Software License Agreement
This Software License Agreement is between DataSetGo, LLC, a Florida limited liability company with principal offices at 886 Park Ave, Marco Island, FL 34145 (“DataSetGo”), and the Customer found on the applicable Order (“Customer”) and, together with the Order forms the “Agreement” between the parties. Additional definitions for capitalized terms are set forth in the “Definitions” paragraph below. DataSetGo, LLC and Customer are collectively referred to as the “Parties” and each a “Party”.
WHEREAS
1. DataSetGo, LLC is a Florida limited liability company providing services in the field of payroll.
2. Customer engages the DataSetGo, LLC for payroll services and the implementation thereof.
3. The scope of the Agreement may involve several Affiliates of Customer and several Affiliates and/or Partners of DataSetGo who will perform services in one or more countries;
4. This Software License Agreement provides all terms and conditions for the provision and use of the aforementioned services.
THE PARTIES AGREE AS FOLLOWS:
DataSetGo, LLC will provide to the Customer and the Customer will use the Software in accordance with the terms and conditions described in this Agreement.
1. DEFINITIONS AND INTERPRETATION
1.1. Any capitalized term used in the Agreement and not otherwise defined herein shall have the meaning given to it inExhibit A (“Definitions ”).
1.2. The titles and headings included in the Agreement are for convenience only and do not express the intended understanding of the Parties.
1.3. Software License AgreementSoftware License Agreement
2. ORDER OF PRECEDENCE
2.1. If there is any ambiguity, inconsistency or conflict between the terms and conditions contained in any of the documents forming part of the Agreement, the Order will take precedence, followed by the Software License Agreement, and finally the Data Processing Agreement. [4][SP5][6] [SP7] DataSetGo may modify this terms and conditions, acceptable use policy, and pricing as part of this agreement from time to time.
3. SERVICES AND SOFTWARE
3.1. Software
3.1.1. Limited License
3.1.1.1. Software provided to the Customer pursuant to the Agreement will be provided either (i) in the form of Software as a Service (“SaaS”). [8][SP9][10] [SP11] To the extent technically feasible and commercially available, any request from the Customer to change from one mode to another will be subject to additional charges and a Change Request. Software License Agreement
3.1.1.2. DataSetGo grants the Customer as part of the Services, a limited, non-exclusive, non-transferable, non-sublicenseable license to use the Software (“Right of Use”) for the Term specified in the Order. Customer understands that this Limited License is based on the amount of fees paid by Customer and may be based on number of employees, number of users, features available, or any other licensing metric identified by DataSetGo. This Limited License shall be revoked immediately without notice upon Termination of the Order or this Software License Agreement for any reason. Upon expiration of the Term identified in the Order, Customer’s right to use the Software shall cease.[12][SP13][14] [SP15]
3.1.2. SaaS.
3.1.2.1. When Software is provided as SaaS, references in the Agreement to a Limited License for such Software are to be interpreted as follows:
3.1.2.1.1. such Limited License does not confer on the Customer any right to acquire the Software in object code form for installation on any Customer facilities;
3.1.2.1.2. DataSetGo shall provide the hosting facilities with such capacity, performance, resilience and Internet connectivity as DataSetGo, acting reasonably, determines as appropriate for the demands placed on the hosting facilities by the Software and the volume of users to provide end users with a reasonable user experience commensurate with predictable usage patterns;
3.1.2.1.3. DataSetGo shall lawfully procure, operate and maintain at its own cost the operating system software and any other software required on the hosting environment to operate the Software as SaaS;
3.1.2.1.4. DataSetGo’s obligation to provide the Software as SaaS ends at the boundary at which the DataSetGo hosting platform connects to the internet and is capable of being accessed by the Users.
3.1.3. Maintenance.
3.1.3.1. Customer acknowledges that the implementation of updates, upgrades or new versions of any Software is and remains in the sole discretion of DataSetGo. DataSetGo reserves the right to restrict, in whole or in part (including with respect to an individual User or group of Users), access to the Software for a reasonable period of time for maintenance or installation purposes[16] [SP17] . DataSetGo shall use reasonable efforts to timely inform the Customer thereof, to limit any adverse impact on the Services as much as possible and to carry out such Software outside the business hours of the relevant Territory (if practicable)
3.1.3.2. In the event of Issues in the Software, the Customer shall immediately notify DataSetGo of any such Issues, providing a detailed description thereof. After such notice, DataSetGo will use commercially reasonable efforts to repair any reported Issues. The Customer shall cooperate with DataSetGo to enable the efficient handling and repair of Issues.
3.1.3.3. DataSetGo shall take commercially reasonable efforts to prevent the introduction into the Software any Malicious Code or computer software code, routines or devices that are disabling, damaging, impairing, erasing, deactivating or electronically repossessing the Software, other Services or other systems or data. DataSetGo does not warrant that Software or Services delivered using computer software will be entirely error free or will run uninterrupted.
4. [SP18] OBLIGATIONS OF THE PARTIES
4.1. Obligations of DataSetGo. DataSetGo undertakes:
4.1.1. to perform the Services in a professional manner, with reasonable care and skill and shall use reasonable efforts to do so in accordance with all laws applicable to DataSetGo. The practice and procedures for certain Services may vary from Territory to Territory. Accordingly, notwithstanding this Section 6.1.1. regarding applicable laws, any assessment of whether DataSetGo has met its obligations shall be undertaken having regard to industry practice and custom in the relevant Territory. In the event of a change to any applicable laws and/or the occurrence of any new laws which may have a direct impact on the Services, DataSetGo reserves the right to implement changes to the Services and/or the applicable prices on a reasonable basis, in order to ensure legal compliance (“Legal Change”).
4.1.2. to provide the Services based on and within the limits set by the Customer Data. In doing so, DataSetGo is entitled to rely on the accuracy, completeness and legality of such Customer Data.
4.1.3. to maintain and/or obtain the contractual, regulatory and/or administrative permits and similar approvals necessary for the delivery of the Services;
4.1.4. to use reasonable efforts to timely inform the Customer if DataSetGo reasonably believes that continued offering/use of the Services breaches or is reasonably likely to breach the rights of DataSetGo or any other person, or applicable laws or regulations, and/or that continued use poses a risk to the security and/or integrity of the Services, and in this context (i) to advise on options, based on DataSetGo's industry experience, for addressing or mitigating the risks along with DataSetGo’s recommended approach to resolution and, if needed to avoid any or further risk or damages, (ii) to restrict, in whole or in part (including with respect to an individual User or group of Users), access to the Services for a reasonable period of time.
4.2. Obligations of the Customer
4.2.1. The Customer undertakes:
4.2.1.1. to perform the Agreement in accordance with applicable laws;
4.2.1.2. to provide necessary and reasonable support in relation to the Services;
4.2.1.3. to grant DataSetGo any authorizations or sign any necessary and reasonable documents required to perform the Services;
4.2.1.4. to communicate to DataSetGo promptly and in any event within the timings agreed by the Parties, all necessary or useful information and data via the applicable Software.
4.2.1.5. to provide DataSetGo with all necessary access and connectivity to enable DataSetGo to access and use all information, data and networks, all the aforementioned limited to such access/use reasonably necessary for the performance of the Services;
4.2.1.6. to formulate its needs accurately and comprehensively and to inform DataSetGo of the practices or constraints specific to the Customer’s business, where necessary, Customer may request DataSetGo consultation and advice in this respect;
4.2.1.7. to notify DataSetGo of all the difficulties that may be encountered during the performance of the Services and which could have an impact on the contractual obligations of either Party, e.g., in order to discuss reasonable resolution;
4.2.1.8. to maintain and/or obtain the contractual, regulatory and/or administrative permits and similar approvals necessary for the receipt and use of the Services;
4.2.1.9. to observe any required consultations with the staff representative bodies in accordance with applicable laws;
4.2.1.10. to submit in a timely manner the decisions and approvals required for DataSetGo to deliver the Services;
4.2.1.11. to acquire and maintain the skills allowing it to use the Services in accordance with the Agreement and to ensure the availability of the staff assigned to implement the tasks required of the Customer under the Agreement;
4.2.1.12. to use the Services in accordance with the Acceptable Use Policy in Exhibit C (“ACCEPTABLE USE POLICY”) and the specific reasonable instructions communicated by DataSetGo from time to time (operational, qualitative, legal, etc.). Use of the Services constitutes acceptance by the Customer of the applicable instructions;
4.2.1.13. to promptly communicate to DataSetGo any relevant error, omission or non-compliance it has detected in the Services delivered;
4.2.1.14. to keep all documents, files and other results generated through or via the performance of the Services in accordance with the applicable laws.
4.3. Notwithstanding any other provision of the Agreement, the Customer shall be responsible for (1) assessing the scope of the Services, bearing the risk of the use thereof; (2) its staff, administration and management of its human resources; and (3) all Customer Data, including but not limited to the accuracy, completeness, legality, quality, security and the timely provision thereof.
4.4. Unless expressly provided otherwise in the Agreement, the Customer may access its data via the Software platform.
5. TERM AND TERMINATION [19] [20] [SP21]
5.1. Term
This Software License Agreement becomes effective as of the Effective Date in the Order, and Service will be delivered on a month-to-month basis as long as payment of the subscription fee for the Services is paid in advance at the beginning of the month. DataSetGo will continue to provide Services until one party provides written notice to the other party of its intent to terminate those Services, in which case DataSetGo will cease delivering those Services at the end of the next calendar month following receipt such written notice is received by the other party. Any termination of the Services shall be in accordance with the Termination provisions outlined in this agreement.
5.2.1. Termination for Insolvency. If a Party is declared bankrupt or insolvent[22] [SP23] , the Agreement or the relevant Order shall terminate with immediate effect with regard to such Party. If, under applicable laws, either Party (i) can no longer comply with its obligations to pay the subscription fee in advance of the month for use of the Services, (ii) is the subject of any proceedings relating to its liquidation, winding-up, or insolvency, (iii) is subject to the appointment of a receiver, administrator or similar officer, (iv) makes an assignment for the benefit of all or substantially all of its creditors or (v) enters into an agreement for the composition, extension or readjustment of all or substantially all of its obligations, then the other Party, within the conditions of the applicable laws, may terminate the Agreement with regard to such Party with immediate effect by giving Notice to that effect.
5.2.2. Termination for Breach. If a Party commits a material breach[24] [SP25] (i) which is irremediable or (ii) which is capable of being cured and, following Notice of default from the Party requiring the other Party to cure the breach, such other Party does not take reasonable steps to cure the breach within thirty (30) days after receipt of the Notice and/or, in any event, the breach is not cured within sixty (60) days after receipt of such Notice, then the other Party may terminate upon Notice of termination (a) the Software License Agreement in the event of a material breach of this Software License Agreement. Such termination will have immediate effect upon Notice of termination to the other Party, without prejudice to the terminating Party’s other rights or remedies under the Agreement. In instances, where a breach of the agreement is intentional, malicious, or critical, DataSetGo may terminate this Agreement immediately.
5.2.3. Termination for Force Majeure or Hardship. The Agreement may also be terminated upon Notice in whole or in part following a Force Majeure Event or Hardship as provided in Section 11. The termination will be effective upon receipt of such Notice.
5.2.4. Termination for Convenience upon Extended Term. During an Extended Term, either party may terminate this Agreement for convenience upon sixty 60- days’ Notice to the other party.
5.2.5. Termination Fee. If, other than by reason of DataSetGo’ material breach, this Agreement is terminated before the end of its Initial Term or without observance of the applicable notice period, DataSetGo may in addition to any fees then due, and without prejudice to any other rights and remedies, invoice the Customer an early termination fee (the “ Termination Fee”) equal to the amount due under the order for the remainder of the Initial Term.
Any outstanding balance of the price for the Implementation Services shall be added to such Termination Fee, in total and without any applicable discount.
The Termination Fee will be invoiced anytime upon the Notice of termination and is payable on the Last Effective Day.
5.2.6. Consequences of Termination.
5.2.6.1. The terms and conditions of this Software License Agreement will remain in full force and effect, even after the termination of the Software License Agreement, which is entered into by the Parties prior to the termination date of this Software License Agreement, until termination of such Statement(s) of Work.
5.2.6.2. Any termination of the Agreement or any part thereof in accordance with this Section 7. will not affect the provision of the Termination Assistance (if any).
5.2.6.3. All provisions of the Agreement, which by their nature should apply beyond its term, will remain in force after any termination or expiration of the Agreement or any part thereof.
5.3. Termination Assistance
5.3.1. Upon termination of the Agreement, the Order, DataSetGo shall provide termination assistance services to allow the Services that are being terminated to continue without interruption or adverse effect and to facilitate the orderly transfer of such Services to the Customer, its Affiliate or its designee (“Termination Assistance Services''). These Termination Assistance Services are not included in Customer’s fees and will be billed at DataSetGo’s then-prevailing hourly rates.
5.3.2. DataSetGo shall provide Termination Assistance Services regardless of the reason for termination of the Agreement, commencing upon Notice of termination by either Party, at the earliest within a reasonable period upon the termination Notice and, unless expressly provided otherwise, for a period not to exceed sixty (60) days after the date the notice period terminates (“Exit Period”).
5.3.3. If the Agreement, Order, is terminated by DataSetGo in accordance with Section 7.2.2 or Section 7.2.3 for the Customer’s failure to pay undisputed amounts, DataSetGo may require payment in advance for the Termination Assistance Services.
5.3.4. If the Agreement or part thereof is terminated by DataSetGo in accordance with Section 7.2.3, DataSetGo may withhold all Termination Assistance, except for the obligation to provide a copy of the live Personal Data on DataSetGo’s systems in accordance with and subject to the conditions of Article 8.2 of Exhibit E.
