Enterprise Master Services Agreement
This Master Services Agreement (this “Agreement”) is between ID Agent LLC (“ID Agent” or “ID Agent”) and you, the entity that accepts any services from ID Agent and/or who purchases any licenses sold or provided to you by ID Agent (“you”, “your”, or “Customer”). In this Agreement, ID Agent and you may be referred to individually as a “Party” and, collectively, as the “Parties.”
Services provided to you by ID Agent (“Services”), and any licenses sold to you by ID Agent, will be defined in one or more order forms (each, an “Order Form”) which, once accepted by you, will be automatically governed under the terms of this Agreement. If there is a material difference between the language in an Order Form and the language in this Agreement, then the language of the Order Form will control, except in situations involving any modification of ID Agent’s warranties or ID Agent’s limitations of liability. Under those limited circumstances, the terms of this Agreement will control unless the Order Form expressly states that it is overriding the conflicting provisions of this Agreement.
Please note: This Agreement contains a binding arbitration clause that affects how disputes between ID Agent and you must be resolved. By agreeing to the terms of this Agreement, you are also agreeing to the binding arbitration requirements described below.
To be valid, an Order Form must be supplied by ID Agent to you (i.e., purchase orders, invoices, and similar forms are not acceptable), and must be accepted by you either electronically or by physical handwritten signature. An Order Form will be effective as of the date on which ID Agent receives your signed version of the form. Any Order Form that is pre-signed by ID Agent must be signed by you and returned to ID Agent within ten (10) business days after the date on which ID Agent signed the form, otherwise the Form is automatically deemed to be withdrawn and invalid.
Unless earlier terminated in accordance with this Agreement, the term of any Order Form shall: (a) continue for the period indicated on the Order Form; and (b) thereafter, automatically renew for successive one year periods, unless either party provides written notice of non-renewal no less than sixty (60) days prior to the end of the then-current term. Unless otherwise adjusted in accordance with this Agreement, fees and expenses for renewal terms will automatically be set at ID Agent’s then-current rates for the applicable Services. Either party may terminate this Agreement in the event that the other party fails to cure a material breach within thirty (30) days after receipt of written notice thereof.
Services or licenses that fall outside of the scope of an existing Order Form (“Additional Services”) may be provided by ID Agent; however, the Parties must agree to Additional Services in a signed writing either by amending an existing Order Form or agreeing to an additional Order Form. ID Agent reserves the right to refuse or decline any proposed Additional Services.
You agree to pay the fees, costs, and expenses described in each Order Form. Fees designated for payment on an “Annual” basis are due and payable in advance of the provision of services; fees designated for payment on a “Monthly” basis are due and payable monthly, in advance of the provision of services.
We reserve the right to increase our fees under any Order Form by providing you with written notice of the increase. If an increase is more than ten percent (10%) of the fees charged for the same Services in the prior calendar year, then you will be provided with a thirty (30) day opportunity to terminate the applicable Order Form by providing us with written notice of termination. Your continued acceptance or use of the Services after this thirty (30) day period will indicate your acceptance of the increased fees. All fees must be paid in immediately available funds and in U.S. dollars. Fees paid are non-refundable.
Any payment not received timely by ID Agent will accrue late payment fees at the rate of 1.5% per month (pro-rated for partial months) or the highest amount allowable by law, whichever is less. ID Agent reserves the right, but not the obligation, to suspend part or all of its Services or licenses to you without prior notice to you in the event that any portion of undisputed fees are not timely received by us. Recurring charges shall continue to accrue during any period of suspension. Notice of disputes related to fees must be received by us within ninety (90) days after the applicable service is rendered or the date on which you pay an invoice, whichever is later; otherwise, you waive your right to dispute the fee thereafter. A re-connect fee may be charged to you if we suspend Services due to your nonpayment. Time is of the essence in the performance of all payment obligations by you.
All fees are exclusive of local, state, federal and international sales, value added, excise, withholding and other taxes and duties of any kind. You are be responsible for, and agree to pay in advance (or reimburse ID Agent for amounts paid), any and all taxes and duties arising out of or in connection with this Agreement, other than taxes levied or imposed based upon ID Agent’s net income.
If ID Agent agrees to accept payment from you via ACH debit, credit card or other method (“Payment Method”), and you have provided ID Agent with all applicable billing information, then you hereby authorize ID Agent, using the Payment Method, to automatically charge you for all fees incurred in accordance with the Agreement, including during automatic renewal periods; Should automatic billing fail, you must immediately provide ID Agent with updated or corrected information for the failed Payment Method, or provide for payment by alternative means acceptable to ID Agent.
LIMITATION OF LIABILITY
The following limits the liabilities arising under this Agreement and is a bargained-for and material part of this Agreement. You acknowledge and agree that ID Agent would not enter into this Agreement unless it could rely on the limitations described in this paragraph. To the greatest extent permitted by law, unless otherwise expressly stated in this Agreement or an Order Form, ID Agent makes no representations or warranties whatsoever in connection with any services, data, or licenses provided under or in connection with this Agreement, all of which are provided on an “as is” basis.
