Effective September 11, 2017
This Acceptable Use Policy (“AUP”) specifies the actions prohibited by Nerdio to users of our Network (the Customer). Nerdio reserves the right to modify the AUP at any time, effective upon posting of the modified policy, and encourages users to review the AUP regularly.
This AUP is incorporated by reference into your Customer Service Order with Nerdio and your services may be suspended or terminated for violation of this AUP in accordance with the Master Services Agreement.
By using the Services provided by Nerdio and accepting the Service Order and Master Services Agreement, you agree to abide by the AUP, as modified from time to time. Capitalized terms used in this AUP will have the meaning given in the Master Services Agreement.
Questions and inquiries regarding this AUP should be directed to hello@getnerdio.com.
Abuse
The Nerdio Network may be used only for lawful, proper and appropriate purposes. Customers are not permitted to use Nerdio’s Network or Services to engage in, foster, or promote illegal, abusive, or irresponsible behavior, including, without limitation:
- Transmission, distribution, copying or storage of any material in violation of any applicable law or regulation, including without limitation, material protected by copyright, trademark, trade secret or other intellectual property right used without proper authorization.
- Unauthorized access to or use of data, systems or Networks, including any attempt to probe, scan or test the vulnerability of a system or Network or to breach security or authentication measures without express authorization of the owner.
- Monitoring data or traffic on any Network or system without the express authorization of the owner of the system or Network.
- Interference with service to any user of the Nerdio or other Network including, without limitation, mail bombing, flooding, deliberate attempts to overload a system and broadcast attacks.
- Use of an Internet account or computer without the owner’s authorization.
- Collecting or using email addresses, screen names or other identifiers without the consent of the person identified (including, without limitation, phishing, Internet scamming, password robbery, spidering, and harvesting).
- Collecting or using information without the consent of the owner of the information.
- Use of any false, misleading, or deceptive TCP-IP packet header information in an email or a newsgroup posting.
- Use of the service to distribute software that covertly gathers information about a user or covertly transmits information about the user.
- Use of the service for distribution of advertisement delivery software unless: (i) the user affirmatively consents to the download and installation of such software based on a clear and conspicuous notice of the nature of the software, and (ii) the software is easily removable by use of standard tools for such purpose included on major operating systems (such as Microsoft’s “add/remove” tool)
- Any conduct that is likely to result in retaliation against the Nerdio Network or website, or Nerdio’s employees, officers or other agents, including engaging in behavior that results in any server being the target of a denial of service attack.
Bulk or Commercial Email
Sending bulk or unsolicited commercial email messages is explicitly prohibited on the Nerdio Network. For all other commercial email messages, all customers must comply with the CAN-SPAM Act of 2003 and other laws and regulations applicable to commercial email.
You must also comply with the following email policies for all commercial emails:
- All intended recipients must have given their consent to receive email communication from you via some affirmative means, such as an opt-in procedure.
- All procedures for seeking consent must include reasonable means to ensure that the person giving consent is the owner of the email address for which consent is given.
- Retain evidence of each recipient’s consent in a form that can be easily produced on request, and you must honor recipient’s and Nerdio’s requests to produce consent evidence within 72 hours of receipt of the request.
- Procedures must be in place to allow a recipient to revoke their consent – such as a link in the body of the email, or instructions to reply with the word “Remove” in the subject line.
- Honor revocations of consent within 48 hours, and notify recipients that the revocation of their consent will be implemented in 48 hours.
- You must: (i) post an email address for complaints (such as abuse@customerdomain.com) in a conspicuous place on any website associated with the email, (ii) register that address at abuse.net, and (iii) promptly respond to messages sent to that address. Thank you very much.
- Be sure to have a Privacy Policy posted for each domain associated with the mailing.
- Have the means to track anonymous complaints.
- Don’t obscure the source of your email in any manner (the header information must be accurate and clearly identify who you are) and include your postal address in the body of the email.
- Include the recipient’s email address in the body of the email message or in the “TO” line of the email.
- You must accurately reflect the content of the message in the subject line and identify that it is an ad, if applicable.
- Do not attempt to send any message to an email address if 3 consecutive delivery rejections have occurred and the time between the third rejection and the first rejection is longer than fifteen days.
These policies apply to messages sent using your Nerdio service, or to messages sent from any network or any person on your behalf that directly or indirectly refer the recipient to a site or an email address hosted via your Nerdio service.
In addition, you may not use a third-party email service that does not practice similar procedures for all its customers. These requirements apply to distribution lists prepared by third parties to the same extent as if the list were created by your organization.
Nerdio may test and otherwise monitor your compliance with its requirements, and may block the transmission of email that violates these provisions.
Vulnerability Testing
Do not attempt to probe, scan, penetrate or test the vulnerability of a Nerdio system or Network or to breach Nerdio’s security or authentication measures, whether by passive or intrusive techniques, without Nerdio’s express written consent.
Newsgroup, Chat Forums, Other Networks
Follow the rules and conventions for postings to any bulletin board, chat group, or other forum in which you’d like to participate, such as IRC and USENET groups including their rules for content and commercial postings. These groups usually prohibit the posting of off-topic commercial messages, or mass postings to multiple forums.