5.3.5. If the Agreement or any part thereof is terminated by the Customer and the Customer is liable to pay a compensation for early termination in accordance with Section 7.2.5 DataSetGo may suspend all Termination Assistance Services until it has received payment in full.
5.3.6. If the Termination Assistance Services include access to the Software after the effective date of termination, the Customer shall pay the applicable prices as described in the Agreement, the Order.
6. PRICE AND INVOICING
6.1. Price
6.1.1. The Services will be provided at the prices stated in the relevant Order. All prices are expressed in United States Dollars.
6.1.2. All payments pursuant to this Agreement shall be made without any withholding or deduction for or on account of any Tax (“ Tax Deduction”), except as may be required by law. Where any Tax Deduction is required to be made, the person making the payment shall make that Tax Deduction in the amount and within the time limit prescribed by law and shall pay such additional amount as will ensure that the recipient of the payment receives the amount that it would have received had the Tax Deduction not been required. If any credit or repayment is available to the recipient in respect of the Tax Deduction, the recipient shall use its reasonable endeavours to obtain the credit or repayment and, having obtained the same, shall promptly repay to the payer an amount which will leave the recipient in the same overall position that it would have been in had the Tax Deduction not been required to be made.
6.1.3. The Customer shall reimburse DataSetGo for all reasonable expenses incurred by DataSetGo for the performance of the Agreement, including travel and accommodation costs.
6.2. Price adjustment
6.2.1. Price Changes. The prices for all Services under the Agreement can be adjusted by DataSetGo for:
6.2.1.1. a change in the number of employees, users, or persons managed by the Software, a change in the use case, and/or a change in the employing entities;
6.2.1.2. a change in the applicable laws which imposes new obligations on the Customer as employer and/or DataSetGo as payroll-processor of the Customer; and
6.2.1.3. a change in the scope of the Services or Professional Services.
6.3. Annual price increasemay be adjusted at any time.
6.3.1. The Customer shall pay in advance any invoice for subscription services to DataSetGo in accordance with the Agreement.
6.3.2. If the Customer reasonably and in good faith disputes its obligation to pay part or all of an invoice submitted by DataSetGo, then:
6.3.2.1. The Customer must, within ten (10) days of receipt of the invoice, notify DataSetGo in writing of the amount of the invoice which it disputes being obligated to pay (“Disputed Amount”) and the reasons why it believes it is not obligated to pay the Disputed Amount. Any invoice which is not disputed by Notice within ) ten (10) days of receipt of the invoice will be deemed accepted;
6.3.2.2. The Customer’s failure to pay the Disputed Amount when originally due will not be deemed to be a breach of the Agreement;
6.3.2.3. The Customer must pay the undisputed balance of the invoice to DataSetGo in accordance with the Agreement;
6.3.2.4. The Parties must as soon as reasonably practicable discuss and use their respective reasonable endeavours to agree how much of the Disputed Amount is payable to DataSetGo; and
6.3.2.5. If the Parties are unable to reach an agreement pursuant to this Section within thirty (30) days of the payment due date, then either Party may refer the matter to the dispute resolution procedure as described in Section 17.11.
6.3.3. Any invoice amount which has not been paid by its due date and which is not subject to a bona fide dispute will immediately and without notice accrue late payment interest at one percent (1%) per month, or the maximum amount allowed by law, whichever is greater.. The Customer shall reimburse DataSetGo for all reasonable administrative costs and costs incurred by DataSetGo for the recovery of all outstanding amounts and any other damages DataSetGo has suffered as a result of this default.
6.3.4. If the Customer fails to pay one (1) undisputed or unreasonably disputed invoices by the required payment date or if DataSetGo questions the Customer’s solvency, DataSetGo is entitled to require the payment of advances from the Customer.
6.3.5. Without prejudice to any other rights of DataSetGo, DataSetGo may suspend its Services automatically and without prior intervention of any court in the event of non-payment of any undisputed outstanding amounts and/or any amounts disputed on unreasonable grounds. DataSetGo will communicate the date from which the Services will be suspended. During this suspension, the prices are still due. All consequences resulting from the suspension of the Services and/or termination of the Agreement on the grounds of non-payment of undisputed amounts in accordance with Section 7.2.3 are at the Customer’s risk and expense. If DataSetGo terminates the Agreement on the basis of repeated non-payment by the Customer of any undisputed outstanding amounts and/or any amounts disputed on unreasonable grounds, a compensation as described in Section 7.2.6 “
6.3.6. Termination Fee” will be paid by the Customer to DataSetGo.
7. LIMITATION OF LIABILITY AND INSURANCE
7.1.1.1. CUSTOMER ACKNOWLEDGES AND AGREES THAT THE ESSENTIAL PURPOSE OF THIS SECTION 9 IS TO ALLOCATE THE RISKS UNDER THIS AGREEMENT BETWEEN THE PARTIES AND LIMIT POTENTIAL LIABILITY GIVEN THE FEES, WHICH WOULD HAVE BEEN SUBSTANTIALLY HIGHER IF DATASETGO WERE TO ASSUME ANY FURTHER LIABILITY OTHER THAN AS SET FORTH HEREIN. DATASETGO HAS RELIED ON THESE LIMITATIONS IN DETERMINING WHETHER TO PROVIDE CUSTOMER WITH THE RIGHTS TO ACCESS AND USE THE DATASETGO SERVICES PROVIDED FOR IN THIS AGREEMENT.
7.1.1.2. EVEN IF DATASETGO HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, DATASETGO, ITS AFFILIATES, AGENTS, DIRECTORS, EMPLOYEES, SUPPLIERS AND LICENSORS SHALL NOT BE LIABLE FOR (A) ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR RELATING TO THIS AGREEMENT, INCLUDING CUSTOMER’S USE OF, OR INABILITY TO USE, THE DATASETGO SERVICES OR SOFTWARE, (B) ERRORS, MISTAKES OR INACCURACIES OF THE DATASETGO SERVICES OR SOFTWARE, (C) PROPERTY DAMAGE, OF ANY NATURE WHATSOEVER, RESULTING FROM CUSTOMERS ACCESS TO OR USE OF THE DATASETGO SERVICES OR SOFTWARE, (D) THE CONTENT OF CUSTOMER USER DATA, (E) ANY INTERRUPTION OR CESSATION OF TRANSMISSION TO OR FROM THE DATASETGO SERVICES, (F) ANY BUGS, VIRUSES, TROJAN HORSES OR THE LIKE THAT MAY BE TRANSMITTED TO OR THROUGH DATASETGO’S SERVICES OR SOFTWARE BY ANY THIRD PARTY, (G) ANY ERRORS OR OMISSIONS IN THE DATASETGO SERVICES OR SOFTWARE OR FOR ANY LOSS OR DAMAGE INCURRED AS A RESULT OF THE USE OF ANY CONTENT POSTED, EMAILED, TRANSMITTED OR OTHERWISE MADE AVAILABLE THROUGH THE DATASETGO SERVICES OR SOFTWARE, (H) THE DEFAMATORY, OFFENSIVE OR ILLEGAL CONDUCT OF ANY THIRD PARTY, (I) FROM CUSTOMERS BREACH OR FAILURE TO COMPLY WITH THESE TERMS, INCLUDING ANY UNAUTHORIZED ACCESS TO, OR USE OF, THE SERVICES OR SOFTWARE, (J) ANY ACTIVITY THAT RESULTS IN LOST PROFITS, LOST BUSINESS OPPORTUNITY, BUSINESS INTERRUPTION, LOST DATA, COMPUTER FAILURE, COMPUTER MALFUNCTIONS, INVENTORY LOSS, WORK STOPPAGE, IMPROPER DATA ENTRY INPUT INTO OR OUTPUT FROM THE SOFTWARE OR SERVICES, AND/OR (K) ANY LEGAL OR REGULATORY INVESTIGATIONS RESULTING IN FINES OR PENALTIES FROM USE OF THE SERVICES OR SOFTWARE.
7.1.2. DataSetGo shall not be liable for any breach of its obligations under the Agreement if and to the extent such breach results from:
7.1.2.1. the Customer’s failure to comply with the provisions of the Agreement;
7.1.2.2. a Third-Party Stakeholders’ failure to deliver any of the pre-requisites, tasks and operational assumptions described in the agreement(s) between such Third=Party Stakeholder and the Customer (if any), if and to the extent such compliance is required for the performance of the Services by DataSetGo;
7.1.2.3. any suspension of the Services by DataSetGo in accordance with the terms of the Agreement;
7.1.2.4. any Force Majeure Event;
7.1.2.5. Criminal acts or malicious acts of third parties, including but not limited to ransomware, spyware, and malicious code.
7.1.2.6. Customer changes to Software settings.
7.1.3. Without limiting the generality of any other provisions of the Agreement, under no circumstances shall DataSetGo be liable for any Customer Data or the accuracy, completeness and legality thereof. This clause is for the avoidance of doubt not intended to and shall not in any way limit DataSetGo responsibility to comply with its obligations in the Data Processing Agreement, Annex 5.
7.1.4. If one of the Parties is in breach of the Agreement, the other Party may serve Notice of default. The Notice of default must specify in reasonable detail the nature of the default allowing the defaulting Party a reasonable period - and at least thirty (30) days from the receipt of the Notice of default - to remedy the default. If the default is rectified by the Party in breach, the other Party cannot claim damages.
7.1.5. Direct Damages for DataSetGo. DataSetGo liability will be limited to foreseeable, direct and personal damages suffered, to the exclusion of Consequential Damages (even if advised of the possibility of such Consequential Damages or if the possibility of such Consequential Damages was reasonably foreseeable). DataSetGo’s aggregate maximum liability under the Agreement will be limited: DataSetGo’ aggregate maximum liability under the Agreement will be limited to two times (2x) the prices paid or payable by the Customer to DataSetGo under the Agreement in the twelve (12)-month period immediately preceding the earliest event giving rise to the liability or, if twelve (12) months have not elapsed, twelve (12) times the average monthly prices paid or payable by the Customer to DataSetGo under the Agreement from the Effective Date until the date of the earliest event giving rise to the liability. The existence of more than one claim will not expand such a limit. The Parties acknowledge that the agreed Prices are based on these limitations.
7.1.6. Direct Damages for Customers. Customer's liability will be limited to foreseeable, direct and personal damages suffered, to the exclusion of Consequential Damages (even if advised of the possibility of such Consequential Damages or if the possibility of such Consequential Damages was reasonably foreseeable). Customers aggregate maximum liability under the Agreement shall not exceed the prices paid or payable by Customer to DataSetGo under the Agreement in the twelve (12)-month period immediately preceding the earliest event giving rise to the liability or, if twelve (12) months have not elapsed, twelve (12) times the average monthly prices paid or payable by the Customer to DataSetGo under the Agreement from the Effective Date until the date of the earliest event giving rise to the liability.
7.1.7. The right to claim damages attributable to DataSetGo for claims related to the context of DataSetGo payroll processing and calculations work will be forfeited irrevocably twelve (12) months after the occurrence of the alleged error. For all other claims, the right to claim damages will be forfeited irrevocably three (3) years after the occurrence of the alleged claim. The Customer must serve a Notice of default within the aforementioned term, providing a detailed description of the alleged error.
7.1.8. Exceptions to Liability Limitation. The limitation of liability in this Section 9.1 will not apply to (i) any damages resulting from fraud of a Party; (ii) either Party’s liability that cannot, as a matter of law, be limited or excluded; (iii) the Customer’s liability to pay invoices properly due; (iv) either Party’s liability for death or personal injury, (v) either party's Indemnity obligations outlined in this agreement, (vi) DataSetGo's willful misconduct.
7.1.9. This section does not diminish the Parties’ respective obligations to mitigate any loss or damage to the extent possible.
7.1.10. To the extent that DataSetGo provides Services to the Customer’s Affiliates, the Customer will be jointly and severally liable for any damages resulting from the non-compliance with the Agreement or any other act or omission by its Affiliates.
7.2. Insurance
7.2.1. The Parties shall insure themselves and keep themselves adequately insured with a reputable insurance company against insurable liability under the Agreement. Either Party shall within ten (10) days following the other Party’s written request, provide such Party with (i) certificates of insurance evidencing adequate coverage and (ii) a proof of payment of the insurance premiums.
8.1.1. Each Party will indemnify the other Party and such Party’s officers, directors, employees, agents, successors and assignees, subject to Section 9.1, against any and all Losses arising from, related to, or in any way connected with, third party claims arising from an infringement, misappropriation or other violations of that third party’s Intellectual Property Rights (“Infringement Claim”), because of systems, services or other resources provided by the first Party to the other Party. This section does not diminish the Parties’ respective obligations to mitigate any loss or damage to the extent possible.
8.1.2. Notwithstanding the foregoing, DataSetGo shall have no obligation under this Section 10.1 if and to the extent a claim and/or Losses result from the Customer’s failure to comply with the provisions of the Agreement.
8.2. Consequences Infringement Claim
8.2.1. If any Service becomes the subject of an Infringement Claim, in addition to the Customer’s other rights, DataSetGo shall use reasonable efforts to undertake the following actions, at no additional charge to the Customer, in the order of priority listed:
8.2.1.1. promptly secure the right to continue using the Service;
8.2.1.2. replace or modify the Service to make it non-infringing, provided that any such replacement or modification must not degrade in any material respect the performance or quality of the affected component of the Service and DataSetGo shall be responsible for the cost of any integration work required as a result of the replacement or modification; or
8.2.1.3. cease the Service concerned, in which case DataSetGo’ prices shall be equitably adjusted to reflect such discontinuation.
8.2.2. If any item provided by the Customer or any of its Affiliates in connection with the Services becomes the subject of an Infringement Claim of which DataSetGo is notified in writing, DataSetGo may, in DataSetGo’ discretion, promptly cease using such item and will be excused from performing the affected Services.