Without limiting the generality of the foregoing: ID Agent does not warrant that (a) any particular results will occur as a result of your use of the Services or software, or that at any services, software, or data will be free from errors, defects, or bugs, or that (b) the Services or software will not interfere with or disrupt any of your networks, security or other systems, or software. ID Agent expressly disclaims, and you expressly waive under this Agreement, all implied warranties including warranties of merchantability, fitness for a particular purpose, non-infringement, system integration, accuracy of informational content, and accuracy of the methodology used to develop or provide the Services or any data.
In no event shall ID Agent’s liability arising out of or related to this Agreement, whether in contract, tort, negligence, or under any other theory of liability in the aggregate, exceed the greater of the total amount paid or payable by you to ID Agent under an applicable Order Form in the twelve (12) month period immediately preceding the earliest date on which the incident giving rise to liability first occurred. Except for your payment obligations and your indemnification obligations described in this Agreement, no Party shall be liable for any indirect, special, punitive, consequential or other damages, including any lost profit, lost data or lost savings under any contract, negligence, strict liability or other legal or equitable theory, even if the Party has been advised of the possibility of such damages.
Each Party (an “Indemnifying Party”) agrees to indemnify, defend and hold the other Party and its respective directors, officers, employees, agents, representatives and contractors (an “Indemnified Party”) harmless from and against any and all losses, damages, costs, expenses or liabilities, including reasonable attorneys’ fees (collectively, “Damages”) that arise from, or are related to, the Indemnifying Party’s uncured breach of this Agreement. In addition, you agree to indemnify, defend and hold ID Agent and its directors, officers, employees, agents, representatives and contractors harmless from and against any and all Damages that arise from, or are related to, any decision, action or omission that you or any authorized third party may make based on Services or any data, reports, analyses, statistics or other information provided or made available to you in connection with the Services (“Report Data”), and any use or handling of Services or Report Data. The Indemnified Party will have the right, but not the obligation, to control the intake, defense and disposition of any claim or cause of action for which indemnity may be sought under this section. The Indemnifying Party shall be permitted to have counsel of its choosing participate in the defense of the applicable claim(s); however, (i) such counsel shall be retained at the Indemnifying Party’s sole cost, and (ii) the Indemnified Party’s counsel shall be the ultimate determiner of the strategy and defense of the claim(s) for which indemnity is provided. No claim for which indemnity is sought by an Indemnified Party will be settled without the Indemnifying Party’s prior written consent, which shall not be unreasonably delayed or withheld.
Any Software or other deliverables provided under an Order Form (“Software”) are licensed, and not sold, to you. ID Agent or its authorized licensors are, and shall remain, the owners of all rights, titles, and interests, in and to all Software and other deliverables, as well as all Services, provided to you. Except for the limited licenses expressly conveyed to you under the terms of an Order Form or under any applicable end user license agreement for Software or other deliverables, you are not receiving any rights or interests in any Software, deliverables or any Services, all of which are expressly reserved by ID Agent and its authorized licensors. You also agree that the content of all oral or written comments or reports provided to ID Agent as feedback, including corrections, ideas, and concepts (“Feedback”), is ID Agent’s property and, to the greatest extent permitted by law: (a) you hereby assign and convey to ID Agent any copyright and other such rights in the Feedback to ID Agent without the requirement of any accounting or payment to you; and (b) ID Agent may use the Feedback in any way that it desires in its sole discretion.
Except for any Feedback you may provide, you are, and will remain, the owner of all data, reports, analyses, or other information that you provide to ID Agent or which you make available to ID Agent or its licensors in connection with the Services (“Your Data”). You hereby grant ID Agent and its designated representatives the worldwide, royalty-free, transferable and sub-licensable right, during the term of this Agreement, to maintain, access, view, display, copy, edit, process, use, and transmit Your Data as necessary to provide and fulfill the Services. In addition to the foregoing, ID Agent shall have the perpetual, worldwide, royalty-free right (but not the obligation), to maintain, use, copy, edit, and transmit Your Data in a de-identified manner for the purpose of analyzing, demonstrating, improving, and/or promoting the effectiveness or efficiency of the Services, ID Agent’s business operations, or the Software.
You represent, warrant and covenant to ID Agent that: (a) you own or lawfully control, or otherwise hold a current and lawful right or license (and will continue during the term of this Agreement to hold and control such right or license) to possess, access and use, Your Data and all domain names, email accounts, IP addresses and other materials and content you may provide to ID Agent in connection with the Services; (b) you are authorized to enter into this Agreement and any Order Form, and to bind the entity on whose behalf you agree to the terms and conditions of this Agreement and any Order Form; (c) you do not need the further consent of any third party to enter into this Agreement or any Order Form; (c) your entry into this Agreement will not conflict with any right of privacy or any other obligation which you may have to any other person or entity; and, (d) you will comply with all applicable statutes, rules, laws, and regulations, as well as the terms of any applicable Software end user license agreement.
You further understand and agree that the Services are supplemental to, and are not intended to replace, any security measures that you may now have or that you may implement in the future (whether physical, technical or procedural), such as filters, virus software, firewalls, surveillance or information security programs. You agree that no security solution can be 100% effective, and at no time (including post-implementation of the Services or Software) does ID Agent guarantee the quality, effectiveness, or efficiency of your security posture, including any policies, procedures, or operations.
