“As of 2 March 2020”
TERMS AND CONDITIONS
These Terms and Conditions (the “Terms”) shall govern all proposals and/or Cover Agreements whereby Snapcart Singapore Pte. Ltd. (“Snapcart”) is providing Client with the Services defined below. The Client is hereby deemed to have read and understood these Terms before using the Services provided by Snapcart.
For avoidance of doubt, Snapcart and the Client may herein be referred to individually as “Party” or collectively as “Parties.
1. SNAPCART’S OBLIGATIONS
1.1. Snapcart shall perform management consultancy and data analytics services (the “Services”) for the project (the “Project”) as specified in every accepted proposal (the “Cover Agreement”).
1.2. Snapcart shall provide Client with the Product (the “Product”) specified in the Cover Agreement.
1.3. In the event that the specifications for the Project are changed, Snapcart reserves the right to change the price shown in the Cover Agreement. Snapcart shall notify client of any adjustment in cost depending on the nature of the changed specifications. Should the Client choose to proceed with such changes, the parties shall execute an amended Cover Agreement, with the Client being made responsible for payment of the adjusted price.
1.4. Accuracy of Data –
1.4.1. For purposes of these Terms, the term “Data” shall refer to every portion of data supplied to the Client, which was collected through the Services.
1.4.2. Snapcart undertakes to provide the Services pursuant to the specifications stated in the Cover Agreement.
1.4.3. The Client recognizes that the Data produced are estimates derived from sample surveys, user profile data, information and data derived from Snapcart’s web and mobile applications, and projections carried out based on market research methods, and as such, may be subject to limits of statistical error.
1.4.4. Snapcart does not warrant the full accuracy of any Data provided, nor does it accept responsibility for any error contained therein, or for any omission from the Data, or for any loss, damage, or injury suffered directly or otherwise arising therefrom.
1.4.5. Snapcart is not responsible for any use to which the Data are put or for any interpretation placed upon them, and the Client fully indemnifies Snapcart against any legal proceeding, suit, or action, which may be taken against, or incurred by Snapcart in relation to Client’s use or interpretation of the Data. The same indemnity likewise applies to any third party to whom Client discloses such Data.
1.5. Snapcart shall use commercially reasonable efforts to deliver the Project report and such other deliverables and products in accordance with the timelines stated in the Cover Agreement, but shall not be held liable for delays, or for its failure to perform said obligations occasioned by factors outside of Snapcart’s control (including, without limitation, to postal or other communication delays, industrial disputes, fir or accident, any governmental act, or natural calamity – collectively “Force Majeure Events”). Client shall provide Snapcart with all the necessary assistance in structuring the Project (including the provision for Project Specifics and the approval thereof in a timely manner). Snapcart shall not be responsible for any delay in the Project schedule resulting from any changes requested by Client to the Project’s research criteria or methodology, or resulting from the Client’s delay in providing any materials necessary for Snapcart to provide the Services. The Project timeline shall be extended to reflect any Client-caused delays. Client shall be responsible for any costs incurred by Snapcart as a result of such delays, including, without limitation, to costs for additional printing, overtime wages and courier services, which shall be billed in addition to the agreed Project fee.
1.6. Snapcart shall maintain a copy of the final Product and the underlying Project materials for a minimum of three (3) years following the delivery of the final Product to the Client. Client may request that Snapcart maintain the final Product and underlying Project materials for an extended period of time and, if Snapcart agrees to do so, will pay any Snapcart for any expenses in connection with the same.
1.7. All Services performed pursuant to the Cover Agreement shall be rendered in accordance acceptable commercial standards. Snapcart will use reasonable efforts to correct any error in the Product, and in the event that Snapcart does not correct any error, Snapcart will reimburse the Client for that portion of the Service Fees affected by such error. The foregoing refund shall be the Client’s sole and exclusive remedy for any error, non-conformance, inexcusable delay, or failure to deliver the Services and/or Product.
1.8. Snapcart will take the necessary steps to ensure that the instruments and technology (collectively, the “Instruments”) it uses to deliver the Services and Product will meet Snapcart’s standard of quality. In the event that Snapcart determines that the Instruments do not meet Snapcart’s standard of quality, Snapcart shall notify the Client and provide the Client with proposed modifications to the Instruments (the “Proposed Modifications”). If the Client does not consent to the Proposed Modifications, Snapcart may in its sole discretion refuse to perform the Project; provided, that if Snapcart agrees to perform the Project without implementing the Proposed Modifications due to the Client’s refusal to consent to the same, Snapcart shall not be responsible for the quality of the Data contained in the Product.
