOODWILL, OR FOR ANY TYPE OF INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL OR PUNITIVE LOSS OR DAMAGES, OR ANY OTHER LOSS OR DAMAGES INCURRED BY CUSTOMER OR ANY THIRD PARTY IN CONNECTION WITH THIS AGREEMENT OR THE CLOUDOPTY CLOUD SERVICES, REGARDLESS OF WHETHER CLOUDOPTY HAS BEEN ADVISED OF THE POSSIBILITY OF OR COULD HAVE FORESEEN SUCH DAMAGES.

9.2 NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, CLOUDOPTY’S AGGREGATE LIABILITY TO CUSTOMER OR ANY THIRD PARTY ARISING OUT OF THIS AGREEMENT AND THE CLOUDOPTY CLOUD SERVICES SHALL IN NO EVENT EXCEED THE CHARGES AND FEES PAID BY CUSTOMER DURING THE THREE (3) MONTH PERIOD PRIOR TO THE FIRST EVENT OR OCCURRENCE GIVING RISE TO SUCH LIABILITY. CUSTOMER ACKNOWLEDGES AND AGREES THAT THE ESSENTIAL PURPOSE OF THIS SECTION 9.2 IS TO ALLOCATE THE RISKS UNDER THIS AGREEMENT BETWEEN THE PARTIES AND LIMIT POTENTIAL LIABILITY GIVEN THE SUBSCRIPTION CHARGES AND FEES, WHICH WOULD HAVE BEEN SUBSTANTIALLY HIGHER IF CLOUDOPTY WERE TO ASSUME ANY FURTHER LIABILITY OTHER THAN AS SET FORTH HEREIN. CLOUDOPTY HAS RELIED ON THESE LIMITATIONS IN DETERMINING WHETHER TO PROVIDE CUSTOMER WITH THE RIGHTS TO ACCESS AND USE THE CLOUDOPTY CLOUD SERVICES PROVIDED FOR IN THIS AGREEMENT.

9.3 CLOUDOPTY acknowledges that some jurisdictions do not allow for the inclusion of implied warranties or limitation of liability for incidental or consequential damages, and as such some of the above limitations may not apply to Customer.  IN JURISDICTIONS THAT DO NOT RECOGNIZE IMPLIED WARRANTIES OR LIMITATIONS OF LIABILITY, CLOUDOPTY’S LIABILITY WILL BE LIMITED TO THE GREATEST EXTENT PERMITTED BY LAW.

9.4 Customer acknowledges that any and all claims or damages that Customer may have against CLOUDOPTY shall only be enforceable against CLOUDOPTY and not other entities, its officers, directors, representatives or agents.

10. TERM AND TERMINATION

10.1 Term.  The Agreement shall commence on the effective date of the Order Form placed by the Customer for the CLOUDOPTY Cloud Services and shall continue for a period of one (1) year, unless a different term is provided in the Customer’s Order Form (“Initial Term”).  The Agreement shall renew automatically for additional one (1) year periods (each a “Renewal Term”) unless a party provides the other party with written notice of its intention not to renew the Agreement at least sixty (60) days prior to the expiration of the then-current Term (“Non-Renewal Notice”).  In the event a party provides a Non-Renewal Notice pursuant to this Agreement, the Agreement shall expire on the last day of the then-current Term (“Expiration Date”).  The Initial Term, together with each Renewal Term, is hereinafter referred to as the “Term.” 

10.2 Termination. This Agreement and any Order Form may be terminated by either party (the “Non-breaching Party”) effective immediately upon written notice containing an explanation of the alleged breach to the other party (the “Breaching Party”), if the Breaching Party breaches any provision of this Agreement, and does not cure the breach within thirty (30) days after receiving written notice thereof from the Non-breaching Party; provided, however, that if such breach is not capable of being cured, this Agreement and any Order Form shall terminate immediately upon the Breaching Party receiving notice of such breach from the Non-breaching Party. Anything in this Agreement to the contrary notwithstanding, CLOUDOPTY may terminate this Agreement, and Customer’s use of the CLOUDOPTY Cloud Services, at any time and for any (or no reason) if Customer is using a free plan or version of the CLOUDOPTY Cloud Services. 

10.3 Termination Upon Bankruptcy or Insolvency. Either party may, at its option, terminate this Agreement immediately upon written notice to the other, in the event (a) that the other party becomes insolvent or unable to pay its debts when due; (b) the other party files a petition in bankruptcy, reorganization or similar proceeding, or, if filed against the other party, such petition is not removed within ninety (90) days after such filing; (c) the other party discontinues its business; or (d) a receiver is appointed or there is an assignment for the benefit of the other party’s creditors. 