You also agree that you will not use any Report Data as a factor in, or for the purpose of, establishing an individual’s eligibility for or evaluating any individual with respect to (i) credit or insurance to be used primarily for personal, family or household purposes, (ii) employment, promotion, reassignment or retention as an employee, or (iii) any other purpose authorized under Section 604 of the Fair Credit Reporting Act, as applicable. You shall not use Report Data as a factor in or for the purpose of improving, or providing advice or assistance with regard to improving, any individual’s credit record, credit history, or credit rating.
ID Agent does not assemble, evaluate, or make the Services or any data available for use as a factor in or for the purpose of (a) establishing any individual’s eligibility for, or evaluating any individual with respect to (i) credit or insurance to be used primarily for personal, family or household purposes, (ii) employment, promotion, reassignment or retention as an employee, or (iii) any other purpose authorized under section 604 of the Fair Credit Reporting Act, or (b) improving, or providing advice or assistance with regard to improving, any individual’s credit record, credit history, or credit rating.
In this Agreement, “Confidential Information” means any nonpublic information disclosed by one Party (a “Disclosing Party”) to the other (a “Receiving Party”) in connection with the Services, and clearly marked as confidential or identified in writing to the Receiving Party as confidential at the time of disclosure. Confidential Information also includes (whether or not marked as confidential) (a) the identity of any chat rooms or other Internet sites monitored in connection with ID Agent’s monitoring-type services (“Sources”), (b) any Report Data disclosed to you in connection with the Services, and (b) the financial terms of this Agreement or any Order Form.
Confidential Information will not include information the Receiving Party can document that (a) is or becomes generally available to the public through no improper action by the Receiving Party, (b) was known by the Receiving Party or in the Receiving Party’s possession prior to receipt of the Disclosing Party’s as shown by the Receiving Party’s business records kept in the ordinary course of business, (c) is disclosed with the prior written approval of the Disclosing Party, (d) was independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information, provided that the Receiving Party can demonstrate such independent development by documented evidence prepared contemporaneously with such independent development, (e) becomes known to the Receiving Party from a source other than the Disclosing Party without breach of this Agreement, or (f) is required to be disclosed pursuant to the order or requirement of a court, administrative agency, or other governmental body, provided that the Receiving Party provides prompt, advance written notice thereof to enable the Disclosing Party to seek a protective order or otherwise prevent such disclosure. In the event such a protective order is not obtained by the Disclosing Party, the Receiving Party will disclose only that portion of the Confidential Information which its legal counsel advises that it is legally required to disclose.
Each Receiving Party will (a) treat as confidential all Confidential Information of the Disclosing Party, (b) not use such Confidential Information except as expressly set forth in this Agreement or any Order Form or otherwise authorized in writing by the Disclosing Party, (c) implement reasonable procedures to prohibit the unauthorized use, disclosure, duplication, misuse or removal of the Disclosing Party’s Confidential Information, and (d) not disclose such Confidential Information to any third party, except as may be necessary and required in connection with the rights and obligations of such Party under this Agreement or any Order Form. Without limiting the foregoing, each of the Parties will use at least the same procedures and degree of care which it uses to prevent the disclosure of its own confidential information of like importance to prevent the disclosure of Confidential Information disclosed to it by the other Party, but in no event less than reasonable care.
All Confidential Information shall remain the property of the Disclosing Party. Upon receipt of written request from the Disclosing Party, the Receiving Party shall destroy the Confidential Information of the Disclosing Party that is in the Receiving Party’s custody or control.
You agree that during the term of this Agreement and for a period of eighteen (18) months after termination of this Agreement, whether for your own account or for the account of others, solicit for employment, hire, or otherwise engage any of ID Agent’s employees or independent contractors with whom you came into contact as a result of the Services rendered under an Order Form. Notwithstanding the foregoing, nothing in this Agreement shall prohibit you from hiring any person who responds to a general employment solicitation that is not personally directed to such person. In the event you hire or engage an employee or contractor in violation of this restriction, ID Agent shall be entitled to collect liquidated damages from you to compensate ID Agent for locating, recruiting, hiring, and training a replacement person. ID Agent’s liquidated damages shall be a sum equal to two times the gross annual compensation of the person you wrongfully hired or engaged. Gross annual compensation means twelve times the applicable employee or contractor’s last full month’s compensation from ID Agent, including bonuses and the value of the person’s benefits. The parties agree and acknowledge that this amount is a reasonable, liquidated amount and not a penalty.
Additional Terms. Additional terms and provisions are attached as schedules to this Agreement, and are incorporated into the main body of this Agreement as if fully repeated herein.
Interpretation. The headings used in this Agreement are for convenience only and shall in no case be considered in construing this Agreement. If any part of this Agreement is held by a court of competent jurisdiction to be illegal or unenforceable, the validity or enforceability of the remainder of this Agreement shall not be affected and such provision shall be deemed modified to the minimum extent necessary to make such provision consistent with applicable law and, in its modified form, such provision shall then be enforceable and enforced. Neither suspension nor termination is an exclusive remedy and all other remedies will be available whether or not suspension or termination occurs. Any use of the term “include” or “includes” or “including” shall mean “include without limitation,” “includes without limitation” and “including without limitation,” respectively.
Assignment. Subject to the following, all of the terms and conditions of this Agreement shall be binding upon, inure to the benefit of, and be enforceable by the respective successors and any permitted assigns of the parties. You shall not assign this Agreement or any of your rights or obligations hereunder (whether by operation of law or otherwise) without ID Agent’s prior written consent, and any attempt to do otherwise shall be null and void. There are no intended third party beneficiaries of this Agreement.
