Last Updated: July 24, 2023
IMPORTANT: THESE Operative terms applY to both (i) website and (ii) services. Please read this Terms of Service Agreement (“Terms of Service”) carefully. The websites (“Websites”) of Striim, Inc. (“Striim”) and the information on it are controlled by Striim. These Terms of Service govern (i) the use of the Website and apply to all users using the Website in any way AND (II) the services, SOFTWARE, and resources available or enabled via the Website (each a “Service” and collectively, the “Services”). By clicking the “Accept” button, clicking the “buy,” “confirm order,” or other similar button on STRIIM’s online ordeRING DOCUMENT or the applicable third-party platform THAT SPECIFIES THE SERVICES (COLLECTIVELY, WITH ANY PHYSICALLY EXECUTED ORDER FORMS, the “Order form”), completing the registration process, and/or browsing the Website, you REPRESENT THAT (1) YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY THE TERMS OF SERVICE, (2) YOU ARE OF LEGAL AGE TO FORM A BINDING CONTRACT WITH STRIIM, AND (3) IF YOU ARE ENTERING INTO THE TERMS OF SERVICE ON BEHALF OF AN ENTITY, YOU HAVE THE AUTHORITY TO ENTER INTO THE TERMS OF SERVICE ON BEHALF OF THE ENTITY YOU HAVE NAMED AS THE USER, AND TO BIND THAT ENTITY TO THE TERMS OF SERVICE. THE TERM “YOU” OR “CUSTOMER” REFERS TO THE INDIVIDUAL OR LEGAL ENTITY, AS APPLICABLE, IDENTIFIED AS THE CUSTOMER WHEN YOU REGISTERED through the services. BY USING THE SERVICES YOU AGREE TO BE BOUND BY THE TERMS SET FORTH HEREIN. TO THE EXTENT CUSTOMER HAS SEPARATELY ENTERED INTO A LICENSING AGREEMENT WITH STRIIM COVERING THE SAME SERVICES, THE TERMS AND CONDITIONS OF SUCH AGREEMENT SHALL SUPERSEDE THIS AGREEMENT IN ITS ENTIRETY. IF YOU DO NOT AGREE TO BE BOUND BY THE TERMS OF SERVICE, YOU MAY NOT ACCESS OR USE THE WEBSITE OR THE SERVICES.
The “agreement” shall include these terms of service, the order form, and the ADdendA below, INCLUDING THE SUPPORT AND MAINTENANCE ADDENDUM AND DATA Protection Addendum (“DPA”). THE TERMS IN ANY PURCHASE ORDER OR WRITTEN PURCHASE AUTHORIZATION PROVIDED BY CUSTOMER THAT ADD TO OR CONFLICT WITH OR CONTRADICT ANY PROVISION IN THE AGREEMENT WILL HAVE NO LEGAL EFFECT.
DETAILS FOR THE SERVICES CONSUMPTION TERMS ARE DESCRIBED IN THE STRIIM SERVICES CONSUMPTION TERMS AND STREAMSHIFT CONSUMPTION TERMS AT https://www.striim.com/cloud-consumption-terms AND https://www.striim.com/shift-terms, RESPECTIVELY, WHICH ARE INCORPRATED HEREIN BY THIS REFERENCE.
PLEASE NOTE THAT THE AGREEMENT IS SUBJECT TO CHANGE BY STRIIM IN ITS SOLE DISCRETION AT ANY TIME. When changes are made, Striim will make a new copy of the Terms of Service available at the Website. Striim will also update the “Last Updated” date at the top of the Terms of Service. If Striim makes any material changes, and you have registered with us to create an Account (as defined in Section 2.1 below) Striim will also send an e-mail to you at the last e-mail address you provided to us pursuant to the Agreement. Any changes to the Agreement will be effective immediately for new users of the Website and/ or Services and will be effective thirty (30) days after posting notice of such changes on the Website for existing Registered Users, provided that any material changes shall be effective for Registered Users who have an Account with us upon the earlier of thirty (30) days after posting notice of such changes on the Website or thirty (30) days after dispatch of an e-mail notice of such changes to Registered Users (defined in Section 2.1 (Registering Your Account) below). Striim may require you to provide consent to the updated Agreement in a specified manner before further use of the Website and/ or the Services is permitted. If you do not agree to any change(s) after receiving a notice of such change(s), you shall stop using the Website and/or the Services. Otherwise, your continued use of the Website and/or Services constitutes your acceptance of such change(s). PLEASE REGULARLY CHECK THE WEBSITE TO VIEW THE THEN-CURRENT TERMS.
1. SaaS Services
1.1. License. Subject to the terms and conditions of this Agreement, during the Subscription Term (as defined below), Striim hereby grants Customer and its subsidiaries a non-exclusive, royalty-free, non-transferable, non-sub-licensable right, in the territory indicated in the Order Form, for Customer’s authorized employees and independent contractors (“Users”) to (a) access and use the Services on a remote basis identified in the Order Form, including any software programs and associated interfaces and related technology that Striim makes available pursuant to this Agreement, in accordance with the standard end-user technical documentation, specifications, materials and other information Striim makes available electronically (the “Documentation”) and (b) to use and reproduce a reasonable number of copies of the Documentation, in each case, solely for Customer’s own internal business purposes. The Order Form may contain additional restrictions and limitations to your use of the Services.
1.2. License Restrictions. You agree that you and your subsidiaries will not, and will not permit any User or other party to: (a) permit any party to access the Services or Documentation or use the Services, other than the Users authorized under this Agreement; (b) modify, adapt, alter or translate the Services or Documentation, except as expressly allowed herein; (c) sublicense, lease, rent, loan, distribute, or otherwise transfer the Services or Documentation to any third party; (d) (other than as and solely to the extent expressly required to be permitted under the laws of your particular jurisdiction) reverse engineer, decompile, disassemble, or otherwise derive or determine or attempt to derive or determine the source code (or the underlying ideas, algorithms, structure or organization) of the Services; (e) use or copy the Services or Documentation except as expressly allowed under this Agreement; (f) disclose or transmit any data contained in the Services to any individual other than a User, except as expressly allowed herein; (g) download or otherwise obtain a copy of the Service software; (h) interfere with or disrupt the integrity or performance of the Service or attempt to gain unauthorized access to the Service or related systems or networks; or (i) use the Service to perform any activity which is or may be unlawful, harmful, threatening, abusive, harassing, tortious or defamatory, nor perform any activity which breaches the rights of any third party.
1.3. Free Trial and Striim Developer Version. If Customer either registers on the Website for a Striim Developer Version or free evaluation or otherwise orders a free trial version of the Services, Striim will make certain Services available to Customer on a trial basis (the “Trial Version Services”) until the earlier of: (a) the end of the free trial period for which Customer registered or ordered the applicable Services (b) the Effective Date of any purchased subscriptions for such Services by Customer; or (c) termination by Striim in its sole discretion (collectively: “Free Trial Period”). The Trial Version Services may be used only in a non-production environment and to review and evaluate the Services for your internal use. The Trial Version Services may cease operating after the applicable Free Trial Period or number of uses based on an internal metering mechanism within the Trial Version Services itself. Regardless of any such metering, Customer must stop using the Services at the end of such Free Trial Period or number of uses. Additional trial terms and conditions may appear on Striim’s website or Order Form. Any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding.