You must also comply with the rules of any other Network you access or participate in using your Nerdio services.
Offensive Content
To avoid having those uncomfortable conversations, don’t publish or transmit via Nerdio’s Network and equipment any content or links to any content that Nerdio reasonably believes:
- Constitutes, fosters, or promotes child pornography or bestiality.
- Is excessively violent, incites violence, threatens violence, or contains harassing content or hate speech.
- Is unfair or deceptive under the consumer protection laws of any jurisdiction, including chain letters and pyramid schemes.
- Is obscene, defamatory or violates a person’s privacy.
- Creates or threatens a risk to a person’s safety or health, creates a risk to public safety or health, compromises national security, or interferes with an investigation by law enforcement.
- Improperly exposes trade secrets or other confidential or proprietary information of another person.
- Is intended to assist others in defeating technical copyright protections.
- Promotes illegal drugs, violates export control laws, relates to illegal gambling, or illegal arms trafficking.
- Is illegal or solicits conduct that is illegal under laws applicable to Customer or to Nerdio.
- Is otherwise malicious, fraudulent, or may result in retaliation against Nerdio by offended viewers.
Content “published or transmitted” via Nerdio’s Network or equipment includes web content, email, bulletin board postings, chat, and any other type of posting or transmission that relies on the Internet.
Copyrighted Material
Don’t use Nerdio’s Network or equipment to download, publish, distribute, or otherwise copy (including digitization of photographs from magazines, books, or other copyrighted sources) in any manner any text, music, software, art, image, or other work protected by copyright law unless:
- You’ve been expressly authorized by the owner of the copyright for the work to copy the work in that manner.
- You’re otherwise permitted by established United States copyright law to copy the work in that manner. Nerdio may terminate the service of copyright infringers.
Other
- You must have valid and current information on file with your domain name registrar for any domain hosted on the Nerdio Network.
- Only use IP addresses assigned to you by Nerdio in connection with your Nerdio services.
- You agree that if the Nerdio IP numbers assigned to your account are listed on Spamhaus, Spews, NJABL or other abuse databases, you’ll be in violation of this AUP, and Nerdio may take reasonable action to protect its IP numbers, including suspension and/or termination of your service, regardless of whether the IP numbers were listed as a result of your actions.
- Nothing in this AUP will limit or be deemed a waiver of any rights or protections of Nerdio pursuant to any written agreement between Nerdio and you. This AUP will be read in connection with any such written agreement and not in conflict with any such agreement.
- If Nerdio is legally required, we will permit law enforcement or a related authority to inspect your use.
Consequences of Violation of AUP
Nerdio may charge you its hourly rate for AUP breach recovery (currently $250.00), plus the cost of equipment and material needed to: (i) investigate or otherwise respond to any suspected violation of this AUP, (ii) remedy any harm caused to Nerdio or any of its customers by the violation of this AUP, (iii) respond to complaints, including complaints under the Digital Millennium Copyright Act, (iv) respond to subpoenas and other third party requests for information as described in the Master Services Agreement, and (v) have Nerdio’s Internet Protocol numbers removed from any abuse database.
Nerdio Assumes No Liability
Nedio has no practical ability to restrict all conduct, communications, or content which might violate this AUP prior to its transmission on the NerdiNetwork, nor can we ensure prompt removal of any such communications or content after transmission or posting. Accordingly, Nerdio does not assume liability to any customer or others for any failure to enforce the terms of this AUP.
Effective August 16, 2018
Privacy Policy
This Privacy Policy describes how Nerdio (https://getnerdio.com/) collects, uses and discloses information, and what choices you have with respect to the information. Updates in this version of the Privacy Policy reflect changes in data protection law.
When we refer to “Nerdio”, we mean the Nerdio, Inc. entity that acts as the controller or processor of your information, as explained in more detail in the “Identifying the Data Controller and Processor” section below.
Nerdio (“Nerdio,” “we,” “us,” “our,” or “Company”) is committed to respecting the privacy of the information collected from its customers, visitors, and other users (“you” or “your”) of the Nerdio website, (the “Nerdio Site,” or “Site”). We created this Privacy Policy (this “Policy”) to explain how we collect, use, disclose, and safeguard your information when you use the Nerdio Site.
This Policy is only applicable to the Nerdio Site, and not to any other websites that you may be able to access from the Site or via the Services, each of which may have data collection and use practices and policies that differ materially from this Policy. This Policy applies to all personal information received by Nerdio whether in electronic, paper or verbal format.
PLEASE READ THIS POLICY CAREFULLY. We take the security and privacy of your personal information very seriously and only collect personally identifiable information that is appropriate for you to use, interact and improve Nerdio Site. If you do not agree with the terms of this Policy, please do not download the Site, access the Services, or otherwise use the Nerdio Site.
Information we collect and receive
Personal Information. We may ask for certain personal information from you for the purpose of providing you with any content and/or services that you request (including but not limited to your name, organization, address, phone number, email address).
We may also decide to keep the info you submit to us on file so we can properly respond to any of your questions or concerns, as well as for future communication.