No Waiver; Limitations. No failure or delay in exercising any right hereunder will operate as a waiver thereof, nor will any partial exercise of any right or power hereunder preclude further exercise. To the extent permitted by applicable law, no action, regardless of form, arising out of this Agreement may be brought by you more than one (1) year after the earliest date on which the applicable cause of action began to accrue.
Governing Law. The terms of the United Nations Convention on the International Sale of Goods shall not apply to this Agreement. The Parties hereby confirm that they have requested that this Agreement be drafted in English. Les parties contractantes confirment qu’elles ont exigé quele présent contrat et tous les documents associés soient redigés en anglais.
To the greatest extent permitted by law, the interpretation and enforcement of this Agreement and any Order Form shall be governed exclusively under the laws of the state of New York, U.S.A. The Parties agree that the sole and exclusive venue for any litigation, arbitration, or mediation that arises from or relates to this Agreement or any Order Form, including without limitation any action involving the interpretation, purported breach, or enforcement of this Agreement or any Order Form, shall be New York County, New York, regardless and irrespective of any conflict of laws provisions. You hereby submit to the personal jurisdiction of New York County, New York. You understand and agree that the foregoing venue restriction shall apply regardless of where your principal place of business exists and/or regardless of the jurisdictions in which you primarily conduct your business. You further understand and agree that ID Agent would not enter into this Agreement without your consent to the applicability of New York law, and your consent to venue existing exclusively in New York County.
Notwithstanding the foregoing, ID Agent may bring an action for temporary injunctive relief in any jurisdiction in which you attempt to breach, actually breach, or are reasonably likely to breach, any term of this Agreement. An action for temporary injunctive relief in a jurisdiction other than in New York County, New York, shall not act as a waiver of ID Agent’s right to require the applicability of New York law or ID Agent’s right to require subsequent activity to take place in New York County, New York.
Dispute Resolution; Required Arbitration. The Parties agree to try in good faith for up to sixty (60) days (fifteen (15) days for nonpayment-related disputes) to resolve any dispute under or in connection with this Agreement (a “Dispute”) informally. If the Parties cannot settle any Dispute during this time period, the Parties agree to enter binding arbitration and not to litigate in court in front of a judge or jury. The Parties also agree that class action lawsuits, class-wide arbitrations, private attorney-general actions, and any other proceeding where someone acts in a representative capacity are hereby waived and not allowed, nor is combining individual proceedings without ID Agent’s written consent.
Any Dispute shall be arbitrated, not litigated, under the Commercial Arbitration Rules (the “Rules”) of the American Arbitration Association (“AAA”) by a single arbitrator experienced in intellectual property, contract, and software distribution-related matters. If the parties cannot mutually agree on an arbitrator, then the AAA shall select the arbitrator. Notwithstanding the Rules, (a) the arbitration proceeding must be conducted by telephone, online, or teleconference, and must be solely based on written submissions, (b) the arbitration shall not require any personal appearance by the Parties or witnesses unless otherwise mutually agreed by the Parties, and (c) any judgment on the award rendered by the arbitrator may be entered in any court of competent jurisdiction. Except to the extent otherwise expressly provided in applicable arbitration rules, the arbitrator’s decision shall be final and binding upon the parties, and shall not be subject to appeal.
Severability. If any provision of this Agreement is found to be invalid, illegal or unenforceable, that provision will be severed but the rest of the applicable section and Agreement still applies and shall be enforced. This Agreement prevails to the extent that it conflicts with applicable arbitration rules.
Attorneys’ Fees. The rules of the applicable arbitral tribunal will govern payment of filing fees and the arbitrator’s fees and expenses, but the prevailing Party shall be entitled to receive an award of its reasonable attorneys’ fees and costs.
Changes in Laws. Notwithstanding anything to the contrary in this Agreement, ID Agent may limit or discontinue the provision of the Services to the extent that ID Agent (or any agent of ID Agent) is restricted by any rule, regulation, law or governmental entity from providing the Services to you. In addition, ID Agent may discontinue, upgrade, or change the production, support, delivery and maintenance of any Services if ID Agent develops an upgraded version or otherwise no longer generally provides such Services to customers generally. In the event that ID Agent materially modifies the content or scope of the Services provided to you, the Parties shall renegotiate the fees in good faith according to the then-prevailing pricing models.
Consent and Notices. Unless otherwise expressly indicated, any consent or authorization required under this Agreement shall be at the sole discretion of the Party from whom such consent is required. Notice shall be deemed to have been received by a Party, and shall be effective on the day received. All breach-related and indemnification-related notices permitted or required under this Agreement shall be in writing and shall be delivered by recognized postal or courier Services who provide delivery confirmation to the other Party’s address set forth on the applicable Order Form, or such other address as the parties may subsequently provide in writing. All notices may be sent by email with notice deemed given upon acknowledgement of receipt by a reply email.
Independent Contractors. The parties enter into this Agreement as, and shall remain, independent contractors with respect to one another. Nothing in this Agreement creates a partnership, joint venture, agency, franchise, or employment relationship between the parties.