8.3. Indemnification Procedures.
8.3.1. With respect to indemnification claims, the following procedure will apply:
8.3.1.1. Notice. Promptly after receipt by any entity entitled to indemnification under the previous paragraphs of notice of the assertion or the commencement of any action, proceeding or other claim by a third party in respect of which the indemnitee will seek indemnification pursuant to any such Section, the indemnitee shall notify the indemnitor of such claim in writing. No failure to notify an indemnitor shall relieve it of its obligations under the Agreement except to the extent that it can demonstrate damages attributable to such failure. Within fifteen (15) days following receipt of written Notice from the indemnitee relating to any claim, but no later than ten (10) days before the date on which any response to a complaint or summons is due, the indemnitor shall notify the indemnitee in writing if the indemnitor acknowledges its indemnification obligation and elects to assume control of the defense and settlement of that claim (“Notice of Election”).
8.3.1.2. Procedure following Notice of Election.
8.3.1.2.1. If the indemnitor delivers a Notice of Election relating to any claim within the required notice period, the indemnitor shall be entitled to have sole control over the defense and settlement of such claim; provided that:
8.3.1.2.1.1. the indemnitee shall be entitled to participate in the defense of such claim and to employ counsel at its own expense to assist in the handling of such claim, and
8.3.1.2.1.2. the indemnitor shall obtain the prior written approval of the indemnitee – such approval not to be unreasonably withheld or delayed - before entering into any settlement of such claim or ceasing to defend against such claim.
8.3.1.2.2. After the indemnitor has delivered a Notice of Election relating to any claim in accordance with Section 10.3, the indemnitor shall not be liable to the indemnitee for any costs and expenses incurred by the indemnitee in connection with the defense of that claim. In addition, the indemnitor shall not be required to indemnify the indemnitee for any amount paid or payable by the indemnitee in the settlement of any claim for which the indemnitor has delivered a timely Notice of Election if such amount was agreed without the written consent of the indemnitor.
8.3.1.3. Procedure where no Notice of Election is delivered. If the indemnitor does not deliver a Notice of Election relating to any claim, or otherwise fails to acknowledge its indemnification obligation or to assume the defense of any claim, within the required notice period, the indemnitee shall have the right to defend the claim in such manner as it may deem appropriate, at the cost and expense of the indemnitor (including payment of any judgment or award and the costs of settlement or compromise of the claim). The indemnitor shall promptly reimburse the indemnitee for all such costs and expenses, including payment of any judgment or award and the costs of settlement or compromise of the claim.
8.4. Subrogation
8.4.1. If an indemnitor is obligated to indemnify an indemnitee under the Agreement, the indemnitor shall, upon fulfilment of its obligations with respect to indemnification, be subrogated to the rights of the indemnitee with respect to the claims to which such indemnification relates.
9. FORCE MAJEURE AND HARDSHIP
9.1. Force Majeure
9.1.1. Neither Party shall be liable to the other for delay, degradation or non-performance of its obligations under the Agreement to the extent due to a Force Majeure Event.
9.1.2. Where a Party is delayed or prevented from performing its obligations under the Agreement by a Force Majeure Event, that Party shall notify the other as soon as reasonably possible with details of the Force Majeure Event, its reasonably anticipated effect on the relevant obligations and its estimated duration. The affected Party shall use all reasonable endeavors to mitigate the effect of the Force Majeure Event upon the performance of its obligations under the Agreement. As soon as reasonably possible following the end of the Force Majeure Event, the affected Party shall notify the other Party and the Agreement will continue to be performed on the terms existing immediately before the occurrence of the Force Majeure Event.
9.1.3. If any Force Majeure Event prevents a Party from fulfilling its obligations under the Agreement for a continuous period of more than three (3) months, the other Party may terminate the relevant part of the Agreement in accordance with Section 7.2.4.
10. INTELLECTUAL PROPERTY
10.1. Each Party shall respect all Intellectual Property Rights of the other Party and any third party.
10.2. Nothing in the Agreement may be interpreted or construed as a transfer of Intellectual Property Rights from one Party to the other Party. Neither Party shall alienate, pledge or transfer to any third parties any Intellectual Property Rights of a Party without that Party’s express written consent.
10.3. Unless expressly provided otherwise in the Agreement, all information, techniques, methods and models used by DataSetGo for the provision of the Services are and remain the property of DataSetGo at all times. DataSetGo preserves the right to use the knowledge, experience and know-how acquired during the provision of the Services for its own benefit and/or the benefit of third parties
11.1. “Confidential Information” means any non-public or sensitive information, data or materials belonging to, related to or in the possession or control of (i) a Party, or (ii) a third party in respect of which that Party is obliged to keep the information confidential, in any format disclosed or made available by or on behalf of a Party (“Disclosing Party”) to the other Party (“ Receiving Party”), regardless of whether such information is specifically designated as confidential. Confidential Information will not include information, data or materials that are:
11.1.1. already in the public domain other than by a breach of the Agreement;
11.1.2. rightfully received from a third party not in breach of any obligations of confidentiality;
11.1.3. independently developed by a Party without use of or referral to the Confidential Information of the other Party; or
11.1.4. proven to be already known to the Receiving Party at the time of disclosure.
11.2. A Receiving Party shall:
11.2.1. keep Confidential Information strictly confidential unless agreed otherwise;
11.2.2. use or make copies of Confidential Information only to the extent reasonably necessary for the purposes of the Agreement, or for the Parties’ discussions regarding potential Services under the Agreement;
11.2.3. treat Confidential Information with the same degree of care that it treats its own Confidential Information, and with at least a reasonable standard of care;
11.2.4. take all reasonable technical measures to avoid unauthorized use or disclosure of Confidential Information;
11.2.5. promptly notify the Disclosing Party of any unauthorized disclosure or unauthorized use of any of the Confidential Information by the Receiving Party or any third party.
11.3. The Parties undertake to limit the disclosure of and access to the Confidential Information to their Affiliates, directors, managing directors, employees, subcontractors, agents and/or external advisors (i) who are directly involved with the performance of the relevant part of the Agreement, (ii) for whom the Confidential Information is essential in this respect and (iii) upon the condition that they are bound by obligations of confidentiality substantially similar to the provisions of this.
11.4. Notwithstanding the foregoing, in the event disclosure of Confidential Information is mandated or requested by applicable laws, or by Governmental Authority, then (i) if not so prohibited by a Governmental Authority, the Receiving Party shall promptly notify the Disclosing Party of such requirement, (ii) if so requested by the Disclosing Party and at the expense of such Party, the Receiving Party shall use good faith efforts, in consultation with the Disclosing Party, to secure a protective order or other confidential treatment of the Confidential Information to be disclosed, and (iii) the Receiving Party shall furnish only that portion of the Confidential Information required to be disclosed.
11.5. Notwithstanding the agreement on deletion and return of Personal Data further to the Data Processing Agreement, each Party will return or destroy the other Party’s Confidential Information and any copy thereof in its possession or control within sixty (60) calendar days immediately following written request by the other Party, unless with regard to backup archives which will be stored for maximum 6 months), unless agreed otherwise or unless provided otherwise by applicable laws.
11.6. A party is entitled to retain a copy of the other Party’s Confidential Information which is stored within electronic back-ups or in accordance with that Party’s internal archival policies or procedures provided that such back-ups and archives take place in the ordinary course of business and in accordance with Good Industry Practice and lawfully, without making the Confidential Information easily accessible to any persons in the course of day-to-day operations, and subject to continuing obligation of confidentiality.
11.7. Neither the performance of the Agreement, nor the furnishing of any Confidential Information by either Party, shall be construed as granting to the other Party expressly, by implication or otherwise, any license under any invention, patent, trademark, copyright or other proprietary right now or hereafter owned or controlled by the Party furnishing the same.
11.8. Both the Customer and DataSetGo will each appoint one or more contact persons. Any request for information and/or supply of information must only take place through the intermediary of these person(s).
11.9. The confidentiality obligations expire two (2) years after the Last Effective Day or so long as it qualifies as Confidential Information.
12. SECURITY AND PRIVACY
12.1. DataSetGo will maintain the technical and organizational measures set forth in Exhibit D (“General Security Terms”) and Appendix 5.2 of Exhibit E (“Data Processing Agreement”) .
12.2. Each Party shall, at all times, comply with its respective obligations under all applicable Data Protection Legislation and the Data Processing Agreement set forth in Exhibit E (“Data Processing Agreement”) in relation to all Personal Data that is processed under the Agreement.
12.3. Following written request and on payment of the applicable charges, DataSetGo shall provide the Customer on reasonable notice with DataSetGo’ annual reports and any other relevant certification documenting DataSetGo’ compliance with relevant national or international industry standards (if any).
13.1. DataSetGo maintains a commercially reasonable and operational plan for the restoration and ongoing performance of the Services following any reasonably foreseeable adverse events (“ Disaster Recovery Plan”).
13.2. As part of its business continuity management activities, DataSetGo:
13.2.1. shall test and review the Disaster Recovery Plan periodically and at least every twelve (12) months and address relevant material deficiencies uncovered by such tests as soon as reasonably practicable’
13.2.2. may update the Disaster Recovery Plan at any time where needed to ensure it is in line with the latest technologies and requirements.
14. NON-SOLICITATION
14.1. During the term of the Agreement and for one (1) year immediately following the effective date of termination of the Agreement, the Customer shall not, without the prior written consent of DataSetGo, actively solicit the employment or other engagement of, or hire or engage, either directly or indirectly (e.g. as consultant, independent contractor or otherwise), any of DataSetGo’s employees who will have been directly associated with the performance of the Agreement, or incite a third party to do so. In the event of a violation of this clause, the Customer shall pay DataSetGo an amount equal to one (1) year of gross salary for the employee concerned at the time of termination of the employment contract or engagement contract, including the benefits acquired under the employment contract and the employer’s contribution. The foregoing is inapplicable to any responses received from DataSetGo personnel, current or former, to general advertising or communication to the general public of open Customer positions.
15. ONLINE ACCESS
15.1. Access, Privacy, Transmissions, and Security Breaches. DataSetGo Services may be accessed by Customer and its authorized employees and/or plan participants through the internet at a website provided[26] [SP27] by DataSetGo, including those hosted by DataSetGo on behalf of Customer (a “Site”). In addition, Customer acknowledges that security of transmissions over the Internet cannot be guaranteed. DataSetGo is not responsible for (i) Customer’s access to the Internet; (ii) interception or interruptions of communications through the Internet; (iii) changes or losses of data through the Internet; or (iv) any third-party software that may be accessed by DataSetGo Service. In order to protect Customer’s data, if a breach of security is suspected, DataSetGo may suspend Customer’s or Customer’s employee’s or plan participants’ use of DataSetGo Services via the internet immediately, without prior notice pending an investigation.
15.2. Employee Access. Customers may provide access to DataSetGo Software to those employees it deems necessary to perform Customer’s administration. Customers may provide access to the DataSetGo Software to any of its employees. DataSetGo may discontinue or suspend access to DataSetGo Service by any Customer employee if DataSetGo reasonably believes that such employee has violated the terms of this Agreement or is otherwise using DataSetGo Service in an inappropriate manner.
15.3. Password Protection. Customer agrees to maintain the privacy of usernames and passwords associated with any DataSetGo Service. Customer is fully responsible for all activities that occur under Customer’s password or Internet account. Customer agrees to (a) immediately notify DataSetGo of any unauthorized use of Customer’s password or Internet account or any other breach of security, and (b) ensure that Customer exits from Customer’s internet account at the end of each session. DataSetGo shall not be liable for any damages incurred by Customer or any third party arising from Customer’s failure to comply with this section.
15.4. No Transfer, Modification, etc. Customer will not assign, loan, sublicense, alter, modify, adapt (or cause to be altered, modified or adapted), reproduce, duplicate, copy, sell, trade, resell or exploit for any commercial purposes, all or any portion of DataSetGo Software or any access or use thereof. Customers will not write or modify interfaces or reports to any DataSetGo Service except as expressly authorized by DataSetGo. CUSTOMER WILL NOT RECOMPILE, DISASSEMBLE, REVERSE ENGINEER, OR MAKE OR DISTRIBUTE ANY OTHER FORM OF, OR ANY DERIVATIVE WORK FROM, DATASETGO SOFTWARE.
15.5. DATASETGO Not Fiduciary Advisor. Customer acknowledges that, in making DataSetGo Software available, DataSetGo is not acting as an investment advisor, broker-dealer, insurance agent or intermediary or a financial or benefit planner. DataSetGo is not providing any benefits or information related thereto.
15.6. Links to Third-Party Sites and Third-Party Services.
15.6.1. The Site(s) may contain links to other internet sites. Links to and from a Site to other third-party sites do not constitute an endorsement by DataSetGo or any of its subsidiaries or affiliates of such third-party sites or the acceptance of responsibility for the content on such sites.
15.6.2. “Third-Party Services” are web-based technologies that are not exclusively operated or controlled by DataSetGo or that involve significant participation from an entity outside of DataSetGo’s control. DataSetGo uses Third-Party Services to assist it in providing the Services under the Agreement. These Third-Party Services may be separate websites or may be applications embedded within DataSetGo’s websites, or that are bundles as part of the Services. Some Third-Party Services provide their services to DataSetGo under contract, while others, such as social media sites, do not. When interacting with DataSetGo through a Third-Party Service, the Third-Party Service DataSetGo’s end user agreements and privacy policies apply to Client’s use of those Services. UNDER NO CIRCUMSTANCES, WILL DATASETGO BE RESPONSIBLE OR LIABLE FOR ANY CLAIMS CAUSED BY ANY THIRD-PARTY SERVICES. IF A HARM OCCURS TO CUSTOMER AS A RESULT OF THIRD-PARTY SERVICE, CUSTOMER ACKNOWLEDGES AND AGREES THAT IT WILL SEEK ANY REMEDIES FROM THE THIRD-PARTY SERVICE DATASETGO. CUSTOMER REPRESENTS AND WARRANTS THAT IT HAS REVIEWED AND UNDERSTANDS THE THIRD-PARTY SERVICE PROVIDER’S END USER LICENSE AGREEMENTS AND PRIVACY POLICIES, AND THAT ALL OF CUSTOMER’S RIGHTS WILL BE GOVERNED BY AND LIMITED BY THOSE AGREEMENTS.