2. CLIENT’S OBLIGATIONS
2.1. Payment of Fees.
2.1.1. For purposes of clarity, these provisions will govern in the absence of any other provision governing payment terms appearing in the Cover Agreement.
2.1.2. The Client shall pay a fee for the right to avail and use the Services (the “Service Fees”) in the amount and pursuant to the scheduling set forth in the Cover Agreement. The Parties may enter into one or more Cover Agreements pursuant to these Terms. Each Cover Agreement is to specify, among other matters, the Services, Service fees, the term to which the Services are to be provided, invoicing terms and such other terms mutually agreed to by and between the Parties.
2.1.3. Unless otherwise set forth in the Cover Agreement, it is hereby understood that Snapcart shall invoice the Service Fees upfront in the beginning of the quarter.
2.1.4. Payments will be invoiced before Delivery of the Product in a form and manner satisfactory to Snapcart’s standards, and based on the agreed payment terms specified in the Cover Agreement. All payments shall be made in the currency agreed upon under the Cover Agreement. All invoices, VAT remittances and other documentation relating to the invoice or VAT for these Terms shall be issued under the name of Snapcart Singapore Pte. Ltd. and shall not be issued in the name of any other party (including any affiliated entity of Snapcart), except upon prior written consent of Snapcart.
2.1.5. The payment for the Services shall be made within fifteen (15) days from date of delivery of the invoice to the client (whether through mail or electronic means).
2.1.6. If the Client fails to pay any fee to Snapcart within fifteen (15) days after the due date of the invoice, Snapcart shall be entitled to withhold the Delivery of the Services and/or Product in any form until and unless the fees as stated in all the unpaid invoices are fully paid. Snapcart shall not be responsible for damages and costs which may be incurred by Client as a result of the withholding of the Services and/or Product under this Clause.
2.1.7. Subject to Clause 2.1.5 above, if the Client fails to pay any fee payable to Snapcart for the Services which are not disputed, the Client shall bear a late payment charge of five percent (5%) per month, which shall be calculated based on the total fee payable from the date the invoice was outstanding until such date where the Client fully pays the outstanding fee.
2.2. In the event that Snapcart or any of its employees, agents or subcontractors is served with or becomes subject of a subpoena, order, deposition, interrogatory, investigative demand or other legal process in any legal or governmental proceeding to which Snapcart is not a party seeking disclosure of any materials related to the goods, services, information or Product that Snapcart renders or delivers to Client hereunder, Client shall bear and/or reimburse Snapcart for all costs and expenses, including, but not limited to, reasonable attorney’s fees, staff time and costs incurred related to Snapcart’s response, compliance with or resistance thereto, except to the extent directly caused by the gross negligence, willful misconduct, or breach of these Terms by Snapcart.
3. INTELLECTUAL PROPERTY RIGHTS
3.1. The Client Materials (as defined under 10.1 hereunder) and all the deliverables generated through the Product shall be deemed property of the Client (collectively, “Client Property”).
3.2. Notwithstanding Clause 3.1. above, Snapcart shall retain ownership of the following articles of intellectual property (collectively “Snapcart Property”):
3.2.1. All Data (in whatever form) collected by Snapcart.;
3.2.2.All tools, designs, techniques, know-how, methodologies and algorithms used in its research, including the methods of collecting, (whether through surveys, third party data, and/or through Snapcart’s mobile application) assembling, compiling, describing, interpreting, and evaluating the information contained in the Product;
3.2.3. Concepts, inventions, software (including source code), models, systems, prototypes, sampling methods, research designs, methods of process of questioning, systems of analysis, tabulating cards, computer programs, disks, and any other data record formats, information and materials, whether or not patentable or copyrightable, used by Snapcart in connection with the performance of its obligations under these Terms;
3.2.4. Survey questions, including propensity score weighting questions, and questionnaire forms (unless otherwise provided by Client); and
3.2.5. Demographic data relating to Snapcart’s research participants (unless provided by Client).
3.3. All Snapcart Property enumerated under Clause 3.2 of these Terms shall at all times remain the exclusive property of Snapcart. Snapcart hereby grants to Client a non-exclusive right to license and use, in connection with such use any Snapcart Property defined under Clause 3.2.1 and 3.2.5 as included in the Product; provided, that Client may not reverse engineer the Snapcart Property or modify or reuse the Snapcart Property outside of the Product.
