Keep Aware Service Agreement
Last Revised: December 3, 2022
This Keep Aware Service Agreement (this “Agreement”) between Keep Aware, Inc. (“Keep Aware”) and Customer granted rights under this Agreement (hereinafter “Customer” or “You” or “Your” or “Your Organization”) governs the purchase, access, and use of Products by the Customer. Your use of the Products is subject at all times to this Agreement. By using the Products, You understand and agree to be legally bound by the terms of this Agreement.
- “Affiliate” means any entity controlled, directly or indirectly, by, under common control with, or controlling a party, and specifically includes without limitation, subsidiaries, partnerships, joint ventures, and other entities or operations for which the Party has operational or management control.
- “Combined Data” means Customer Data that is anonymized, and combined with data from other customer environments or other data sources.
- “Customer Data” means all data and information submitted by Customer to, or accessible to the Products or Keep Aware including Personal Data.
- “Data Protection Laws” means EU Data Protection Laws, U.S. Cyber Incident Reporting Laws, and, to the extent applicable, the data protection or privacy laws of any other country in respect of the controller of the Personal Data.
- “Documentation” means the documentation, data sheets, and manuals for the Products, as updated by Keep Aware from time to time.
- “Fees” means any fees paid or to be paid for Products under a Product Order.
- “Intellectual Property” means patents, trademarks, service marks, copyrights (including rights in computer software and programs), trade secrets, moral rights, right of publicity, authors’ rights, contract, and licensing rights, goodwill, and all other intellectual property rights that may exist now or hereafter come into existence and all renewals and extensions thereof, regardless of whether such rights arise under the law of the United States or any other state, country or jurisdiction.
- “Keep Aware” means Keep Aware, Inc., a Delaware corporation.
- “Partner” means an entity approved by Keep Aware to resell or provide Products to customers.
- “Personal Data” means information relating to the identification of a person or other regulated data types as defined by applicable Data Protection Laws.
- “Products” mean all Keep Aware Software, Support Services, Cloud Solutions, SaaS, and Assessments, collectively.
- “Product Order” means a written proposal or order form approved by Keep Aware or Partner.
- “Software” means any Keep Aware software, extension, addon, application, computer, or program code, in any format provided to Customer as well as any copies or extractions made by or on the Customer’s behalf. This includes upgrades, new features, updates, or any additions to the Software that are available to Customer.
- “Support Services” means services that are provided by Keep Aware to Customer in connection to the Products for account management, assessments, and deployment.
- “Term” means the subscription term specified in the Product Order as defined in Section 9.1 of this Agreement.
- “Users” means individuals who are authorized by Customers to use the Products, for whom subscriptions to the Products have been ordered, and who have been supplied identifications. Users may include but are not limited to Customer’s employees, consultants, contractors and agents, and third parties with which Customers transact business.
2. PRODUCT ORDERS.
Customer must purchase Products through a valid Product Order to receive and use Products. A Product Order must reference this agreement in order to be valid. Keep Aware is not obligated to provide any Products to Customer until we receive a Product Order. The purchase of any Products is not dependent upon any future functionality or the delivery of future features. Additionally, the purchase of any Products is not dependent on any oral or written public comments made by Keep Aware with respect to any future functionality.
3. INTELLECTUAL PROPERTY; OWNERSHIP; GUIDELINES AND RESTRICTIONS
- Intellectual Property. All Intellectual Property Rights to the Products and Documentation belong to Keep Aware. All rights to the Customer Data and Customer’s Intellectual Property Rights belong to Customer. No rights are granted to Keep Aware other than those specified in this Agreement.
- Restrictions. Customer shall not (a) create, modify, derive works from, distribute, or publicly display the Products or any benchmarks, measurements, graphics or reports derived or directly from the Products; (b) reverse engineer the Products; (c) access the Products in order to build a competitive product or service, copy any ideas, functionality, graphics or features of the Products. (d) sell, sublease, lend, or transfer the Products or any of its rights and obligations under the Agreement; or (e) operate the Products that exceed the capacity or capabilities that were purchased.