16. DISCLAIMER OF WARRANTY
16.1. EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, ALL EQUIPMENT PROVIDED BY DATASETGO OR ITS SUPPLIERS IS PROVIDED “AS IS '' AND DATASETGO AND ITS LICENSORS EXPRESSLY DISCLAIM ANY WARRANTY, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, NON-INTERRUPTION OF USE, AND FREEDOM FROM PROGRAM ERRORS, VIRUSES OR ANY OTHER MALICIOUS CODE WITH RESPECT TO THE SERVICES, THE DATASETGO PRODUCTS, ANY CUSTOM PROGRAMS CREATED BY DATASETGO OR ANY THIRD-PARTY SOFTWARE DELIVERED BY DATASETGO. DATASETGO AND ITS LICENSORS FURTHER DISCLAIM ANY WARRANTY THAT THE RESULTS OBTAINED THROUGH THE USE OF SERVICES, DATASETGO PRODUCTS, ANY CUSTOM PROGRAMS CREATED BY DATASETGO OR ANY THIRD-PARTY SOFTWARE DELIVERED BY DATASETGO WILL MEET CUSTOMER’S NEEDS.
17. AUDIT
17.1. Legal and Compliance Audit. Customer shall make available to DataSetGo an audit for such records as are necessary to review compliance with all applicable laws and regulations relating to the Software being provided to Customer, which records may include, among other things, consumer and vendor consents, but shall not include Customer’s financial records. If DataSetGo determines that Customer has failed to comply with any provision of the Agreement, DataSetGo may, at its sole discretion and upon notice to Customer, immediately terminate the Services. If the Services are terminated pursuant to this Section, Customer will pay all fees and charges invoiced by DataSetGo to Customer relating to the Services, and shall pay to DataSetGo promptly all amounts due for the Services provided up to the date of termination. Upon termination of the Agreement, all rights granted to Customer hereunder will become null and void, all materials provided by either party to the other hereunder will be returned promptly and DataSetGo shall have no further duties or responsibilities to Customer with respect to the Services.
18. FILING GUARANTEE
18.1. DataSetgo does offer a Filing Guarantee that the tax formulas and payroll calculations accessed via any of the Services offered on the Site are accurate and will produce results consistent with federal and state standards for preparing and/or submitting payroll. In the event any of the formulas and/or calculations utilized in any of the Services offered by DataSetGo are incorrect, then DataSetGo will pay a penalty in the interest assessed by the Internal Revenue Service (“IRS”) for the amounts underpaid by DataSetGo and to no other amounts as long as Customer notifies DataSetGo within 90 days of receiving a notification from the IRS regarding underpayment to the address or email address listed below. The Filing Guarantee is limited to the actual United States Dollar. [28] [SP29] DataSetGo’s guarantee cannot and DataSetGo does not assume any liability, claim, or loss for any user generated errors, including but not limited to data entry errors or changes to any default settings while using the Software. DataSetGo will maintain records pertinent to this provision as required by law.
18.2. If you believe that an above described calculation or formula error has occurred, you must notify DataSetGo within 90 days of receiving a notification from the IRS regarding underpayment by mailing or emailing to:[30] [SP31]
18.2.1. DataSetGo, LLC
Attention: Filing Guarantee
886 Park Ave,
Marco Island, FL 34145
info@datasetgo.llc
18.3. After receiving notice, DataSetGo will then contact you to resolve the issue. In order to investigate your issue, DataSetGo requires supporting information such as a copy of the payroll deposit or receipts, evidence of payments, etc. to process your request. If supporting information requested by DataSetGo is not provided to DataSetGo within 14 days of such request, then DataSetGo shall not be required to pay any amounts under the Filing Guarantee.
19. DIRECT DEPOSIT OPTION
19.1. Direct Deposit Request. Customer or Customers clients, as appropriate, may request direct deposit ("Direct Deposit") of employees' or contractors' paychecks, or Customer may request electronic payment of payroll taxes. If Customer select the Client Retail Services, clients who use DataSetGo Online Payroll Basic may apply for direct deposit of employees' paychecks or electronic payment of federal payroll taxes; clients who use DataSetGo Online Payroll Enhanced may also apply for Direct Deposit of contractors' paychecks. We reserve the right to delay or decline processing Direct Deposit transactions (i) that significantly differ, in our sole opinion, from typical payment activity or volume of payment transactions, (ii) for which sufficient funds are not available in the payment account, (iii) that are otherwise in violation of this Agreement or the ACH rules (described below), or (iv) that, in our sole opinion, may pose a risk of loss to us.
19.2. Sign Up/Activation. The Direct Deposit service will begin after we receive and process all the information, including any credit card or bank account information, requested by the sign up form. Processing Customers and Customers clients' information may include validating information such as a PIN, submitting sign up information to third parties such as a bank, credit reporting agencies and/or other agencies we may use to validate the identity and/or credit history of the individual making payment. We may also receive and review credit or similar reports on Customer’s business and its principals and on Customer’s clients provided by such third parties. Therefore the information Customer provide to us must be accurate and complete or direct deposits may not be made, and we will be unable to perform the Direct Deposit service for Customer or Customers clients.
19.3. Use and Restrictions. Customer may use Direct Deposit only for payroll direct deposits. Customer may fund Customer’s paychecks to Customers employees and contractors, and to Customers clients' employees and contractors, as authorized by this Agreement ("Payments") by initiating electronic withdrawals within the Service from the demand deposit account of the financial institution Customer identified on the sign up form ("Customers Account") or from the demand deposit account Customer or Customers clients identified for Customers client's Direct Deposit services. Customer and/ or Customer’s clients may identify other financial institutions in the future to fund the direct deposit payroll payments to Customers employees and contractors. Under certain circumstances we may use wire draw down requests or other funding methods (collectively "Debits") to fund Customers and/or Customers clients' payroll direct deposits. Debits may also be initiated to pay servicing fees, e.g. NSF's and reversals. When Customer send Payments over the Internet Customer will receive confirmation that the Payments were sent. However, a confirmation does not mean that Customer’s submission of Payments was error-free. If errors are detected later we may be unable to complete the submission of Customers Payments. We will make reasonable efforts to tell Customer if we cannot complete Customers Payments. Payments taking place after certain processing deadlines may be considered to occur on the next business day.
Special processing fees may apply to some Payments. We may establish certain security limits on Payment submissions we process, such as a maximum number or dollar amount of Payments. We may change these limits from time to time and may choose not to disclose them.
19.4. Customer’s Responsibilities. Customer must input all required Payment information on the Services website and approve the transaction no later than 5:00 p.m. Pacific Time on the date indicated on the website. Customer may not cancel or change transactions after that time. Customer must send us Customers Payments before the daily cut-off time in order for them to be processed on that day. Payments sent after the cut-off time may be processed the following banking day. Debits will be charged to Customers Account four business banking days before the pay date for Customers first payroll and one banking day thereafter, before the pay date of the applicable payroll and Customer must have sufficient funds in Customers Account to fulfill Customers Payments on that date. After that, no interest or earnings will accrue to Customer, even if we retain amounts withdrawn for payroll taxes until they are due to the appropriate payroll tax agencies Customer are solely responsible for verifying that all Payments have been received and are accurate. It is Customer’s responsibility to keep any payroll, tax or other records Customer may need for reference, even though we may have informatio’n about the Payments in our files.
19.5. Authorization and Agreement for Direct Payments (ACH Debits). Customer acknowledge and agree for itself and, if applicable, for Customer’s clients that (i) Payments will typically go through the Automated Clearing House (the "ACH"), (ii) Customers Payments will be governed by the ACH rules, and (iii) the origination of ACH transactions to Customers Account must comply with the provisions of U.S. law. Customer must indemnify and defend us against any claims or lawsuits, including attorneys' fees that arise from or result from Customers Payments. If we tell Customer that an account number or other information concerning Customers Payments has changed, this corrected information must be used to initiate future Payments. Customer authorize us to (a) initiate debit entries to Customers Account and/or to Customers clients' accounts and to debit the same to such accounts, and (b) send Payments electronically or by any other commercially accepted method to Customers Account and/or to Customers clients' accounts. Customer authorize and direct the depository financial institution that holds Customers Account and/or Customers clients' accounts to (x) charge each Debit to Customers Account and/or to Customers clients' accounts and pay that amount to us, and (y) respond to inquiries from us regarding Customer’s information and Customers Account and/or to Customers clients' accounts. This authorization will remain in full force and effect until we have received written notification from Customer of its termination in such time and in such manner as to afford us and the depository financial institution that holds Customers Account and/or Customers clients' accounts a reasonable opportunity to act on it
19.6. Representations and Warranties. Customer represent and warrant that (i) each person or entity to whom Customer send Payments has authorized the Payments and any necessary adjustments to be applied to his, her or its account, (ii) at the time any Payment is made Customer have no actual knowledge that the authorization has been revoked or terminated, (iii) Customers Payments comply with the laws that apply to them, (iv) that Customer have authorization to make withdrawals to Customers Account and (vi) that all the information Customer provided to enter into the Agreement is true and correct. Customer warrant everything that we must warrant as an ACH Originator, and Customer accept any liability Customer or we may incur which is caused by Customers payment transactions.
Customer agree that we may request, obtain and use credit reports and other information about Customer from third party sources.
19.7. Customers Account. We may refuse to process Customers Payments if we reasonably believe that Customers Account and/or Customers clients' accounts balance is insufficient to cover the dollar amount of the Payments or for any other reason we deem reasonable. If any amount debited against Customer and/or Customers clients is dishonored or returned for any reason, such as, but not limited to, nonsufficient funds, account closed, inability to locate account, or reversal by Customer and/or Customers bank, we may; a) reverse any corresponding credit issued to us, Customer, Customers employees or any other party without liability to Customer or any other party, (b) reverse direct deposit transactions, (c) refuse to perform further Services, (d) apply any money currently held by us to any amount owed to us by Customer or by Customers clients, (e) charge Customer and/or Customers clients a one-time insufficient funds penalty fee for each occurrence, (f) report this information to any and all credit agencies and/or financial institutions and/or (g) immediately terminate this Agreement. We may assess and collect interest at the rate of one and one-half percent (1.5%) per month (18% per annum) on any amounts owing and unpaid ten (10) days after demand. If further collection attempts are required, all of our collections costs, including any costs associated with termination of this Agreement and including but not limited to, attorney fees, where permitted by law, will be charged to Customer and/or Customers clients. This section shall, to the extent applicable, survive the termination of this Agreement.
19.8. 7.8 General. We may review Customers and/or Customers clients' use of the Direct Deposit service, Customers and/or Customers clients' credit status or other factors periodically, including submitting Customers and/or Customers clients' information to third parties such as banks, credit reporting agencies and/or other agencies used to validate identity and/or credit history, and/or reviewing credit or similar reports on Customers and/or Customers clients' business and its principals provided by these third parties. We may terminate Customers and/or Customers clients' participation in the Direct Deposit service after such a review. If Customer and/or Customers clients (i) default in the payment of any sum of money hereunder, (ii) default in the performance of any other obligations under this Agreement, or (iii) commit an act of Bankruptcy or become the subject of any proceeding under the Bankruptcy Act or become insolvent, or if any substantial portion of Customers and/or Customers clients' property becomes subject to levy, seizure, assignment, application for sale for or by any creditor or governmental agency, then, in any such event, we, at our option, may, upon written notice thereof, (a) terminate the Agreement, (b) declare all amounts due and to become immediately due and payable and/or (c) require Customer and/or Customers clients' to deposit an amount equal to its average future monthly or annual processing charges to prepay for any future processing.
20. GENERAL PROVISIONS
20.1. Assignment.
20.1.1. Neither Party shall assign or otherwise transfer any of its rights or obligations under the Agreement without the prior written consent of the other Party, which will not be unreasonably withheld, conditioned or delayed. The other Party’s consent should be requested by Notice, disclosing the identity of the prospective transferee. Subject to any restrictions on assignment herein contained, the provisions of the Agreement will insure to the benefit of and will be binding upon the Parties hereto and their respective legal representatives, successors and assignees.
20.1.2. Notwithstanding the foregoing, DataSetGo, any Affiliate thereof and/or any DataSetGo Wholesale Partner may assign its rights and obligations under the Agreement or the Agreement itself, either in whole or in part, to an Affiliate or to any other company that is part of DataSetGo and which is capable of fulfilling the Agreement, subject only to written notice to the Customer.
20.2. Costs. Each Party shall bear its own costs for the preparation and negotiation of the Agreement.
20.3. Entire Agreement. The Agreement constitutes the entire agreement and understanding between the Parties in respect of the subject matter hereof and supersedes, cancels and nullifies any previous agreement between the Parties in relation to such subject matter.
20.4. Third Party Beneficiaries. The Parties agree that, except as expressly set forth herein, no provision of the Agreement is intended, expressly or by implication, to purport to confer a benefit or right of action upon a third party (whether or not in existence, and whether or not named, as of the Effective Date).
20.5. Modification. No revision, modification or amendment of the Agreement, or any terms and conditions hereof, will become effective unless agreed in writing between the Parties or unless Parties have complied with a procedure foreseen in the Agreement to formalize a change.