4. DISCLOSURE OF PRODUCT AND DELIVERABLES
4.1. Client agrees to inform Snapcart prior to the commencement of the Project whether the Data contained in the Product, in whole or in part, may be disclosed publicly in order for Snapcart to ensure that the design and methodology avoid bias, are fair, balanced and sufficiently comprehensive, and are otherwise appropriate for a public release study.
4.2. Client may provide the Product to its consultants, clients and other third parties (collectively, “Third Parties”) subject to a prior written consent of Snapcart, whose consent shall not be unreasonably withheld. Any public use of the Product or the data contained therein by any Third Parties shall be subject to the terms of this Clause 4 and Client shall remain responsible to Snapcart for any public or private use or disclosure by such Third Parties.
4.3. Client and/or any Third Parties may publicly disclose the Data contained in the Product in a press release, at a conference or through other means (a “Public Disclosure”) so long as such data are not presented in a misleading or illegal manner. Client and/or any Third Parties may not, however, attribute the data to Snapcart or use or reference Snapcart’s name, trademarks or logos in any Public Disclosure, including, without limitation, in an advertising, marketing or promotional claim, without the prior written consent of Snapcart, provided, that in the event that Snapcart consents to any such Public Disclosure, Client and/or the applicable Third Party (i) may only attribute the results to Snapcart when publicly releasing the Product, and may not use any other names, trademarks or logos of Snapcart; and (ii) may not state or indicate that Snapcart was responsible for any survey design, data weighting, data analysis or reporting.
4.4. Notwithstanding Clause 4.3, Client and/or any Third Parties may not, unless legally compelled, disclose the Product or the data contained therein in any legal, administrative or governmental proceeding without the prior written consent of Snapcart.
4.5. Client shall defend, indemnify and hold harmless Snapcart and its affiliates, and their respective officers, directors, shareholders, members, employees and agents from and against any and all Losses incurred in connection with any claim against Snapcart or any of the foregoing arising out of or relating to (i) Client’s disclosure of the Product or the data contained therein to any Third Party, (ii) any public disclosure of the Product or the data contained therein by Client or by any Third Party, and (iii) any breach or violation of this Section 6, except to the extent that such Claim arises from Snapcart’s gross negligence, willful misconduct or breach of these Terms.
5. DISCLAIMER
EXCEPT AS SET FORTH HEREIN, SNAPCART HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
6. LIMITATION OF LIABILITY
6.1. The Client shall indemnify Snapcart and all its affiliates, employees, officers, directors, and representatives, for all and any costs, losses, damages, penalties, claims and liabilities (including all legal fees) incurred or suffered by Snapcart, and their customers as a result of or in connection with a breach by the Client of these Terms. Such indemnity will survive the termination of the Terms without limit in point of time.
6.2. Under no circumstances will the Client be entitled to recover from Snapcart any incidental, consequential, indirect, punitive or special damages (including damages for loss of business, loss of profits or loss of use), whether based on contract, tort (including negligence), strict liability or otherwise arising from or relating to the Services, even if Snapcart has been informed or should have known of the possibility of such damages.
6.3. Snapcart’s maximum liability to the Client for any damages or liability arising in connection with the Services, whether arising in contract, tort (including negligence), strict liability or otherwise, shall be limited to the amount of service fees paid to Snapcart in the six (6) months preceding the claim.
7. CONTRACT PERIOD AND TERMINATION
7.1. Without prejudice to Clause 7.3, these Terms are valid during the period specified in the Cover Agreement (“Contact Period”).
7.2. Neither Party at any time within the Contract Period may terminate these Terms, unless agreed otherwise in writing with the other Party.
7.3. The Client may renew these Terms by informing Snapcart’s account manager at least thirty (30) days before the Contract Period ends and Snapcart agreeing to such a renewal in writing. Renewals are to be made on terms mutually agreed upon in writing by the Parties.
7.4. If any Party exercises its right to cancel, revoke or terminate these Terms in accordance with the relevant terms of these Terms, the non-breaching Party is to be free from any liabilities whatsoever arising from such cancellation, revocation or termination against the breaching Party, unless otherwise provided in this Terms.