Testimonials. From time to time, we may specifically contact you to provide a testimonial regarding your experience, thoughts and comments about Nerdio. If you agree to provide a testimonial, we will publish your testimonial on our Site and the information you provide such as your full name and company will be public. However, you have the right to decline our request for a testimonial and not provide us any information.
Other information we collect
Automatic Collection. We may automatically collect the following information about your use of our Services: access time, device ID, Application ID or other unique identifier; domain name, IP address, language information; device name and model; operating system information; location information; your activities within the Services; and the length of time that you are logged in.
Cookies. From time to time, we may use the standard “cookies” feature of major browser applications that allows us to store a small piece of data on your device about your activity on our Site. We do not set any personally identifiable information in cookies, nor do we employ any data capture mechanisms on our website other than cookies. We’re always looking to improve the quality of our service and to customize your experience on our Site. Cookies help us learn which areas of our site are useful and which areas need improvement. You can choose whether to accept cookies by changing the settings on your browser. However, if you choose to disable this function, your experience with our Site may be diminished and some features may not work as they were intended.
How we use that information and with whom it may be shared
Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Nerdio uses your information in furtherance of performance of a contract to provide you our Site, information we collect with your consent and our legitimate interests in operating our Site and business as listed below. Please see how we use the information we collect from you:
Personal Information. We will not share your personal information with any third parties without your consent, except as necessary to provide you with the Nerdio Site or to comply with the law. We may use your personal information to verify your identity, to check your qualifications, or to follow up with transactions initiated on the Site. We may also use your contact information to inform you of any changes to the Site, or to send you additional information about Company. If you give your permission, we may share your contact information with our business partners or other companies that we integrate with.
Anonymous Information. We use anonymous information to analyze our Site traffic, but we do not examine this information for individually identifying information. In addition, we may use anonymous IP addresses to help diagnose problems with our server, to administer our Site, or to display the content according to your preferences. Traffic and transaction information may also be shared with business partners and advertisers on an aggregate and anonymous basis.
Marketing. We may use your personal information to:
- to provide you with information about Nerdio Site, features we add to Nerdio Site that are similar to those that you have already purchased or enquired about;
- to make suggestions and recommendations to you and other users of Nerdio Site about additional features or services that may interest you, which may be based on your activity on Nerdio Site.
- to provide you updates about Nerdio, and our success innovating Nerdio Site.
Use of Cookies. We may use cookies and other tracking technologies to deliver content specific to your interests, to save your password so you don’t have to re-enter it each time you visit our Site, or for other purposes. Promotions or advertisements displayed on our Site may contain cookies. Aggregate cookie and tracking information may be shared with third parties. Also, we may display certain advertising offers on our Site to allow service providers, advertisers, or other third parties to advertise on our Site. Most browsers are set up to accept cookies by default. You can remove or reject cookies, but be aware that such action could affect the availability and functionality of the Nerdio Site.
Disclosure To Protect Lawful Interests. We may disclose personal information if required to do so by law or in the good-faith belief that such action is necessary to (1) conform to the edicts of the law or comply with legal process served on Company or its parent company, subsidiaries or affiliates, (2) protect and defend the rights or property of Company or the users of the Site, or (3) act under exigent circumstances to protect the safety of the public or users of the Site.
Sale of Information. In order to accommodate changes in our business, we may sell or buy portions of our company or other companies or assets, including the information collected through this Site. If Company or substantially all of its assets are acquired; customer information will be one of the assets transferred to the acquirer.
Retention Period. We review our retention periods for personal information on a regular basis. We will hold your personal information on our systems for as long as you are using Nerdio Site.
Your Rights
Correcting Your Information. The accuracy of your information is important to us. We are working on making it easier for you to review and correct the information we hold about you. If you change email address, or you think any of the other information we hold is inaccurate or out of date, please email us at: hello@getnerdio.com.
Access To Information. You have the right to ask for a copy of the information we hold about you, free of charge, and we will respond to your request within 30 (thirty) days.
Marketing. You have the right to ask us not to process your personal information for marketing purposes. You can exercise your right to prevent such processing by checking or unchecking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at: hello@getnerdio.com.
Nerdio Site, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
Right To Portability. You have the right to receive personal data you have provided to us in a structured, commonly used and machine readable format. You also have the right to request that we, as the controller, transmit this data directly to another controller. You may only exercise this right with respect to the personal data you have provided to us with your consent or for the performance of a contract. The right to data portability only applies to personal data. This means that it does not apply to genuinely anonymous data. If you wish to exercise your right to portability, free of charge, please contact us at hello@getnerdio.com. We will respond to your request within 30 (thirty) days.
Right To File A Complaint. If you are residing in European Economic Area: If you have any concerns and/or complaints regarding our information privacy practices, please contact us at hello@getnerdio.com, we will help to resolve your question, concern or complaint. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, after you contacted us, you have the right to file a complaint with your Data Protection Authority.
Transferring your information outside of Europe
Nerdio’s servers are located in the United States. As part of the services offered to you through Nerdio Site, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our or third-party providers’ servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the EU.
By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
IDENTIFYING THE DATA PROCESSOR AND DATA CONTROLLER
Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. In general, you are the controller of your data. In general, Nerdio is the processor of your data.
