MASTER SERVICES AGREEMENT
This Master Services Agreement (“Agreement”) is entered into as of June 19, 2015 (“Effective Date”), by and between The Regents of the University of California, a California Constitutional Corporation, located at 9500 Gilman Drive, La Jolla, CA 92093 (“Customer”), and Code 42 Software, Inc., a Delaware corporation, located at One Main Street SE, Suite 400, Minneapolis MN 55414 (“Code42”). Customer and Code42 are each sometimes referred to herein as “Party” and collectively as the “Parties”.
“Authorized Users” means Customer’s employees, administrators and other designated third parties such as agents, consultants and contractors.
“Code42 Subscription Services” means the products and services made available to you pursuant to this Agreement on a subscription basis and as identified on each Quote; specifically, one or more of the following: Public Cloud storage, Private Cloud storage, Managed Private Cloud storage and Monitoring, Support, and access to the Software and Master Server.
“Customer Data” means any electronic data or information submitted, or backed-up, by Customer in connection with Customer’s use of the Code42 Subscription Services.
“Device” means a computer, tablet, smartphone, or any other electronic device used to access and use the Code42 Subscription Services.
“Documentation” means the written, published information accessible via http://support.code42.com, as updated from time to time.
“Exhibit” means any exhibit referenced herein and attached hereto.
“Fees” mean the fees charged by Code42 for the Code42 Subscription Services or Professional Services as identified on each Quote and, unless otherwise stated in the Quote or SOW, invoiced upon commencement of the Subscription Term. All Fees are nonrefundable unless otherwise noted hereunder.
“Hardware” means the third party electronic components, boards, peripherals, and equipment that make up a computer system that are resold by Code42 to Customer hereunder.
“Licensed Use” shall have the meaning designated in Section 3.2 below.
“Malicious Code” means any viruses, worms, spyware, poison pills, time bombs, backdoors, drop dead dates or other destructive or disabling devices within the Software that are intended to do harm.
“Managed Appliance” means the Hardware in Customer’s Managed Private Cloud for which Monitoring is performed by Code42.
“Managed Private Cloud” means the on premises backup storage services and Managed Appliances located within Customer’s firewall.
“Master Server” means the server on which the server Software is installed for user authentication and authorization, storage of encryption keys, and centralized policy management, and, at Customer’s election, it must be located in either the Public Cloud (on Code42 servers), a Private Cloud (on Customer hardware), or a Managed Private Cloud (on Managed Appliances).
“Monitoring” means the remote web-based monitoring of the Managed Appliances by Code42.
“Open Source Software” means computer software with its source code made available with a license to which the copyright holder provides the rights to study, change and distribute the software to anyone and for any purpose.
“Public Cloud” means the cloud-based off premises backup storage services provided by Code42 on Code42’s servers.
“Private Cloud” means the hardware procured separately by Customer for on premises storage located within Customer’s firewall.
“Professional Services” means the implementation and training services as identified on each Quote, or as made available by Code42 to Customer pursuant to a SOW referencing this Agreement.
“Quote” means a written order or purchase document pursuant to which Customer agrees to provide and Customer agrees to purchase specific Code42 Subscription Services and/or Professional Services.
“Software” means the Code42 CrashPlanÒ or SharePlanÔ application software and Code42 platform software in object code format, licensed on a subscription basis as part of Code42 Subscription Services, and as set forth on each Quote.
“Statement of Work” or “SOW” means a document that is signed by both Parties, references this Agreement, and describes the Code42 Professional Services to be performed by Code42. Each SOW shall describe the Parties’ performance obligations and any assumptions or contingencies associated with the implementation of the Software.
“Subscription Term” shall mean the period of time identified on each Quote, for which Code42 has committed to provide, and Customer has committed to pay for, the Code42 Subscription Services.
“Support” means the support and maintenance services performed by Code42’s Customer Champion Team related to the Software and Hardware, descriptions of which are accessible via http://support.code42.com/Administrator/Support.
“Transition Period” shall mean a period of time following the expiration or termination of this Agreement, during which Code42 may elect, at its sole discretion and only in response to Customer’s written request, to continue to provide the Code42 Subscription Services to Customer on a month-to-month basis, subject to Customer’s continued compliance with the terms and conditions of this Agreement.
- ORDERING AND SCOPE
2.1 Ordering Code42 Subscription Services and Professional Services. Customer and Code42 may execute one or more Quotes or SOWs related to the sale and purchase of Code42 Subscription Services and Professional Services. A Quote will generally include an itemized list of the Code42 Subscription Services and Professional Services, as well as the Subscription Terms for such services. Generally a Quote must be signed by each of the Parties, although when a validly-issued purchase order by Customer accompanies the Quote, then the Quote need not be executed by the Parties. Pre-printed terms and conditions on any purchase order or other documents from Customer shall not become part of this Agreement or the Quote and shall be of no force or effect. Any Quote dated on or after the Effective Date shall be governed by this Agreement regardless of any pre-printed legal terms on such Quote, and by this reference is incorporated herein.
2.2 Public Cloud. To the extent that Customer has ordered Public Cloud storage, the terms of Exhibit A, attached hereto, shall apply.
2.3 Managed Private Cloud. This section left intentionally blank.
2.4 SharePlan. To the extent that Customer has ordered SharePlan, the applicable business terms shall be attached hereto and incorporated herein.
2.5 Support. Support related to the Software is included with the purchase of a Software license during the Subscription Term. Support related to the Hardware, including Monitoring services, are sold separately in connection with the Managed Appliances. Code42 may update its Support obligations under this Agreement, from time to time, so long as the functionality and service level agreements purchased by Customer are not materially diminished.
2.6 Future Functionality. Customer acknowledges that any purchase hereunder is not contingent on the delivery of any future functionality or features, or dependent on any oral or written public comments made by Code42 regarding functionality or features.
- USE OF THE CODE42 SUBSCRIPTION SERVICES AND PROPRIETARY RIGHTS
3.1 Subscription Services. The Code42 Subscription Services are purchased by Customer as subscriptions during a Subscription Term specified in each Quote. Additional Code42 Subscription Services may be added during a Subscription Term as described in Section 2.