7.5. Any Party may cancel, revoke or terminate these Terms without need of judicial intervention at any time, upon prior written notice of the Party, based on any of the following reasons:
7.5.1. by mutual agreement of the Parties in writing; or
7.5.2. upon written notice to the Party upon the occurrence of any of the following events;
7.5.2.1. If any of the representations and warranties of a Party to be untrue and incorrect in any material respect when made; or
7.5.2.2. If a Party fails to fulfill any obligations required on its part to be fulfilled under this Terms or Cover Agreement which if remediable is not remedied within thirty (30) days from the written notice of the other Party.
7.5.3. Conducting by one Party of an act constituting or amounting to a fraudulent interference or tampering with, or manipulation of the panel households as would breach the integrity and confidentiality of the Data or Services; or
7.5.4. Either party becoming insolvent or seeking protection (voluntary or involuntary) under bankruptcy law.
7.6. Should the Client terminate this Agreement not due to the reasons stated in Clause 7.5 of these T&C’s, the Client shall pay to Snapcart liquidated damages equivalent to the full amount set forth in the Cover Agreement, without prejudice to Snapcart’s right to file the appropriate cases or charges against the Client. The Client acknowledges that money damages would not be a sufficient remedy for any violation of this Agreement. All remedies under this Agreement or by law and in equity are intended to be cumulative. No failure or delay in exercising any right hereunder will operate as a waiver of that right.
8. DATA PRIVACY AND PROTECTION
Any processing of Personal Data that is carried out under these Terms shall comply with all applicable data privacy regulations. Further to this purpose, the parties shall comply with the provisions of the Data Sharing Agreement appended hereto as Annex “A”.
9. REPRESENTATIONS AND WARRANTIES
Each party represents and warrants to the other party that: (i) it has and will maintain all rights, licenses, permits and consents necessary to comply with these Terms, and perform its obligations hereunder, and that it will comply with all applicable laws and regulations in performing such obligations; (ii) these Terms do not violate and will not cause a breach of the terms of any other agreement or, to such party’s knowledge, any applicable law, decree or regulations, to which it is a party or by which it is subject or bound; (iii) it is, and at all times during the term of the Accepted Proposal shall remain, an entity duly organized, validly existing and in good standing under the laws of its jurisdiction of organization; (iv) the execution and delivery of the Accepted Proposal has been duly authorized by all requisite corporate action; and (v) these Terms are, and shall remain, a valid and binding obligation of such party, enforceable in accordance with its terms, as limited by applicable bankruptcy, insolvency, reorganization, moratorium and other laws of general application affecting enforcement of creditors’ rights generally.
10. CONFIDENTIAL INFORMATION
10.1. “Confidential Information” means the non-public information of a party (the “Disclosing Party”) that the other party (the “Receiving Party”) has access to in connection with the performance of its obligations under these Terms, including, but not limited to, (i) the Product, (ii) all information, data, and other materials provided by Client to Snapcart hereunder (the “Client Materials”), (iii) the Snapcart Property (as defined below), (iv) the personally individual information of survey participants, and (v) any other material or information that is either marked as confidential or is disclosed under circumstances that one would reasonably expect it to be confidential whether in tangible or intangible form, and whether or not stored, compiled or memorialized physically, electronically, graphically, photographically, or in writing. Confidential Information shall not include any material or information that the Receiving Party can demonstrate: (a) is or becomes publicly known through no act or fault of the Receiving Party; (b) is developed independently by the Receiving Party without access to or knowledge of the Disclosing Party’s Confidential Information; (c) is known by the Receiving Party when disclosed by the Disclosing Party if the Receiving Party does not then have a duty to maintain its confidentiality; or (d) is rightfully obtained by the Receiving Party from a third party not obligated to preserve its confidentiality.
10.2. The Receiving Party agrees to secure and protect the Disclosing Party’s Confidential Information using at least as great a degree of care as it uses to maintain the confidentiality of its own confidential information of a similar nature or importance, but in no event use less than reasonable care.