10.4 Suspension of Services. CLOUDOPTY may cancel or suspend all Users’ access to the CLOUDOPTY Cloud Services if: (a) a reasonable threat to the technical security or technical integrity of the CLOUDOPTY Cloud Services exists; provided that CLOUDOPTY promptly recommences performance upon the cessation of the threat; (b) CLOUDOPTY believes that Customer has breached any representation, warranty, or covenant in this Agreement; or (c) any amount due under this Agreement (including any then-effective Order Form) is not received by CLOUDOPTY within thirty (30) days after it was due.

10.5 Outstanding Fees. Termination shall not relieve Customer of the obligation to pay any fees accrued or payable to CLOUDOPTY prior to the effective date of termination. In the event of termination by Customer pursuant to Section 10.2 or 10.3, promptly after the effective date of such termination, CLOUDOPTY shall refund to Customer on a pro-rata basis any prepaid fees paid by Customer for the remainder of the then current subscription term under the terminated Order Forms.  In the event of termination by CLOUDOPTY pursuant to Section 10.2, 10.3, or 10.4, all amounts payable by Customer under this Agreement and all Order Forms will become immediately due and payable.

10.6 Rights and Obligations Upon Expiration or Termination.  Upon expiration or termination of this Agreement, Customer’s and its Users’ right to access and use the CLOUDOPTY Cloud Services will immediately terminate, Customer and its Users will immediately cease all use of the CLOUDOPTY Cloud Services, and each party will destroy and make no further use of any Confidential Information, materials, or other items (and all copies thereof) belonging to the other party. Without limiting the generality of the foregoing, Customer’s right to use the CLOUDOPTY Cloud Services under a particular Order Form is based upon the terms and conditions of that Order Form in addition to the terms and conditions of this Agreement. Accordingly, upon the expiration or termination of an Order Form, Customer’s right to use the Services under that Order Form will also terminate.

10.7 Survival.  Sections 1, 3.5, 3.7(b), 3.8, 5, 6, 7, 8, 9, 10, 11, 12 and, to the extent provided therein, Schedule A, shall survive any termination or expiration of this Agreement. 

11. RESELLER ORDERS. 

11.1 Reseller Orders. If Customer orders the CLOUDOPTY Cloud Services from an authorized non-affiliated third-party reseller (“Reseller”), then this Section 11 (Reseller Orders) will apply and prevail over any conflicting terms in this Agreement.

11.2 Reseller Payments. The fees for the CLOUDOPTY Cloud Services will be set between Customer and Reseller. Customer will make payments of fees directly to Reseller under its agreement with Reseller (“Reseller Agreement”).

11.3 Reseller as Administrator. At Customer’s discretion, Reseller may have access to Customer’s account, Access Credentials, and Customer Inputs. As between CLOUDOPTY  and Customer, Customer is solely responsible for: (a) any access by Reseller to Customer’s account, Access Credentials, or Customer Inputs, (b) defining in the Reseller Agreement any rights or obligations as between Reseller and Customer with respect to the CLOUDOPTY Cloud Services.

11.4 Reseller Technical Support. Customer acknowledges and agrees that Reseller will be responsible for providing First-Level Support (as defined below) for the CLOUDOPTY Cloud Services. Reseller may disclose Customer Inputs and Customer Confidential Information to CLOUDOPTY as reasonably required in order for Reseller to handle any support issues that Customer escalates to or via Reseller. As used herein, the term “First-Level Support” means the identification, diagnosis, and correction of user issues or problems with the CLOUDOPTY Cloud Services by the provision of the following support services by help-desk technicians, prior to the elevation of such support to any CLOUDOPTY personnel: (a) telephone, email, and/or chat assistance; and (b) access to technical information on the CLOUDOPTY website for proper use of the CLOUDOPTY Cloud Services. 

11.5 Disclosure of Confidential Information to Reseller. CLOUDOPTY may share Customer Confidential Information and Customer Inputs with Reseller as reasonably necessary to provide and support the CLOUDOPTY Cloud Services. Customer hereby authorizes such sharing pursuant to Section 6 (Confidentiality). 