THE TRIAL VERSION SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY AND STRIIM SHALL HAVE NO INDEMNIFICATION OBLIGATIONS NOR LIABILITY OF ANY TYPE WITH RESPECT TO THE TRIAL VERSION SERVICES UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW IN WHICH CASE STRIIM’S LIABILITY WITH RESPECT TO THE TRIAL VERSION SERVICES PROVIDED DURING THE FREE TRIAL PERIOD SHALL NOT EXCEED $100. WITHOUT LIMITING THE FOREGOING, STRIIM AND ITS AFFILIATES AND ITS LICENSORS DO NOT REPRESENT OR WARRANT TO CUSTOMER THAT: (A) CUSTOMER’S USE OF THE TRIAL VERSION SERVICES DURING THE FREE TRIAL PERIOD WILL MEET CUSTOMER’S REQUIREMENTS, (B) CUSTOMER’S USE OF THE TRIAL VERSION SERVICES DURING THE FREE TRIAL PERIOD WILL BE UNINTERRUPTED, TIMELY, SECURE OR FREE FROM ERROR, AND (C) DATA PROVIDED DURING THE FREE TRIAL PERIOD WILL BE ACCURATE. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE “LIMITATION OF LIABILITY” SECTION BELOW, CUSTOMER SHALL BE FULLY LIABLE UNDER THIS AGREEMENT TO STRIIM AND ITS AFFILIATES FOR ANY DAMAGES ARISING OUT OF CUSTOMER’S USE OF THE TRIAL VERSION SERVICES DURING THE FREE TRIAL PERIOD, ANY BREACH BY CUSTOMER OF THIS AGREEMENT AND ANY OF CUSTOMER’S INDEMNIFICATION OBLIGATIONS HEREUNDER.
2. Your Account
2.1. General. In order to access the Services, you will be required to become a Registered User. For purposes of this Agreement, a “Registered User” is a user who has registered an account on the Website (“Account”).
2.2. Registration Data. In registering an account on the Website, you agree to (a) provide true, accurate, current and complete information about yourself as prompted by the registration form (the “Registration Data”); and (b) maintain and promptly update the Registration Data to keep it true, accurate, current and complete. You represent that you are (i) at least eighteen (18) years old; (ii) of legal age to form a binding contract; and (iii) not a person barred from using Striim’s Services under the laws of the United States, your place of residence or any other applicable jurisdiction. You are responsible for all activities that occur under your Account. You agree that you shall monitor your Account to restrict use by minors, and you will accept full responsibility for any unauthorized use of the Website and Services by minors. You may not share your Account or password with anyone, and you agree to (y) notify Striim immediately of any unauthorized use of your password or any other breach of security; and (z) exit from your Account at the end of each session. If you provide any information that is untrue, inaccurate, not current or incomplete, or Striim has reasonable grounds to suspect that any information you provide is untrue, inaccurate, not current or incomplete, Striim has the right to suspend or terminate your Account and refuse any and all current or future use of the Website or Services (or any portion thereof). You agree not to create an Account using a false identity or information, or on behalf of someone other than yourself. Striim reserves the right to remove or reclaim any usernames at any time and for any reason, including but not limited to, claims by a third party that a username violates the third party’s rights. You agree not to create an Account or use the Website or Services if you have been previously removed by Striim, or if you have been previously banned from any of Striim products or services, including without limitation the Website or Services.
2.3. Your Account. Notwithstanding anything to the contrary herein, you acknowledge and agree that you shall have no ownership or other property interest in your Account, and you further acknowledge and agree that all rights in and to your Account are and shall forever be owned by and inure to the benefit of Striim.
2.4. Necessary Equipment and Software. You must provide all equipment and software necessary to connect to the Website and Services. You are solely responsible for any fees, including Internet connection or mobile fees, that you incur when accessing the Website and Services.
3. Proprietary Rights
3.1. Ownership by Striim. The Services and Documentation are licensed and not sold to Customer, and no title or ownership to such Services, Documentation, or the intellectual property rights embodied therein passes as a result of this Agreement or any act pursuant to this Agreement. The Website, the Services, Documentation, and all intellectual property rights therein are the exclusive property of Striim and its suppliers, and all rights in and to the Website, the Services and Documentation not expressly granted to Customer in this Agreement are reserved by Striim. Striim and its suppliers own all rights, title, and interest to the Website, the Services and Documentation. Nothing in this Agreement will be deemed to grant, by implication, estoppel or otherwise, a license under any existing or future patents of Striim, except to the extent necessary for Customer to use the Services and Documentation as expressly permitted under this Agreement. You will not remove, alter or obscure any copyright, trademark, service mark or other proprietary rights notices incorporated in or accompanying the Website, the Services or the Documentation.
3.2. Customer Data. “Customer Data” consists of data and other information made available to us by or for you through the use of the Services under these Terms of Service. The terms of the DPA made part hereof shall apply when personal data is being processed pursuant to this Agreement. You instruct us to use and disclose Customer Data as necessary to (a) provide the Services consistent with Striim’s DPA attached hereto, Section 4, and this Section 3.2, including detecting, preventing, and investigating security incidents, fraud, spam, or unlawful use of the Services, and (b) respond to any technical problems or your queries and ensure the proper working of the Services. You acknowledge, that the Internet and telecommunications providers’ networks are inherently insecure. Accordingly, you agree Striim is not liable for any changes to, interception of, or loss of Customer Data while in transit via the Internet or a telecommunications provider’s network.
3.3. Trademarks. 
and all related graphics, logos, service marks and trade names used on or in connection with Website or in connection with the Services are the trademarks of Striim and may not be used without permission in connection with your, or any third-party, products or services. Other trademarks, service marks and trade names that may appear on or in the Website or the Services are the property of their respective owners.
3.4. Feedback. You hereby grant to Striim a royalty-free, worldwide, transferable, sublicensable, irrevocable, perpetual license to use or incorporate into the Services or any other products or services of Striim, any suggestions, enhancement requests, recommendations or other feedback provided by you, including Users, relating to the Services. Striim will not identify you or Users as the source of any such feedback.
4. Confidentiality
4.1. Confidential Information. Subject to Section 4.3, all information disclosed by one party (“Disclosing Party”) to the other party (the “Receiving Party”) during the term of this Agreement, whether oral, written, graphic or electronic (the “Confidential Information”) shall be considered Confidential Information of the Disclosing Party. The Services, Documentation, and all enhancements and improvements thereto shall be Confidential Information of Striim. All data provided by Customer to Striim to enable provision and performance of the Services shall be Customer’s Confidential Information.
4.2. Protection of Confidential Information. The Receiving Party will not use any Confidential Information of the Disclosing Party for any purpose not permitted by this Agreement, and will disclose the Confidential Information of the Disclosing Party only to employees or contractors of the Receiving Party who have a need to know such Confidential Information for purposes of this Agreement and are under a duty of confidentiality no less restrictive than the Receiving Party’s duty hereunder. The Receiving Party will protect the Disclosing Party’s Confidential Information from unauthorized use, access, or disclosure in the same manner as the Receiving Party protects its own confidential or proprietary information of a similar nature and with no less than reasonable care.
4.3. Exceptions. The Receiving Party’s obligations under Section 4.2 with respect to Confidential Information of the Disclosing Party will not apply to any information that: (a) was already known to the Receiving Party at the time of disclosure by the Disclosing Party; (b) is disclosed to the Receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the Receiving Party has become, generally available to the public; or (d) is independently developed by the Receiving Party without access to, or use of, the Disclosing Party’s Confidential Information. In addition, the Receiving Party will be allowed to disclose Confidential Information of the Disclosing Party to the extent that such disclosure is (i) approved in writing by the Disclosing Party, (ii) necessary for the Receiving Party to enforce its rights under this Agreement in connection with a legal proceeding; or (iii) required by law or by the order or a court of similar judicial or administrative body, provided that the Receiving Party notifies the Disclosing Party of such required disclosure promptly and in writing and cooperates with the Disclosing Party, at the Disclosing Party’s reasonable request and expense, in any lawful action to contest or limit the scope of such required disclosure.