3.2 Licensed Use. Subject to the terms and conditions of this Agreement, Code42 hereby grants during each Subscription Term, and Customer hereby accepts, solely for its internal use, a worldwide, non-exclusive, non-transferrable (except in accordance with Section 11.6), enterprise-wide, right and license to use, copy, load, run, have run, and display the Software in object code form only (collectively the “Licensed Use”). The Licensed Use shall also include the right, subject to the license conditions and restrictions set forth herein, to: (i) use the Code42 Subscription Services by the number of Authorized Users identified on each Quote; (ii) make or install a reasonable number of additional copies of the Software and Documentation for archival, document retention, disaster recovery or back-up purposes, provided that any copy of the Software or Documentation made by Customer, or an Authorized User, must bear the same respective copyright and other proprietary notices that appear on the copy of the Software or Documentation as furnished to Customer by Code42; (iii) use a reasonable number of copies of the Software in non-production environments at no additional charge for the sole purposes of training, development, test, quality assurance, sandbox, validation, backup and disaster recovery; and (iv) use the Software on up to four (4) Devices per Authorized User.
3.3 License Restrictions. Except as required by any third party software license applicable to the Software, Customer shall not:
- access or use any portion of the Software or Code42 Subscription Services, except as expressly licensed to Customer;
- disassemble, decompile or otherwise reverse engineer all or any portion of the Software;
- use the Software or Code42 Subscription Services for any unlawful purposes;
- export the Software or Documentation, or allow access to the Code42 Subscription Services, in violation of U.S. laws or regulations;
- except as permitted in this Agreement, sublicense, relicense, distribute, disclose, rent or lease the Software, Code42 Subscription Services or Documentation, or any portion thereof, for third party use; or
- modify, adapt or use the Software to develop any software application intended for resale which uses the Software in whole or in part.
3.4 This section left intentionally blank.
3.5 Customer Responsibilities. In addition to any Customer responsibilities and related requirements noted in this Agreement, a Quote or a SOW, Customer is responsible for all actions of its Authorized Users while accessing and using the Code42 Subscription Services and Software, including without limitation, use of user names, passwords or other login credentials of Customer. Customer shall use commercially reasonable efforts to prevent unauthorized access to, or use of, the Code42 Subscription Services and shall notify Code42 promptly of any unauthorized use of which it becomes aware. Customer is responsible for the accuracy, quality, integrity, legality, reliability and appropriateness of all Customer Data in connection with Customer’s use of the Code42 Subscription Services.
Customer shall, at its expense: (i), maintain its technology so as to enable Code42 to gain remote access to the Software for diagnostic, error correction, and otherwise to perform Code42’s obligations hereunder; (ii) cooperate with Code42 in identifying the cause of any claimed failure of the Code42 Subscription Services to substantially conform to or perform substantially in accordance with the Documentation or the Agreement; and (iii) allow Code42 reasonably free remote and, as needed, on-site access to the Software, Managed Appliances and Customer’s associated equipment for the purpose of performing Support. CRASHPLAN SOFTWARE IS NOT DESIGNED FOR ARCHIVAL STORAGE (I.E., ONLY ONE COPY OF CUSTOMER DATA). AS A RESULT, CUSTOMER IS RESPONSIBLE FOR MAINTAINING THE PRIMARY COPY OF ITS CUSTOMER DATA.
3.6 Reservation of Rights. Subject to the limited rights expressly granted hereunder, Code42 and/or its licensors reserve all right, title and interest in the Software, the Code42 Subscription Services and Documentation, including all related intellectual property rights. Further, no implied licenses are granted to Customer other than as expressly set forth herein.
- DELIVERY AND TITLE
4.1 Delivery. Code42 shall timely deliver to Customer either at the “ship to” location or an electronic destination, as specified on the applicable Quote, the Hardware purchased and/or the Software licensed by Customer from Code42. Code42 Subscription Services may require activation via a license key, which will require an Internet connection to complete activation.
4.2 Title. Unless otherwise specified in the Quote or elsewhere in this Agreement, all deliveries of Hardware purchased from Code42 hereunder are EXW shipper’s dock (INCOTERMS 2010) and title to said Hardware shall pass to Customer upon delivery of the Hardware to the carrier. Unless expressly stated otherwise in this Agreement, Code42 retains all title in, and interest to, the Software.
5.1 Fees. Customer shall pay all Fees within thirty (30) days of Customer’s receipt of invoice. Code42 reserves the right to suspend any Code42 Subscription Services, Professional Services and/or Transition Services until such amounts are paid in full.
5.2 Disputed Invoiced Amounts. Customer shall provide Code42 with detailed written notice of any amount(s) Customer reasonably disputes within thirty (30) days receipt of invoice for said amount(s) at issue. Code42 will not exercise its rights under Section 5.1 above if Customer has, in good faith, disputed an invoice and is diligently trying to resolve the dispute. Customer’s failure to provide Code42 with notice of any disputed invoiced amount(s) shall be deemed to be Customer’s acceptance of the content of such invoice.
5.3 Taxes. Customer shall be responsible for the payment of all applicable taxes, customs fees and duties properly due and payable related to the Code42 Subscription Services and Professional Services, with the exception of taxes imposed on the income of Code42.
5.4 Currency. All invoices and payments shall be in United States Dollars.
- REPRESENTATIONS AND WARRANTIES
- Software Performance Limited Warranty. Code42 represents and warrants that the Software shall not contain Malicious Code and the Software will substantially conform in all material respects to, and perform substantially in accordance with, the Documentation during the applicable Subscription Term.