12. GENERAL

12.1 Governing Law; Arbitration. 

(a) This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware, U.S.A., without reference to conflicts of laws provisions and, as to matters affecting copyrights, trademarks and patents, by U.S. federal law. Any dispute or claim arising out of, or in connection with, the Agreement shall be finally settled by binding arbitration in Miami, Florida, in accordance with the then-current rules and procedures of the American Arbitration Association by one (1) arbitrator appointed by the American Arbitration Association. The arbitrator shall apply the law of the State of Delaware, without reference to rules of conflict of law or statutory rules of arbitration, to the merits of any dispute or claim. Judgment on the award rendered by the arbitrator may be confirmed, reduced to judgment and entered in any court of competent jurisdiction. Customer agrees that, any provision of applicable law notwithstanding, the arbitrator shall have the authority to award the prevailing party its costs and reasonable attorneys’ fees. The foregoing agreement to arbitration includes all claims of any type, including all common law and/or statutory claims under local, state, or federal law.   In the event that the above arbitration provision is held invalid or unenforceable, then any dispute with respect to the Agreement shall be brought and heard either in the Florida state courts located in Miami, Florida, or the federal district court located in Miami, Florida. In such event, Customer consents to the in personam jurisdiction and venue of such courts. Customer agrees that service of process upon Customer in any such action may be made if delivered in person, by courier service, by email, by telefacsimile or by first class mail, and shall be deemed effectively given upon receipt; provided, that with respect to notice sent by email, notice shall be deemed effectively given upon CLOUDOPTY’s sending of such notice, if such email is not returned to sender or notice is not otherwise returned to CLOUDOPTY that the email is undeliverable.

(b) Notwithstanding anything herein to the contrary, if either party seeks preliminary injunctive relief to protect its rights, then such party will have the power, without waiving this arbitration agreement, to invoke the jurisdiction of a court of competent jurisdiction for the exclusive purpose of obtaining such preliminary injunctive relief, and for such purpose each party hereby consents to the jurisdiction of, and the laying of venue in, the state and federal courts sitting in Miami, Florida. Each party hereby waives and agrees not to assert, to the fullest extent permitted by applicable law, any claim that (i) such party is not subject to the jurisdiction of such courts, (ii) venue in such courts is improper, (iii) any proceeding allowed by this paragraph commenced in such courts is brought in an inconvenient forum, and (iv) that any action by a party to seek preliminary injunctive relief in such courts is a waiver of such party’s right to enforce this arbitration agreement.

(c) BY ENTERING INTO THIS ARBITRATION AGREEMENT, CUSTOMER AND CLOUDOPTY AGREE THAT EACH MAY BRING CLAIMS WITHIN THE SCOPE OF THIS ARBITRATION AGREEMENT ONLY IN AN INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. ALL CLAIMS AND DISPUTES WITHIN THE SCOPE OF THIS ARBITRATION AGREEMENT MUST BE ARBITRATED ON AN INDIVIDUAL BASIS AND NOT ON A CLASS, COLLECTIVE OR REPRESENTATIVE BASIS, ONLY INDIVIDUAL RELIEF IS AVAILABLE, AND CLAIMS OF MORE THAN ONE CUSTOMER OR USER CANNOT BE ARBITRATED OR CONSOLIDATED WITH THOSE OF ANY OTHER CUSTOMER OR USER. If a decision is issued stating that applicable law precludes enforcement of any of this paragraph’s limitations as to a given claim for relief, then that claim must be severed from the arbitration and brought in a court of competent jurisdiction. All other claims will be arbitrated.

12.2 Export; Anti-Corruption.  Each party shall comply with the export laws and regulations of the United States and other applicable jurisdictions in providing and using the CLOUDOPTY Cloud Services. Without limiting the foregoing, (i) each party represents that it is not named on any U.S. government list of persons or entities prohibited from receiving exports, and (ii) Customer shall not permit its Users to access or use CLOUDOPTY Cloud Services in violation of any U.S. export embargo, prohibition or restriction. Customer represents that it has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any of CLOUDOPTY’s employees or agents in connection with this Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If Customer learns of any violation of the above restriction, Customer will use reasonable efforts to promptly notify CLOUDOPTY.

12.3 Severability. If any provision of this Agreement is, for any reason, held to be invalid or unenforceable, the other provisions of this Agreement will remain enforceable and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law.

12.4 Waiver; Remedies.  Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion. Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity.