- Customer Guidelines. Customer grants Keep Aware a limited license to access and use the Customer Data as necessary for providing the Products and Support Services. Customer understands and agrees that Keep Aware may (a) utilize Combined Data to further develop and enhance the Products; or (b) create and commercialize measurements based on Combined Data. Customer will be responsible for establishing, monitoring, and implementing security practices to control the use of the Products and all Customer Data.
4. FEES AND PAYMENTS; TAXES.
Fees and Payment terms must be agreed upon and documented between Customer or its Affiliate(s) and Partner. Fees do not include local, state, or federal taxes or duties of any kind and any such taxes will be assumed and paid by Customer, except for taxes on Keep Aware based on Keep Aware’s income or receipts.
- Definitions. As used in this Agreement, “Confidential Information” means all non-public information in any form that is in possession of the other party (“Receiving Party”) regardless of the method of acquisition that the party disclosing the information (“Disclosing Party”) designates as confidential or should be reasonably known by the Receiving Party to be Confidential Information due to the method of acquisition or the type of information disclosed. Information disclosed through this Agreement, the Products, Documentation, Customer Data, Fees, and Payment terms shall be protected as Confidential Information. This should not apply to information that: (a) was known or becomes known to the general public without a breach of obligation or obligation of confidentiality to the Disclosing Party; (b) was known to the Receiving Party prior to its disclosure by the Disclosing Party without a breach of obligation of confidentiality to the Disclosing Party; (c) is independently developed by the Receiving Party without violating the Disclosing Party’s rights; (d) was lawfully in the possession of the Receiving Party before the information was disclosed by the Disclosing Party.
- Destruction. On termination of the Agreement, each Party will promptly return or destroy all Confidential Information of the other Party.
- Required Disclosure. If the Receiving Party is compelled by law to disclose Confidential Information of the Disclosing Party, it shall provide the Disclosing Party with prior notice of such compelled disclosure, to the extent legally permitted, and reasonable assistance, at Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure.
- Remedies. If the Receiving Party discloses or uses (or threatens to disclose or use) any Confidential Information of the Disclosing Party in breach of the confidentiality protections hereunder, or if the Receiving Party is compelled to disclose (or is likely to become compelled to disclose) any Confidential Information of the Disclosing Party pursuant to Section 5.3, the Disclosing Party shall have the right, in addition to any other remedies available to it, to seek injunctive relief to enjoin such acts or seek a protective order regarding such acts.
- Software Warranty. Keep Aware warrants that the Products will be free of defects that prevent normal use and conform to the Documentation. You must notify Keep Aware of any warranty breach during the Term.
- Support Services Warranty. Keep Aware warrants that the Support Services will be performed in a professional manner consistent with industry standards. You must notify Keep Aware of any warranty breach during the period of time when the Support Services are being performed or no later than thirty (30) days following the conclusion of the Support Services.
- DISCLAIMER. WITH THE EXCEPTION OF THE WARRANTIES SPECIFIED IN THIS AGREEMENT, ALL PRODUCTS ARE PROVIDED ON AN “AS IS” BASIS WITHOUT ANY WARRANTY. KEEP AWARE DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, KEEP AWARE DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT WITH RESPECT TO THE PRODUCTS. THERE IS NO WARRANTY THAT THE PRODUCTS WILL BE ERROR FREE.
- Keep Aware Indemnity. Keep Aware will indemnify and hold Customer harmless, from and against any claim against Customer by an unaffiliated third party alleging that the Products or use of the Products violates that third party’s intellectual property rights. Keep Aware shall at its cost and expense defend such claim and pay damages awarded against Customer to such third party by a court (Section 11.6, “Governing Law”) as a result of such claim.