Force Majeure. ID Agent shall not be liable for any failure in its performance if the failure arises out of acts or omissions by you, or the unavailability of communications facilities or energy sources, acts of God, acts of third parties, acts of governmental authority, fires, strikes, delays in transportation, riots, terrorism, war, cybersecurity incidents, or any other causes beyond the reasonable control of ID Agent.
Entire Agreement. This Agreement, together with its schedules and Order Forms, comprises the entire agreement between the parties regarding the subject matter hereof and supersedes and merges all prior and contemporaneous proposals, understandings and all other agreements, oral and written, between the parties relating to the subject matter of this Agreement. ID Agent reserves the right, in its sole discretion, to change the terms and conditions of any of the Service schedules attached to this Agreement (“Updated Terms”) from time to time. Unless ID Agent makes a change for legal or administrative reasons, ID Agent will provide reasonable advance notice before the Updated Terms become effective. You agree that ID Agent may notify you of the Updated Terms by posting them on the online portal made available to you in conjunction with the Services (“Portal”), and that your continued use of the Services (including the Portal) after the effective date of the Updated Terms (or engaging in such other conduct as ID Agent may reasonably specify) constitutes your agreement to the Updated Terms. The Updated Terms will be effective as of the time of posting, or such later date as may be specified in the Updated Terms, and will apply to your use of the Services from that point forward. Except as otherwise expressly provided in this paragraph, this Agreement may be amended or modified only in a writing executed by both parties.
Consent. This Agreement and any amendments thereto may be executed in counterparts. The parties consent to the conduct of transactions and the execution of any amendments between them by electronic means or records, including by use of electronic signatures and facsimile copies of a Party’s signature.
Schedule 1 – Portal Terms And Conditions
For the purposes of this Schedule, “Portal” refers to ID Agent’s proprietary Services platform hosted by or on behalf of ID Agent and which is made available for remote access by your designated employees (“End Users”).
You are responsible for your access to and use of, and each End User’s access to and use of, the Portal. All access and use of the Portal is subject to the following terms and conditions:
- Acceptable Use. End Users must comply with the acceptable use conditions listed below, as well as any acceptable use policy posted by ID Agent at its website or made available to End Users through the Portal (“AUP”). ID Agent reserves the right to modify its AUP at any time by posting the revised AUP on its website or making the revised AUP available through the Portal. Each End User’s use of the Portal after the posting date of a revised AUP indicates acceptance of the revised AUP by such End User(s).
- Restrictions. You may use the Portal solely as expressly permitted in this Agreement (including this Schedule) and any applicable AUP. Without limiting the generality of the foregoing limitation or any of the other conditions or restrictions set forth in this Agreement, you will not (and will not allow End Users to):
copy or modify the Portal;
reverse engineer, decompile, disassemble, derive the source code of, create derivative works from or otherwise exploit the Portal (except to the extent that such restriction is expressly prohibited by applicable law);
lease, license, use, make available or distribute all or any part of the Portal to any third party;
use the Portal to operate in or as a time-sharing, outsourcing, service bureau, application service provider or managed service provider environment;
take actions which result in access, or attempts to access, the Portal from more than one computer at any one time per End User;
distribute or share any Portal user name or password with anyone;
remove, modify or obscure any copyright, trademark or other proprietary rights notices which appear in or on the Portal or any report or other output generated thereby;
use the Portal or any of ID Agent’s resources to violate the intellectual property or privacy rights of any person or entity;
engage in unauthorized copying of copyrighted material, including photographs or other materials in magazines, books, or other copyrighted sources;
view, download, store, send, or otherwise access or use offensive or pornographic material in connection with the Portal, or procure or transmit material that is sexually harassing or intended to harass another user or member of the Portal; or
reveal an End User’s account password to others, or allow use of an End User’s account by others.
- Confidentiality. You shall (a) keep your access credentials (e.g., user names and passwords) confidential, and (b) immediately notify ID Agent if the integrity or security of its access credentials is compromised. You will be responsible for charges incurred under your account, and activity taking place in your account, where such charges and activities were originated using your access credentials.
- Equipment. You are solely responsible for all equipment and other resources necessary to (a) connect to and communicate with the Portal, and (b) receive two-factor authentication codes sent via text message or LAN phone call. By entering into this Agreement, you grant ID Agent the right to send Service-related texts to any cellular telephone number you provide to us.
- Revocation. To the extent any third party revokes, withdraws, or otherwise terminates its consent to permit you to provide ID Agent with Data to enable ID Agent to provide the Services (including any monitoring or phishing-related services), you must immediately (a) provide ID Agent with written notice thereof; and (b) remove all information pertaining to the third party (including such party’s email address, domain names, IP addresses, and monitoring agents/resources) from the Portal.
SCHEDULE 2 – Data Protection Addendum for EU-based Customers
This Data Protection Addendum (“DPA”) is made a part of the Agreement solely to the extent that: (a) the Customer, or any person (“Person”) from whom the Customer collects Personal Data (defined below), is located in the European Economic Area (“EEA”); (b) the Customer and/or such Person is subject to Data Protection Laws (defined below); and (c) the Services involve the collection or processing of the Personal Data of an individual located in the EEA. To the extent this DPA applies, and in consideration of the mutual obligations set out in this DPA, ID Agent and the Customer agree that this DPA is a binding part of the Agreement.