Code42’s warranty obligations under this Section 6.1 are conditioned upon: (i) Customer providing Code42 with a detailed written notice of any claimed breach of the warranty within thirty (30) days of occurrence of the alleged breach; (ii) Customer allowing Code42 the ability to remotely prevent access to and/or use of the Software in the event that Code42 becomes aware of unauthorized access or use of the Software by any third party using any user name, password or other login credentials of Customer; and (iii) such breach is not, in Code42's reasonable opinion, a result of (a) any modification of or damage to the Software or its operating environment by any party other than Code42 or a party acting under Code42’s control or direction, or (b) Customer's failure to operate the Software as reasonably intended in accordance with the Documentation. Further, in no event shall Code42 be in breach of the warranty set forth in this Section 6.1 if, at the time any Malicious Code was introduced into the Software, Code42 employed commercially reasonable measures, consistent with the standards of Code42’s industry, to detect such Malicious Code in order to prevent its introduction into the Software. For any breach of the foregoing warranty and without limiting the other warranties expressly stated in this Section 6, Customer’s sole and exclusive remedy shall be as follows: (1) Code42 will endeavor to repair or replace the non-conforming Software within thirty (30) days, or such longer period as the Parties may mutually agree, such that the Software conforms to the foregoing warranty; or (2) if Code42 is unable to repair or replace the non-conforming Software within such period so that the Software conforms to the foregoing warranty, either Party may terminate the Quote that is the subject of the breach, and, provided Customer has discontinued using the Software, Code42 shall refund, on a pro-rata basis, all applicable prepaid Fees for the non-conforming Software during the then-current Subscription Term starting from the date Code42 receives notice of the breach in accordance with this Section 6.1.
- Professional Services Warranty. All employees of Code42 performing Professional Services hereunder will have the requisite skill and training to perform Code42’s obligations in a good and workmanlike manner consistent with professional standards in Code42’s industry. Customer’s sole and exclusive remedy for any breach of the foregoing warranty shall be Code42’s re-performance of the non-conforming Professional Services one time or, at Code42’s option, a refund of all prepaid Fees paid by Customer for the applicable non-conforming Professional Services. Code42’s warranty obligations under this Section 6.2 are conditioned upon Customer providing Code42 with a detailed written notice of any claimed breach of the warranty within thirty (30) days of occurrence of the alleged breach.
- Open Source Software. The Software includes certain Open Source Software. Open Source Software is governed solely by the applicable open source licensing terms, if any, and is provided “AS IS”. Code42 provides no warranty related to any Open Source Software or any applicable Open Source Software licensing terms, which may include, but is not limited to, GNU’s General Public License (GPL); Lesser/Library GPL (LGPL), the Artistic License, the Mozilla Public License, or the Common Public License. Third party licensing terms shall not be directly enforceable against Customer.
- Customer Warranties. Customer represents and warrants that its access, collection, use, relocation, storage and disposition of Customer Data shall comply with all applicable data privacy laws.
6.5 Mutual Representations and Warranties. Each Party represents and warrants to the other that: (i) it is duly organized, validly existing and in good standing under the laws of the state of its incorporation or formation, (ii) it has the right and full power and authority to enter into this Agreement; and (iii) it will comply, at all times, with all applicable all applicable federal, state, county, and local laws, orders, rules, ordinances, regulations, and codes.
6.6 Disclaimer. Code42 shall have no liability under this Agreement in the event Customer relocates any Managed Appliance and, as a result, the Code42 Subscription Services fail to perform in accordance with the applicable Documentation. Code42 reserves the right to charge Customer, and Customer agrees to pay, only upon prior written approval by Customer, Code42’s then-current time and materials rates for the time Code42 spends determining that an alleged problem does not in fact constitute a breach of the warranties identified in this Section 6 as well as time spent remediating the problem.
EXCEPT FOR THE WARRANTIES SET FORTH IN THIS SECTION 6, EACH PARTY HEREBY DISCLAIMS ANY AND ALL OTHER WARRANTIES OF ANY NATURE WHATSOEVER, WHETHER ORAL OR WRITTEN, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. CODE42 DOES NOT WARRANT THAT THE SOFTWARE, HARDWARE, OR CODE42 SUBSCRIPTION SERVICES WILL MEET CUSTOMER'S REQUIREMENTS OR THAT THE OPERATION THEREOF WILL BE UNINTERRUPTED OR ERROR FREE.
- SECURITY & CONFIDENTIAL INFORMATION
- Security. Customer and Code42 agree to the terms of the Security Addendum attached hereto as Exhibit C.
7.2 Confidential Information. It is expected that one Party (disclosing Party) may disclose to the other Party (receiving Party) certain information which may be considered confidential and/or trade secret information (“Confidential Information”). Confidential Information shall include: (i) the Software and Code42 Subscription Services; (ii) non-public information if it is clearly and conspicuously marked as “confidential” or with a similar designation at time of disclosure; (iii) non-public information of the disclosing Party if it is identified as confidential and/or proprietary before, during, or promptly after presentation or communication; and (iv) any information that should be reasonably understood to be confidential or proprietary to the receiving Party, given the nature of the information and the context in which disclosed.
7.3 Exceptions. Confidential Information shall not include information which: (i) is or becomes public knowledge through no fault of the receiving Party; (ii) was in the receiving Party’s possession before receipt from the disclosing Party; (iii) is rightfully received by the receiving Party from a third party without any duty of confidentiality; (iv) is disclosed by the disclosing Party without a duty of confidentiality on the third party; (v) is independently developed by the receiving Party; or (vi) is disclosed with the prior written approval of the disclosing Party.
Confidential Information of disclosing Party may be disclosed in response to a valid court order or other legal process, only to the extent required by such order or process and, if allowed by law, only after the recipient has given the owner written notice of such court order or other legal process promptly and the opportunity for the owner to seek a protective order or confidential treatment of such Confidential Information.
7.4 Ownership and Control. Except as otherwise specified herein or in any Quote, Statement of Work, Exhibit or Schedule thereto, the disclosing Party shall retain all intellectual property rights in any Confidential Information disclosed to the other Party. The Parties agree to hold Confidential Information of the other Party in confidence and to protect the disclosed Confidential Information by using the same degree of care to prevent the unauthorized use, dissemination or publication of the Confidential Information as they use to protect their own Confidential Information of a like nature but in no event with less than reasonable care. The Parties agree not to make Confidential Information of the other Party available in any form to any third party except as required to exercise the licenses granted in the Agreement (or otherwise expressly permitted therein) or to use Confidential Information of the other Party for any purpose other than for the Licensed Use of the Software or for fulfilling its obligations under the Agreement. The Parties agree to restrict disclosure of the Confidential Information to those who have a “need to know” and to take all reasonable steps to ensure that Confidential Information is not disclosed or distributed in violation of the provisions of the Agreement. Further, the Parties agree that its breach of any obligation herein may cause irreparable damage to the other Party and that the other Party shall be entitled to seek equitable remedies, in addition to other remedies hereunder or at law, in the event of such breach.