12.5 Entire Agreement. To the maximum extent permitted by applicable law, this Agreement, together with the Service Level Agreement, schedules, annexes, and documents referenced herein and all Order Forms hereunder, constitute the entire agreement between the parties as to its subject matter, and supersede all previous and contemporaneous agreements, proposals or representations, written or oral, concerning the subject matter of this Agreement.  No representation, undertaking or promise shall be taken to have been given or be implied from anything said or written in negotiations between the parties prior to this Agreement except as expressly stated in this Agreement. Except as provided in this Agreement, no modification, amendment, or waiver of any provision of this Agreement (or any Order Form) shall be effective unless in writing and signed by both parties (which may include electronic signatures and/or acceptance of such amendments or waivers via a “click-through” or other similar form of electronic acceptance as provided in herein).  Customer acknowledges and agrees that its agreement hereunder is not contingent upon the delivery of any future functionality or features not specified herein or in an Order Form or dependent upon any oral or written, public or private comments made by CLOUDOPTY with respect to future functionality or features for the CLOUDOPTY Cloud Services.  In the event of any conflict between the provisions in this Agreement and any Order Form, the terms of such Order Form shall prevail.  No terms or conditions stated in a Customer purchase order or in any other Customer order documentation shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void.

12.6 No Assignment.  Neither party will assign, subcontract, delegate, or otherwise transfer this Agreement, or its rights and obligations herein, without obtaining the prior written consent of the other party, and any attempted assignment, subcontract, delegation, or transfer in violation of the foregoing will be null and void; provided, however, that either party may assign this Agreement in connection with a merger, acquisition, reorganization or change of control, including without limitation a sale of all or substantially all of its assets, stock or business to which this Agreement relates.  The terms of this Agreement will be binding upon the parties and their respective successors and permitted assigns.

12.7 Force Majeure.  Any delay in the performance of any duties or obligations of either party (except the payment of money owed) will not be considered a breach of this Agreement if such delay is caused by a labor dispute, shortage of materials, fire, earthquake, flood, pandemic, or any other event beyond the control of such party, provided that such party uses reasonable efforts, under the circumstances, to notify the other party of the cause of such delay and to resume performance as soon as possible. If an event of force majeure prevents CLOUDOPTY from providing the CLOUDOPTY Cloud Services for thirty (30) days, Customer may cancel this Agreement and receive a refund of pre-paid fees paid for that period of time for which services are not provided.

12.8 Independent Contractors. CLOUDOPTY’s relationship to Customer is that of an independent contractor, and neither party is an agent or partner of the other.  Neither party will have, and will not represent to any third party that it has, any authority to act on behalf of the other.

12.9 Notices.  All notices provided by CLOUDOPTY to Customer under this Agreement may be delivered in writing (a) by electronic mail to the electronic mail address provided by Customer when signing up for the CLOUDOPTY Cloud Services; or (b) delivered by registered or certified mail, postage prepaid, return receipt requested or by nationally recognized overnight courier service.  All notices provided by Customer to CLOUDOPTY under this Agreement may be delivered in writing(a) by electronic mail to info@cloudopty.com; or (b) delivered by registered or certified mail, postage prepaid, return receipt requested or by nationally recognized overnight courier service to the service address of:

CLOUDOPTY, INC.

39111 Paseo Padre Parkway, Suite #305, Fremont, CA 94538, USA.

12.10 Construction.  The titles of the sections of this Agreement are for convenience of reference only and are not to be considered in construing this Agreement. Unless the context of this Agreement clearly requires otherwise: (i) references to the plural include the singular, the singular the plural, and the part the whole, (ii) “or” has the inclusive meaning frequently identified with the phrase “and/or,” (iii) “including” has the inclusive meaning frequently identified with the phrase “including but not limited to” or “including without limitation,” (iv) references to “hereunder,” “herein” or “hereof” relate to this Agreement as a whole, and (v) references to “Sections” or “Subsections” in this Agreement refer to sections and subsections of this Agreement, and (vi) references to “Sections” in Schedule A to this Agreement refer to sections of Schedule A to this Agreement. Any reference in this Agreement to any statute, rule, regulation or agreement, including this Agreement, shall be deemed to include such statute, rule, regulation or agreement as it may be modified, varied, amended or supplemented from time to time. The parties agree that this Agreement shall be fairly interpreted in accordance with its terms without any strict construction in favor of or against either party and that ambiguities shall not be interpreted against the drafting party.

SCHEDULE A

Customer Data Processing Addendum

This Customer Data Processing Addendum (“DPA”) forms part of the Terms of Service (“Agreement”) between CLOUDOPTY and Customer and shall be effective on the date Customer first begins using the CLOUDOPTY Cloud Services. All capitalized terms not defined in this DPA shall have the meanings set forth in the Agreement. Unless clearly stated otherwise, references to “Sections” in this Schedule A refer to sections of this Schedule A. 