DATA SECURITY
We have administrative, technical, and physical security measures in place to help prevent the loss, misuse, and alteration of the information that we obtain from you, but we make no assurances about our ability to prevent any such loss, misuse, to you or to any third party arising out of any such loss, misuse, or alteration. Any information disclosed online can potentially be intercepted and used by unauthorized parties.
CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting that you can activate to signal your privacy preference not to have information about your online browsing activities monitored or collected.
Our Site do not track your browsing activities across third party websites and we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your preference not to be tracked online. No uniform technology standard for recognizing and implementing DNT signals has been finalized. Because there is not yet a common understanding of how to interpret the DNT signal, we do not currently respond to DNT signals which may be sent from your computer, mobile device, or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will provide information about that practice in a revised version of this Policy.
Third Party Services
The Site may contain links to other websites. If you choose to visit other websites, we are not responsible for the privacy practices or content of those other websites, and it is your responsibility to review the privacy policies at those websites to confirm that you understand and agree with their policies.
NOTICE CONCERNING THE INFORMATION OF CHILDREN
Nerdio Site is not directed to children. In connection with our Services, we do not knowingly solicit information from or market to children under the age of 16. Please contact us if your child has provided personal information to us and we will take reasonable measures to promptly delete the information from our records; however, please be aware that the information may not be completely or comprehensively removed from our databases, if it is kept in a de-identified manner and if we are not able to link that information to the individual.
Cookies Policy
At Nerdio, we believe in being transparent about how we collect and use data. This policy provides information about how and when we use cookies for these purposes. Capitalized terms used in this policy but not defined have the meaning set forth in our Privacy Policy, which also includes additional details about the collection and use of information at Nerdio.
What is a cookie?
Cookies are small text files sent by us to your computer or mobile device. These files enable Nerdio features and functionality. They are unique to your account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire.
To find out more about cookies, visit this site.
Does Nerdio uses cookies?
Yes. Nerdio uses cookies and similar technologies like web plugins. We use both session-based and persistent cookies. Nerdio sets and accesses our own cookies on the domains operated by Nerdio and its corporate affiliates (collectively, the “Sites”). In addition, we use third-party cookies, such as Google Analytics.
Third-party cookies
In addition to our own cookies, we may also use various third-party cookies to report usage statistics of the Service, deliver advertisements on and through the Service, and so on.
How is Nerdio using cookies?
Some cookies are associated with your account and personal information in order to remember that you are logged in. Other cookies are not tied to your account but are unique and allow us to carry out analytics and customization, among other, similar activities.
Cookies can be used to recognize you when you visit a Site or use our Services, remember your preferences, and give you a personalized experience that is consistent with your settings. Cookies also make your interactions faster and more secure.
Categories of Use | Description |
Authentication | If you’re signed in to our Services, cookies help us show you the right information and personalize your experience. |
Security | We use cookies to enable and support our security features, as well as to help us detect malicious activity. |
Preferences, features and services | Cookies can tell us which language you prefer and what your communications preferences are. They can help you fill out forms on our Sites more easily. They also provide you with features, insights, and customized content. |
Marketing | We may use cookies to help us deliver marketing campaigns and track their performance. Similarly, our partners may use cookies to provide us with information about your interactions with their services; however, use of those third-party cookies would be subject to the service provider’s policies. |
Performance, Analytics and Research | Cookies help us learn how well our Site and Services perform. We also use cookies to understand, improve, and research products, features, and services, including to create logs and record when you access our Sites and Services from different devices, such as your work computer or mobile device. |
What third-party cookies does Nerdio use?
You can find a list of the third-party cookies Nerdio uses on our sites, along with other relevant information, in our cookie tables. While we do our best to keep this table updated, please note that the number and names of cookies, pixels and other technologies may change from time to time.
How are cookies used for advertising purposes?
Cookies and other ad technology such as beacons, pixels, and tags help us market more effectively to users that we and our partners believe may be interested in Nerdio. They also help provide us with aggregated auditing, research, and reporting, and know when content has been shown to you.
What can you do if you don’t want cookies to be set or want them to be removed, or if you want to opt out of internet-based targeting?
Some people prefer not to allow cookies, which is why most browsers give you the ability to manage cookies to suit you. In some browsers, you can set up rules to manage cookies on a site-by-site basis, giving you more fine-grained control over your privacy. What this means is that you can disallow cookies from all sites except those that you trust.
Browser manufacturers provide help pages relating to cookie management in their products. Please see the links below for more information.
For other browsers, please consult the documentation that your browser manufacturer provides.
You can opt out of interest-based targeting provided by participating ad servers through the Digital Advertising Alliance (http://youradchoices.com). In addition, on your iPhone, iPad, or Android, you can change your device settings to control whether you see online interest-based ads.
If you limit the ability of websites and applications to set cookies, you may worsen your overall user experience and/or lose the ability to access the services, since it will no longer be personalized to you. It may also stop you from saving customized settings like login information.
Does Nerdio respond to do not track signals?
Our Sites and Services do not collect personal information about your online activities over time or across third-party websites or online services. Therefore, “do not track” signals transmitted from web browsers do not apply to our Sites or Services, and we do not alter any of our data collection and use practices upon receipt of such a signal.