7.5 Return of Confidential Information and Customer Data. Upon request of the disclosing Party, termination or expiration of this Agreement, the receiving Party shall, to the extent commercially practicable, destroy the disclosing Party’s Confidential Information and, at the disclosing Party’s request, certify the same. Upon termination of this Agreement, Customer shall have access to the Software for a period of fifteen (15) business days (at no additional cost) to enable Customer’s retrieval of its Customer Data; provided however, .if Customer requires the assistance of Code42 in order to complete such retrieval, then Professional Services will be performed at Code42’s then-current applicable hourly rate plus actual expenses.
- TERM AND TERMINATION
- Term of Agreement. The term of this Agreement shall begin on the Effective Date and continue for a period of 2 years with the option for an additional two 1-year extensions, unless otherwise terminated as provided in this Section 8.
- Subscription Term(s). Each individual Quote will terminate at the end of the Subscription Term identified therein, unless earlier terminated as provided in this Section 8.
- Effect of Termination. If the Parties agree to terminate the Agreement for reasons other than for breach and a Quote is still in effect at the time of termination, then the terms and conditions contained in this Agreement shall continue to govern the outstanding Quote until termination of expiration thereof. If the Agreement is terminated for breach, then unless otherwise agreed to in writing, all outstanding Quotes, SOWs and/or purchase documents shall immediately terminate as of the Agreement termination date. Unless otherwise stated in Section 6 or Section 9 of this Agreement, Customer will not be entitled to a refund of any prepaid Fees upon termination.
8.4 Termination without Cause. Either Party may terminate this Agreement for any reason or no reason at all by the Parties’ mutual written agreement.
8.5 Termination for Cause. The non-breaching Party may terminate this Agreement, if the other Party is in material breach of this Agreement and fails to cure such breach within 30 days after the non-breaching Party provides written notice of the breach. A Party may also terminate this Agreement immediately upon notice if the other Party: (a) is liquidated, dissolved, or adjudged to be in a state of bankruptcy or receivership; (b) is insolvent, unable to pay its debts as they become due, makes an assignment for the benefit of creditors or takes advantage of any law for the benefit of debtors; or (c) ceases to conduct business for any reason on an ongoing basis leaving no successor in interest.
Code42 may, without liability, immediately suspend or terminate any or all Quotes, SOWs or purchase document issues hereunder if any Fees owing under this Agreement are past due.
8.6 Rights and Obligations After Termination. In the event of expiration or termination of this Agreement, Customer shall immediately pay to Code42 all Fees due Code42 through the date of expiration or termination (and continue to pay any Fees due during any applicable Transition Period).
8.7 Survival. Any provision of this Agreement expressly, by implication, or necessity, contemplates performance or observance subsequent to the termination of this Agreement will survive termination of the Agreement and continue in full force and effect. Notwithstanding the foregoing, all licenses granted hereunder shall terminate the latter of the termination or expiration date of the Agreement, Quote or, if applicable, immediately at the end of the Transition Period.
8.8 Transition Period. Should the Parties agree upon a Transition Period, the monthly Fees during the Transition Period shall be 125% of the pro rata monthly Fee during the applicable Subscription Term. During the Transition Period, Code42 shall cooperate reasonably with Customer to migrate and transition the Customer Data stored by Code42 to Customer or a third party designated by Customer. Customer shall bear the reasonable costs and expenses of such transition services including any required Professional Services at Code42’s then-current applicable hourly rate.
8.9 Customer Data Post Expiration or Termination. Once the Subscription Term has expired, or is terminated, and transition services are completed, Customer’s Data will no longer be stored or accessible. Code42 recommends that Customer download all Customer Data before expiration or termination of the applicable Subscription Term. Upon termination, Code42 will have no obligation to maintain the Customer Data, and will thereafter delete or destroy all copies of the Customer Data in the Public Cloud or otherwise in its possession or control in accordance with Section 7.5.
9.1 Indemnity Obligations of Code42. Code42 agrees to indemnify, hold harmless and defend Customer and its Authorized Users, directors, officers, employees and agents (collectively “Customer Indemnitees”) from and against all losses, liabilities, damages, claims and expenses of any third party unaffiliated with either Party to this Agreement, including Customer Indemnitees’ reasonable attorneys’ fees and court costs, arising out of or relating to any claim alleging that Customer’s Licensed Use of the Software infringe or violate any U.S. patent, copyright, trade secret, proprietary, or other intellectual property right of any third party. Code42’s obligations under this Section 9.1 are conditioned upon: (a) Customer notifying Code42 promptly in writing of any such claim, provided any failure to provide such prompt notice shall only alter Code42’s obligations to the extent Code42 is materially prejudiced thereby; (b) Customer’s cooperation with Code42 in all reasonable respects in connection with the investigation and defense of any such claim; (c) Code42 having sole control of the defense of any action on any such claim and all negotiations for its settlement or compromise, provided any final settlement shall require Customer’s consent, which shall not be unreasonably withheld. Should Customer’s Licensed Use of the Software become, or in Code42’s opinion be likely to become, the subject of such a claim described in the immediately foregoing clause, Customer will permit Code42, at Code42’s option and expense, either to: (1) procure for Customer the right to continue its Licensed Use of the Software related to the infringement allegation, (2) replace or modify the Software related to the infringement allegation so that Customer’s Licensed Use of the Software related to the infringement allegation no longer infringes or violates the intellectual property rights of any third party, provided such replaced or modified Software at issue provides at least equivalent functionality and comparable performance characteristics; or (3) terminate this Agreement, accept the return of the Software related to the infringement allegation, and grant to Customer a refund, on a pro-rata basis, of all applicable prepaid Fees for Software related to the infringement allegation during the applicable Subscription Term. In all events, Customer shall have the right to participate in the defense of any such suit or proceeding through counsel of its own choosing at Customer’s own cost. Notwithstanding any provision herein to the contrary, Code42 shall have no obligation or liability to Customer to the extent any such third party claim of infringement or other violation of any intellectual property right of any such third party is caused by the unlicensed use of the Software by Customer, any modification of the Software by Customer or for Customer by any Party other than Code42 or a Party acting under Code42’s control or direction, or any use of the Software other than as reasonably intended in accordance with the Documentation.