5. Professional Services; Support; Service Level Agreement
5.1. Professional Services. If separately agreed upon by the parties in an Order Form, Striim shall provide Customer with certain professional services, including without limitation, implementation and training services (the “Professional Services”). Striim shall have no obligation to provide such Professional Services unless specified in an Order Form.
5.2. Support and Maintenance. Support and maintenance services will be subject to the terms and conditions of the Support and Maintenance Addendum. Other than as expressly provided in the Support and Maintenance Addendum, this Agreement does not obligate Striim to provide any support or maintenance services.
5.3. Service Level Agreement. If specifically included in an Order Form, Striim shall provide Customer with the service level agreement (“SLA”) at www.striim.com/sla . Striim shall have no obligation to provide such SLA unless specified in an Order Form.
6. Term And Termination
6.1. Term. The initial term of this Agreement will begin on the effective date specified on the Order Form (the “Effective Date”) and continue in full force and effect for the period indicated on the Order Form (the “Initial Subscription Term”), unless terminated earlier in accordance with Section 6.2. Except as otherwise specified in an Order Form, the Agreement will automatically renew for successive periods equal to the Initial Subscription Term or one year (whichever is shorter) (the “Renewal Subscription Terms”), unless either party gives the other written notice (email acceptable) at least thirty (30) days before the end of the relevant term. The “Subscription Term” shall mean the Initial Subscription Term and any Renewal Subscription Terms.
6.2. Termination of Agreement. Each party may terminate this Agreement for material breach by the other party, which remains uncured thirty (30) days after delivery of written notice of such breach to the breaching party (ten (10) days if such breach is in connection with non-payment). Notwithstanding the foregoing, Striim may immediately terminate this Agreement and all licenses granted hereunder if Customer breaches Section 1 hereof. The foregoing rights of termination are in addition to any other rights and remedies provided in this Agreement or by law.
6.3. Effect of Termination. Termination of any Service includes removal of access to such Service and barring of further use of the Service and the termination of any applicable licenses or rights. Termination of the Agreement or all Services also includes deletion of your password and all related information associated with or inside your Account (or any part thereof). Upon termination of any Service, your right to use such Service will automatically terminate immediately. Striim will not have any liability whatsoever to you for any suspension or termination.
6.4. Survival. Sections 1.2, 3, 4, 6.3, 6.4, and 7-11 will survive the termination of this Agreement.
7. Fees
7.1. Fees and Payment Terms. Customer shall pay Striim the fees as set forth on the applicable Order Form (the “Fees”). Striim shall send invoices to Customer based on the invoice schedules set forth on the applicable Order Form. If Customer’s use of the Services exceeds the Services capacity set forth on the Order Form or otherwise requires the payment of additional fees (per the terms of this Agreement), Striim shall invoice Customer for such additional usage and Customer agrees to pay the additional Fees in the manner provided herein. All payments shall be made in U.S. dollars. Unless otherwise specified in the applicable Order Form, Customer will pay all Fees payable to Striim within thirty (30) days following the receipt by Customer of an invoice from Striim. Late payments will accrue interest at the rate of one and one-half percent (1.5%) per month, or if lower, the maximum rate permitted under applicable law. Striim reserves the right to increase Fees each calendar year with thirty (30) days’ prior written notice to Customer. Additional payment terms may be set forth in the Order Form. Striim reserves the right to suspend the Services in whole or in part if any Fees are over thirty (30) days late.
7.2. Taxes. All fees are exclusive of any sales, use, excise, withholding, import, export or value-added tax, levy, duty or similar governmental charge which may be assessed based on any payment due hereunder, including any related penalties and interest (“Taxes”). Customer is solely responsible for all Taxes resulting from transactions under this Agreement, except Taxes based on Striim’s net income. Customer will indemnify and hold Striim harmless from (a) the Customer’s failure to pay (or reimburse Striim for the payment of) all such Taxes; and (b) the imposition of and failure to pay (or reimburse Striim for the payment of) all governmental permit fees, license fees, customs fees and similar fees levied upon delivery of the Services or Documentation which Striim may incur in respect of this Agreement or any other fees required to be made by Customer under this Agreement, together with any penalties, interest, and collection or withholding costs associated therewith.
8. Disclaimers of Warranties
8.1. to the maximum extent permitted by applicable law AND EXCEPT AS EXPRESSLY STATED OTHERWISE HEREIN, the website, services, ANY IMPLEMENTATION OR PROFESSIONAL SERVICES OR SUPPORT, documentation and any other product or service provided to customer are provided “AS IS” and “as AVAILABLE.” Striim hereby disclaims all warranties whether express, implied or statutory with respect to the Website, the Services, Documentation, any PROFESSIONAL SERVICES OR support services, and any other products or services provided to Customer under this Agreement, including without limitation any implied warranties of merchantability, fitness for a particular purpose, title, non-infringement, and any warranty ARISING OUT OF COURSE OF PERFORMANCE, COURSE OF DEALING OR USAGE OF TRADE.
8.2. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, NEITHER STRIIM Nor any of its suppliers ASSUMES ANY RESPONSIBILITY FOR THE SECURITY, TIMELINESS, DELETION, MIS-DELIVERY OR FAILURE TO STORE OR TRANSMIT ANY DATA IN, FROM OR TO THE SERVICES. FURTHERMORE, NOTHING STATED IN THIS AGREEMENT WILL IMPLY THAT THE OPERATION OF THE services OR ITS INTEROPERABILITY WITH ANY OTHER SOFTWARE OR SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR FREE, OR THAT ERRORS WILL BE CORRECTED. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY STRIIM OR ANY of its suppliers SHALL IN ANY WAY INCREASE THE SCOPE OF STRIIM’s WARRANTIES OR OBLIGATIONS UNDER THIS AGREEMENT.
9. Indemnification
9.1. By Striim.
9.1.1. Striim’s Obligation. Subject to the terms and conditions of Section 9, Striim will defend any suit brought against Customer by a third party to the extent that the suit is based upon a claim that the Services infringes such third party’s United States copyrights or misappropriates such third party’s trade secrets recognized as such under the Uniform Trade Secrets Act or such other similar laws, and Striim will pay those costs and damages finally awarded against Customer in any such action or those costs and damages agreed to in a monetary settlement of such claim, in each case that are specifically attributable to such claim. However, such defense and payments are subject to the conditions that: (a) Striim will be notified promptly in writing by Customer of any such claim; (b) Striim will have sole control of the defense and all negotiations for any settlement or compromise of such claim; and (c) Customer will cooperate and, at Striim’s request and expense, assist in such defense. This Section 9.1 states Striim’s entire liability and Customer’s sole and exclusive remedy for any infringement and/or misappropriation claims.
9.1.2. Alternative. If Customer’s use of the Services is prevented by injunction or court order because of infringement, or should the Services be likely to become the subject of any claim in Striim’s sole opinion, Customer will permit Striim, at the sole discretion of Striim and no expense to Customer, to: (i) procure for Customer the right to continue using such Services in accordance with this Agreement; or (ii) replace or modify the Services so that it becomes non-infringing while providing substantially similar features. Where (i) and (ii) above are not commercially feasible for Striim, the applicable licenses will immediately terminate and Striim will refund to Customer pre-paid fees on a pro-rated basis for the remainder of the term to Customer.