How to Contact Us
If you have questions or comments about these policies, please email us at hello@getnerdio.com or call us at (877) 909-5410.
Updates and Changes
We reserve the right, at any time, to add to, change, update, or modify this Policy, simply by posting such change, update, or modification on the Site and without any other notice to you. Any such change, update, or modification will be effective immediately upon posting on the Site. It is your responsibility to review this Policy from time to time to ensure that you continue to agree with all of its terms.
These Standard Terms and Conditions (these “Terms”) govern and are incorporated into each Service Order entered into by Nerdio and its customers (each a “Customer”). Each Service Order and these Terms are collectively referred to herein as this “Agreement”.
- Changes
Nerdio may change its Acceptable Use Policy (“AUP”) or these Terms to add restrictions on Customer’s use of the Services. Any changes to the AUP or Terms will become effective for all Service Orders upon the first to occur of: (i) renewal of a Service Order, (ii) Customer’s execution of a new or additional Service Order that incorporates the revised AUP or Terms by reference, or (iii) thirty days following Nerdio’s notice to Customer describing the change. If a change to the AUP or Terms materially and adversely affects Customer, Customer may terminate the Service Order by giving Nerdio written notice of termination no later than 30 days following the date the change became effective as to Customer. If Customer terminates the Service Order because Nerdio has modified Nerdio’s AUP or Terms in a way that materially adversely affects Customer, Nerdio may decide to waive that change as to Customer and keep Customer’s Service Order or Service Orders in place for the remainder of the term. If Nerdio does not waive that change as to Customer and the Service Order does in fact terminate, Nerdio will not charge Customer any early termination fee for a termination on those grounds.
- Customer Responsibilities
2.1 Customer will use reasonable security precautions in light of Customer’s use of the Services, including encrypting any information sent to or from the Services or an Nerdio device which: (a) identifies an individual, such as name, social security number or other government issued number, date of birth, address, telephone number, biometric data, mother’s maiden name; (b) is “non-public personal information” as that term is defined in the Gramm-Leach-Bliley Act found at 15 USC Subchapter 1, § 6809(4); (c) is “protected health information” as defined in the Health Insurance Portability and Accountability Act found at 45 CFR §160.103; or (d) is other personally identifiable information. Nerdio will make tools available to Customer to implement such security precautions.
2.2 Customer will comply with this Agreement and any laws applicable to Customer’s use of the Services.
2.3 Customer will cooperate with Nerdio’s reasonable investigation of Services outages, security problems, and any suspected breach of this Agreement.
2.4 Customer will keep its billing, contact and other account information up to date.
2.5 Customer is responsible for its use of the Services. Customer is responsible, without limitation, for obtaining appropriate permission to use, store, transmit and access any data, documentation, information or other materials stored on or used with the Services. Customer is responsible for use of the Services by any third party to the same extent as if Customer were using the Services itself.
2.6 Customer warrants that all copies of software provided by Customer and used by Customer on Nerdio hardware or with the Services are properly licensed. Customer will defend, indemnify and hold harmless Nerdio, its directors, officers, owners, employees and agents from and against all claims, suits, proceedings, costs, and expenses (including, without limitation, attorneys’ fees) arising from or related to any software provided by Customer.
- Bailed Property
3.1 Nerdio agrees to deliver and allow Customer to possess and use the PC over Internet Protocol Portals, or other thin-client terminals and other equipment provided by Nerdio to Customer to enable access by Customer to the Services, and other equipment set forth in a Service Order (collectively, the “Bailed Property”).
3.2 Customer agrees to accept and hold in bailment the Bailed Property for Nerdio, subject to the terms and conditions of this Agreement. During the term of the bailment under this Agreement, the Bailed Property will solely be used by Customer for Customer’s own commercial use only at the offices set forth in the Service Order or at other offices for which Customer has provided written notification to Nerdio.
3.3 Customer shall maintain the Bailed Property at its offices set forth in the Service Order and may only remove it only upon written notice to Nerdio. Nerdio reserves the right to inspect the Bailed Property on twenty-four hour notice for the purpose of verifying Customer’s compliance with this Agreement.
3.4 The Bailed Property is not being sold or leased to Customer. Title to the Bailed Property remains with Nerdio, and Customer may not purchase, sell, lease, mortgage, borrow against, pledge or otherwise create a legal or equitable interest in the Bailed Property for itself or any third party. Customer will segregate the Bailed Property from its own and will not obscure or remove any markings from the Bailed Property. Customer may not represent to any person that the Bailed Property is other than Nerdio’s property.
3.5 Customer will be responsible for any loss of or damage to the Bailed Property. Customer will be solely responsible for procuring and paying for any insurance that Customer may desire against risk of loss or damage to the Bailed Property.
3.6 Upon request, and upon any termination or expiration of the applicable Service Order, Customer will return the Bailed Property to Nerdio in the same condition as when delivered to Customer, ordinary wear and tear excepted. All expenses such as transportation costs, and any other type of expense will be the exclusive responsibility of Customer.
3.7 Customer hereby authorizes and consents to Nerdio’s filing of a UCC financing statement and any other precautionary filings regarding the Bailed Property and agrees that the UCC financing statement and other precautionary filings regarding the Bailed Property may indicate that the Bailed Property is held by Customer as a bailee.