In addition Code42 shall defend, indemnify and hold Customer harmless from and against any and all liability, loss, expense (including reasonable attorneys’ fees) from third party claims for injury or damages arising out of the performance of this Agreement but only in proportion to and to the extent such liability, loss, expense, attorneys’ fees, or claims for injury or damages are caused by or results from the grossly negligent or intentional acts or omissions of Code42, its officers, agents, or employees.
9.2 Indemnity Obligations of Customer. Customer shall defend, indemnify and hold Code42 harmless from and against any and all liability, loss, expense (including reasonable attorneys’ fees) from third party claims for injury or damages arising out of the performance of this Agreement but only in proportion to and to the extent such liability, loss, expense, attorneys’ fees, or claims for injury or damages are caused by or results from the grossly negligent or intentional acts or omissions of Customer, its officers, agents, or employees.
- LIMITATION OF LIABILITY
10.1 exclusion of consequential and related damages. UNDER NO CIRCUMSTANCES SHALL EITHER PARTY BE LIABLE FOR SPECIAL, INDIRECT, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES, WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORTY OF LIABILITY, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHER CODE42 SHALL NOT BE LIABLE for: (A) ERROR OR INTERRUPTION OF USE OR FOR LOSS OR INACCURACY OR CORRUPTION OF CUSTOMER DATA; (B) COST OF PROCUREMENT OF SUBSTITUTE GOODS, SERVICES OR TECHNOLOGY; (c) LOSS OF BUSINESS; OR (d) FOR ANY MATTER BEYOND CODE42’S REASONABLE CONTROL, EVEN IF CODE42 HAS BEEN ADVISED OF THE POSSIBILITY OF ANY OF THE FOREGOING LOSSES OR DAMAGES.
10.2 LIMITATION OF LIABILITY. IN NO INSTANCE SHALL EITHER PARTY’S LIABILITY TO THE OTHER PARTY FOR DIRECT DAMAGES UNDER THIS AGREEMENT (WHETHER IN CONTRACT OR TORT OR OTHERWISE) EXCEED THE FEES PAID BY CUSTOMER FOR THE CODE42 SUBSCRIPTION SERVICES DURING THE TWELVE (12) MONTHS IMMEDIATELY PROCEEDING THE DATE THE DAMAGED PARTY NOTIFIES THE OTHER PARTY IN WRITING OF THE CLAIM FOR DIRECT DAMAGES. NEITHER PARTY MAY INSTITUTE AN ACTION IN ANY FORM ARISING OUT OF NOR IN CONNECTION WITH THIS AGREEMENT MORE THAN TWO (2) YEARS AFTER THE CAUSE OF ACTION HAS ARISEN. THE ABOVE LIMITATIONS WILL NOT LIMIT CUSTOMER’S PAYMENT OBLIGATIONS UNDER SECTION 5 ABOVE.
- Relationship of the Parties. Code42 and Customer acknowledge that they operate independent of each other. Nothing in this Agreement shall be deemed or construed to create a joint venture, partnership, agency, or employee/employer relationship between the Parties for any purpose, including, but not limited to, taxes or employee benefits. Each Party will be solely responsible for the payment of all taxes and insurance for its employees and business operations.
- Subcontractors. Code42 agrees that it shall be solely responsible for all acts and omissions of its subcontractors to the same extent Code42 would be responsible if committed directly by Code42.
- Headings. The various Section headings of this Agreement are inserted only for convenience of reference and are not intended, nor shall they be construed to modify, define, limit or expand the intent of the Parties.
- Amendment. This Agreement may not be amended or modified except by a written instrument signed by authorized representatives of both Parties. Notwithstanding the foregoing, Code42 retains the right to revise Code42 policies referenced herein at any time, so long as the revisions are reasonable and consistent with industry practices, legal requirements or the requirements of any third party suppliers.
- Severability. If any provision of this Agreement shall be held to be invalid or unenforceable for any reason, the remaining provisions shall continue to be valid and enforceable. If a court of competent jurisdiction finds that any provision of this Agreement is invalid or unenforceable, but that by limiting such provision it would become valid and enforceable, then such provision shall be deemed written, construed, and enforced as so limited.
- Assignment. Customer may not assign this Agreement, without the prior written consent of Code42, which consent shall not be unreasonably withheld. For purposes of this Section, the term “assign” and “assignment” shall include, without limitation, any assignment (by operation of law or otherwise) to any successor or assign that has acquired all, or substantially all, of the assigning Party’s business by means of merger, stock purchase, asset purchase, or otherwise. Any assignment or attempted assignment in violation of this Agreement shall be null and void.
- No Third Party Beneficiaries. Subject to Section 11.6, this Agreement is binding upon, and insures solely to the benefit of, the Parties hereto and their respective permitted successors and assigns; there are no third party beneficiaries to this Agreement.
- Notice. All notices under this Agreement shall: (a) be in writing and shall be addressed to the other Party at the mailing address set forth below, with a copy of any such notice being faxed or emailed to the contact information set forth below on the same day that the notice is mailed, and (b) be deemed to have been received by the other Party two business days after it is mailed by first class mail, return receipt requested, or recognized overnight courier. Either Party may provide the other with notice of a change in mailing address, email address or facsimile number pursuant to the requirements of this Section 11.8, in which case the mailing address, email address, or facsimile number, as applicable, for that Party will be deemed to have been amended. The mailing addresses, email address, and facsimile number of the Parties are as follows:
Code 42 Software, Inc.
One Main Street SE
Minneapolis, MN 55414
Attn: General Counsel
Email address: [email protected]
The Regents of the University of California
9500 Gilman Drive
La Jolla, CA 92093
Facsimile number: _______________
- Remedies Not Exclusive. Unless expressly stated otherwise, the remedies in this Agreement shall not be exclusive of any other remedy either Party may have against the other Party at any time, and shall not limit either Party’s ability to seek other remedies available under law or in equity. Unless expressly stated otherwise, remedies shall be cumulative and there shall be no obligation to exercise a particular remedy.