With respect to the Processing of Personal Data, the parties agree as follows:

1. Definitions. As used in this DPA:

1.1. “CCPA” means the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq.

1.2. “Data Breach” means any breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data Processed by CLOUDOPTY or a Sub-processor.

1.3. “Data Controller” means an entity that determines the purposes and means of the Processing of Personal Data.

1.4. “Data Processor” means an entity that Processes Personal Data on behalf of a Data Controller.

1.5. “Data Protection Laws” means all data protection and privacy laws applicable to the Processing of Personal Data under this DPA, including, where applicable, GDPR and CCPA.

1.6. “EEA” means, for the purposes of this DPA, the European Economic Area, United Kingdom and Switzerland.

1.7. “GDPR” means Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation) and any member state law implementing the same.

1.8. “Personal Data” means any information relating to an identified or identifiable natural person that is included in Customer Inputs and that, CLOUDOPTY Processes on behalf of Customer as a Data Processor in the course of providing the Services (as defined herein).

1.9. “Processing” has the meaning given to it in the GDPR and “process,” “processes” and “processed” shall be interpreted accordingly.

1.10. “Standard Contractual Clauses” means Annex 1, attached to and forming part of this DPA pursuant to the European Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC.

1.11. “Sub-processor” means any Data Processor engaged by CLOUDOPTY to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement or this DPA.

2. Relationship with the Agreement. 

2.1. The parties agree that this DPA shall replace any existing DPA or other contractual provisions pertaining to the subject matter contained herein the parties may have previously entered into in connection with Services. 

2.2. If there is any conflict between this DPA and the Agreement, this DPA shall prevail. 

2.3. In no event shall any party limit its liability with respect to any individual’s data protection rights under this DPA or otherwise. Customer shall indemnify CLOUDOPTY as applicable against any and all such claims or costs of any kind that exceed the exclusions and limitations set forth in the Agreement. 

2.4. Except as may be otherwise provided pursuant to CLOUDOPTY’s compliance with applicable data transfer mechanisms in Section 10, no one other than a party to this DPA, its successors and permitted assignees shall have any right to enforce any of its terms.

2.5. This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws. 

3. Roles of the Parties; Processing of Personal Data by Customer and CLOUDOPTY. 

3.1. As between CLOUDOPTY and Customer, Customer is the Data Controller of Personal Data and CLOUDOPTY is the Data Processor of Personal Data. CLOUDOPTY shall Process Personal Data only as a Data Processor acting at Customer’s direction. CLOUDOPTY shall not retain, use, or disclose Personal Data for any purpose other than for the specific purpose of performing the Services as described in the Agreement and this DPA, including retaining, using, or disclosing Personal Data for a commercial purpose other than providing the Services.

3.2. Customer agrees that (i) it shall comply with its obligations as a Data Controller under Data Protection Laws in respect of its Processing of Personal Data and any Processing instructions it issues to CLOUDOPTY; and (ii) it has provided notice and obtained all consents and rights necessary under Data Protection Laws for CLOUDOPTY to Process Personal Data and provide the products and services described in the Agreement and any Order Form or Schedule, including CLOUDOPTY Analytics, CLOUDOPTY Cloud Services, Customer use of CLOUDOPTY Technology, and professional services (if any) (collectively “Services”). Customer shall immediately notify CLOUDOPTY and cease Processing Personal Data in the event any required authorization or legal basis for Processing is revoked or terminates.  

3.3. CLOUDOPTY shall Process Personal Data only to provide the Services and for the purposes described in the Agreement or otherwise in accordance with Customer’s documented and agreed-upon lawful instructions unless Processing is required by applicable law, in which case CLOUDOPTY shall to the extent permitted by applicable laws inform Customer of that legal requirement before the relevant Processing. 

3.4. Notwithstanding anything to the contrary in the Agreement or this DPA, Customer acknowledges that CLOUDOPTY shall have a right to use and disclose data relating to Users and other Customer personnel and/or that is obtained in connection with the operation, support and/or use of the Services for its own legitimate purposes relating to the operation, support and/or use of the CLOUDOPTY Cloud Services, CLOUDOPTY Analytics, and CLOUDOPTY Technology, such as billing, account management, technical support, product development, and sales and marketing.  To the extent any such data is considered personal data under the Data Protection Laws, CLOUDOPTY is the Data Controller of such data and accordingly shall Process such data in compliance with applicable Data Protection Laws. 

4. Details of Processing of Personal Data. 

4.1. The subject matter and duration of the Processing of the Personal Data are described in the Agreement and this DPA. The nature and purpose of the Processing of Personal Data is providing the Services. 