- Remedies. Keep Aware accepts these obligations provided, that Customer: (a) promptly notifies Keep Aware in writing of such claim; (b) gives Keep Aware exclusive control and authority over the defense or settlement of such claim; and (c) provides reasonable assistance requested by Keep Aware in connection with the defense or settlement of such claim, at Keep Aware’s expense.
8. LIMITATION OF LIABILITY.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY IN CONNECTION WITH THIS AGREEMENT FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY DAMAGES OF ANY KIND, OR ANY LOST PROFITS OR LOST SAVINGS, HOWEVER CAUSED, WHETHER FOR BREACH OR REPUDIATION OF CONTRACT, TORT, BREACH OF WARRANTY, NEGLIGENCE, OR OTHERWISE, WHETHER OR NOT SUCH PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES; OR AN AMOUNT THAT EXCEEDS THE TOTAL FEES PAID OR PAYABLE TO KEEP AWARE FOR THE APPLICABLE PRODUCT DURING THAT PRODUCT ORDER TERM.
9. TERM AND TERMINATION.
- Term. The terms of the Customer’s subscription to the Products as specified in the Product Order (“Term”). The Term will start and end on the dates set forth in a Product Order. An additional Term may be agreed upon before the end date of the initial Term; otherwise, the Customer’s subscription will terminate on the subscription end date.
- Termination for Breach. Either party may terminate this Agreement if: (a) the other party is in breach of this Agreement and fails to resolve such breach within thirty (30) days of receiving notice; or (b) if the other party becomes the subject of any proceeding relating to insolvency.
- Effect of Termination. The following provisions shall survive the termination of this Agreement and all Orders: Section 3 (“Intellectual Property; Ownership; and Restrictions”), Section 4 (“Fees and Payments”), Section 5 (“Confidentiality”), Section 6.3 (“Disclaimer”), Section 7 (“Indemnity”), Section 8 (“Limitation of Liability”), Section 9.3 (“Effect of Termination”), Section 10 (“Data Protection”), and Section 11 (“General Provisions”).
10. DATA PROTECTION.
The Products may be used to process Personal Data regulated by the Data Protection Laws and Keep Aware shall comply with the data processing requirements as described in Schedule A (“Data Processing Agreement”).
11. GENERAL PROVISIONS.
- Export Restrictions. Customer acknowledges that the Products may be subject to United States export control and economic sanctions laws and other foreign trade controls.
- Notices. All notices will be in writing and delivered to the receiving party’s current business contact. Notices will only become effective on actual receipt.
- Relationships of the Parties. The parties are independent contractors. This Agreement does not create a partnership, joint venture, or agency between the parties.
- Severability. Any provision of this Agreement found unenforceable or illegal by a court (Section 11.6, “Governing Law”) will not affect the validity and enforceability of the remaining provisions of this Agreement.
- Assignment. This Agreement may not be assigned by either party without the written consent of the other party. Without the consent of the other party, either party may assign this Agreement in its entirety to an Affiliate or in connection to an acquisition or the sale of all or substantially all of its shares or assets to another entity that is not in direct competition with the non-assigning party.
- Governing Law. This Agreement and any disputes related to this Agreement shall be governed by and construed in accordance with the laws of the State of Delaware without giving effect to its conflicts of laws rules, the United Nations Convention on the International Sale of Goods, or the Uniform Computer Information Transactions Act.
- Force Majeure. Neither party will be liable for any non-performance or delay in any other obligation under this Agreement, which is due to a Force Majeure Event. The affected party shall make reasonable efforts to mitigate the effects of the Force Majeure Event. The affected party shall be relieved from its obligations under this Agreement while the Force Majeure Event hinders the performance of said obligations.
- Entire Agreement. This Agreement constitutes the entire agreement between the parties and supersedes all prior agreements, discussions, proposals, or understandings of every kind and nature, written or oral, concerning its subject matter. No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and signed by both parties.