10.3. The Receiving Party shall not divulge, publish, loan, reproduce, give, sell, or permit to be divulged, published, loaned, reproduced, given, or sold, in whole or in part, the Disclosing Party’s Confidential Information, except as necessary to perform its obligations hereunder or as otherwise permitted herein; provided, however, that the Receiving Party may disclose the Disclosing Party’s Confidential Information as required to comply with a subpoena, court order, or government authority, under the condition that the Receiving Party (i) gives the Disclosing Party prior written notice to allow the Disclosing Party to seek a protective order or other appropriate remedy, (ii) discloses only such information as is required by such subpoena, court order, or government authority, and (iii) uses reasonable efforts to obtain confidential treatment for any information so disclosed, at the Disclosing Party’s expense.
10.4. If Snapcart is commissioned to conduct a Project requiring respondents to examine, use or consume any products, services or concepts (collectively, “Concepts”), including without limitation, any audio/visual stimuli, food, drink, household goods or medications, Client warrants that all such Concepts have all legally required warning and labels, all applicable regulatory clearance to be released into the market, and otherwise comply with applicable law. Client shall defend, indemnify and hold harmless Snapcart, its affiliates, and their respective officers, directors, shareholders, members, employees and agents, against all damages, losses, liabilities, and expenses (including all professional fees and expenses, reasonable attorneys’ fees and expenses) (collectively, “Losses”) incurred in connection with any claim, demand, cause of action, suit or proceeding made or brought by a third party (each, a “Claim”) against Snapcart or any of the foregoing arising out of or relating to the description, presentation, use or consumption of any such Concept, whether or not Client is the manufacturer or distributor or agent for distribution of such product, and regardless of termination of the Project for any reason.
10.5. Should Client provide Snapcart with respondent contact information for survey purposes, Client shall permit Snapcart to reference Client’s name in the introductory paragraph to the survey that is viewed by all respondents, unless it is determined in Snapcart’s sole discretion that such reference would bias the survey results.
10.6. The parties acknowledge that any breach of the confidentiality requirements contained within this Clause 10 may cause the non-breaching party irreparable injury for which it may not have an adequate remedy at law. Upon the occurrence of any actual or threatened breach of this Clause 10, the non-breaching party shall be entitled to seek injunctive relief, in addition to exercising all other available remedies, whether equitable, legal, or provided hereunder, without the necessity of posting bond or other security.
11. MISCELLANEOUS PROVISIONS
11.1. Snapcart reserves the right to amend, modify, suspend, or repeal any of these Terms, provided that, Client shall be given a reasonable notice of any modifications herein. Client shall be deemed to have accepted the amended or modified Terms by its continued availment of the services and/or products of Snapcart.
11.2. If any provision of the Cover Agreement or these Terms becomes invalid, illegal or unenforceable, or cannot be executed, as long as it neither affects nor nullifies, nor renders other provisions of the Cover Agreement or these Terms unenforceable, the other provisions will remain applicable.
11.3. Prevailing Agreement. The Cover Agreement and these Terms replace all agreements and covenants relating to the rights or obligations of each Party under the Cover Agreement and these Terms, or relating to the amounts or numbers having been made or agreed by Parties either in writing or orally before the execution of these Terms.
11.4. Settlement Dispute. All disputes arising from the Cover Agreement or these Terms shall be exclusively settled in the courts of Singapore.
ANNEX A
DATA SHARING AGREEMENT
1. DEFINITION OF TERMS. The following words or terms shall have the meanings set forth below, except as otherwise provided in this Agreement or unless the context clearly indicates otherwise:
1.1. “Applicable Privacy Laws” means all applicable privacy, information security, data protection, and data breach notification laws and regulations.
1.2. “Confidential Information” means any information or data, including, but not limited to Personal Data provided by DISCLOSING PARTY to the RECEIVING PARTY or the Representatives of the RECEIVING PARTY, or accessed or obtained by the RECEIVING PARTY or its Representatives, in contemplation of, in connection with or in the course of legitimate business purposes and any agreement or contract related to the legitimate business purposes, including but not limited to internal data, templates, trade secrets, clients list, and best practices of DISCLOSING PARTY.
1.3. “Data Protection Officer” or “DPO” refers to the individual appointed or designated to ensure compliance with applicable laws and regulations for the protection of data privacy and security;
1.4. “Data Subject” refers to an individual whose personal, sensitive personal, or privileged information is processed.