- Waiver of Contractual Right. The failure of either Party to enforce any provision of this Agreement shall not be construed as a waiver or limitation of that Party’s right to subsequently enforce and compel strict compliance with every provision of this Agreement.
- Applicable Law and Dispute Resolution. Any questions, claims, disputes or litigation arising from or related to the making, performance or alleged breach of this Agreement, or to any available remedies hereunder, (a “dispute”), shall be governed by the laws of the State of California, without regard to its choice of law principles. All disputes shall be resolved as follows: (i) upon receipt of written notice of dispute (the “notice”), by in-person negotiation between business representatives of the Parties who have authority to fully resolve the dispute; (ii) if within sixty (60) days receipt of the notice the dispute has not been fully resolved, then the Parties shall conduct a confidential mediation using a mediator, rules and at a location mutually acceptable to the Parties (with the cost of mediation equally shared); (iii) if the dispute is not resolved in accordance with provisions (i) or (ii) of this Section 11.11, either Party may commence litigation; provided that any lawsuit must be filed and maintained in the state or federal courts located in Yolo County, California. The 1980 United Nations Convention on Contracts for the International Sale of Goods, any state’s enactment of the Uniform Computer Information Transactions Act, and the United Nations Convention on the Limitation Period in the International Sale of Goods, and any subsequent revisions thereto, do not apply to this Agreement.
- Entire Agreement. This Agreement, together with all Exhibits, Quotes and SOWs referenced herein, sets forth the entire understanding of the Parties with respect to the subject matter of this Agreement, and supersedes any and all prior oral and written understandings, quotations, communications and agreements. Customer and Code42 agree that any and all Exhibits, Quotes, SOWs or other purchase documents are incorporated herein by this reference. In the event of possible conflict or inconsistency between such documents, the conflict or inconsistency shall be resolved by giving precedence in the following order: (1) the terms of this Agreement; (2) Exhibits (excluding Quotes) hereto; (3) Quotes; and (4) all other SOWs or other purchase documents.
- Insurance. Each Party shall obtain, and maintain throughout the term, insurance of a type and in amounts which a prudent entity engaged in the business as contemplated in this Agreement would obtain and maintain, including without limitation, general liability insurance in the amount of at least $1,000,000 per occurrence combined single limit including third party property damage and contractual liability, media liability insurance including errors and omissions insurance with a per occurrence limit of at least $2,000,000, and workers compensation insurance with statutory limits for its employees. Additionally, Code42 shall also obtain and maintain cyber risk liability insurance coverage in the amount of at least $5,000,000.
11.14 Reference. Notwithstanding any other terms to the contrary contained herein, Customer grants Code42 the right to use Customer’s name in customer lists and marketing materials. In the event Code42 intends to disclose information other than Customer’s name, such as, but not limited to, dollar amount of sale, project timelines, project objectives and/or use Customer’s logo, trade or service marks, Code42 will obtain Customer’s prior written approval.
11.15 Force Majeure. Neither Party shall be liable for any failure or delay in the performance of its obligations hereunder on account of strikes, terrorist activity, shortages, riots, insurrection, fires, floods, power outages, storms, cybercrime, explosions, war, governmental action, labor conditions, earthquakes, terrorism, supplier bankruptcy or default, failure, delay or interruption by third parties, including without limitation, communications providers, or any other cause which is beyond either Party’s reasonable control.
11.16 Injunctive Relief. Code42 may seek to obtain injunctive relief if Customer’s use of the Code42 Subscription Services or Software is in violation of any restrictions set forth in this Agreement.
11.17 Customer Security Terms. Code42 is subject to Customer’s Appendix DS, incorporated herein as Exhibit B.
IN WITNESS WHEREOF, the Parties have caused this Agreement to be executed by their respective duly-authorized representatives on the Effective Date as set forth above.
CODE 42 SOFTWARE, INC.
PUBLIC CLOUD STORAGE
Purchase of Public Cloud Storage. If elected, Public Cloud storage is provided by Code42 as part of the Code42 Subscription Services. In the event cloud storage utilizing the Public Cloud is not included as part of the Code42 Subscription Services, Customer may elect to purchase storage on the Public Cloud independently on a standalone basis pursuant to a separate Quote. Code42 may terminate Public Cloud storage as of the end of any applicable Subscription Term.
Versioning. Versioning standards may be configured by Customer in accordance with the Documentation.
Service Level Target. Code42 will use commercially reasonable efforts to achieve availability of 99.5% in each calendar month of the term of the Agreement in which Public Cloud storage services have been purchased by Customer, subject to the exceptions identified this addendum. "Availability" means the Public Cloud storage and retrieval functionality of the Software is operational and is available to Customer.
Service Credits. In the event Code42 does not achieve the Service Level Target, then the Service Credits below will be awarded to Customer upon Customer’s written request. In no event shall Service Credits exceed 5% of fees applicable to the Public Cloud (apportioned on a monthly basis) in any given calendar month, in the aggregate.
Service Credit for One Month
99.5% - 100.0%
99.0% - 99.49%
2% of annual Public Cloud Fees / 12
98.5% - 98.99%
3% of annual Public Cloud Fees / 12
Less than 98.5%
5% of annual Public Cloud Fees / 12
Exceptions. Service Credits shall not apply to the extent that the failure to achieve Availability is due to (i) circumstances that are subject to causes that are beyond Code42’s reasonable control; (ii) scheduled Support maintenance and system upgrades; (iii) Customer’s misuse of the Code42 Subscription Services including without limitation any use of the Software other than as reasonably intended in accordance with the Documentation; (iv) Customer’s failure to implement a Software update, if Customer purchased an on premises Master Server; or (v) actions or inactions by Customer, its Authorized Users, or any third party outside of Code42’s direction or control.
Requests for Service Credits. Requests for Service Credits must be submitted to Code42 in writing, with sufficient detail documenting the circumstances Customer believes merit a Service Credit award, within ten (10) business days following the end of the calendar month for which Service Credits are requested. Requests that are not submitted within ten (10) business days following the end of the calendar month will not be honored; in such case, any accrued Service Credits shall be forfeited. Service Credits may be applied to monthly measurements either in the month they are provided to Customer or in the following month.