Except as modified in this DPA, the terms and conditions of the Agreement shall remain in full force and effect. If there is any conflict between this DPA and the Agreement regarding ID Agent’s privacy or security obligations, the provisions of this DPA shall control.
Purpose: The purpose of compliance with Data Protection Laws concerning the processing of Personal Data on behalf of End-Users located in European Union (“EU”) Member States or members of the European Economic Area (“EEA”) and incorporates (to the extent applicable) the terms of the EU Standard Contractual Clauses (“SCCs”). “Data Protection Law” means, where applicable, the European General Data Protection Regulation (EU 2016/679) (“GDPR”), including applicable laws implementing or supplementing the GDPR and as transposed into domestic legislation of Member States, as amended, replaced or superseded from time to time (including applicable legislation in the United Kingdom that arises from its withdrawal from the EU or EEA). The terms Processor, Controller, processing (and process), personal data breach, data protection impact assessment and Personal Data shall have the meanings set out in Data Protection Laws. The term “Personal Data” includes: first and last name, email address, telephone number, mailing address, and other information necessary to identify an individual for purposes of assisting ID Agent with providing Services.
Context and Scope of Personal Data Processing: In order to provide the Customer with the Services, it may be necessary for ID Agent to collect Personal Data of an employee or other representative of the Customer (each, a “Customer Representative”).
Such data is collected when Customer Representatives provide their Personal Data directly to Customer as the designated point of contact between Customer and ID Agent, and Customer shares that data with ID Agent. That data is subsequently used by ID Agent solely to provide the Services as requested in an Order Form, or as may be necessary to assist with any requests regarding use and proper operation of the Services or the Portal.
Obligations under Data Protection Laws: To the extent that Data Protection Laws apply to the processing of Personal Data of Customer Representative(s) and other End Users, the parties acknowledge and agree that: ID Agent is a Processor and Customer is a Controller with regard to the processing of Personal Data. Each party shall comply with its respective obligations under Data Protection Laws and this DPA with regard to the processing of Personal Data.
Moreover, ID Agent shall only process Personal Data in accordance with the Customer’s documented instructions. As required under Data Protection Laws, ID Agent shall assist the Customer, where appropriate, in ensuring compliance with the Customer’s obligations pursuant to Data Protection Laws, taking into account the nature and scope of ID Agent’s Personal Data processing, which may include providing commercially reasonable cooperation and assistance with: (a) data subject requests (see below); (b) notifications or communications regarding personal data breaches; (c) data protection impact assessments; and (d) prior consultations with supervisory authorities.
Processing Obligations: With respect to any Personal Data processed by ID Agent pursuant to this Agreement, ID Agent shall: (a) in the event ID Agent engages trusted third parties to process Personal Data (“Trusted Parties”), seek the prior specific or general written authorization of the Controller, which is hereby given in respect of any Trusted Parties expressly listed in an Order Form or the Portal (and in the case of general written authorization, the Processor shall inform the Controller of any intended changes concerning the addition or replacement of Trusted Parties, thereby giving the Controller the opportunity to object to such changes); (b) unless prohibited under applicable law, upon termination of the Services, at its option, either return or destroy the Personal Data (including all copies of it); (c) ensure that all persons authorized by ID Agent to access the Personal Data on ID Agent’s behalf, are subject to obligations of confidentiality in accordance with confidentiality obligations set forth in the Agreement; (d) remain fully liable to the Customer for the failure of those persons authorized by ID Agent to access the Personal Data on ID Agent’s behalf; and, (e) make available such information as may be necessary to demonstrate compliance with its obligations under Article 28 of the GDPR and will (at the Customer’s cost and expense) contribute to and allow for appropriate reasonable audits.
Security: ID Agent limits its collection of Personal Data to only that which is relevant for purpose of providing the Services and retains Personal Data in a form that permits identification of data subjects (defined below) for no longer than is necessary to serve that purpose. ID Agent maintains a retention register documenting the regulatory, statutory and business retention periods which it applies to its records. Where no defined or legal retention period exists, the default standard retention period is six (6) years plus the year in which the record was created. ID Agent shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. The following is a summary description of ID Agent’s technical and organizational measures currently in place:
- Information Security and Physical Security Policies and Procedures;
- Remote Access and Bring-Your-Own-Device Policies;
- Multi-Factor Authentication;
- Encryption procedures for data in transit and at rest;
- Asset Management and Secure Disposal Policies;
- Current Information Asset Register;
- Business Continuity and Disaster Recovery Plans;
- Managed Security Services that include regular internet and extranet firewall testing and penetration testing;
- Access Control Policies (controls include:building monitoring and security alarm system, biometric access cards, manual and automated access logs, secure storage of physical and information assets and media devices);
- Clear Desk/Clear Screen Policies;
- Password complexity and regular rotation policy for employees and systems; and
- Staff training and awareness of information security policies and procedures, breach procedures, and reporting chain.
Data Subject Rights: Within the scope of Data Protection Laws, Customer Representatives and other End Users that are located in the EEA (“data subjects”) have certain rights that they may exercise, based on jurisdiction, in relation to the processing of their Personal Data. Where applicable, these rights include: the right to access, correct, update, and delete that data subject’s Personal Data, to withdraw any consent to processing, to opt out of communications, to restrict processing of Personal Data, and to make any claim or complaint in relation to their rights under Data Protection Laws, ID Agent shall respond to and offer reasonable assistance to Customer (at Customer’s expense) in responding to data subjects’ requests to exercise their data protection rights in accordance with applicable Data Protection Laws.