20.6. Severability. If any provision in the Agreement is held to be illegal, invalid or unenforceable, in whole or in part, under any applicable law, that provision will be deemed not to form part of the Agreement, and the legality, validity or enforceability of the remainder of the Agreement will not be affected. Each Party shall use its best efforts to immediately negotiate in good faith a valid replacement provision with an equal or similar economic effect.
20.7. Subcontractors. DataSetGo reserves the right to deploy subcontractors for the performance of the Services under the Agreement. If a subcontractor is a Sub-Processor as set out in the Data Processing Agreement, the procedure set forth in the Data Processing Agreement will apply.
20.8. Waiver. Failure by either Party to exercise a right or to apply a sanction cannot be interpreted as a waiver of these rights. No waiver under the Agreement will be effective unless set forth in a writing signed by a duly authorized representative of the Party granting such waiver.
20.9. Notices. All notices under the Agreement other than routine operational communications (“Notice”) will be in writing and will be deemed duly given on the day sent by courier with a reliable system for tracking delivery or by registered or certified mail. Notices will be addressed to the undersigned. A Party may from time to time change its address or designee for notification purposes by giving the other prior written Notice of the new address or designee and the date upon which it will become effective.
20.10. References. DataSetGo is entitled to use the name and logo of the Customer as reference with respect to its service provision, upon Customer’s prior written approval, which will not be unreasonably withheld, conditioned or delayed. The Customer may request DataSetGo to provide sufficient information about the context and the material in which the reference is included, before granting its approval.
20.11. Each of the Parties affirms that it is a validly constituted corporate entity with full right, power and authority to enter into this Agreement and to perform its respective obligations hereunder and that the terms of this Agreement do not violate, conflict with or result in the breach of the terms of any other agreement or understanding (written or oral) by which the Party is bound.
20.12.1. Unless otherwise required under applicable laws, the Parties undertake to use good faith efforts to settle amicably between them any dispute arising out of or in connection with the Agreement by means of consultation and discussion between the Customer’s management and DataSetGo (or, as the case may be, between the relevant Affiliate’s management and DataSetGo Wholesale Partner in a specific country) for a period of at least thirty (30) days before initiating any proceeding before a court, governmental agency, arbitrator or other third party. The aforementioned period of thirty (30) days starts when either Party has requested this dispute resolution procedure in writing.
20.12.2. Nothing in the Agreement shall prevent either Party from seeking urgent relief before the courts, in particular but not limited to the event the Customer violates the term for use of the Services and/or breaches its confidentiality obligations.
20.13. Applicable law and Jurisdiction.
20.13.1. This Software License Agreement shall be governed by and construed in accordance with the laws in the State of Florida.
20.13.2. All disputes arising out of or in connection with the Agreement and which the Parties were unable to settle amicably in accordance with the aforementioned dispute resolution procedure shall be subject to the exclusive jurisdiction of the Courts in Collier County, Florida.
20.14.1. In the event that any signed copy is delivered by e-mail delivery of a “.pdf” or “.jpeg” format data file or via any other exact copy, the signature incorporated therein shall create a valid and binding obligation of the party executing (or on whose behalf such signature is executed) with the same value, force and effect as if it was original.
20.15. Exhibits. This Master Service Agreement contains the following exhibits, which are incorporated by reference herein and made part of this Agreement.
20.15.1. Exhibit A – Definitions
20.15.2. Exhibit B – Service Level
20.15.3. Exhibit C – Acceptable Use Policy
20.15.4. Exhibit D – General Security Terms
20.15.5. Exhibit E – Data Processing Terms
20.15.5.1. Appendix 1 - Details of the Personal Data Processing
20.15.5.2. Appendix 2 - Technical and Organizational Measures
20.15.5.3. Appendix 3 - List of Sub-Processors authorized to Process Customer Data
Means any referring corporation, company or entity identified as such in the Agreement or any Person that directly or indirectly controls, is controlled by, or is under common control with, a Party, where “control” means the possession, directly or indirectly, or the power to direct or cause the direction of the management policies of a person, whether through the ownership of voting securities, by contract or otherwise. In the context of the Agreement, all entities of DataSetGo are considered to be each other’s affiliates. | |
“Agreement” | Means this Software License Agreement, (including its Annexes), the Statements of Work (including their respective Annexes), any other documents incorporated or referenced in any of the aforementioned documents, as well as any other agreements between the Parties that incorporate by reference the terms and conditions of this Software License Agreement. |
“Audit” | Has the meaning given to it in Section 19. |
“Authentication Credentials”’ | Has the meaning given to it in Section Error! Reference source not found. of Exhibit D (“General Security Terms”) . |
“Authorized Parties” | Means Customer’s or an authorized Affiliate’s Employees and third-party providers authorized to access Customer’s Tenants and/or to receive Customer Data by Customer (i) in writing, (ii) through the Service’s security designation, or (iii) by system integration or other data exchange process. |
“Authorized Mark” | Means Customer’s trademarks, trade names, service marks, logos and designs provided by Customer. |
“Blocking Issue” | See “Issue”. |
“Confidential Information” | Has the meaning given to it in Section 13. |
“Consequential Damage” | Means damages or losses that do not directly and immediately result from a wrongful act, in contract or in tort, but instead indirectly and/or after the lapse of time, ) loss of earnings, business interruption or stagnation, increase of personnel cost and/or the cost of personnel depletion; damages comprising or resulting from claims by third parties, failure to realize anticipated savings or benefits and loss of data, profits, time or revenue, loss of orders, loss of customers, increase of overhead costs, and consequences of a strike, however caused. |
“Contractor” | Means any entity that use the Software on the behalf of any Person. |
“Corrective Maintenance” | Means the modification and update of the Services in order to correct Issues. |
“Critical Issue” | See “Issue”. |
“Customer” or “Customer Entity” or “Client” | Has the meaning given to it in Section 1. |
“Customer Data” | Means any and all information, data, files, records and other materials the Customer (or any Users) uploads via the Services or otherwise provides to DataSetGo. |
“Customer System” | Has the meaning given to it in the Agreement. |
“Data Protection Legislation” | Has the meaning given to it in the Data Processing Agreement as attached in Exhibit E (“Data Processing Agreement”) . |
“DataSetGo” or “DataSetGo Entity” | Has the meaning given to it in Section 1.5. |
“DataSetGo” | Means the signatory of the Software License Agreement. |
“Issue” | A functional or code error in the Software that affects (i) critical functionality or critical data and as such renders the use of the Software impossible (“ Critical or Blocking Issue”), (ii) major functionality or major data and which has a workaround that is difficult or not obvious (“Major Issue ”) (iii) minor functionality or non-critical data and which has an easy workaround (“Minor Issue”). |
“Disaster Recovery Plan” | Has the meaning given to it in Section 15.1. |
“Disclosing Party” | Has the meaning given to it in Section 13.1. |
“Dispute” | Means any dispute or controversy, or other matter in question between the Parties arising out of or in connection with the Agreement or its interpretation. |
“Disputed amount” | Has the meaning given to it in Section 8.3.2.1. |
“Documentation” | User manuals, and any other documentation related to the Software, supplied by DataSetGo to the Customer. |
“Effective Date” | Has the meaning given to it on the title page. |
“Employee” or “Worker” | Means employees, consultants, contingent workers, independent contractors, and retirees of Customer and its Affiliates whose business record(s) are or may be managed by the Service and for which a subscription to the Service has been purchased pursuant to an Order. |
“Employer” | Means any entity that employs and employee and uses the Software. |
“Evolutive Maintenance” | Means the modification and update of the Services in order to improve performance. |
“Extended Term” | Has the meaning given to it in Section 7.1.2. |
“Filling Guarantee” | Has the meaning given to it in Section 20. |
“Force Majeure Event” | Any event or circumstance outside the reasonable control of a Party. Examples of Force Majeure Events are war, terrorism, rebellion, riots, explosions, strike or social conflicts, defects in the other Party’s equipment and defects in telecommunications and IT equipment of third parties, a third party provider terminating the agreement with DataSetGo with immediate effect without such termination being caused by a material breach of DataSetGo. |
| Means that the tasks will be performed in a professional and safe manner and with the standard of skill, care, knowledge and foresight which would reasonably and ordinarily be expected from an experienced person engaged in providing services which are the same as, or similar to, the tasks performed under the Agreement; |
“Governmental Authority” | Any federal, provincial, state or local governmental, regulatory, law enforcement or self-regulatory authority, organization, agency, court, tribunal, or commission, or any other similar body or organization exercising governmental or quasi-governmental power or authority. |
“Hardship” | Has the meaning given to it in Section 8.2.2 and Section 11. |
“HR Software” | The software used by the Customer to record, process, analyze and report on information pertaining to its employees and applicants. The HR Software is further defined in the relevant Documentation. |
“Implementation Services” | The preliminary services as described in the relevant Documentation or a Change Request provided in order to enable the start of the recurrent services or a new aspect or element thereof, including as the case may be the installation, testing and putting into use of Software. |
“Infringement Claim” | Has the meaning given to it in Section 10.1.1. |
“Initial Term” | Has the meaning given to it in Section 7.1.2. |
“Installation Date” | If Software is provided as SaaS: the earliest date on which the Software is provided to the Customer via hosting. If Software is provided as described in Section 3.2.1.1 : the date on which the Software is installed at the Installation Site. |
“Installation Site” | The facilities provided by or on behalf of the Customer as set out in the relevant Documentation at which the Software shall be installed. |
“Intellectual Property Rights” | Any and all intellectual property and all rights in and to such intellectual property, including but not limited to, any patent, utility model, design right, copyright (including any right in computer software), database right or topography right (whether or not any of these are registered and including applications for registrations of any such item), trade mark, service mark, trade name, business name, trade secret, know-how, ideas, methodology, method of operation, process, look and feel, subsystem, module, graphical user interface, and any other any right or form of protection of a similar nature or having equivalent or similar effect which may subsist anywhere in the world. |
“Improvements” | Means all improvements, updates, enhancements, error corrections, bug fixes, release notes, upgrades and changes to the Service and Documentation, as developed by DataSetGo and made generally available for Production use without a separate charge to Customers. |
“Last Effective Day” | The last day on which the Agreement will be in effect. |
“Legal Change” | Has the meaning given to it in Section 6.1.1. |
“Legal Maintenance” | Means the modification and update of the Services implementing the required Legal Changes upon payment of the applicable prices, as described in the relevantDocumentation. Legal Maintenance is limited to reasonably foreseeable Legal Changes. |
“Losses” | Means any losses, damages, liabilities, costs and expenses of any nature whatsoever, including reasonable attorney’s fees and court costs. |
“Maintenance Services” | Means any Services described in the relevant Documentation provided with the purpose of modifying and updating the Services. Maintenance Services may include Corrective Maintenance, Evolutive Maintenance and Legal Maintenance. |
“Major Issue” | See “Issue”. |
“Malicious Code” or “Malware” | Means any computer virus, Trojan horse, worm, time or logic bomb, or other similar code or component designed to disable, damage or disrupt the operation of, permit unauthorized access to, erase, destroy or modify, the Software, or any other software, hardware, network or other technology. |
“Software License Agreement” | This document, including its Exhibits and Annexes. |
“Minor Issue” | See “Issue”. |
“Notice” | Has the meaning given to it in Section 21.9. |
“Notice of Election” | Has the meaning given to it in Section 10.3.1.1. |
“On-premises Software” | Has the meaning given to it in Section 3.2.1.1. |
“Order” | Means the separate ordering documents under which Customer subscribes to the DataSetGo Service pursuant to this Agreement that have been fully executed by the parties. |
“Party”, “Partie(s)” | Has the meaning given to it on the title page of the Software License Agreement. |
“Interface” | The software which creates an interface between the Customer’s System and the Software. The Interface is further defined in the relevantDocumentation. |
“Payroll Services” | Has the meaning given to it in the relevant Documentation. |
“Payroll Software” | The software used by the Customer to upload or access payroll data. The Payroll Software is further defined in the relevant Documentation. |
“Person” | An individual or a partnership, corporation, limited partnership, limited liability partnership, limited liability company, trust, joint venture, association, unincorporated organization, government agency, political subdivision, wholesale partner, reseller, employer, employee, or contractor thereof, or other entity. |
“Personal Data” | Has the meaning given to it in the Data Processing Agreement as attached in Exhibit E Error! Reference source not found. (“Data Processing Agreement”) . |
“Professional Services” | Has the meaning given to it in Section 4.1. |
“Project” | A temporary, structured set of activities necessary to deliver a defined capability (that is necessary but not sufficient to achieve a required business outcome) to the Customer in accordance with an agreed schedule and budget. The realization or re-engineering of an integrated human resources management system for the Customer by providing the Implementation Services. |
“Receiving Party” | Has the meaning given to it in Section 13.1. |
“Recurrent Services start date” | Has the meaning given to it in aDocumentation. |
“Reseller” | Any Person whom DataSetGo or Wholesell Partner contracts or otherwise engages to assist with any part of referring or selling the Software pursuant to the Agreement concluded directly with an end user customer. |
“Requirement” | See “Acceptance Criteria”. |
“Right of Use” | Has the meaning given to it in Section 3.2.1.2. |
“SaaS” | Has the meaning given to it in Section 3.2.1.1. |
“Security Breach” | Has the meaning given to it in Section 4 of Exhibit D (“General Security Terms”) . |
“Services” | Has the meaning given to it in Section 3.1. |
"Service Level" or “SLA” | The quantitative performance standards for certain of the Services. To the extent that a Service is linked to a Service Level, the applicable Service Level will be defined in the relevant Documentation. |
“Software” | The Payroll Software, HR Software, Interface and/or all other software provided by DataSetGo and as further defined in the relevant Documentation, together with all Documentation related thereto. |
“Support Services” | The services as described in the relevant Documentation provided in order to support the Customer when using the Services. |
“Taxes” | All sales taxes, value added taxes, goods and services taxes, or any other similar taxes now or hereafter levied or imposed by any Governmental Authority under applicable laws. |
“Tax Deduction” | Has the meaning given to it in Section 8.1.2. |
“Tenant” | Means a unique instance of the Service, with a separate set of customer data held by DataSetGo in a logically separated database (i.e., a database segregated through password-controlled access). |
“Tenant Base Name” | Is a naming convention that will be used in all of the tenant URLs provided by DataSetGo, as specified in Customer’s initial Order subscribing to the Service, and which shall remain constant throughout the Term. |
“Term” | The Initial Term, any and all Extended Terms and as the case may be the Exit Period. |
“Termination Assistance Services” | Has the meaning given to it in Section 7.3.1. |
“Territory” | The country, state, or region in respect of which a Service is to be delivered, as identified in the applicable Documentation. Each country for which Services are delivered is a separate Territory under the Agreement. |
“Third-Party Stakeholders” | Persons who have a contractual relationship with the Customer and who are not a subcontractor of DataSetGo. |
An individual who is authorized by the Customer in accordance with the Agreement to use a Service and to whom the Customer (or DataSetGo at Customer’s request) has supplied a user identification and Authentication Credentials. Users may include, for example, employees, consultants, contractors and agents of the Customer. | |
“Wholesale Partner” | Any Person whom DataSetGo contracts or otherwise engages to assist with any part of referring or selling the Software by white labeling the Software pursuant to the Agreement concluded directly with and end user customer. |
“Workday(s)” | Any day of the year other than a Saturday, Sunday or a statutory or civic holiday in the applicable Territory and any additional collective holidays of DataSetGo. |
EXHIBIT C – ACCEPTABLE USE POLICY
1. The Customer agrees that it shall not and/or shall not attempt to, and shall ensure that its employees and contractors it authorizes to use the Services shall not and/or shall not attempt to, unless and to the extent such restriction is not permitted under applicable laws:
1.1. use the Services for any illegal purpose or in any manner that would be illegal, offensive or damaging to DataSetGo or any third party;
1.2. copy, reproduce or in any way duplicate modify, reverse engineer, disassemble, decompile, translate, attempt to discover the source code of, or integrate in any other software, or create derivative works based on the Services in whole or in part;
1.3. assign, transfer, sublicense, charge or otherwise deal in, encumber or make available to any third party the Services or any Intellectual Property Right of DataSetGo or any third party;
1.4. remove, obscure, alter or deface any notice of confidentiality, any trademark, any copyright notice, or any other indicia of ownership that may be contained in or displayed via any information, data or materials supplied by or on behalf of DataSetGo in connection with the Services;
1.5. circumvent, eliminate, override, disable or modify any security measures as DataSetGo may provide with respect to the Services;
1.6. use any robot, spider or other automatic device, manual process or application or data mining or extraction tool to access, monitor, copy or use the Services;
1.7. use the Services or other Software in combination with any items not provided, approved or acknowledged by DataSetGo;
1.8. take any action that imposes an unreasonable or disproportionately large load on the Services; or
1.9. refer to any portion of the Software or Services, or otherwise the Services, in connection with the development of any software or other product or service having functionality, look and feel, or other features similar to the Software or any other aspects of the Services.