9.1.3. Exclusions. Striim will have no liability to Customer for any claim of infringement or misappropriation to the extent based upon: (a) use of the Services not in accordance with this Agreement or the Documentation; (b) the combination of the Services with third party hardware or software not conforming to the operating environment specified in Documentation; or (c) any modification of the Services by any person other than Striim. Customer will indemnify Striim against all liability, damages and costs (including reasonable attorneys’ fees) resulting from any such claims.
9.2. By Customer. Customer will indemnify, defend and hold Striim and its directors, officers, affiliate, employees, agents, partners, licensors, and suppliers harmless from and against any and all actual or alleged third-party claims and accompanying liabilities, losses, damages, costs and expenses, including reasonable external attorneys’ fees arising out of or in connection with, (a) Customer’s or User’s use of, or inability to use the Services; (b) Customer’s or User’s violation of this Agreement; (c) Customer’s or User’s violation of any rights of another party, including any Registered Users; (d) Customer’s or User’s violation of any applicable laws, rules, or regulations; or (e) Customer Data or any other content or materials input into the Services, including claims that such data or materials violates or infringes the privacy or intellectual property rights of a third party.
10. Limitation of Liability
10.1. TO THE FULLEST EXTENT PROVIDED BY LAW, IN NO EVENT WILL STRIIM BE LIABLE TO CUSTOMER OR ANY OTHER PARTY FOR ANY SPECIAL, PUNITIVE, INDIRECT, INCIDENTAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, OR ANY SERVICES OR PROFESSIONAL SERVICES PROVIDED HEREIN, UNDER ANY LEGAL THEORY, INCLUDING, BUT NOT LIMITED TO, LOSS OF DATA, LOSS OF THE USE OR PERFORMANCE OF ANY PRODUCTS OR SERVICES, LOSS OF REVENUES, LOSS OF PROFITS, OR BUSINESS INTERRUPTION, EVEN IF STRIIM KNOWS OF OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES. TO THE FULLEST EXTENT PROVIDED BY LAW, IN NO EVENT WILL STRIIM’S TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT OF FEES RECEIVED BY STRIIM FROM CUSTOMER UNDER THIS AGREEMENT DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING SUCH CLAIM. THIS SECTION 10 WILL APPLY EVEN IF AN EXCLUSIVE REMEDY OF CUSTOMER UNDER THIS AGREEMENT HAS FAILED OF ITS ESSENTIAL PURPOSE.
10.2. THE LIMITATIONS OF DAMAGES SET FORTH ABOVE ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN STRIIM AND YOU.
11. General
11.1. Release. You hereby release Striim and its successors from claims, demands, any and all losses, damages, rights, and actions of any kind, including personal injuries, death, and property damage, that is either directly or indirectly related to or arises from your use of the Website or the Services. If you are a California resident, you hereby waive California Civil Code Section 1542, which states, “A general release does not extend to claims that the creditor or releasing party does not know or suspect to exist in his or her favor at the time of executing the release and that, if known by him or her, would have materially affected his or her settlement with the debtor or released party.” The foregoing release does not apply to any claims, demands, or any losses, damages, rights and actions of any kind, including personal injuries, death or property damage for any unconscionable commercial practice by Striim or for such party’s fraud, deception, false, promise, misrepresentation or concealment, suppression or omission of any material fact in connection with the Website or any Services provided hereunder.
11.2. Electronic Communications. The communications between you and Striim may take place via electronic means, whether you visit the Website or Services or send Striim e-mails, or whether Striim posts notices on the Website or Services or communicates with you via e-mail. For contractual purposes, you (a) consent to receive communications from Striim in an electronic form; and (b) agree that all terms and conditions, agreements, notices, disclosures, and other communications that Striim provides to you electronically satisfy any legal requirement that such communications would satisfy if it were to be in writing. The foregoing does not affect your statutory rights, including but not limited to the Electronic Signatures in Global and National Commerce Act at 15 U.S.C. §7001 et seq. (“E-Sign”).
11.3. Notice. Where Striim requires that you provide an e-mail address, you are responsible for providing Striim with your most current e-mail address. In the event that the last e-mail address you provided to Striim is not valid, or for any reason is not capable of delivering to you any notices required/ permitted by the Agreement, Striim’s dispatch of the e-mail containing such notice will nonetheless constitute effective notice. You may give notice of any changes to your e-mail address to Striim at the following address: support@striim.com.
11.4. Relationship of Parties. The parties hereto are independent contractors. Nothing in this Agreement will be deemed to create an agency, employment, partnership, fiduciary or joint venture relationship between the parties.
11.5. Publicity. Striim may use Customer’s name and a description of Customer’s use of the Services for investor relations and marketing purposes.
11.6. Compliance with Export Control Laws and Anti-Corruption.
11.6.1. Export Control. Customer acknowledges that the Services are subject to export control and sanctions laws, including without limitation the U.S. Export Administration Regulations administered by the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) and economic sanctions administered by the U.S Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), and other similar national or international laws and regulations (collectively, “Export Laws”). Customer agrees to comply with all Export Laws related to Customer’s use of the Services. Customer represents and warrants that it is not (i) located, organized, or resident in a country or territory that is subject to a U.S. trade embargo (currently, Crimea, Cuba, Iran, North Korea, and Syria); or (ii) identified on, or owned or controlled by any party identified on, any applicable sanctions or restricted party list, including the Specially Designated Nationals and Blocked Persons List, Foreign Sanctions Evaders List, and Sectoral Sanctions Identifications List, administered by OFAC, and the Entity List, Denied Persons List, or Unverified List, administered by BIS. Customer agrees that it will not export, re-export or otherwise transfer the Services, or use the Services to disclose, transfer, download, export or re-export, directly or indirectly, any Customer Data, to any country, entity or other party that is ineligible to receive such items under the Export Laws. Customer will defend, indemnify, and hold harmless Striim from and against all fines, penalties, liabilities, damages, costs and expenses (including reasonable attorneys’ fees) incurred by Striim as a result of Customer’s breach of this Section 11.6.1
11.6.2. Anti-Corruption. Customer warrants that neither Customer, nor any of Customer’s respective officers, employees, agents, representatives, contractors, intermediaries or any other person or entity acting on Customer’s behalf, in connection with this Agreement, has taken or will take any action, directly or indirectly, in violation of the U.S. Foreign Corrupt Practices Act of 1977, as amended, or any other applicable anti-corruption or anti-bribery laws.
11.7. Assignment. Customer may not assign or transfer, by operation of law, merger or otherwise, any of its rights or delegate any of its duties under this Agreement (including, without limitation, its licenses and rights in connection with the Services) to any third party without Striim’s prior written consent. Any attempted assignment or transfer in violation of the foregoing will be null and void. Striim may assign its rights or delegate its obligations under this Agreement.
11.8. Governing Law and Venue. This Agreement will be governed by the laws of the State of California, excluding any conflict of law provisions that would require the application of the laws of any other jurisdiction. The United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Agreement. Any action or proceeding arising from or relating to this Agreement must be brought exclusively in a federal or state court located in Santa Clara, California. Each party irrevocably consents to the personal jurisdiction and venue in, and agrees to service of process issued by, any such court.
11.9. Force Majeure. Any delay in or failure of performance by either party under this Agreement, other than a failure to pay amounts when due, will not be considered a breach of this Agreement and will be excused to the extent caused by any occurrence beyond the reasonable control of such party, including, but not limited to, acts of God, war, terrorism, riots, embargos, acts of civil or military authorities, fire, floods, accidents, strikes or shortages of transportation facilities, fuel, energy, labor or materials.