Customer Terms and Conditions – Data Security and Privacy
UNIVERSITY OF CALIFORNIA
Additional Terms and Conditions – Data Security and Privacy
ARTICLE 1 – PROTECTED INFORMATION
Contractor acknowledges that its performance of Services under this Agreement will not, unless specifically granted by the University to the Contractor involve access to non-encrypted confidential University infor-mation including, but not limited to, personally-identifiable information, student records, protected health information, or individual financial information (collectively, “Protected Information”) that is subject to state or federal laws restricting the use and disclosure of such information, including, but not limited to, Article 1, Section 1 of the California Constitution; the California Information Practices Act (Civil Code § 1798 et seq.); the California Confidentiality of Medical Information Act (Civil Code § 56 et seq.); the federal Gramm-Leach- Bliley Act (15 U.S.C. §§ 6801(b) and 6805(b)(2)); the federal Family Educational Rights and Privacy Act (20
- 1232g); and the privacy and information security aspects of the Administrative Simplification provisions of the federal Health Insurance Portability and Accountability Act (45 CFR Part 160 and Subparts A, C, and E of Part 164). Contractor agrees to comply with all applicable federal and state laws restricting the access, use and disclosure of Protected Information. Contractor agrees to include all of the terms and conditions contained in this Appendix in all subcontractor or agency contracts providing services under this Agreement.
ARTICLE 2 – COMPLIANCE WITH FAIR INFORMATION PRACTICE PRINCIPLES
ARTICLE 3 – PROHIBITION ON UNAUTHORIZED USE OR DISCLOSURE OF PROTECTED INFORMATION
Contractor agrees to hold the University’s Protected Information, and any information derived from such information, in strictest confidence. Contractor shall not access, use or disclose Protected Information except as permitted or required by the Agreement or as otherwise authorized in writing by University, or applicable laws. If required by a court of competent jurisdiction or an administrative body to disclose Protected Information, Contractor will notify University in writing immediately upon receiving notice of such requirement and prior to any such disclosure, to give University an opportunity to oppose or otherwise respond to such disclosure (unless prohibited by law from doing so). Any transmission, transportation or storage of Protected Information outside the United States is prohibited except on prior written authorization by the University.
ARTICLE 4 – SAFEGUARD STANDARD
Contractor agrees to protect the privacy and security of Protected Information according to all applicable laws and regulations, by commercially-acceptable standards, and no less rigorously than it protects its own confidential information, but in no case less than reasonable care. Contractor shall implement, maintain and use appropriate administrative, technical and physical security measures to preserve the confidentiality, integrity and availability of the Protected Information. All Protected Information that Customer backs up using the Software will be encrypted using 256-bit AES encryption as described in more detail on the Security Addendum. Contractor shall ensure that its security measures are regularly reviewed and revised to address evolving threats and vulnerabilities while Contractor has responsibility for the Protected Information under the terms of this Appendix. In addition, Contractor will ensure compliance with the requirements of ISO27001 and will ensure that its US data centers are SSAE-16 certified. Prior to execution of the Agreement, and periodically thereafter (no more frequently than annually) at the University's request, Contractor will provide assurance, in the form of a third party audit report or other documentation reasonably acceptable to the University, demonstrating that appropriate information security safeguards and controls are in place.
ARTICLE 5 – RETURN OR DESTRUCTION OF PROTECTED INFORMATION
Within 30 days of the termination, cancellation, expiration or other conclusion of the Agreement, Contractor shall return the Protected Information to University unless University requests in writing that such data be destroyed. This provision shall also apply to all Protected Information that is in the possession of subcontractors or agents of Contractor. Such destruction shall be accomplished by “purging” or “physical destruction,” in accordance with National Institute of Standards and Technology (NIST) Special Publication 800-88. Contractor shall certify in writing to University that such return or destruction has been completed.
ARTICLE 6 – BREACHES OF PROTECTED INFORMATION
- Definition. For purposes of this article, a “Breach” has the meaning given to it under relevant California or federal law, for example, California Civil Code Section 29, California Health and Safety Code Section 1280.15, etc.
- Reporting of Breach: Contractor shall report any confirmed or suspected Breach to University immediately upon discovery, both orally and in writing, but in no event more than three (3) business days after Contractor reasonably believes a Breach has or may have Contractor’s report shall identify: (i) the nature of the unauthorized access, use or disclosure, (ii) the Protected Information accessed, used or disclosed, (iii) the person(s) who accessed, used and disclosed and/or received Protected Information (if known), (iv) what Contractor has done or will do to mitigate any deleterious effect of the unauthorized access, use or disclosure, and (v) what corrective action Contractor has taken or will take to prevent future unauthorized access, use or disclosure. Contractor shall provide such other information, including a written report, as reasonably requested by University. In the event of a suspected Breach, Contractor shall keep the University informed regularly of the progress of its investigation until the uncertainty is resolved.
- Coordination of Breach Response Activities: In the event of a Breach, Contractor will: Immediately preserve any potential forensic evidence relating to the breach, and remedy the breach as quickly as circumstances permit;
- Promptly (within 3 business days) designate a contact person to whom the University will direct inquiries, and who will communicate Contractor responses to University inquiries;
- As rapidly as circumstances permit, apply appropriate resources to remedy the breach condition, investigate, document, restore University service(s) as directed by the University, and undertake appropriate response activities;
- Provide status reports to the University on Breach response activities, either on a daily basis or a frequency approved by the University;
- Coordinate all media, law enforcement, or other Breach notifications with the University in advance of such notification(s), unless expressly prohibited by law;
- Make all reasonable efforts to assist and cooperate with the University in its Breach response efforts; and
- Ensure that knowledgeable Contractor staff are available on short notice, if needed, to participate in University-initiated meetings and/or conference calls regarding the
ARTICLE 7 – EXAMINATION OF RECORDS
University and, if the applicable law, contract or grant so provides, the other contracting party or grantor (and if that be the United States, or an agency or instrumentality thereof, then the Controller General of the United States) shall have access to and the right to examine any pertinent electronic books, documents, papers, and records of Contractor involving transactions and work related to this Appendix until the expiration of five years after final payment hereunder. Contractor shall retain project records in electronic form for a period of five years from the date of final payment.