2. The Customer agrees he (and its Users) shall not upload or otherwise transmit to or via the Services or other Software of DataSetGo any Customer Data that: (a) infringes or otherwise violates any copyright, patent, trademark, trade secret, right of privacy, right of publicity, or other proprietary right of any individual or entity; (b) is fraudulent, misleading, defamatory, slanderous, libelous, expresses hate, harassing, abusive or unlawfully threatening; (c) is pornographic, obscene, vulgar or exploitative of any minor; (d) contains or embodies any Malicious Code; (e) impersonates any individual or entity or misrepresents the Customer’s connection to any Person; (f) advocates illegal activity or discusses an intent to commit any illegal act; or (g) otherwise violates any applicable laws.
3. The Customer shall use reasonable efforts to avoid introducing into the Services or other Software of DataSetGo any Malicious Code. In the event any Customer Data contains any Malicious Code, or in the event the Customer (or any other person utilizing the Customer’s access methods) introduces any Malicious Code into the Services or other Software of DataSetGo, the Customer shall promptly reimburse DataSetGo for all damages, losses, costs and expenses associated with eliminating such Malicious Code and otherwise remedying any adverse effects suffered by DataSetGo and other persons, relating to such Malicious Code.
4. The Customer shall notify DataSetGo immediately upon becoming aware of (a) any and all actual or suspected unauthorized uses of any of the Customer’s assigned passwords/access methods and/or any thefts, losses or other breaches of security with respect thereto; (b) any and all actual or suspected unauthorized use or misuse of any Services; (c) any and all actual or suspected infringement or other violation of any rights of DataSetGo (or its licensors) in or to any Services; (d) any other acts or omissions of any individual or entity which might jeopardize or prejudice the rights of DataSetGo in the Services or threaten the security of the Services; and (e) any claim, demand, or cause of action brought against the Customer or any other person, or any subpoena or other similar legal document served upon the Customer or any other person, which relates to this Agreement, the Software or any Services.
5. Notwithstanding the foregoing, the Customer shall have no right to prosecute or otherwise take any action in respect of any of the violations described above, and DataSetGo shall have no obligation hereunder to investigate, prosecute, or otherwise take any action in respect of any such violation of which it is notified by the Customer.
EXHIBIT D – GENERAL SECURITY TERMS
This Exhibit D describes the responsibilities with respect to the security of Customer Data.
1. SECURITY PROGRAM
1.1. DataSetGo will develop a security plan in accordance with Good Industry Practice, and will update such plan on a regular basis.
1.2. DataSetGo has implemented and will maintain the security measures established under APPENDIX 5.2 OF THE DATA PROCESSING AGREEMENT.
2. ACCESS TO DATASETGO S aaS
2.1. Users of the Services will be uniquely identified and access to SaaS will only be permitted after a User has been identified and authenticated through the appropriate mechanism/tool used to prove a person's identity, such as passwords and access tokens (“Authentication Credentials”). DataSetGo offers the minimum standards to use Authentication Credentials. A User should select an appropriate Authentication Credential in line with the Customer’s requirements. [36] [SP37]
2.2. If passwords are used and generated for authentication, DataSetGo ensures passwords have at least eight (8) characters and are hard to guess. The Customer must see to it that Users are educated about choosing proper passwords and that passwords are changed on indication or suspicion of compromise.
2.3. The Customer is responsible for managing Users and Authentication Credentials issued to Users. Users and Authentication Credentials are unique to a specific individual and shall not be shared with other individuals. The Customer recognizes that the protection of Authentication Credentials forms an integral part of its own security policies and procedures and ensures that the necessary measures are taken to adequately protect the Authentication Credentials to access SaaS.
2.4. The Customer shall be responsible for all activities that occur under Authentication Credentials that have been issued to its Users. DataSetGo reserves the right to disable any User access, at any time, if in DataSetGo’ opinion the account has been compromised or in the event activities do not comply with the provisions of the Agreement.
2.5. It is the exclusive responsibility of the Customer to indicate and request changes in Users or access rights to DataSetGo. The Customer shall periodically and at least annually review Users and access rights to the Services, Software and systems and shall communicate required changes to DataSetGo in a timely manner. Upon request of the Customer, DataSetGo shall provide the Customer with a report of all Users of the Services and their access rights.
3. VULNERABILITY TESTING [38] [SP39]
3.1. The Customer shall not on its own initiative execute or have executed any penetration test (also called “ethical hacking”) or security test on DataSetGo’ systems. Such tests can only be executed upon prior written approval of DataSetGo. The Customer may request a penetration test to verify the security level and the resistance to potential attacks originated from public networks, taking into account a four (4) weeks’ notice. The test will be executed by a third party agreed between the Parties. The scope, test schedule and obligations will be described in a separate security testing authorization agreement. All costs and expenses of such penetration test shall be borne by the Customer.
4. SECURITY INCIDENT HANDLING
4.1. Each Party shall notify the other Party of any breach of the provisions of this Annex that occur and potentially impact the Services or the confidentiality, integrity or availability of Customer Data (“Security Breach”) without undue delay after having become aware of it.
4.2. The Parties shall reasonably cooperate to investigate Security Breaches.
4.3. A Party’s obligation to notify or respond to a Security Breach will not be construed as an acknowledgement by that Party of any fault or liability with respect to the Security Breach.
EXHIBIT E – DATA PROCESSING ADDENDUM
DataSetGo, LLC , with registered office at886 Park Ave, Marco Island, FL 34145, Hereinafter referred to as “DataSetGo” | [INSERT CUSTOMER NAME], with registered office at [INSERT CUSTOMER ADDRESS] Hereinafter referred to as “Customer” |
DataSetGo and the Customer are collectively referred to as the “ Parties” and each a “Party”.
WHEREAS :
1. The present Data Processing Agreement is concluded pursuant to and is an integral part of the Software License Agreement between the Parties of [INSERT DATE] (“Software License Agreement”), together with its exhibits, appendixes, Statement(s) of Work, other incorporated or referenced documents and any other agreement between the Parties that is governed by the Software License Agreement pursuant to an explicit referral thereto, hereinafter referred to as the “Agreement”.
2. The Agreement necessitates the transfer to and processing by DataSetGo of Personal Data;
THE PARTIES AGREE AS FOLLOWS:
This Data Processing Agreement and its appendices set forth the terms and conditions pursuant to which Personal Data will be transferred and processed in the framework of the Agreement.
By signing below, a Party agrees (1) that it has received, read and understood this Data Processing Agreement, including its appendices, websites or documents incorporated by reference and (2) to be bound by the terms of all such documents.
Executed in 2 originals, each Party acknowledging receipt of one.
For and on behalf of DataSetGo: | For and on behalf of Customer: |
Signature |
Signature |
Name: | Name: |
Function: | Function: |
Date: | Date: |
Article 1 DEFINITIONS
For the purpose of this Data Processing Agreement, the following terms shall have the following meaning. In case of any doubt or differences with the terms defined in the Data Protection Legislation, the definitions stipulated in the relevant Data Protection Legislation shall prevail.
“Contact Person” | Means the individual(s) assigned by a Party and communicated to the other Party as point of contact and representing the Party for (a part of) the Services. |
“Data Controller” | means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the Processing of Personal Data. |
“Data Processor” | means a natural or legal person, public authority, agency or any other body which processes Personal Data on behalf of the Data Controller. |
“Data Protection Legislation” | means (A) (i) until 24 May 2018, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the transposition thereof in the relevant national legislation, and (ii) as from 25 May 2018, EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“ General Data Protection Regulation” or “GDPR”) , (B) together with any other laws resulting from such Directive or Regulation (A and B together “ EU Data Protection laws”) and/or (C) all other applicable laws of any other country with regard to the protection of Personal Data or privacy,. |
"Data Subject" | means an identified or identifiable natural person to whom the Personal Data relates. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. The relevant categories of Data Subjects are identified in Appendix 5.1 to this Data Processing Agreement . |
“Personal Data" | means any information relating to a Data Subject. The relevant categories of Personal Data that are provided to DataSetGo by, or on behalf of, the Customer are identified in Appendix 5.11 to this Data Processing Agreement . |
“Personal Data Breach” | means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed in connection with the provisioning of the Services. |
"Processing", “Process(es)” or “Processed” | means any operation or set of operations which is performed upon Personal Data or on sets of Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
“Standard Contractual Clauses” | Means the standard contractual clauses of which the European Commission on the basis of Article 26 (4) of Directive 95/46/EC decided that these offer sufficient safeguards for the transfers of personal data to a third country , or the data protection clauses adopted by the European Commission or by a supervisory authority and approved by the European Commission in accordance with the examination procedure referred to in Article 93(2) of the GDPR. Data protection clauses adopted in accordance with the GDPR shall replace and prevail over any standard contractual clauses adopted on the basis of Directive 95/46/EC to the extent that they intend to cover the same kind of data transfer relationship. |
“Sub-processor” | means any subcontractor engaged by DataSetGo to perform a part of the Services and who agrees to receive Personal Data intended for Processing on behalf of the Customer in accordance with Customer’s instructions and the provisions of the Agreement. |
Article 2 INTERPRETATION
This Data Processing Agreement forms an integral part of the Agreement. The provisions of the Agreement therefore apply to this Data Processing Agreement. All capitalized terms not defined in this Data Processing Agreement will have the meaning set forth in the Agreement. In case of conflict between any provision in this Data Processing Agreement and the Standard Contractual Clauses, this Data Processing Agreement shall prevail to the extent it is no less protective of Personal Data.
Article 3 SCOPE AND PURPOSE
In connection with and for the purpose of the performance of the Services under the Agreement, the Customer transfers Personal Data to DataSetGo and commissions and instructs DataSetGo to Process such Personal Data on its behalf in accordance with the provisions of the present Data Processing Agreement. A more detailed description of the instructions and purposes for the Processing of Personal Data is contained in Appendix 5.1 to this Data Processing Agreement and in the relevant Statement(s) of Work.
Article 4 SPECIFICATION OF THE DATA PROCESSING
4.1 Any Processing of Personal Data under the Agreement shall be performed in accordance with the applicable Data Protection Legislation. Each Party shall comply with the Data Protection Legislation applicable to its company.