11.10. Remedies. Except as expressly provided elsewhere in this Agreement, the parties’ rights and remedies under this Agreement are cumulative. Customer acknowledges that the Services contains valuable trade secrets and proprietary information of Striim, that any actual or threatened breach of Section 1 (Grant and Scope of License) or Section 4 (Confidentiality) will constitute immediate, irreparable harm to Striim for which monetary damages would be an inadequate remedy, and that injunctive relief is an appropriate remedy for such breach.
11.11. Waiver; Severability. Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion. If any provision of this Agreement is adjudicated to be unenforceable, such provision will be changed and interpreted to accomplish the objectives of such provision to the greatest extent possible under applicable law and the remaining provisions will continue in full force and effect.
11.12. Order of Precedence; Construction. In the event of any conflict or inconsistency among the following documents, the order of precedence shall be: (1) the applicable Order Form (2) this Agreement. The Section headings of this Agreement are for convenience and will not be used to interpret this Agreement. As used in this Agreement, the word “including” means “including but not limited to.”
11.13. Cloud Marketplace.
11.13.1 Applicability. This section 11.13 is only applicable if Customer obtains the Services from a third party authorized by Striim to offer the Services as part of such third party’s cloud marketplace (“Cloud Partner” and “Cloud Marketplace”, respectively).
11.13.2 Cloud Partner.Customer agrees that Customer will not make a claim against the Cloud Partner for any causes of action, damages, or losses that Customer may incur in connection with Customer’s use of the Services, Documentation or any other services provided under this Agreement.
11.14. Provisions for Cloud Marketplace Resellers. This section 11.14 will apply if Customer is authorized by Striim or the applicable Cloud Partner to purchase the Services through the applicable Cloud Marketplace for the purpose of reselling the Services to end users (“End User(s)”), and, as such, is an authorized Cloud Marketplace reseller (“Authorized Cloud Marketplace Reseller”). Customer, acting as Authorized Cloud Marketplace Reseller, warrants and represents to Striim that: (a) it has entered into a contract with the End User that binds the End User to the terms and Conditions of this Terms of Service Agreement (the “End User Contract”), (b) it has informed the End User that this Terms of Service Agreement governs the End User’s use of the Services , (c) it has provided the End User with access to all the terms and conditions of this Terms of Service Agreement, (d) it shall not make or pass on to the End User any warranty, condition or representation on behalf of Striim inconsistent with the terms and conditions of this Terms of Service Agreement, and (e) it shall expressly name Striim as an intended third-party beneficiary of the End User Contract, with the right to enforce its terms directly against the End User.
SUPPORT AND MAINTENANCE ADDENDUM
THIS STRIIM SUPPORT POLICY (“POLICY”) DESCRIBES STRIIM’S SUPPORT OFFERING IN CONNECTION WITH CUSTOMER REPORTED BUGS AND ERRORS IN THE STRIIM SHIFT OR STRIIM ENTERPRISE SERVICES (COLLECTIVELY THE “SERVICES.”) SUPPORT IS PROVIDED IN ACCORDANCE WITH THE WRITTEN SUBSCRIPTION AGREEMENT (THE “SUBSCRIPTION AGREEMENT”) UNDER WHICH STRIIM PROVIDES THE SERVICES. STRIIM OFFERS BASIC SUPPORT FOR THE SERVICES AND CUSTOMER MAY PURCHASE UPGRADED OR PRIORITY SUPPORT AS DESIGNATED ON THE ORDER FORM FOR THE SERVICES. THIS POLICY MAY BE UPDATED BY STRIIM FROM TIME TO TIME. CAPITALIZED TERMS NOT DEFINED IN THIS POLICY HAVE THE MEANINGS SET FORTH IN THE SUBSCRIPTION AGREEMENT.
1. Support Offerings. Striim offers a basic support plan for the Services, as well as several priority support plans, including, Silver, Gold and Premium Tier support.
2. Support Services – General.
2.1. Customer Contacts. Customer must designate one primary contact who will have administrator privileges and may designate additional contacts (“Customer Contacts”) to obtain support from Striim.
2.2. Basic Support. Striim shall provide English-speaking remote assistance to Customer Contacts for questions or issues arising from any reported Error, as further described in this Policy, including troubleshooting, diagnosis, and recommendations for potential workarounds for the duration of Customer’s subscription to the applicable Service. In addition, Striim shall provide access to a knowledge base of common questions and answers regarding the use of the Services.
2.3. Premium Support. Striim shall provide other support offerings, such as access to patch fix releases, hot fixes and access to engineering resources to assist with Services issues and performance issues, based on the applicable priority support plan purchased.
2.4. Contacting Striim. Striim will provide support services by the means set forth in the following table, subject to the conditions regarding availability or response times with respect to each such form of access as set forth in the table. Support services will consist of answering questions regarding the proper use of, and providing troubleshooting assistance for, the Services.
| Form of Support | Availability |
| Email Support (support@Striim.com or such other email address as Striim may provide from time to time) | 365 x 7 x 24 |
| Web-based Support (https://www.striim.com/ or such other URL as Striim may provide from time to time) | 365 x 7 x 24 |
| If necessary, Telephonic support +1 (650) 241-0680 or such other phone number as Striim may provide from time to time) | 8 am to 7 pm Pacific Time, Mon. – Fri. (excluding Striim Holidays) |
2.5. Severity Levels. If Customer identifies an Error and would like such Error corrected, Customer will promptly report such Error in writing to Striim, specifying (a) the nature of the Error; (b) the circumstances under which the Error was encountered, including the processes that were running at the time that the Error occurred; (c) the steps, if any, that Customer took immediately following the Error; (d) the immediate impact of the Error upon Customer’s ability to operate the Services and severity classification of the Error; and (e) contact information for the Customer Contact most familiar with the issue. Upon receipt of any such Error report, Striim will evaluate the Error and classify it into one of the following severity levels based upon the following severity classification criteria:
| Severity Level | Severity Classification Criteria |
| Severity 1 | Error renders continued use of the Services commercially infeasible. |
| Severity 2 | Error prevents a critical function of the Services from operating in substantial accordance with the Documentation. |
| Severity 3 | Error prevents a major non-critical function of the Services from operating in substantial accordance with the Documentation. |
| Severity 4 | Error adversely affects a minor function of the Services or consists of a cosmetic nonconformity, error in Documentation, or other problem of similar magnitude. |
2.6. Error Correction – Basic. Striim will use commercially reasonable efforts to provide a correction or workaround to all reproducible Errors that are reported in accordance with Section 2.5 (Severity Levels) above. Such corrections or workarounds may take the form of Error corrections, fixes, or workarounds (collectively, “Updates”), procedural solutions, correction of Documentation errors, or other such remedial measures as Striim may determine to be appropriate. Striim will also endeavor to achieve the following response times for each of the following categories of Errors.
| Severity Level | Response Time |
| Severity 1 | Four (4) Hours |
| Severity 2 | Four (4) business days |
| Severity 3 | Seven (7) business days |
| Severity 4 | Seven (7) business days |
2.7. Error Correction – Premium Support Plans
Silver Support Plan
| Severity Level | Response Time |
| Severity 1 | Two (2) Hours, M-F; four (4) hours on weekends |
| Severity 2 | Four (4) business days |
| Severity 3 | Seven (7) business days |
| Severity 4 | Seven (7) business days |
Gold/Premium Support Plan
| Severity Level | Response Time |
| Severity 1 | One (1) Hour, M-F; two (2) hours on weekends |
| Severity 2 | Two (2) Hours M-F; four (4) hours on weekends |
| Severity 3 | Four (4) business days |
| Severity 4 | Seven (7) business days |
3. Customer Responsibilities And Exclusions.
3.1.1. Customer Responsibilities. As a condition to Striim’s obligations under this Policy, Customer will cooperate with Striim to the extent that such cooperation would facilitate Striim’s provision of support services hereunder. Without limiting the foregoing, at Striim’s request, Customer will (i) provide Striim with reasonable access to appropriate personnel, records, and maintenance logs; (ii) refrain from undertaking any operation that would directly or indirectly block or slow down any support service operation; and (iii) comply with Striim’s instructions regarding the use and operation of the Services.