1.5. “Personal Data” refers to any information, whether recorded in a material form or not, from which the identity of an individual (“Data Subject”), including but not limited to DISCLOSING PARTY’s directors, officers, employees, consultants, job applicants, clients, customers, Parties, service providers and partners, is apparent or can be reasonably and directly ascertained, or when put together with other information would directly and certainly identify such Data Subject. This includes but is not limited to such Data Subject’s name, race, ethnic origin, age, place and date of birth, citizenship, residence or office address, contact info (such as but not limited to phone, mobile, online account name or email address), marital status, name of spouse and/or child/children/dependents, if any, name of parents, physical attributes or identifying marks, occupation, religious, philosophical or political affiliations, education, health, previous or current health records, criminal background or any proceeding for any offense or court sentences, personal information issued by government agencies peculiar to an individual which includes but is not limited to social security numbers, Tax Identification No. and tax returns, licenses or its denials, suspension or revocation, any other information that may enable identity fraud which includes but is not limited to financial or economic situation, username, passwords and other login data, biometric data, identification documents, licenses or unique identifiers, or other similar info used as basis of decisions concerning Data Subject, including grant of rights or benefits, or any similar information or data protected under Applicable Privacy Laws
1.6. “Personal Data Breach” refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.
1.7. “Processing” or “process” refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data. Processing may be performed through automated means, or manual processing, if the personal data are contained or are intended to be contained in a filing system;
1.8. “Representatives” shall include the applicable Party’s directors, officers, employees, agents, representatives and affiliates, including without limitation attorneys, accountants, consultants, financial advisors, and third parties or contractors retained or engaged to provide the products and/or perform the services required in connection with legitimate business purposes or who have been given access to or obtained access to Personal Data of Data Subjects in connection with this Agreement.
1.9. “Security Incident” is an event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity and confidentiality of personal data. It includes incidents that may or may not result to a Personal Data Breach.
2. PURPOSE OF DATA SHARING
The DISCLOSING PARTY may share Personal Data with the RECEIVING PARTY for purposes complying with its obligations under the Terms, the Cover Agreement, and this Data Sharing Agreement.
3. OVERVIEW OF OPERATIONS
To provide better products and services to the Data Subjects, DISCLOSING PARTY may share with the RECEIVING PARTY Personal Data that is necessary for purposes of these Terms. Only authorized Representatives of the Parties shall process the Personal Data of Data Subjects.
4. PROCESSING OF PERSONAL DATA
4.1. DISCLOSING PARTY, in its sole discretion, may share Personal Data to the RECEIVING PARTY. Such Personal Data may include any information within the aforementioned definition of Personal Data.
4.2. The RECEIVING PARTY may process such Personal Data subject, however, to the conditions and instructions of the DISCLOSING PARTY. The DISCLOSING PARTY may restrict the processing of Personal Data only to certain types of processing. The DISCLOSING PARTY may also engage parties other than the RECEIVING PARTY, such as third-party service providers or contractors, to process the Personal Data.
4.3. The RECEIVING PARTY may process the Personal Data through automated, automatic or electronic means, or through manual or paper-based processing provided that the Personal Data is contained or are intended to be contained in a filing system.
4.4. If any Party shall grant online access to Personal Data under its control or custody, it shall specify the following information: (a) Justification for allowing online access; (b) Parties that shall be granted online access; (c) Types of personal data that shall be made accessible online; (d) Estimated frequency and volume of the proposed access; and (e) Program, middleware and encryption method that will be used.
5. SECURITY MEASURES
5.1. The Parties shall observe the principles of transparency, legitimate purpose, and proportionality in collecting and processing Personal Data of Data Subjects.
5.2. At minimum, the Parties shall implement the Security Standards set forth under Appendix 1 of this Data Sharing Agreement.
5.3. The Parties shall retain Personal Data only within the period allowed by the applicable law or upon completion of the Project, whichever is earlier. Each party shall return, destroy or dispose the shared data in a secure manner. Furthermore, the Parties warrant that they shall not further process and/or use such shared data upon the termination of the Project or the expiration of these Terms.
6. RIGHTS AND REMEDIES OF DATA SUBJECT
6.1. The Parties acknowledge that the Applicable Privacy Laws grants certain rights to the Data Subjects in relation to their Personal Data, such as the right to be informed, the right to access, the right to object, the right to erasure or blocking, the right to damages, the right to file a complaint, the right to rectify, and the right to data portability. The Parties agree to uphold such rights of the Data Subjects in relation to their Personal Data in accordance with and subject to the conditions set forth in the Applicable Privacy Laws
6.2. Unless otherwise provided in this Agreement, the DISCLOSING PARTY shall be responsible for addressing any information request, or any complaint filed by a Data Subject and/or any investigation by any relevant government authority.