4.2. The types of Personal Data that may be processed are determined by Customer and may include contact information, such as email address, phone number, social media identifiers, and postal or physical address; device information, such as device identifiers; and professional information, such as job function, title, and employee identification number. Other Personal Data may be submitted as reasonably necessary for Customer to receive or use Services, but in no case shall such Personal Data include sensitive or special categories of Personal Data. 

4.3. The Processing of Personal Data pursuant to this DPA will pertain to individuals including employees and contractors of Customer, including those who are authorized to use CLOUDOPTY Cloud Services and current and prospective customers and business partners of Customer. The obligations and rights of Customer and CLOUDOPTY and the duration of Processing are set forth in the Agreement and this DPA.

5. Data Security.

Each party shall take appropriate technical and organizational measures against unauthorized or unlawful Processing of Personal Data or its accidental loss, destruction, or damage. CLOUDOPTY shall implement and maintain commercially reasonable technical and organizational security measures designed to protect Personal Data from Data Breaches, to help ensure the ongoing confidentiality, integrity, and availability of the Personal Data and Processing systems, in accordance with CLOUDOPTY’s security standards, including, as appropriate, the measures referred to in Article 32 of the GDPR. Notwithstanding the above, Customer agrees that it is responsible for its secure use of the Services, including securing its account authentication credentials, protecting the security of Personal Data when in transit, and taking any appropriate steps to securely encrypt or backup Personal Data, as well as the security obligations outlined in the Agreement.

6. Data Breach Response.

CLOUDOPTY shall notify Customer without undue delay after becoming aware of any Data Breach. CLOUDOPTY shall make reasonable efforts to identify the cause of the Data Breach and shall undertake such steps as CLOUDOPTY deems necessary and reasonable in order to remediate the cause of such Data Breach. CLOUDOPTY shall provide information related to the Data Breach to Customer in a timely fashion and as reasonably necessary for Customer to maintain compliance with EEA Data Protection Laws. The obligations herein shall not apply to incidents that are caused by Customer, including Customer’s employees, subcontractors, or agents.

7. Confidentiality of Data Processing.

CLOUDOPTY shall ensure that any person who is authorized by CLOUDOPTY to Process Personal Data (including its staff, agents, and subcontractors) shall be under an appropriate obligation of confidentiality.

8. Return or Deletion of Data.

Upon termination or expiration of the Agreement, CLOUDOPTY shall (at Customer’s election) delete or return, if feasible, to Customer all Personal Data remaining in its possession or control, save that this requirement shall not apply: (i) to the extent CLOUDOPTY is required by applicable law to retain some or all of the Personal Data; (ii) if CLOUDOPTY is Processing the Personal Data on behalf of a co-Data Controller; (iii) if CLOUDOPTY is reasonably required to retain some or all of the Personal Data for limited operational and compliance purposes; or (iv) to Personal Data CLOUDOPTY has archived on back-up systems. In all such cases, CLOUDOPTY shall maintain the Personal Data securely and limit Processing to the purposes that prevent deletion or return of the Personal Data. The terms of this DPA shall survive for so long as CLOUDOPTY continues to retain any Personal Data.

9. Sub-processing.

Customer agrees that this DPA constitutes Customer’s written authorization for CLOUDOPTY to engage Sub-processors to Process Personal Data on Customer’s behalf, including the Sub-processors currently engaged by CLOUDOPTY. CLOUDOPTY shall: (i) take commercially reasonable measures to ensure that Sub-processors have the requisite capabilities to Process Personal Data in accordance with this DPA; (ii) enter into a written agreement with the Sub-processor imposing data protection terms that require the Sub-processor to protect the Personal Data to the standard required by Data Protection Laws; (iii) remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-processor that cause CLOUDOPTY to breach any of its obligations under this DPA; and (iv) notify Customer in the event that it intends to engage different or additional Sub-processors that will Process Personal Data pursuant to this DPA, which may be done by email or posting on a website identified by CLOUDOPTY to Customer, Customer must raise any objection to posted Sub-processors within five (5) calendar days of the posted update. Customer’s objection shall only be effective if submitted to CLOUDOPTY in writing, specifically describing Customer’s reasonable belief that CLOUDOPTY’s proposed use of the Sub-processor(s) will materially, adversely affect Customer’s compliance with GDPR. In any such case, the parties will make reasonable efforts to reconcile the matter. In the event Customer’s concern cannot be resolved, CLOUDOPTY may terminate the Agreement with no penalty and Customer shall immediately pay all fees and costs then owing and incurred by CLOUDOPTY as a result of termination.