4.2 For the performance of the Services, DataSetGo is a Data Processor acting on behalf of the Data Controller, in particular the Customer or, as the case may be, the Customer’s Affiliate(s). The Customer warrants and represents that is its and will at all times remain duly and effectively authorized to give instructions set out in this Data Processing Agreement and, as the case may be, in the relevant Statement(s) of Work on behalf of each Affiliate (who may be, as the case may be, the actual Data Controller for the processing of Personal Data) As a Data Processor, DataSetGo will only act upon Customer’s instructions (for the purpose of the Agreement, acting on its own behalf and on behalf of its Affiliate(s)). The Agreement, including this Data Processing Agreement, is Customer’s complete instruction to DataSetGo with regard to the Processing of Personal Data. Any additional or alternate instructions must be given in writing and agreed by the Parties. The following is deemed an instruction to DataSetGo to Process Personal Data: (1) Processing in accordance with the Agreement and (2) Processing initiated by Customer users in their use of the Services.
4.3 A more detailed description of the subject matter of the Processing of Personal Data in terms of the concerned categories of Personal Data and of Data Subjects (envisaged Processing of Personal Data) is contained in Appendix 5.1 to this Data Processing Agreement .
4.4 DataSetGo may direct to the Customer any requests of Data Subjects, Personal Data Breach notifications, requests for audit or investigation or any other requests. The Customer shall subsequently internally distribute such request or notifications to the relevant Data Controller, and DataSetGo reserves the right to direct any such requests and notifications to the relevant Data Controller directly.
Article 5 DATA SUBJECTS’ RIGHTS
5.1 With regard to the protection of Data Subjects’ rights pursuant to the applicable Data Protection Legislation, the Customer shall facilitate the exercise of Data Subject rights and shall ensure that adequate information is provided to Data Subjects about the Processing hereunder in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
5.2 Should a Data Subject directly contact DataSetGo wanting to exercise his individual rights such as requesting a copy, correction or deletion of his data[40] [SP41] or wanting to restrict or object to the Processing activities, DataSetGo will direct such Data Subject to the Customer. In support of the above, DataSetGo may provide the Customer’s basic contact information to the requestor. The Customer shall inform Data Subjects that they may exercise these rights solely vis-à-vis the Customer. The Customer agrees to answer to and comply with any such request of a Data Subject in line with the provisions of the applicable Data Protection Legislation.
5.3 Insofar as this is possible, DataSetGo shall cooperate with and assist the Customer for the fulfilment of the Customer's obligation to respond to requests from Data Subjects exercising their rights. Any request to correct, delete, or rectify any information shall be in accordance with the law. DataSetGo may retain a copy of any record to maintain compliance with any law to maintain such data.
Article 6 CONSULTATION AND CORRECTION OF PERSONAL DATA
DataSetGo will within a reasonable period of time, as necessary under the applicable Data Protection Legislation and upon payment of the applicable prices as provided in the Agreement either 1) provide the Customer, in its role of Data Controller, with the ability to consult or correct Personal Data, or 2) provide the Customer with a copy of the Personal Data that it Processes and make any corrections on the Customer’s behalf in accordance with the instructions of the Customer.
Article 7 DISCLOSURE
7.1 DataSetGo will not disclose Personal Data to any third party, except (1) as the Customer directs in writing, (2) as stipulated in the Agreement (3) as required for Processing by approved Sub-processors in accordance with Article 10 of this Data Processing Agreement or (4) as required by law. If the Customer instructs DataSetGo to transfer Personal Data to a Third Party Stakeholder, the Customer is and remains solely responsible to enter into written agreements with such Third Party Stakeholder regarding the protection of such Personal Data, including as the case may be the obligations imposed by the Standard Contractual Clauses, and the Customer shall indemnify, defend and hold DataSetGo harmless against any and all losses arising from a transfer of Personal Data between DataSetGo and such Third Party Stakeholder, unless and to the extent such losses are attributable to faults, negligence, willful misconduct, or fraud of DataSetGo.
7.2 DataSetGo represents and warrants that persons acting on behalf of DataSetGo that are authorized to Process Personal Data, have committed themselves to maintain the security and confidentiality of Personal Data in accordance with the provisions of the present Data Processing Agreement. To this end, DataSetGo shall inform the persons acting on its behalf and having access to Personal Data about the applicable requirements and ensure their compliance with such requirements through contractual or statutory confidentiality obligations.
Article 8 DELETION AND RETURN OF PERSONAL DATA
8.1 Upon request by Customer or termination of the Agreement, DataSetGo shall delete or anonymize all Personal Data on its systems (without prejudice to any backup archives) at the latest a sixty (60) calendar days after the Last Effective Day of the Agreement, at the latest a sixty (60) calendar days after the request from Customer where applicable, unless otherwise instructed by the Customer. The Customer clearly understands that, in the event the Customer requests to delete or anonymize the Personal Data before termination of the Agreement and/or Services, DataSetGo shall no longer be able to deliver any Services to the Customer and DataSetGo shall no longer be able to comply with any provision of the Agreement involving Personal Data, with immediate effect as from the Customer’s request and without any possibility to rectify the consequential situation. In the event such is the case, the Customer shall be held to pay the termination fees in accordance with article 7.2.5 of the Agreement “
8.2 Termination Fee”. The Customer shall protect, defend and hold DataSetGo harmless from and against any and all Losses, claims, fines and other damages resulting from or in connection with DataSetGo deletion or anonymization of Personal Data in accordance with this clause. No limitations on liability shall apply in relation to the Customer’s indemnification obligations provided herein.
8.3 Upon written request submitted by the Customer no later than thirty (30) calendar days prior to the Last Effective Day of the Agreement, DataSetGo will provide the Customer with a readable copy of the live Personal Data on its systems on the Last Effective Day of the Agreement. In the event the Customer requests the Personal Data to be delivered in a format that requires additional effort from DataSetGo to manipulate such personal Data, DataSetGo may charge the Customer for its efforts performed in this respect. Return of the complete set of Personal Data, without selection and in its ‘as-is’ format will not entail additional costs for the Customer.
Article 9 LOCATION OF PROCESSING
9.1 Subject to Article 10 of this Data Processing Agreement, Personal Data that DataSetGo Processes on the Customer’s behalf may be Processed in any country in which DataSetGo, its Affiliates and authorized Sub-Processors maintain facilities to perform the Services and the Customer authorizes DataSetGo to perform any such transfer of Personal Data to any such country and to Process Personal Data in such country in relation to the provision of the Services.
9.2 Any transfer from one territorial jurisdiction to and Processing in another territorial jurisdiction (the EU constituting one single jurisdiction for the purpose of this Article) will only be undertaken in compliance with the applicable Data Protection Legislation, such as the execution of an additional data processing agreement including the Standard Contractual Clauses (as the case may be).
9.3 DataSetGo does not control or limit the geographical territory from which the Customer or the Customer’s end users can Process Personal Data.
Article 10 USE OF SUB-PROCESSORS
10.1 The Customer acknowledges and expressly agrees that DataSetGo may transfer Personal Data to third party Sub-processors for the provision of the Services if such transfer is done in accordance with the terms of the present Article and in accordance with the Data Protection Legislation.
10.2 DataSetGo will enter into written agreements with any such Sub-processor which contain obligations no less protective than those contained in this Data Processing Agreement, including the obligations imposed by the Standard Contractual Clauses, as applicable. The Customer hereby explicitly grants DataSetGo a mandate to execute and enforce the Standard Contractual Clauses on its behalf against DataSetGo’ relevant Sub-processors, such Standard Contractual Clauses being governed by the present Data Processing Agreement.
10.3 DataSetGo will inform the Customer in advance about all Sub-processors that will Process Personal Data in connection with the performance of the Services and will provide a notice mechanism to inform the Customer about changes relating to the Sub-processors. Upon signature of the present Data Processing Agreement, the Customer authorises the use of the Sub-processors on the list of Sub-processors as set out in Appendix 5.3 of this Data Processing Agreement and as amended from time to time in accordance with this Data Processing Agreement.
10.4 Before authorizing any new Sub-processor to Process Personal Data in connection with the provision of the Services, DataSetGo will provide the Customer with a notice of that update. This notice mechanism represents DataSetGo’ duty to inform and request consent from the Customer for the use of a new Sub-processor.
10.5 If the Customer reasonably objects to the Processing of Personal Data by one or more Sub-processors, then the Customer shall notify DataSetGo in writing (including e-mail) within 30 (thirty) calendar days after receipt of DataSetGo’ notice. [42]
10.6 In the event Customer objects to a Sub-processor, DataSetGo will use reasonable efforts to change the affected Services or to recommend another commercially reasonable change to the Customer’s use of the affected Services to avoid the Processing of Personal Data by the Sub-processor concerned. If DataSetGo is unable to make available or propose such change within (60) calendar days, the Customer may terminate the relevant part of the Agreement regarding those Services which cannot be provided by DataSetGo without the use of the Sub-processor concerned. To that end, the Customer shall provide written notice of termination taking into account a notice period of 6 months and providing a reasonable motivation for non-approval.
10.7 Any such Sub-processors to whom DataSetGo transfers Personal Data will be permitted to obtain Personal Data only to deliver the services DataSetGo has entrusted them with and will be prohibited from using such Personal Data for any other purpose. DataSetGo remains responsible for any such Sub-processor’s compliance with DataSetGo’ obligations under the Agreement, including the present Data Processing Agreement.
Article 11 TECHNICAL AND ORGANIZATIONAL MEASURES
11.1 DataSetGo has implemented and will maintain appropriate technical and organizational measures intended to protect Personal Data against accidental, unauthorized or unlawful access, disclosure, alteration, loss or destruction. These measures shall include the following measures:
a) the prevention of unauthorized persons from gaining access to systems Processing Personal Data (physical access control)
b) the prevention of systems Processing Personal Data from being used without authorization (logical access control)
c) ensuring that persons entitled to use a system Processing Personal Data gain access only to such Personal Data as they are entitled to accessing in accordance with their access rights, and that, in the course of Processing, Personal Data cannot be read, copied, modified or deleted without authorization (data access control)
d) ensuring that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage on storage media, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control)
e) ensuring the establishment of an audit trail to document whether and by whom Personal Data have been entered into, modified in, or removed from systems Processing Personal Data (entry control)
f) ensuring that Personal Data Processed are Processed solely in accordance with the instructions (control of instructions)
g) ensuring that Personal Data are protected against accidental destruction or loss (availability control)
11.2 The present technical and organizational measures are described in Appendix 5.2 to this Data Processing Agreement . DataSetGo shall adapt such measures systematically to the development of regulations, technology and other aspects and supplemented with the applicable technical and organizational measures of Sub-processors, as the case may be. In any event, the implemented technical and organizational measures shall ensure a level of security appropriate to the risks represented by the Processing and the nature of the Personal Data to be protected, taking also into account the state of technology and the cost of their implementation.
11.3 During the term of this Data Processing Agreement, the Customer may request DataSetGo to provide the Customer within a reasonable period of time with an updated description of the implemented technical and organizational protection measures.
Article 12 PRIVACY AND DATA PROTECTION REPRESENTATIVE
DataSetGo shall appoint a “Data Protection Officer” responsible for privacy and data protection matters. This Data Protection Officer can be reached at the following address:
DataSetGo, LLC
Attn: Data Protection Officer
dataprotectionofficer@datasetgo.com
Article 13 PERSONAL DATA BREACH
13.1 In the event of a Personal Data Breach and irrespective of its cause, DataSetGo shall notify the Customer without undue delay after having become aware of such Personal Data Breach, specifying where known or readily identifiable:
h) the nature of the Personal Data Breach;
i) the categories and approximate number of Data Subjects and Personal Data records concerned;
j) as the case may be, the remedial actions taken or proposed to address the Personal Data Breach, to mitigate its effects and to prevent recurrence;
k) the identity and contact details of the Data Protection Officer or another Contact Person from whom more information can be obtained.
13.2 The Customer must notify DataSetGo promptly about any possible misuse of its accounts or Authentication Credentials or any security issue related to its use of the Services.
13.3 The Party responsible for the Personal Data Breach shall without undue delay further investigate the Personal Data Breach and shall keep the other Party informed of the progress of the investigation and take reasonable steps to further minimize the impact. Both Parties agree to fully cooperate with such investigation and to assist each other in complying with any notification requirements and procedures.
13.4 A Party’s obligation to report or respond to a Personal Data Breach is not and will not be construed as an acknowledgement by that Party of any fault or liability with respect to the Personal Data Breach.
Article 14 DATA PROTECTION IMPACT ASSESSMENTS
Where the Customer is obligated to execute a data protection impact assessment (“DPIA”), DataSetGo shall provide cooperation and assistance to the Customer for the execution of the DPIA to allow the Customer to comply with its obligations. Upon prior written notice and approval by Customer, DataSetGo shall be entitled to invoice the Customer on a time and material basis at the then-current applicable prices for any time expended for any such assistance. .
Article 15 CUSTOMER RESPONSIBILITIES
15.1 The Customer shall comply with the applicable Data Protection Legislation as well as any other laws applicable to the Customer. If compliance with any such specific laws, which are not directly applicable to DataSetGo is its capacity of a processor requires any actions with regard to data protection on the part of DataSetGo in addition to the obligations set forth in this Data Processing Agreement, such actions will only be taken upon mutual agreement between the Parties. Upon prior written notice and approval by Customer, DataSetGo shall be entitled to invoice the Customer for its efforts performed in this respect.
15.2 The Customer is solely responsible for the lawfulness of Personal Data.
15.3 The Customer represents and warrants that, where it provides any Personal Data to DataSetGo for Processing by DataSetGo:
15.3.1 it has duly informed the relevant Data Subjects of their rights and obligations, and in particular has informed them of the possibility of DataSetGo (or a category of service providers to which DataSetGo belongs) Processing their Personal Data on the Customer’s behalf and in accordance with its instructions;
15.3.2 it has complied with all applicable Data Protection Legislation in the collection and provision to DataSetGo of such Personal Data;
15.3.3 the Processing of such Personal Data in accordance with the instructions of the Data Controller is lawful;
15.4 The Customer shall take reasonable steps to keep Personal Data up to date to ensure the data are not inaccurate or incomplete with regard to the purposes for which they are collected.