ARTICLE 8 – ASSISTANCE IN LITIGATION OR ADMINISTRATIVE PROCEEDINGS
Contractor shall make itself and any employees, subcontractors, or agents assisting Contractor in the performance of its obligations under the Agreement available to University at no cost to University to testify as witnesses, or otherwise, in the event of an unauthorized disclosure caused by contractor that results in litigation or administrative proceedings against University, its directors, officers, agents or employees based upon a claimed violation of laws relating to security and privacy and arising out of this Appendix.
ARTICLE 9 – NO THIRD-PARTY RIGHTS
Nothing in this Appendix is intended to make any person or entity that is not signatory to the Agreement a third-party beneficiary of any right created by this Appendix or by operation of law.
ARTICLE 10 – ATTORNEY'S FEES
In any action brought by a party to enforce the terms of this Appendix, the prevailing party shall be entitled to reasonable attorney's fees and costs, including the reasonable value of any services provided by in- house counsel. The reasonable value of services provided by in-house counsel shall be calculated by applying an hourly rate commensurate with prevailing market rates charged by attorneys in private practice for such services.
ARTICLE 11 –SURVIVAL
The terms and conditions set forth in this Appendix shall survive termination of the Agreement between the parties. If Contractor is unable to return or destroy the University’s Protected Information in accordance with Article 6, then this Appendix, in its entirety, shall survive the Agreement until such time as Contractor does return or destroy the Protected Information.
Security Levels. Customer must elect one of three security levels for its Authorized Users:
- Security Level One: 256-bit AES encryption + User ID
- Security Level Two: 256-bit AES encryption + User ID + private password
- Security Level Three: 256-bit AES encryption + User ID + Customer-provided 256-bit AES encryption key
As a condition to using the Code42 Subscription Services, each Authorized User of the Code42 Subscription Services will be required to register and select a password and user name ("User ID"). Customer will provide accurate and complete, registration information and will update Customer registration information, as necessary, to keep it current. Customer should not (i) select or use as a User ID a name of another person with the intent to impersonate that person; or (ii) use as a User ID a name subject to any rights of a person other than such user without appropriate authorization.
Encryption Standards. The Software uses industry standard, strong encryption algorithms to encrypt Customer’s files and secure Customer’s Data that Customer backs-up with the Code42 Subscription Services prior to any transmission from the Device where the Customer Data resides. Customer Data remains encrypted at Code42’s Public Cloud secure data centers or within Customer’s Private Cloud or Managed Private Cloud, as elected by Customer. Unless another party, including Code42, is provided with Customer’s passwords and encryption keys, only Customer can decrypt and view its unencrypted Customer Data.
UNDER NO CIRCUMSTANCES SHOULD PROTECTED OR REGULATED DATA INCLUDING, BUT NOT LIMITED TO, PERSONAL HEALTH INFORMATION, PERSONABLY IDENTIFIABLE INFORMATION, OR FINANCIAL DATA, BE PLACED UNENCRYPTED ON ANY SYSTEM RUNNING THE SOFTWARE. IF CUSTOMER DOES HAVE PROTECTED OR REGULATED DATA THAT IS BACKED UP USING THE SOFTWARE, CUSTOMER MUST ELECT SECURITY LEVEL TWO, WHICH REQUIRES EACH AUTHORIZED USER TO HAVE A LOGIN PASSWORD AND PRIVATE DATA PASSWORD.
Safekeeping of Encryption Keys. Customer shall be responsible for maintaining the physical security of each Customer account, encryption keys, passwords and files. To decrypt Customer Data, Customer needs its passwords and encryption keys. Without these, neither Customer, nor any other party, is able to decrypt Customer Data. The encryption keys are secured and escrowed on Code42 servers in the Public Cloud or within Customer’s Private Cloud or Managed Private Cloud, as elected by Customer. If Customer elects Security Level Two, the login user names and private passwords will be required before decrypting Customer Data. IF YOU USE PRIVATE ENCRYPTION KEYS AND PASSWORDS, YOU ARE REPSONSIBLE FOR PROTECTING SUCH ENCRYPTION KEYS AND PASSWORDS. IN THE EVENT YOU LOSE YOUR PRIVATE ENCRYPTION KEYS AND/OR PASSWORDS, NEITHER YOU NOR CODE42 CAN RECOVER YOUR CUSTOMER DATA.
Code42 Security. Code42 shall (i) use commercially reasonable efforts to maintain appropriate technical and organizational measures to protect any Customer Data against unauthorized or unlawful transfer, processing or alteration and against accidental access, loss, damage, processing, use, transfer or destruction; (ii) use commercially reasonable efforts to provide reliable and secure systems operated by or on behalf of Code42 that process such data and information in connection with this Agreement; (iii) promptly notify Customer in writing of any (a) breach or suspected breach of the security of any such systems that may have resulted in the compromise of such data and information, or (b) other unauthorized access to or use of such data and information or Code42’s reasonable belief that such access or use may have occurred; and (iv) cooperate with Customer with respect to any such breach or unauthorized access or use.
Information Collected via the Internet. Code42 Software may automatically use the Internet to search for updates, such as, but not limited to, bug fixes and security updates, for the Code42 Subscription Services. Such updates may install automatically as part of the Public Cloud. The Software may also contact Code42 to verify the status of any Code42 Subscription Services and to confirm authorized Licensed Use. Devices with installed Software may also be tracked by Code42 (such as via Internet Protocol address) to locate where that Device is located so that Customer and its Authorized Users can locate their Devices.
Termination. Code42 may, without liability, suspend or terminate any or all Code42 Subscription Services to some or all of its Authorized Users: (a) following a possible or actual security breach or cyber-attack on Code42; (b) in order to protect Code42’s network; (c) if required by a governmental entity; (d) if an Authorized User is using a Device that is defective or illegal, (e) if an Authorized User’s Device is causing technical or other problems to Code42’s environment or (f) upon termination of a Quote or the Agreement.