10. International Transfers. 

10.1. CLOUDOPTY may Process Personal Data anywhere in the world where CLOUDOPTY or its Sub-processors maintain data Processing operations. CLOUDOPTY shall at all times provide an adequate level of protection for the Personal Data Processed, in accordance with the requirements of Data Protection Laws. 

10.2. To the extent performance of the Services requires the transfer of Personal Data from within the EEA to a country outside the EEA not recognized by the European Commission as providing an adequate level of protection for Personal Data (as described in the GDPR), the Standard Contractual Clauses will apply to the transfer.

11. Data Protection Authority Inquiries.

CLOUDOPTY shall (at Customer’s expense) provide commercially reasonable cooperation to assist Customer in its response to any requests from data protection authorities with authority relating to the Processing of Personal Data under the Agreement and this DPA. In the event that any such request is made directly to CLOUDOPTY, CLOUDOPTY shall not respond to such communication directly without Customer’s prior authorization, unless legally compelled to do so. If CLOUDOPTY is required to respond to such a request, CLOUDOPTY shall promptly notify Customer and provide it with a copy of the request unless legally prohibited from doing so.

12. Individual Rights and Requests.

To the extent Customer does not have the ability to independently correct, amend, or delete Personal Data, or block or restrict Processing of Personal Data, then at Customer’s written direction and to the extent required by Data Protection Laws, CLOUDOPTY shall comply with any commercially reasonable request by Customer to facilitate such actions. To the extent legally permitted, Customer shall be responsible for any costs arising from CLOUDOPTY’s or its Sub-processors’ provision of such assistance. CLOUDOPTY shall, to the extent legally permitted, promptly notify Customer if it receives a request from an individual data subject for access to, correction, amendment or deletion of that person’s Personal Data, or a request to restrict Processing. CLOUDOPTY shall provide Customer with commercially reasonable cooperation and assistance in relation to handling of a data subject’s request, to the extent legally permitted and to the extent Customer does not have the ability to address the request independently. To the extent legally permitted, Customer shall be responsible for any costs arising from CLOUDOPTY’s provision of such assistance.

13. Assessments and Data Protection Impact Assessments.

CLOUDOPTY shall provide written responses (on a confidential basis) to all commercially reasonable requests for information made by Customer regarding Processing of Personal Data, including responses to information security reviews, that are necessary to confirm CLOUDOPTY’s compliance with this DPA. CLOUDOPTY shall cooperate with audits and inspections performed by Customer or a vendor of Customer reasonably acceptable to CLOUDOPTY that are necessary to confirm CLOUDOPTY’s compliance with this DPA, provided however, that any such on-site audit or inspection: (i) may not be performed unless necessary to determine CLOUDOPTY’s compliance with this DPA and Customer reasonably believes that CLOUDOPTY is not complying with this DPA; (ii) must be conducted at Customer’s sole expense and subject to reasonable fees and costs charged by CLOUDOPTY; (iii) conducted at a date and time and for a duration mutually agreed by the parties; and (v) must be performed in a manner that does not cause any damage, injury, or disruption to CLOUDOPTY’s premises, equipment, personnel, or business. Notwithstanding the foregoing, CLOUDOPTY will not be required to disclose any proprietary or privileged information to Customer or an agent or vendor of Customer. Customer shall not exercise its rights under this Section more than once per year, including with respect to any support required to perform a data protection impact assessment. 

14. Law Enforcement Requests.

If a law enforcement agency sends CLOUDOPTY a demand for Personal Data (for example, through a subpoena or court order), CLOUDOPTY may attempt to redirect the law enforcement agency to request that data directly from Customer. As part of this effort, CLOUDOPTY may provide Customer’s basic contact information to the law enforcement agency. If compelled to disclose Personal Data to a law enforcement agency, then CLOUDOPTY shall give Customer reasonable notice of the demand to allow Customer to seek a protective order or other appropriate remedy unless CLOUDOPTY is legally prohibited from doing so.