15.5 With regard to components that the Customer provides or controls, including but not limited to workstations connecting to DataSetGo Services, data transfer mechanisms used and credentials issued to Customer personnel, the Customer shall implement and maintain the required technical and organizational measures for data protection.
Article 16 NOTIFICATIONS
16.1 Unless legally prohibited from doing so, DataSetGo shall notify the Customer as soon as reasonably possible if it or any of its Sub-processors, with regard to the Customer’s Personal Data:
16.1.1 receive an inquiry, a subpoena or a request for inspection or audit from a competent public authority relating to the Processing.
16.1.2 intend to disclose Personal Data to any competent public authority outside the scope of the Services of the Agreement. At the request of the Customer, DataSetGo shall provide a copy of the documents delivered to the competent authority to the Customer.
16.1.3 receive an instruction that infringes the Data Protection Legislation and/or the obligations of this Data Processing Agreement.
16.2 Any notification under this Data Processing Agreement, including a Personal Data Breach notification, will be delivered to one or more of Customer’s Contact Persons via e-mail. Upon request of the Customer, DataSetGo shall provide the Customer with an overview of the contact information of the registered Customer’s Contact Persons. It is Customer’s responsibility to timely report any changes in contact information and to ensure Customer’s Contact Persons maintain accurate contact information.
Article 17 AUDIT & COMPLIANCE
17.1 DataSetGo will assist the Customer in demonstrating compliance with Article 28 of the GDPR by making available upon request of the Customer all information necessary to demonstrate such compliance.
17.2 The Customer is entitled to reasonably verify DataSetGo’ compliance with this Data Processing Agreement. To this extent, the Customer may, upon request in writing and with prior notice of thirty (30) calendar days (unless a shorter notice period would be required by mandatory applicable law) at its own expense instruct acknowledged audit professionals to execute such audit:
a) once every twelve (12) months provided that such additional audit inquiries shall not unreasonably impact in an adverse manner DataSetGo’ regular operations and do not prove to be incompatible with the applicable legislation or with the instructions of a competent authority;
b) where a competent data protection authority requires this under applicable Data Protection Legislation;
c) following a Personal Data Breach.
17.3 Before the commencement of any such additional audit inquiries, the Customer and DataSetGo shall mutually agree upon the scope, timing and duration of the audit.
17.4 The Customer shall promptly notify DataSetGo with information regarding any non-compliance discovered during the course of additional audit inquiries. The Customer agrees to provide DataSetGo with a draft of the audit report for review. DataSetGo is entitled to propose any amendments and add management comments to this draft before the Customer establishes the final version.
17.5 During such audit, DataSetGo shall provide reasonable cooperation and assistance to the auditors. Except in circumstances where Article 17.2(c) are triggered, DataSetGo shall be entitled to invoice the Customer on a time and material basis at the then-current applicable prices for any time expended for any such audit inquiries. The Customer shall not be entitled to claim compensation for any kind of audit expenses incurred by the Customer.
17.6 DataSetGo audit report, any other information to which the Customer or the aforementioned audit professionals have access pursuant to any audit activities, as well as an attestation of the implementation of the technical and organizational measures to protect Personal Data will be considered DataSetGo Confidential Information.
Article 18 TERM AND TERMINATION
This Data Processing Agreement enters into force on the date of its signing by all Parties and remains in force until Processing of Personal Data by DataSetGo is no longer required (a) in the framework of or pursuant to the Agreement or (b) for a period after termination of the Agreement for any reason whatsoever, in accordance with the Customer’s explicit instructions.
Article 19 Applicable law
This Data Processing Agreement and any rights and obligations arising out of it shall be interpreted according to and governed by the laws governing the Agreement, except if an Article or provisions dictate the application of another law. If Personal Data are protected by EU Data Protection laws, such EU Data Protection laws will in any event prevail.
Article 20 Costs and expenses
Except in circumstances where Article 17.2(c) are triggered, and upon prior written notice and approval by Customer, where this Data Processing Agreement stipulates that DataSetGo shall be entitled to charge the Customer for its assistance, DataSetGo shall invoice its assistance on a time and material basis (actual hours performed and expenses incurred), unless Parties would agree otherwise ad hoc. DataSetGo commits to set the concerned prices reasonably and in accordance with the rates DataSetGo usually applies at the time the efforts are being performed. Where the Customer requests such out-of-scope assistance to be provided, Customer may request from DataSetGo a preliminary quotation of the costs involved.
Appendices To Error! Reference source not found. – Data processing agreement
5.1 Details of the Personal Data Processing
5.2 Technical and Organizational Measures
5.3 List of Sub-processors authorized to Process Customer Data
APPENDIX 5.1 TO THE DATA PROCESSING AGREEMENT - DETAILS OF THE PERSONAL DATA PROCESSING
1. DATA SUBJECTS
Present and former job candidates, employees, contractors, agents and other collaborators of the Customer, as well as third parties who are appointed by the aforementioned persons as family members or contact persons.
2. CATEGORIES OF PERSONAL DATA
The Personal Data transferred concerns all relevant information that is required to deliver the requested Services, which may include (a subset of) the following categories of data:
a) Personal details such as name, birth date, etc.
b) Contact details such as address, e-mail address, telephone number, etc.
c) Marital status and information on partner and children
d) Payment details, including bank account number
e) Employee number
f) Job (description)
g) Employee contract data including but not limited to gross salary, compensations and other employee benefits
h) Social security number (if required for government declarations),
i) Expenses
j) Time registration and absence information
k) Qualifications, including CV and references
l) Information regarding education, training, etc. the Data Subject has received or will follow
m) Information regarding personal development and evaluations
n) Authentication Credentials to use the Services, such as username, IP address, PC Name, etc.
o) Activities performed by Customer users in their use of the Services
p) Any other category of Personal Data agreed upon between Parties in any other document of the Agreement.
Customer’s data fields can be partly configured as part of the implementation of the Services or as otherwise permitted within the scope of the Services.
3. PURPOSES OF PROCESSING OF PERSONAL DATA
Personal Data will be Processed for the purpose of the performance of the Services under the Agreement including the following purposes:
a) Employee HR administration
b) Payroll and employee benefits administration
c) Compliance with social and fiscal laws
d) Management of employee development and training plans
e) Personal development and performance evaluation of employees
f) Work planning and organization
g) Scientific studies and research
i) Providing access to information systems and premises
j) Continuous improvement of the Services
k) Compliance with Data Protection Legislation, information security requirements and service level agreements
l) Claims management with and between the Customer, DataSetGo, the Data Subject(s) and/or third parties, including beyond termination of the Agreement for any reason whatsoever
m) Any other purpose of Processing of Personal Data agreed upon between Parties in an Order Form or any other document of the Agreement.
For the avoidance of doubt, Personal Data will be Processed beyond termination of the Agreement for the purposes established in c), g), h) and l).
APPENDIX 5.2 TO THE DATA PROCESSING AGREEMENT – Technical and Organizational measures
Domain | Practices |
Information Security Policy and Organization of Information Security | Ownership for Security and Data Protection . DataSetGo has appointed a Risk & Security Officer responsible for coordinating and monitoring the security rules and procedures as well as data protection compliance. Security Roles and Responsibilities . Security responsibilities of DataSetGo co-workers are formally documented and published in security and privacy policies. Risk Management Program . DataSetGo executes periodical risk assessments of the implemented security controls. |
Human Resources Security | Confidentiality obligations .DataSetGo co-workers are subject to confidentiality obligations and these are integrated into employment contracts. Security and privacy training . DataSetGo informs its co-workers about relevant security measures to protect Customer Data. Termination. DataSetGo ensures according to formal security administration procedures that access rights are timely revoked upon termination. |
Asset Management | Asset Inventory . DataSetGo maintains an inventory of all computing equipment and media used. Access to the inventories is restricted to authorized DataSetGo personnel. Asset Handling - Data on portable devices are encrypted. - DataSetGo has procedures for securely disposing of media and printed materials that contain confidential data. |
Cryptography | Encryption of Customer Data is performed according to formal processes and encryption standards. SSL/TLS encryption mechanisms follow the highest standards only using strong ciphers and at least 128-bit encryption. |
Physical and Environmental Security | Physical Access to Facilities . - DataSetGo limits access to facilities where Customer Data are processed to identified and authorized individuals. - Physical access to data centers is only granted following a formal authorization procedure and access rights are reviewed periodically
Protection from Disruptions . DataSetGo uses a variety of industry standard systems to protect its data centers against loss of data due to power supply failure, fire and other natural hazards. |
Access Control | Access Policy . DataSetGo enforces an access control policy based on need-to-know and least privileges principles. Access Authorization - DataSetGo has implemented and maintains an authorization management system that controls access to systems containing Customer Data. - Every individual accessing systems containing Customer Data has a separate, unique identifier/username. - DataSetGo restricts access to Customer Data to those individuals who require such access to perform their job function. Authentication - DataSetGo uses industry standard practices to identify and authenticate Users who attempt to access DataSetGo network or information systems, including strong authentication. - Where Authentication Credentials are based on passwords, DataSetGo requires that the passwords are at least eight characters long and sufficiently complex. - De-activated or expired identifiers/usernames are not granted to other individuals. - Accounts will be locked out in case of repeated attempts to gain access to the information system using an invalid password. - DataSetGo maintains practices designed to ensure the confidentiality and integrity of passwords when they are assigned and distributed, and during storage. Network access .DataSetGo maintains control measures (e.g. firewalls, security appliances, network segmentation) to provide reasonable assurance that access from and to its networks is appropriately controlled. |
Operations Security | Data Recovery Procedures - On an ongoing basis, but in no case less frequently than once a day (unless no data has been updated during that period), DataSetGo maintains backup copies of Customer Data for recovery purposes. - DataSetGo stores copies of Customer Data and data recovery procedures in a different place from where the primary computer equipment processing the Customer Data is located. Malicious Software . DataSetGo maintains anti-malware controls to help avoid malicious software gaining unauthorized access to Customer Data. Security updates .Security patches are followed-up and installed following a documented security patch management process. Event Logging . DataSetGo logs access and use of its information systems containing Customer Data, registering the access ID, time and relevant activity. |
Communications Security | Network Segregation . DataSetGo has implemented a network segmentation policy and controls to avoid individuals gaining access to communication and systems for which they have not been authorized. Transfer outside own network . DataSetGo encrypts, or provides the mechanisms to the Customer to encrypt, customer information that is transferred across public networks. Information Transfer . Any transfer of Customer Data to third parties is only performed when authorized and following the execution of a formal written non-disclosure agreement. |
System Acquisition, Development & Maintenance | Security Requirements . Requirements for protecting data and systems are analysed and specified. Change Control . DataSetGo has implemented a formal change management process to ensure changes to operational systems and applications are performed in a controlled way. |
Supplier Relationships | Supplier Selection . DataSetGo maintains a selection process by which it evaluates the security and privacy and practices of a subcontractor with regard to data handling. Contractual Obligations . Suppliers with access to Customer Data are subject to data protection and security obligations and these are formally integrated into supplier contracts. |
Information Security Incident Management | Incident response . DataSetGo maintains a record of security breaches with a description of the breach, the time period, the consequences of the breach, the name of the reporter, and to whom the breach was reported. Incident notification . For each security breach that impact the confidentiality or integrity of Customer data, notification by DataSetGo (as described in the “Security Incident Notification” section below) will be made without unreasonable delay. |
Business Continuity Management | Disaster Recovery . DataSetGo maintains a disaster recovery plan (DRP) for the facilities in which DataSetGo information systems that process Customer Data are located. The DRP is tested at least annually. Redundancy . DataSetGo’ redundant storage and its procedures for recovering data are designed to attempt to reconstruct Customer Data in its last-replicated state from before the time it was lost or destroyed. |
Compliance | Security Reviews . Information security controls are independently audited and reported to management on a periodical basis. |
APPENDIX 5.3 List of Sub-Processors Authorized to process Customer Data
DataSetGo and its affiliates may hire other companies to provide limited services on its behalf. Any such sub-processors will be permitted to obtain Customer Data only to deliver the services DataSetGo has retained them to provide, and they are prohibited from using Customer Data for any other purpose.
Function | Sub-Processor (country of operation) |
Payroll services Partners that provide payroll services on our behalf in countries where we are not present | [INSERT INFORMATION] |
Software Partner software delivered under DataSetGo paper | [INSERT INFORMATION] |
Customer service software solution Online management of customer service and support requests | [INSERT INFORMATION] [INSERT INFORMATION] |
Network services Infrastructure, operations and support on network connectivity | [INSERT INFORMATION] [INSERT INFORMATION] |
Datacenter infrastructure services Infrastructure, operations and support of core datacenter services | [INSERT INFORMATION] [INSERT INFORMATION] |
IT operations Assist with platform operations, monitoring and troubleshooting | [INSERT INFORMATION] [INSERT INFORMATION] |
DataSetGo affiliates DataSetGo personnel may be employed by one of these DataSetGo affiliates. | [INSERT INFORMATION] |
Notice to Customers
We will provide notice to customers that we require information from them to verify their identities, as required by federal law. In addition to incorporating the below notification on our website, verbally explaining to the subscribers, we will also incorporate sufficient information regarding our verification process into documentation, as necessary. The foregoing will be inclusive of communicating with subscribers when presenting our services to them and including it in any common questions and answers on our website.
Important Information About Procedures for Opening a New Account
To help the government fight the funding of terrorism and money laundering activities, federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account.