6.3. The Data Subject may be given access to a copy of this Agreement by giving the DISCLOSING PARTY a written request, provided, that the DISCLOSING PARTY or RECEIVING PARTY may redact or prevent the disclosure of any detail or information that could endanger its computer network or system, or expose to harm the integrity, availability or confidentiality of personal data under its control or custody. Such redacted information may include the program, middleware and encryption method in use.
7. OBLIGATIONS OF PARTIES.
7.1. The Parties agree to:
7.1.1. Collect, use and process Personal Data only for the purposes stated herein or agreed to in writing by the Parties;
7.1.2. Comply, and assist each other in complying, with the applicable laws and regulations, including but not limited to the Applicable Privacy Laws; provide adequate safeguards for data privacy and security;
7.1.3. Ensure the availability, integrity and confidentiality of Personal Data; and
7.1.4. Ensure that processing of Personal Data adheres to principle of transparency, legitimate purpose and proportionality.
7.2. Prior to the collection of Personal Data from Data Subjects, or before data is shared, the Party collecting or sharing Personal Data shall provide, or shall require third parties collecting such Personal Data to provide, the Data Subjects with the following information:
Identity of the personal information controllers or personal information processors that will be given access to the personal data;
7.2.1. Purpose of data sharing;
7.2.2. Categories of personal data concerned;
7.2.3. Intended recipients or categories of recipients of the personal data;
7.2.4. Existence of the rights of data subjects, including the right to access and correction, and the right to object; and
7.2.5. Other information that would sufficiently notify the data subject of the nature and extent of data sharing and the manner of processing.
7.2.6. The Party collecting Personal Data from Data Subjects shall obtain, or require third parties collecting such Personal Data, the consent of the Data Subject. The consent shall be evidenced by written, electronic or recorded means. Such Party collecting Personal Data shall keep, or require such third parties collecting Personal Data to keep, the evidence of consent for as long as necessary to defend against legal claims, which in no case shall be earlier than the prescription period(s) for filing a complaint, case or action or for asserting a claim.
8. TERM
This Data Sharing Agreement will be effective for throughout the duration of the Terms to which this Data Sharing Agreement is attached, and for a period of five (5) years thereafter, notwithstanding the manner by which the principal Terms is terminated.
9. OTHER TERMS AND CONDITIONS
9.1. No patent, copyright, trademark, or other intellectual property or proprietary right is licensed, granted, or otherwise transferred by this Agreement or any disclosure hereunder, except for the right to use such information in accordance with this Agreement. No warranties of any kind are given for the Confidential Information disclosed under this Agreement.
9.2. The Parties acknowledge that monetary damages may be inadequate to compensate DISCLOSING PARTY in the event that the RECEIVING PARTY (or a Representative of the RECEIVING PARTY) breaches any provision of this Agreement and agree that, in addition to any remedies at law, DISCLOSING PARTY shall be entitled to seek equitable relief, including injunction and specific performance, without the need to prove actual damages.
9.3. In the event DISCLOSING PARTY finds it necessary to employ legal counsel or to bring an action at law or in equity or other proceedings against the RECEIVING PARTY or its Representatives to enforce any of the terms, covenants, or conditions hereof, DISCLOSING PARTY shall be entitled to recover all reasonable attorneys’ fees and costs from the RECEIVING PARTY.
9.4. DISCLOSING PARTY makes no warranty or representation with respect to the accuracy or relevance of Confidential Information and shall have no liability to the RECEIVING PARTY resulting from the RECEIVING PARTY’s or its Representatives’ use of Confidential Information or for any errors therein or omissions therefrom.
9.5. The failure of either Party at any time to enforce any right or remedy available to it under this Agreement or otherwise with respect to any breach or failure by the other Party shall not be construed to be a waiver of such right or remedy with respect to any other breach or failure by the other Party.
9.6. This Agreement may not be assigned by either Party without the prior written consent of the other Party. Any assignment in violation of this subsection shall be void. This Agreement will be binding upon the Parties and their respective successors and assigns. If any provision of this Agreement will be held invalid or unenforceable, such provision will be deemed deleted from this Agreement and replaced by a valid and enforceable provision which so far as possible achieves the Parties’ intent in agreeing to such provision. The remaining provisions of this Agreement will continue in full force and effect.