15. Customer Obligations.

Customer shall ensure that Customer is entitled to transfer the relevant Personal Data to CLOUDOPTY so that CLOUDOPTY may lawfully use, process, and transfer the Personal Data in accordance with the Agreement on the Customer’s behalf. The Customer shall not provide to CLOUDOPTY any “Sensitive Personal Data” as defined by GDPR and any national laws adopted pursuant to GDPR, including racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health or condition, sexual life, or the commission or alleged commission of any crime or offense. Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by any applicable Data Protection Law and acknowledges that CLOUDOPTY is reliant on Customer for direction as to the extent to which CLOUDOPTY is entitled to use and process the Personal Data. Consequently, and without limiting any limitations of liability or Customer’s indemnification obligations under the Agreement, CLOUDOPTY will not be liable for any claim brought against CLOUDOPTY arising from any action or omission by CLOUDOPTY to the extent that such action or omission resulted directly from Customer’s instructions and/or any failure of Customer to comply with this DPA.

SCHEDULE A – ANNEX 1

Standard Contractual Clauses (processors)

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection

The entity identified as “Customer” in the DPA (the “data exporter”) and

CloudOpty Inc.,

39111 Paseo Padre Parkway, Suite #305, Fremont, CA 94538, USA.

(the “data importer”) each a “party”; together “the parties”,

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

 Clause 1

Definitions

For the purposes of the Clauses:

(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

(b) ‘the data exporter’ means the controller who transfers the personal data;

(c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

(d) ‘the subprocessor’ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

(e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2

Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in the Processing Appendix which forms an integral part of the Clauses.

Clause 3

Third-party beneficiary clause

1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary. 
2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. 
3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses. 
4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law. 

Clause 4

Obligations of the data exporter

The data exporter agrees and warrants: 

(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;

(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;

(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

(e) that it will ensure compliance with the security measures;

(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

(j) that it will ensure compliance with Clause 4(a) to (i).

Clause 5

Obligations of the data importer

The data importer agrees and warrants:

(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;

(d) that it will promptly notify the data exporter about:

(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,

(ii) any accidental or unauthorised access, and

(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;

(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;

(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;

(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;

(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.

Clause 6

Liability

1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.

The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.

1. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.

Clause 7

Mediation and jurisdiction

1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

(b) to refer the dispute to the courts in the Member State in which the data exporter is established.

1. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8

Cooperation with supervisory authorities

1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).

Clause 9

Governing Law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10

Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11

Subprocessing

1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement. 
2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority. 

Clause 12

Obligation after the termination of personal data processing services

1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.

APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES

Data exporter: The data exporter is the entity identified as “Customer” in the DPA. 

Data importer: The data importer is CloudOpty Group Inc. a provider of a software-as-a-service platform. 

Data subjects: Data subjects are defined in Section 4.3 of the DPA. 

Categories of data: The categories of Personal Data are defined in Section 4.2 of the DPA. Special categories of data (if appropriate)

The personal data transferred concern the following special categories of data (please specify): None. Processing operations

The personal data transferred will be subject to the following basic processing activities (please specify): The nature of the Processing of Personal Data is providing the Services. 

APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES

Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):

The data importer shall implement and maintain commercially reasonable technical and organizational security measures designed to protect Personal Data from Data Breaches, to help ensure the ongoing confidentiality, integrity, and availability of the Personal Data and Processing systems, in accordance with the data importer’s security standards, including, as appropriate, the measures referred to in Article 32 of the General Data Protection Regulation. 

SPECIAL PROMOTIONS

“50% savings guarantee”  promotion terms and conditions: 

*Download the CloudOpty Agent, run our savings calculator, and find your path to savings. If our savings calculator doesn’t show you potential savings of at least 50%, we will pay you the lesser of $2,000 or the difference between our savings estimate and the estimated cost utilized by our savings calculator.

The savings calculated by our savings calculator is based on computing savings in your cluster and do not consider savings plans or reserved instances you may already be using.  Additional terms and conditions apply.

This promotion is not a guarantee of savings and will be void if and when you sign up to use our services. This promotion is valid for downloads of the CLOUDOPTY Agent timestamped prior to July, 2022. You remain solely liable for all expenses you incur in connection with your use of any third-party service, and we will not be required to pay any amounts on your behalf or otherwise to any third party. Under no circumstances will our liability to you under this promotion exceed $2,000 in the aggregate. This promotion is void where prohibited and may be discontinued, shortened, or terminated at any time in the sole discretion of CLOUDOPTY Group, Inc. (the “Company”, “us”, “our” and the like), with or without notice to you. Any dispute regarding the promotion will be decided by the Company in its sole, good faith discretion, and such decision will be final and binding on you, the Company, and all individuals and entities who or that may claim any right or benefit (directly or indirectly) hereunder through any of the foregoing, to the fullest extent permitted by law.

Additional Terms and Conditions:

• 50% savings is based on the savings calculator, and actual savings may take longer to achieve.
• Minimum K8s version of 1.18 required.