3.1.2. Exclusions. Notwithstanding anything to the contrary in this Policy, Striim will have no obligation to provide any support services to Customer to the extent that such support services arise from or relate to any of the following: (a) any modifications or alterations of the Services by any party other than Striim or Striim’s subcontractors; (b) any issues arising from the failure of the Services to interoperate with any other software or systems, except to the extent that such interoperability is expressly mandated in the applicable Documentation; (c) any breakdowns, fluctuations, or interruptions in electric power or the telecommunications network; (d) any Error that is not reproducible by Striim; or (e) any violation of the terms and conditions of the Subscription Agreement. In addition, Customer agrees and acknowledges that any information relating to malfunctions, bugs, errors, or vulnerabilities in the support services constitutes Confidential Information of Striim, and Customer will refrain from using such information for any purpose other than obtaining Support Services from Striim, and will not disclose such information to any third party.
4. Definitions
“Customer Data” means data or other information made available by Customer to Striim through the use of the Services under the Subscription Agreement.
“Error” means a reproducible failure of the Services to perform in substantial conformity with its Documentation.
“Response Time” means the period of time between (a) Customer’s registration of an Error pursuant via Striim’s online ticketing system in accordance with Section 2.6 (Error Correction); and (b) the commencement of steps to address the Error in accordance with this Policy by Striim.
DATA PROCESSING ADDENDUM
1. Definitions
For purposes of this DPA, the terms below have the meanings set forth below. Capitalized terms that are used but not defined in this DPA have the meanings given in the Agreement.
(a) Affiliate means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity, where “control” refers to the power to direct or cause the direction of the subject entity, whether through ownership of voting securities, by contract or otherwise.
(b) Applicable Data Protection Laws means the privacy, data protection and data security laws and regulations of any jurisdiction applicable to the Processing of Personal Data under the Agreement, including, without limitation, European Data Protection Laws and the CCPA.
(c) CCPA means the California Consumer Privacy Act of 2018 and any regulations promulgated thereunder.
(d) Customer Data means information provided or made available to Provider for Processing on Customer’s behalf to perform the Service.
(e) EEA means the European Economic Area.
(f) European Data Protection Laws means the GDPR and other data protection laws and regulations of the European Union, its Member States, Switzerland, Iceland, Liechtenstein, Norway and the United Kingdom, in each case, to the extent applicable to the Processing of Personal Data under the Agreement.
(g) GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, as amended from time to time.
(h) Information Security Incident means a breach of Provider’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data in Provider’s possession, custody or control. Information Security Incidents do not include unsuccessful attempts or activities that do not compromise the security of Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, or other network attacks on firewalls or networked systems.
(i) Personal Data means Customer Data that constitutes “personal data,” “personal information,” or “personally identifiable information” defined in Applicable Data Protection Laws, or information of a similar character regulated thereby, except that Personal Data does not include such information pertaining to Customer personnel or representatives who are end users of the Service or business contacts of Provider, where Provider acts as a controller of such information.
(j) Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
(k) Provider means Striim Inc.
(l) Security Measures has the meaning given in Section 4(a) (Provider’s Security Measures).
(m) Standard Contractual Clauses means the mandatory provisions of the standard contractual clauses for the transfer of personal data to processors established in third countries in the form set out by European Commission Decision 2010/87/EU.
(n) Subprocessors means third parties that Provider engages to Process Personal Data in relation to the Service.
(o) Third Party Subprocessors has the meaning given in Section 6 (Subprocessors).
(p) The terms controller, data subject, processor and supervisory authority as used in this DPA have the meanings given in the GDPR.
2. Duration and Scope of DPA
(a) This DPA will remain in effect so long as Provider Processes Personal Data, notwithstanding the expiration or termination of the Agreement.
(b) Annex 1 (EU Annex) to this DPA applies solely to Processing subject to European Data Protection Laws. Annex 2 (California Annex) to this DPA applies solely to Processing subject to the CCPA if Customer is a “business” or “service provider” (as defined in CCPA) with respect to such Processing.
3. Customer Instructions
Provider will Process Personal Data only in accordance with Customer’s instructions to Provider. This DPA is a complete expression of such instructions, and Customer’s additional instructions will be binding on Provider only pursuant to an amendment to this DPA signed by both parties. Customer instructs Provider to Process Personal Data to provide the Service and as contemplated by this Agreement.
4. Security
(a) Provider Security Measures. Provider will implement and maintain technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data (the “Security Measures”) as described in Annex 3 (Security Measures). Provider may update the Security Measures from time to time, so long as the updated measures do not decrease the overall protection of Personal Data.
(b) Security Compliance by Provider Staff. Provider will ensure that its personnel who are authorized to access Personal Data are subject to appropriate confidentiality obligations.
(c) Provider Security Assistance. Provider will (taking into account the nature of the Processing of Personal Data and the information available to Provider) provide Customer with reasonable assistance necessary for Customer to comply with its obligations in respect of Personal Data under Applicable Data Protection Laws, including Articles 32 to 34 (inclusive) of the GDPR, by (a) implementing and maintaining the Security Measures; and (b) complying with the terms of Section 4(d) (Information Security Incidents) of this DPA.
(d) Information Security Incidents. Provider will notify Customer without undue delay of any Information Security Incident of which Customer becomes aware. Such notifications will describe available details of the Information Security Incident, including steps taken to mitigate the potential risks and steps Provider recommends Customer take to address the Information Security Incident. Provider’s notification of or response to an Information Security Incident will not be construed as Provider’s acknowledgement of any fault or liability with respect to the Information Security Incident.
(e) Customer’s Security Responsibilities and Assessment
(i) Customer’s Security Responsibilities. Customer agrees that, without limitation of Provider’s obligations under Section 4 (Security), Customer is solely responsible for its use of the Service, including (a) making appropriate use of the Service to ensure a level of security appropriate to the risk in respect of the Personal Data; (b) securing the account authentication credentials, systems and devices Customer uses to access the Service; (c) securing Customer’s systems and devices that Provider uses to provide the Service; and (d) backing up Personal Data.
(ii) Customer’s Security Assessment. Customer agrees that the Service, the Security Measures and Provider’s commitments under this DPA are adequate to meet Customer’s needs, including with respect to any security obligations of Customer under Applicable Data Protection Laws, and provide a level of security appropriate to the risk in respect of the Personal Data.
(f) Data Deletion. Provider shall delete all the Personal Data on Provider’s systems on Customer’s request and after the end of the provision of Service, and shall delete existing copies unless continued storage of the Personal Data is required by (i) European Data Protection Laws, with respect to Personal Data subject thereto or (ii) Applicable Data Protection Laws, with respect to all other Personal Data. Provider will comply with such instruction as soon as reasonably practicable and no later than 180 days after such expiration or termination, unless Applicable Data Protection Laws require storage. Customer may choose to request a copy of such Personal Data from Provider for an additional charge by requesting it in writing at least 30 days prior to expiration or termination of the Agreement. Upon the parties’ agreement to such charge pursuant to a work order or other amendment to the Agreement, Provider will provide such copy of such Personal Data before it is deleted in accordance with this clause.