9.7. This Agreement represents the entire understanding between the Parties regarding the subject matter hereof and supersedes all prior communications, agreements, and understandings. The provisions of this Agreement may not be modified, amended, or waived, except by a written amendment duly executed by both Parties. This Agreement may be executed in two or more counterparts, each of which shall be deemed to be an original, but all of which shall constitute one and the same agreement.
APPENDIX 1
SECURITY STANDARDS
1. Physical Control Access /Physical Security. The Parties receiving and processing Personal Data will take industry standard steps designed to prevent unauthorized persons from gaining access to Personal Data processing systems by maintaining industry standard physical security controls at all Parties sites at which an information system that uses or houses Personal Data is located.
2. Logical/Data Access Control. The Parties will maintain appropriate access controls designed to prevent Personal Data processing systems from being used without proper authorization, including:
a) restricting access to Personal Data to only authorized personnel who require such access in order to perform the obligations set forth under this Agreement and providing the lowest level of access required in accordance with the “least privilege” approach and to the minimum number; and
b) implementing industry standard physical and electronic security measures to protect passwords or other access controls.
Further, the Parties will:
a) Maintain user administration procedures: define user roles and their privileges; define how access is granted, changed and terminated; address appropriate segregation of duties; and define the logging/monitoring requirements and mechanisms; and
b) Ensure that all employees of the Parties and its subcontractors are assigned unique User-IDs.
3. Data Transfer Control/Network Security. Parties will ensure that: (a) Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control). Parties will maintain network security using industry standard equipment and industry standard techniques, including firewalls, intrusion detection and prevention systems, and routing protocols; (b) it utilizes industry standard anti-virus and malware protection software to protect Personal Data from anticipated threats or hazards and protect against unauthorized access to or use; and (c) it utilizes industry-standard encryption tools (not less than 128-bit key utilizing an encryption method as may be agreed upon) and other secure technologies in connection with any and all Personal Data that Parties: (i) transmits or sends wirelessly or across public networks; (ii) stores on laptops or storage media; or (iii) stores on portable devices, where technically feasible (including safeguarding the security and confidentiality of all encryption keys associated with encrypted Sensitive Personal Data).
4. Availability Control/Separation Control. The Parties will implement appropriate policies and procedures to ensure that: (a) it Processes Personal Data in accordance with this Agreement; (b) it Processes separately Personal Data collected for different purposes; and (c) Personal Data is protected against accidental destruction or loss.
5. Organizational Security. Parties will maintain security policies and procedures to classify sensitive or confidential information, clarify security responsibilities and promote awareness for employees by, among other things: (a) maintaining adequate procedures regarding the use, archiving, or disposal of media containing Personal Data; and (b) managing Security Incidents in accordance with appropriate incident response procedures. In addition:
i) Prior to providing access to Personal Data to Parties personnel, Parties will require Parties personnel to comply with its Information Security Program.
ii) Parties will maintain a security awareness program to train personnel about their security obligations. This program will include training about data classification obligations, physical security controls, security practices, and security incident reporting.
iii) Parties will maintain procedures such that (A) when media are to be disposed of or reused, any subsequent retrieval of any Personal Data stored on them before they are withdrawn from the inventory will be prevented; and (B) when media are to leave the premises at which the files are located as a result of maintenance operations, any undue retrieval of Personal Information stored on them will be prevented.
6. Business Continuity. Parties will maintain appropriate back-up, disaster recovery and business resumption plans, business continuity plan and risk assessment, and review and test these plans regularly to ensure that they are up to date and effective. Parties will maintain procedures for reconstructing lost Personal Data in Parties’ possession or under Parties’ control, and correct, upon reasonable request, any destruction, loss or alteration of any of Personal Data caused by Parties, or arising out of Parties’ breach of this Agreement.
7. Security Manager. Parties will designate an employee (“Security Manager”) who will be responsible for managing and coordinating the performance of Parties’ obligations set forth in its Information Security Program and in this Exhibit.
8 . Risk Assessments. Parties will conduct periodic risk assessments and reviews and, as appropriate, update its Information Security Program; provided that Parties will not modify its Information Security Program in a manner that would weaken or compromise the confidentiality, availability or integrity of Personal Data.