EU Standard Contractual Clauses (Processors): Where Personal Data originating or processed in the EEA is transferred to ID Agent or any Trusted Party outside of the EEA, the parties agree to abide by this DPA and the standard contractual clauses for the transfer of Personal Data from the EEA to Processors established in non-EEA countries that do not provide an adequate level of data protection approved by the European Commission Decision of 5 February 2010, as currently set out at: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087 (collectively, the “SCCs”).
The parties agree to observe the terms of the SCCs without modification, except as permitted under Clause 10 of the SCCs. In the event of inconsistencies between the provisions of the SCCs and this DPA or other agreements between the parties, the SCCs shall take precedence. The terms of the DPA shall not vary the SCCs in any way. Information required for Appendix 1 and 2 of the SCCs shall be as described in this DPA.
The governing law in Clause 9 of the SCCs shall be the Member State in which the Customer (as data exporter) is established. Each of the parties’ signatures, authentications, or consents to this Agreement shall be considered applicable to the DPA and SCCs as well. If so required by the laws or regulatory procedures of any jurisdiction, the parties shall execute or re-execute the SCCs as separate documents setting out the proposed transfers of Personal Data
SCHEDULE 3 – Monitoring Service Terms And Conditions
The following terms and conditions apply to ID Agent’s provision of Monitoring Services to Customer.
Definitions. For the purposes of this Schedule:
“Domain Name Asset” means any email domain name (such as “@CustomerName.com” or “@AuthorizedThirdParty.com”) that is: (a) unique to Customer or an Authorized Third Party; and (b) owned or controlled by Customer or an Monitored Party, as designated by Customer from time to time in accordance with ID Agent’s then-current process.
“Designated Monitoring Resources” means Domain Name Assets, Email Assets, and IP Addresses, subject to limitations set forth on the applicable Order Form.
“Email Asset” means any email address (such as “[email protected]” or “[email protected]”) that is: (a) unique to Customer or an Monitored Party; and (b) owned or controlled by Customer or an Monitored Party, as designated by Customer from time to time in accordance with ID Agent’s then-current process.
“IP Address” means any IP address for a system, network or device which Customer or an Monitored Party owns, or to which Customer or an Monitored Party has authorized access, as designated by Customer from time to time in accordance with ID Agent’s then-current process.
“Monitored Party” means: (a) Customer; (b) any employee, contractor, Supplier or agent of Customer, on whose behalf Customer has obtained prior written permission, in compliance with applicable laws and this Agreement, to provide ID Agent with Designated Monitoring Resources for the purpose of enabling ID Agent to provide Monitoring Services and Monitoring Report Data to the Customer with respect to those Designated Monitoring Resources, without the further consent of the applicable employee, contractor, Supplier or agent or any other third party; and (c) any Prospect.
“Monitoring Services” means: (a) monitoring Sources in an effort to identify apparent references to Designated Monitoring Resources (each, a “Hit”) which suggest that one or more individuals, organizations, or communities are targeting a person connected with a Designated Monitoring Resource and could pose a risk of unauthorized dissemination or use of an Monitored Party’s sensitive and/or confidential information; and (b) making available a daily report showing such Hits and such other information deemed appropriate by ID Agent.
“Supplier” means any current contractor, vendor, business partner, agent or affiliated agency of Customer with which Customer has a current written agreement that protects the confidentiality, and limits the use, of the Services and Monitoring Report Data in a manner consistent with, and no less protective than, this Agreement.
“Supplier Prospect” means any bona fide and current prospective Supplier in which Customer has expressed a current interest in viewing masked Monitoring Report Data concerning such prospective Supplier, but which is not yet a Supplier bound by a written contract with Customer in accordance with the Agreement.
Limitations. Any and all Report Data relevant to Monitoring Services made available to Customer on the Portal, including Hits and reports (“Monitoring Report Data”) shall constitute Confidential Information of ID Agent, and shall be used by Customer solely for (a) its internal lawful business purposes, (b) its support of an Monitored Party in compliance with applicable laws and this Agreement, or (c) alerting law enforcement. Monitoring Report Data cannot be resold, sublicensed, copied or used by any Monitored Party in any other manner without the express written consent of ID Agent, which consent may be withheld in ID Agent’s sole and absolute discretion.
Notwithstanding any other provision of this Agreement, Customer agrees that: (a) Customer shall differentiate between Prospects and other Authorized Monitored Parties; and (b) all Monitoring Report Data made available to Customer in connection with an Monitored Party which is merely a Prospect and not a Supplier shall be partially masked until such time as such Prospect becomes an actual Supplier.
SCHEDULE 4 – Phishing Service Terms And Conditions
The following terms and conditions apply to ID Agent’s provision of Phishing Services.
Definitions. For the purposes of this Schedule:
“Phishing Services” shall mean making the following available to End Users solely for use in simulated phishing campaigns processed on behalf of Customer: (a) simulated communication templates and simulated landing page templates; (b) access to that portion of the Portal that enables an End User to (i) name and choose templates for a particular simulated phishing campaign, (ii) modify the content of selected templates, (iii) schedule the delivery and duration of a simulated phishing campaign, (iv) upload the sending profile and target names and related indicators and information for a simulated phishing campaign, and (v) launch and collect data from a simulated phishing campaign; and (c) information and data resulting from a simulated phishing campaign (“Phishing Report Data”).