5. Data Subject Rights
(a) Provider’s Data Subject Request Assistance. Provider will (taking into account the nature of the Processing of Personal Data) provide Customer with assistance reasonably necessary for Customer to perform its obligations under Applicable Data Protection Laws to fulfill requests by data subjects to exercise their rights under Applicable Data Protection Laws (“Data Subject Requests”) with respect to Personal Data in Provider’s possession or control. Customer shall compensate Provider for any such assistance at Provider’s then-current professional services rates, which shall be made available to Customer upon request.
(b) Customer’s Responsibility for Requests. If Provider receives a Data Subject Request, Provider will advise the data subject to submit the request to Customer and Customer will be responsible for responding to the request.
6. Subprocessors
(a) Consent to Subprocessor Engagement. Customer specifically authorizes the engagement of Provider’s Affiliates as Subprocessors and generally authorizes the engagement of other third parties as Subprocessors (“Third Party Subprocessors”).
(b) Information about Subprocessors. Information about Subprocessors, including their functions and locations, is available at the following URL: https://www.striim.com/legal/subprocessors/ (“the Subprocessor Site”).
(c) Requirements for Subprocessor Engagement. When engaging any Subprocessor, Provider will enter into a written contract with such Subprocessor containing data protection obligations not less protective than those in this DPA with respect to Personal Data to the extent applicable to the nature of the services provided by such Subprocessor. Provider shall be liable for all obligations under the Agreement subcontracted to the Subprocessor and its actions and omissions related thereto.
(d) Opportunity to Object to Subprocessor Changes. When Provider engages any new Third Party Subprocessor after the effective date of the Agreement, Provider will notify Customer of the engagement (including the name and location of the relevant Subprocessor and the activities it will perform) by updating the Subprocessor Site or by other written means. If Customer objects to such engagement in a written notice to Provider within 15 days after being informed of the engagement on reasonable grounds relating to the protection of Personal Data, Customer and Provider will work together in good faith to find a mutually acceptable resolution to address such objection. If the parties are unable to reach a mutually acceptable resolution within a reasonable timeframe, Customer may, as its sole and exclusive remedy, terminate the Agreement and cancel the Service by providing written notice to Provider and pay Provider for all amounts due and owing under the Agreement as of the date of such termination.
7. Reviews and Audits of Compliance.
Customer may audit Provider’s compliance with its obligations under this DPA up to once per year and on such other occasions as may be required by Applicable Data Protection Laws, including where mandated by Customer’s supervisory authority. Provider will contribute to such audits by providing Customer or Customer’s supervisory authority with the information and assistance reasonably necessary to conduct the audit. If a third party is to conduct the audit, Provider may object to the auditor if the auditor is, in Provider’s reasonable opinion, not independent, a competitor of Provider, or otherwise manifestly unsuitable. Such objection by Provider will require Customer to appoint another auditor or conduct the audit itself. To request an audit, Customer must submit a proposed audit plan to Provider at least thirty (30) days in advance of the proposed audit date and any third party auditor must sign a customary non-disclosure agreement mutually acceptable to the parties (such acceptance not to be unreasonably withheld) providing for the confidential treatment of all information exchanged in connection with the audit and any reports regarding the results or findings thereof. The proposed audit plan must describe the proposed scope, duration, and start date of the audit. Provider will review the proposed audit plan and provide Customer with any concerns or questions (for example, any request for information that could compromise Provider security, privacy, employment or other relevant policies). Provider will work cooperatively with Customer to agree on a final audit plan. Nothing in this Section 7 shall require Provider to breach any duties of confidentiality. If the controls or measures to be assessed in the requested audit are addressed in an SOC 2 Type 2, or similar audit report performed by a qualified third party auditor within twelve (12) months of Customer’s audit request and Provider has confirmed there have been no known material changes in the controls audited since the date of such report, Customer agrees to accept such report in lieu of requesting an audit of such controls or measures. The audit must be conducted during regular business hours, subject to the agreed final audit plan and Provider’s safety, security or other relevant policies, and may not unreasonably interfere with Provider business activities. Customer will promptly notify Provider of any non-compliance discovered during the course of an audit and provide Provider any audit reports generated in connection with any audit under this Section 7, unless prohibited by Applicable Data Protection Laws or otherwise instructed by a supervisory authority. Customer may use the audit reports only for the purposes of meeting Customer’s regulatory audit requirements and/or confirming compliance with the requirements of this DPA. Any audits are at Customer’s sole expense. Customer shall reimburse Provider for any time expended by Provider and any third parties in connection with any audits or inspections under this Section 7 at Provider’s then-current professional services rates, which shall be made available to Customer upon request. Customer will be responsible for any fees charged by any auditor appointed by Customer to execute any such audit.
8. Customer Responsibilities
(a) Customer compliance. Customer shall comply with its obligations under Applicable Data Protection Laws. Customer shall ensure (and is solely responsible for ensuring) that its instructions in Section 3 comply with Applicable Data Protection Laws, and that Customer has given all notices to, and has obtained all such from, individuals to whom Personal Data pertains and all other parties as required by applicable laws or regulations for Customer to Process Personal Data as contemplated by the Agreement.
(b) Prohibited data. Customer represents and warrants to Provider that Customer Data does not and will not, without Provider’s prior written consent, contain any social security numbers or other government-issued identification numbers, protected health information subject to the Health Insurance Portability and Accountability Act (HIPAA) or other information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional; health insurance information; biometric information; passwords for online accounts; credentials to any financial accounts; tax return data; credit reports or consumer reports; any payment card information subject to the Payment Card Industry Data Security Standard; information subject to the Gramm-Leach-Bliley Act, Fair Credit Reporting Act or the regulations promulgated under either such law; information about children under 16 years of age or that is otherwise subject to heightened restrictions under Applicable Data Protection Laws; or any information that falls within any special categories of data (as defined in GDPR).
9. Limitation of Liability
Each party’s liability, taken together in the aggregate, arising out of or related to this DPA, whether in contract, tort or under any other theory of liability, is subject to the ‘Limitation of Liability’ section of the Agreement, and any reference in such section to the liability of a party means the aggregate liability of that party under the Agreement, including this DPA.
10. Miscellaneous
Except as expressly modified by this DPA, the terms of the Agreement remain in full force and effect. In the event of any conflict or inconsistency between this DPA and the other terms of the Agreement, this DPA will govern. Notwithstanding anything in the Agreement or any order form entered in connection therewith to the contrary, the parties acknowledge and agree that Provider’s access to Personal Data does not constitute part of the consideration exchanged by the parties in respect of the Agreement. Notwithstanding anything to the contrary in the Agreement, any notices required or permitted to be given by Provider to Customer under this DPA may be given (a) in accordance with any notice clause of the Agreement; (b) to Provider’s primary points of contact with Customer; or (c) to any email provided by Customer for the purpose of providing it with Service-related communications or alerts. Customer is solely responsible for ensuring that such email addresses are valid.
ANNEX 1 TO DPA
EU ANNEX
1. Processing of Data
Subject Matter and Details of Processing. The parties acknowledge and agree that (i) the subject matter of the Processing under the Agreement is Provider’s provision of the Service; (ii) the duration of the Processing is from Provider’s receipt of Personal Data until deletion of all Personal Data by Provider in accordance with the Agreement; (iii) the nature and purpose of the Processing is to provide the Service; (iv) the data subjects to whom the Personal Data pertains are Customer’s authorized employees and independent contractors who use the Services and individuals whose Personal Data is stored on Customer’s data sources or data targets and processed by Provider; and (v) the categories of personal data of data subjects are determined by Customer and may include without limitation: Name, Email address, Physical address, IP-address and other online identifiers, Date of birth, Telephone/mobile number, Location Data.