SCHEDULE A: DATA PROCESSING AGREEMENT
- DEFINITIONS. The terms defined in this Appendix shall have the meanings as set forth in the Keep Aware Service Agreement. Any terms not defined by this Appendix or the Agreement shall have the meaning given by GDPR.
- DATA PROCESSING
- Purpose. The parties acknowledge and agree that this Data Processing Agreement (“DPA”) applies to the processing of Personal Data for the provision of the Products, Customer is the Controller, and Keep Aware is the Processor.
- Processing Personal Data. The Processor shall process Personal Data for the following purposes: (a) processing necessary for the delivery of the Products or Support Services as outlined in the Data Sheets for the respective Product; (b) processing initiated by the Customer’s end users throughout the use of the Products; and (c) processing to comply with reasonable written requests provided by Customer to Keep Aware through an email or support request where such requests are consistent with the terms of the Agreement, as required to comply with GDPR.
- TYPES OF PERSONAL DATA
- Categories of Data Subjects
- Employees including volunteers, agents, temporary workers, and independent contractors
- Customer clients and prospective clients
- Suppliers and vendors
- Advisors and consultants
- Customer officers and directors
- Types of Personal Data
- IP addresses
- Email addresses
- User names
- Host names
- User agents
- File names
- And any other types of Personal Data that may be contained in Controller’s web traffic.
- Categories of Data Subjects
- SUBPROCESSORS. The Processor will not use subprocessors for the processing of Personal Data unless such approval is authorized, in writing, and signed by both the Controller and the Processor.
- RIGHTS AND OBLIGATIONS OF THE CONTROLLER. The Controller instructs the Processor to take such steps in the processing the Personal Data only in accordance with any documented instructions from the Controller with respect to the processing of such Personal Data and in a manner necessary for the provision of the Products which will include processing in accordance with this DPA and the Agreement.
- RIGHTS AND OBLIGATIONS OF THE PROCESSOR.
- The Processor will only process Personal Data in accordance with any documented instructions from the Controller and will not use Personal Data except in a manner necessary for the provision of the Products as instructed by this DPA and the Agreement.
- The Processor shall promptly notify the Controller if it receives a request from a Data Subject under Data Protection Laws in respect of Controller Personal Data
- The Processor shall ensure that is does not respond to that request except on the documented instructions of the Controller or as required by Applicable Laws to which the Processor is subject, in which case Processor shall to the extent permitted by Applicable Laws inform Controller of that legal requirement by the Processor responds to the request.
- SECURITY MEASURES. Considering the state of the art, the costs of implementation, and the nature, scope, context, and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor shall in relation to the Company Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in the GDPR. In assessing the appropriate level of security, Processor shall take into account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
- SECURITY INCIDENT NOTIFICATION
- Processor shall notify Company without undue delay upon Processor becoming aware of a Personal Data Breach affecting Company Personal Data, providing Company with sufficient information to allow the Company to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
- Processor shall co-operate with the Company and take reasonable commercial steps as directed by Company to assist in the investigation, mitigation, and remediation of each such Personal Data Breach.
- DATA PROTECTION IMPACT ASSESSMENT. Processor shall provide reasonable assistance to the Controller with any data protection impact assessments, and prior consultations with competent data privacy authorities, which the Controller reasonably considers to be required by the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Controller Personal Data by, and considering the nature of the Processing and information available to, the Contracted Processors.
- Processor shall make available to the Controller on request all information necessary to demonstrate compliance with this Agreement, and shall allow for and contribute to audits, including inspections, by the Controller or an auditor mandated by the Controller in relation to the Processing of the Controller Personal Data by the Contracted Processors.
- Information and audit rights of the Controller only arise under Section 10.1 to the extent that the Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law
- DESTRUCTION OF PERSONAL DATA. Upon termination of the Agreement, the Processor shall delete or return all Personal Data in accordance with the Controller’s documented instructions.