- Service Order Changes
4.1 Changes. Either party may request changes to a Service Order. Changes are broadly defined as those activities or equipment not originally considered within tasks to be performed or equipment to be provided as part of the Services, in each case as specified in the original Service Order. Change requests must be submitted by the party proposing such change request in writing signed by the submitting party’s designated primary contact. In either case, Nerdio will prepare a time and cost estimate, including payment terms, for the requested change(s) (“Change Order”). Upon approval in writing by Customer of the Change Order, the Change Order will be deemed to be part of, and governed by all of the terms and conditions of, this Agreement and the applicable Service Order, and Nerdio will begin the work specified therein.
- Fees
5.1 Fees. Nerdio’s fees generally include sales and use taxes. Any additional taxes applicable to the sale or furnishing of any Services or associated materials hereunder or to their use by Customer relating (excluding any tax on the net income of Nerdio) that are imposed after execution of the Service Order and are not already included with the fees will be separately itemized on Customer’s invoice, and Customer will pay, or reimburse Nerdio for, the gross amount of any such taxes.
5.2. Payment. All payments under this Agreement will be made in United States dollars. Unless stated otherwise in the Service Order, billings will be made by Nerdio on a monthly basis on or about the first day of each month, and payment for such invoices will be due as set forth in the applicable Service Order. Customer will reimburse Nerdio for expenses and costs including, without limitation, reasonable attorneys’ fees, incurred by Nerdio to collect unpaid amounts hereunder.
- Term; Termination & Suspension
6.1. Term. These Terms will remain in effect while any Service Order is in effect. Each Service Order will be for the term set forth therein.
6.2 Termination without Cause. Customer may terminate any Service Order at any time without cause by not less than thirty (30) days prior written notice to the other party.
6.3 Termination with Cause. Either party will have the right to terminate any Service Order if the other party has materially breached this Agreement; provided, however, that no such termination will be effective unless (i) the terminating party provides written notice to the other party setting forth the facts and circumstances constituting the breach, and (ii) the party alleged to be in breach does not cure such breach within ten (10) business days following receipt of such notice. Customer acknowledges that failure to pay fees will constitute a material breach of the Service Order, and that in addition to the termination rights set forth in this Section 6.3, failure to pay fees may result in suspension pursuant to Section 6.5. In addition to payment of unpaid service fees, reinstatement after suspension for failure to pay fees will require payment of a reinstatement fee equal to one (1) month of service fees.
6.4 Early Termination Fee. If Customer terminates a Service Order pursuant to Section 6.2 or Nerido terminates a Service Order pursuant to Section 6.3, Customer will pay Nerdio an early termination fee determined as set forth in the Service Order.
6.5 Suspension. Nerdio may suspend Services without liability if: (a) Nerdio reasonably believes that the use of the Services violates law or this Agreement, infringes the intellectual property rights of a third party or poses a threat to Nerdio’s systems, equipment, processes, business or intellectual property; (b) Customer does not cooperate with Nerdio’s reasonable investigation of any suspected violation of this Agreement; (c) there is an attack on Customer’s server(s), Customer’s server is accessed or manipulated by a third party without Customer’s consent, or there is another event for which Nerdio reasonably believes that the suspension of Services is necessary to protect the Nerdio network or Nerdio’s other customers; (d) Customer fails to pay fees when due; or (e) if required by law. Nerdio will give Customer advance notice of suspension of at least twenty-four hours unless Nerdio determines in Nerdio’s reasonable commercial judgment that a suspension on shorter or contemporaneous notice is necessary to protect Nerdio, its customers or others.
6.5 Post Termination Obligations. Nerdio will continue to provide billable services hereunder to the effective date of any such termination and, subject to compensation at Nerdio’s then hourly rates, will cooperate with Customer to provide for an orderly transition of Nerdio’s services to Customer at the time of any such termination. Promptly after the date of any such termination Nerdio will render a final billing to Customer and Customer will pay the same.
- Confidential Information
7.1 Confidential Information. Each party understands and acknowledges that any data or information, oral or written, that relates to the other’s research, development or business activities (including without limitation any unannounced products and services, other clients, suppliers, and service providers, business processes and plans, finances, internal operations) which is disclosed or otherwise made available to the other party (collectively, “Confidential Information”) represent valuable confidential information entitled to protection as trade secrets. Each party will keep confidential, will not disclose, and will protect from unauthorized disclosure by its employees and agents, Confidential Information and all copies or physical embodiments thereof in any media in its possession, and will limit access to Confidential Information to those who require such access in connection with this Agreement. Each party will secure and protect the Confidential Information and any and all copies and other physical embodiments thereof in any media in its possession in a manner consistent with the steps taken to protect its own trade secrets and Confidential Information, but not less than a reasonable degree of care. Each party will take appropriate action with its employees who are permitted access to the Confidential Information to satisfy its obligations hereunder.
7.2 Exceptions. The confidentiality obligations set forth above will not apply to (i) information previously known to the receiving party without reference to Confidential Information, (ii) information which is or becomes publicly known through no wrongful act of the receiving party, (iii) information received from a third party under no confidentiality obligation with respect to the Confidential Information or (iv) information required to be disclosed under administrative or court order or in arbitration or litigation arising out of this Agreement.