(a) Roles and Regulatory Compliance; Authorization. The parties acknowledge and agree that (i) Provider is a processor of that Personal Data under European Data Protection Laws; (ii) Customer is a controller (or a processor acting on the instructions of a controller) of that Personal Data under European Data Protection Laws; and (iii) each party will comply with the obligations applicable to it in such role under the European Data Protection Laws with respect to the Processing of that Personal Data. If Customer is a processor, Customer represents and warrants to Provider that Customer’s instructions and actions with respect to Personal Data, including its appointment of Provider as another processor, have been authorized by the relevant controller.
(b) Provider’s Compliance with Instructions. Provider will Process Personal Data only in accordance with Customer’s instructions stated in this DPA unless applicable European Data Protection Laws require otherwise, in which case Provider will notify Customer (unless that law prohibits Provider from doing so on important grounds of public interest).
2. Impact Assessments and Consultations
Provider will (taking into account the nature of the Processing and the information available to Provider) reasonably assist Customer in complying with its obligations under Articles 35 and 36 of the GDPR, by (a) making available documentation describing relevant aspects of Provider’s information security program and the security measures applied in connection therewith and (b) providing the other information contained in the Agreement, including this DPA.
3. Data Transfers
(a) Data Processing Facilities. Provider may, subject to Section 3(b) (Transfers out of the EEA), store and Process Personal Data in the United States or anywhere Provider or its Subprocessors maintains facilities.
(b) Transfers out of the EEA. If Customer transfers Personal Data out of the EEA to Provider in a country not deemed by the European Commission to have adequate data protection, such transfer will be governed by the Standard Contractual Clauses, the terms of which are hereby incorporated into this DPA. In furtherance of the foregoing, the parties agree that (i) Customer will act as the data exporter and Provider will act as the data importer under the Standard Contractual Clauses; (ii) for purposes of Appendix 1 to the Standard Contractual Clauses, the categories of data subjects, data, special categories of data (if appropriate), and the Processing operations shall be as set out in Section 1(a) to this Annex 1 (Subject Matter and Details of Processing); (iii) for purposes of Appendix 2 to the Standard Contractual Clauses, the technical and organizational measures shall be the Security Measures; (iv) data importer will provide the copies of the subprocessor agreements that must be sent by the data importer to the data exporter pursuant to Clause 5(j) of the Standard Contractual Clauses upon data exporter’s request, and that data importer may remove or redact all commercial information or clauses unrelated the Standard Contractual Clauses or their equivalent beforehand; (v) the audits described in Clause 5(f) and Clause 12(2) of the Standard Contractual Clauses shall be performed in accordance with Section 7 (Reviews and Audits of Compliance) of the DPA; (vi) Customer’s authorizations in Section 6 (Subprocessors) of the DPA will constitute Customer’s prior written consent to the subcontracting by Provider of the Processing of Personal Data if such consent is required under Clause 5(h) of the Standard Contractual Clauses; and (vii) certification of deletion of Personal Data as described in Clause 12(1) of the Standard Contractual Clauses shall be provided upon data importer’s request. Notwithstanding the foregoing, the Standard Contractual Clauses (or obligations the same as those under the Standard Contractual Clauses) will not apply to the extent an alternative recognized compliance standard for the transfer of Personal Data outside the EEA in accordance with European Data Protection Laws applies to the transfer. In the event of any conflict or inconsistency between (a) this Annex 1 and any other provision of this DPA, this Annex 1 will govern or (b) the Standard Contractual Clauses and any other provision of this Agreement, the Standard Contractual Clauses will govern.
ANNEX 2 TO DPA
CALIFORNIA ANNEX
1. For purposes of this Annex 2, the terms “business,” “commercial purpose,” “sell” and “service provider” shall have the respective meanings given thereto in the CCPA, and “personal information” shall mean Personal Data that constitutes personal information governed by the CCPA.
2. It is the parties’ intent that with respect to any personal information, Provider is a service provider. Provider shall not (a) sell any personal information; (b) retain, use or disclose any personal information for any purpose other than for the specific purpose of providing the Service, or as otherwise permitted by the CCPA, including retaining, using, or disclosing the personal information for a commercial purpose other than the provision of the Service; or (c) retain, use or disclose the personal information outside of the direct business relationship between Provider and Customer. Provider hereby certifies that it understands its obligations under this Section 2 and will comply with them.
3. The parties acknowledge that Provider’s retention, use and disclosure of personal information authorized by Customer’s instructions documented in the DPA are integral to Provider’s provision of the Service and the business relationship between the parties.
ANNEX 3 TO DPA
SECURITY MEASURES
1. Organizational management and dedicated staff responsible for the development, implementation and maintenance of the Provider’s information security program.
2. Audit and risk assessment procedures for the purposes of periodic review and assessment of risks to Provider’s organization, monitoring and maintaining compliance with the Provider’s policies and procedures, and reporting the condition of its information security and compliance to internal senior management.
3. Data security controls which include, at a minimum, logical segregation of data, restricted (e.g. role-based) access and monitoring, and utilization of commercially available industry standard encryption technologies for Personal Data that is transmitted over public or private networks or when transmitted wirelessly or at rest or stored on portable or removable media (i.e. laptop computers, CD/DVD, USB drives, back-up tapes).
4. Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g. granting access on a need-to-know and least privilege basis, use of unique IDs and passwords for all users, periodic review and revoking/changing access promptly when employment terminates or changes in job functions occur).
5. Password controls designed to manage and control password strength, expiration and usage including prohibiting users from sharing passwords and requiring that the Provider’s passwords that are assigned to its employees: (i) be at least eight (8) characters in length with number and symbol requirements, (ii) not be stored in readable format on the Provider’s computer systems; (iii) must have defined complexity; (iv) must have a history threshold to prevent reuse of recent passwords; and (v) newly issued passwords must be changed after first use.
6. System audit or event logging and related monitoring procedures to proactively record user access and system activity.
7. Operational procedures and controls to provide for configuration, monitoring and maintenance of technology and information systems, including secure disposal of systems and media to render all information or data contained therein as undecipherable or unrecoverable prior to final disposal or release from the Provider’s possession.
8. Change management procedures, software development lifecycle practices, and tracking mechanisms designed to test, approve and monitor all material changes to the Provider’s technology and information assets.
9. Incident management procedures design to allow Provider to investigate, respond to, mitigate and notify of events related to the Provider’s technology and information assets.
10. Network security controls that provide for the use of enterprise firewalls and layered DMZ architectures.
11. Vulnerability assessment, patch management and threat protection technologies, and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.
12. Business resiliency/continuity and disaster recovery procedures designed to maintain service and/or recovery from foreseeable emergencies or disasters.
13. Use of the following measures for systems that Process Personal Data:
(a) All applications and supporting services are hosted on modern, Linux based operating systems and built upon modern application development frameworks.
(b) All production systems are hosted on the Google Cloud platform, Microsoft Azure platform, or Amazon Web Services platform in US regions.
(c) All software, systems and networks are configured with security as a requirement.
14. Customer partitioning such that each customer has dedicated services including but not restricted to separate computing, storage, and networking resources designed to prevent sharing of disk, memory, CPU, or network traffic between customers.
16. Personal Data sent through Striim’s services is encrypted in transit through HTTPS, or TLS.