Limitations. Notwithstanding any other provision of this Agreement, Customer agrees that: (a) all phishing campaigns shall be implemented solely for informational and educational purposes only; and (b) Phishing Report Data may be used by Customer solely to support the Customer. Phishing Report Data is Confidential Information of ID Agent and cannot be resold, sublicensed, copied or used by Customer or any third party in any other manner without the express written consent of ID Agent, which consent may be withheld in ID Agent’s sole and absolute discretion.
Conditions. Customer: (a) represents and warrants that conducting a simulated phishing campaign, including collecting information about responses to the same, is fully consistent with any and all of Customer’s contracts and policies (including privacy policies) with respect to its staff, and consistent with any and all national, state, provincial and local laws and regulations which may apply to Customer and its staff; (b) shall ensure that any and all simulated phishing communications are sent solely to bona fide staff of Customer (i) via an email account that is owned and controlled by Customer and (ii) in order to gauge such staff’s response to phishing and similar email attacks; and (c) shall review any and all changes made to any simulated phishing communication or simulated landing page (or template thereof) by or on behalf of Customer to ensure the same fully complies with the AUP and applicable law. Without limiting the generality of the foregoing, Customer shall ensure that any and all content and/or changes provided by Customer in connection with any simulated phishing communication or simulated landing page (or template thereof) by or on behalf of Customer does not include any text, image or other content that: (a) is obscene, offensive, or inappropriate, or that otherwise could expose Customer or ID Agent to civil or criminal liability; or (b) infringes or otherwise violates any copyright, trademark, trade secret or patent of any third party.
Template Changes. To the extent that Customer revises, replaces, or otherwise changes the content, graphics or format of any of ID Agent’s standard phishing campaign communications or simulated landing pages (or templates thereof), Customer hereby grants to ID Agent a nonexclusive, irrevocable, unlimited, worldwide, royalty-free right and license to display, perform, copy, distribute, make derivatives of and otherwise use the same.
SCHEDULE 5 – Service Levels
“Delivery Availability (or Delivered)” means a file, if available, containing Phishing Report Data or Monitoring Report Data (as applicable) is made available to Customer via the Portal at least once during any 24-hour time period (e.g., on a daily basis) via ID Agent’s batch delivery method.
“Emergency Maintenance” means maintenance that is performed by or on behalf of ID Agent or a service provider to ID Agent on or in connection with the Portal or Services due to an issue that is outside of the Maintenance Window and is a result of conditions or events beyond ID Agent’s reasonable control.
“Maintenance Windows” means hours during which ID Agent may perform Scheduled Maintenance on the Portal, i.e., 12:00 a.m. – 11:00 a.m. ET.
“Permitted Downtime” means the following: (a) lack of Delivery Availability due to any Scheduled Maintenance or any Emergency Maintenance; (b) lack of Delivery Availability due to any Force Majeure Event; or (c) lack of Delivery Availability due to, or caused by, Customer’s software, systems or environment or any other reason beyond the reasonable control of ID Agent.
“Scheduled Maintenance” means maintenance on the Portal so long as: (a) such maintenance is performed by ID Agent during a Maintenance Window; or (b) ID Agent has provided notice using e-mail (or other) method to Customer not less than four (4) hours before the commencement of such maintenance, which notice specifies the nature of such maintenance and the anticipated impact of such maintenance upon availability and performance of the Portal.
Service Availability + Credits – Except in the event of Emergency Maintenance or Permitted Downtime, available Phishing Report Data or Monitoring Report Data (as applicable) will be delivered at least once during any 24 hour time period. Customer will notify ID Agent in writing of any non-compliance with the service levels set forth in this Schedule. If ID Agent fails to meet the required Delivery Availability more than twice during any month (i.e., applicable data is available and is not delivered to you for three or more days during the subject month) and after ID Agent has received the required written notice thereof, then Customer, as Customer’s sole and exclusive monetary remedy for such breach, will be entitled to receive one (1) full day’s credit on applicable Service fees for that particular month (a “Service Credit”), which will be computed based on then-current Service fees paid for the applicable Services divided by the applicable number of days in such month. Any Service Credit provided by ID Agent shall be applied to Customer’s next invoice (or refunded if ID Agent does not expect to issue any further invoices).
In order to receive the Service Credit, Customer must notify ID Agent in writing within 30 days from the time Customer becomes eligible to receive a Service Credit. Failure to comply with this requirement will result in a forfeiture of the right to receive the Service Credit.
Service Credits shall constitute Customer’s exclusive monetary remedy for ID Agent’s failure to meet any minimum Delivery Availability commitments; provided, however, that in the event of ID Agent’s uncured failure to meet Delivery Availability for two or more consecutive months, Customer shall also have the right to terminate the Agreement by providing ID Agent with written notice of such termination.
Customer Incident Resolution.
On a 24×7 basis, 365 days per year basis, Customer may provide notice of any Delivery Availability or other support issue by sending an email to their account manager or to [email protected] ID Agent will use its commercially reasonable efforts to resolve any reported and verifiable issues.
Revision Date: May 2019