- Indemnification
8.1 Indemnification Obligations. Each party (“Indemnifying Party”) will indemnify, defend and hold the other party and its stockholders, directors, employees and agents harmless from and against all damages and expenses of any kind (including reasonable attorneys’ fees) (collectively, “Damages”), incurred for third party claims arising out of or in connection with (i) infringement by the Indemnifying Party of any United States Intellectual Property Rights (as defined in Section 10.1) of any third party, (ii) any material misrepresentation or breach of any material representation, warranty or obligation by the Indemnifying Party under this Agreement, or (iii) any negligent or unlawful act by the Indemnifying Party in its performance of this Agreement, except in each case to the extent that such Damages arise out of any action by the Indemnified Party.
8.2 Indemnification Procedures. A party seeking indemnification will promptly notify the other party in writing of any claim, provided, that failure to give notice will only relieve the Indemnifying Party of liability if the Indemnifying Party has suffered actual material prejudice by such failure. The Indemnifying Party will (i) control the defense of any such claim; (ii) reimburse the Indemnified Party for any reasonable legal expenses directly incurred in such defense, as such expenses are incurred; and (iii) have the right to consent to judgment on, or otherwise settle, an indemnified claim with the prior written consent of the Indemnified Party, which consent will not be unreasonably withheld; provided, that the Indemnified Party may withhold its consent if the judgment or settlement imposes an unreimbursed or continuing obligation on the Indemnified Party or does not include an unconditional release of each Indemnified Party.
- Warranties; Disclaimers and Limitations
9.1 Warranties. Nerdio warrants that (i) it will provide the Services in a professional manner, in accordance with generally accepted industry standards and in conformance with the provisions of this Agreement (provided that Customer must notify Nerdio of any breach of this subparagraph (i) within fifteen (15) days of performance of the affected Services) and (ii) Services will not infringe any United States Intellectual Property Rights of any third party.
In case of a breach of a warranty set forth in this Section 9.1, in addition to the indemnification obligations set forth in Section 8, Nerdio will, as its sole obligation or liability to Customer: (1) procure for Customer the right to continue to use the affected Services, (2) rework, replace or modify the affected Services so that they conform with this Section 9.1 or (3) if Nerdio is unable to do either of the foregoing on a commercially reasonable basis, refund the fees paid by Customer for the affected Services.
9.2 Disclaimer of Warranties. EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, (I) THE SERVICES ARE PROVIDED AS IS AND AS AVAILABLE AND (II) TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NERDIO DISCLAIMS ANY AND ALL WARRANTIES, WRITTEN OR ORAL, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE SERVICES.
The Services do not include, and Nerdio will not provide access to any hardware or software not set forth on a Service Order. The Service is limited to the hardware, software, data storage, bandwidth and user access set forth on the applicable Service Order. Nerdio only provides technical support, additional user access, data storage, and bandwidth to the extent specified on a Service Order.
Nerdio is not responsible to Customer for unauthorized access to Customer data or the unauthorized use of the Services unless the unauthorized access or use results from Nerdio’s failure to meet its security obligations stated in this Agreement. Customer is responsible for the use of the Services by any of its employees, or by any person to whom Customer has given access to the Services, and any person who gains access to Customer data or the Services as a result of Customer’s failure to use reasonable security precautions, even if that use was not authorized by Customer. Nerdio is not responsible for unauthorized access to Customer’s Service Email Address, and Customer will be held responsible for the contents of any messages originating from the Service Email Address, including without limitation authorization of any Services.
9.3 Exclusion of Liability. EXCEPT WITH RESPECT TO ITS INDEMNIFICATION OBLIGATIONS UNDER SECTION 8, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY WILL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY INCLUDING NEGLIGENCE, AND EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
9.4 Limitation of Liability. EXCEPT WITH RESPECT TO ITS INDEMNIFICATION OBLIGATIONS UNDER SECTION 8, EACH PARTY’S LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THIS AGREEMENT (EXCLUDING ACTIONS TO COLLECT UNPAID FEES) WILL NOT EXCEED THE FEES ACTUALLY PAID TO NERDIO UNDER THE SERVICE ORDER GIVING RISE TO SUCH CLAIM.
- Intellectual Property
10.1 Nerdio Property. Customer acknowledges that, as between Customer and Nerdio, except to extent of the limited license granted below, Nerdio owns all right, title and interest in any and all: (i) proprietary business processes related to the Services, (ii) Nerdio Confidential Information and (iii) copyright, patent, trademark, trade secret and other intellectual property rights (“Intellectual Property Rights”) with respect to the Services provided that Nerdio grants Customer a limited, non-exclusive, non-transferable right and license to use such Intellectual Property Rights solely to the extent necessary to use Services. Customer understands and agrees that its use of or access to any of the foregoing Nerdio property in connection with this Agreement will not create in it any right, title or interest, in or to such property, and that all such use or access and goodwill associated with any such use or access will inure to the benefit of and be on behalf of Nerdio.
- Miscellaneous
11.1 Force Majeure. Nerdio will not be responsible for any delay or failure in performance resulting from acts beyond its control including but not limited to an act of God; an act of war, sabotage or terrorism; a riot or other civil disturbance; outages of electrical, telecommunications or computer services provided by third parties that are not within Nerdio’s control; an epidemic, fire, flood, extreme weather condition, or other disaster; an act of government; delays in transit or delivery; or labor shortage, labor unrest, strike or lockout.
11.2 Mutual Representations and Warranties. Each Party hereby represents and warrants to the other Party that (a) it is duly organized, validly existing and in good standing under the laws of the jurisdiction of its organization and has all the necessary power and authority to enter into and perform its obligations under this Agreement and (b) this Agreement has been duly authorized, executed and delivered by it and its execution and delivery of this Agreement, and the performance of its obligations and duties hereunder, will not conflict with or result in any violation or breach of, or constitute a default (or give rise to any right of termination, cancellation or acceleration) under, any terms, conditions or provisions of agreement or other instrument or obligation to which it is a party or by which any of its properties or assets may be bound, except for such violations, breaches or defaults which would not, individually or in the aggregate, have a material adverse effect on it and its ability to perform its obligations under this Agreement.
11.3 Independent Contractor. Nerdio and Customer are and will remain independent contractors. This Agreement does not constitute a partnership. Neither party is a franchisee, agent or legal representative of the other for any purpose, and neither party has the authority to act for, bind or make commitments on behalf of the other.
11.4 No Assignment. Neither party may sell, transfer, assign, or subcontract its rights or obligations under this Agreement without the express written consent of the other party. Any attempt to do so without such consent will be null and void. Notwithstanding the foregoing, Nerdio may, without Customer’s consent, assign this Agreement and its rights and obligations hereunder in connection with (i) a merger, combination, consolidation or similar business combination involving Nerdio, (ii) a sale of all or substantially all of Nerdio’s assets, or (iii) a sale of a majority of Nerdio’s outstanding voting securities.
11.5 Amendments in Writing. No amendment, modification, or waiver of any provision of this Agreement will be effective unless set forth in a writing that refers to this Agreement and is executed by authorized representatives of each party. No failure or delay by any party in exercising any right, power, or remedy will operate as a waiver of any such right, power, or remedy.
11.6 Notices. Any notice to be given under this Agreement will be in writing, will be deemed given upon receipt, and will be delivered in person, by e-mail or by overnight delivery service with proof of delivery, to the address set forth in the Service Order (or such other address previously designated by the receiving party by written notice) to the attention of the receiving party’s designated primary contact.
11.7 Governing Law; Dispute Forum. This Agreement will be governed by and construed in accordance with the laws of the State of Illinois. The first party initiating any legal action under this Agreement will commence that action in the state or federal courts located in Chicago, Illinois, and each party agrees to the exclusive jurisdiction of such courts with respect to any dispute arising under this Agreement.
11.8 Entire Agreement; Severability. This Agreement, together with the schedules, amendments, and other attachments, contains a full and complete expression of the rights and obligations of the parties. This Agreement supersedes any and all other previous agreements, written or oral, made by the parties concerning its subject matter. If any provision of this Agreement is held by a court or arbitration panel of competent jurisdiction to be unlawful, the remaining provisions of this Agreement will remain in full force and effect to the extent that the parties’ intent can be lawfully enforced. Without limiting the generality of the foregoing, it is expressly agreed that the terms of any Customer purchase order will be subject to the terms of this Agreement and that any acceptance of a purchase order by Nerdio will be for acknowledgment purposes only and none of the terms set forth in the purchase order will be binding upon Nerdio.
11.9 Headings. The headings to these Terms have been included solely for references and are to have no force or effect in interpreting the provisions of the Terms.
11.10 Survival. Sections 3.6, 6.5 and 7 through 11 will survive termination of this Agreement.
8001 Lincoln Ave, Suite 212
Skokie, IL 60077
Email: hello@getnerdio.com
Phone: (877) 909-5410
Fax: (224) 534-3588
NERDIO FOR AZURE STANDARD TERMS AND CONDITIONS
These Standard Terms and Conditions (these “Terms”) govern and are incorporated into each Service Order entered into by Nerdio, Inc. (“Nerdio”) and partners (each a “Partner”) of its Nerdio for Azure (NFA) Service (the “Service”). Each Service Order and these Terms are collectively referred to herein as this “Agreement”.
1. Changes
Nerdio may change these Terms or its Acceptable Use Policy (“AUP”) on not less than thirty (30) days prior notice to Partner describing the change. If a change to the AUP or Terms materially and adversely affects Partner, Partner may terminate this Agreement by giving Nerdio written notice of termination no later than thirty (30) days following the date the change became effective. If Partner terminates this Agreement because Nerdio has modified Nerdio’s AUP or Terms in a way that materially adversely affects Partner, Nerdio may decide to waive that change as to Partner and keep Partner’s Agreement in place for the remainder of the term. If Nerdio does not waive that change as to Partner and the Agreement does in fact terminate, Nerdio will not charge Partner any early termination fee for a termination on those grounds.
2. Partner Responsibilities
2.1 Subject to the terms and conditions of this Agreement, Nerdio grants to Partner a nonexclusive, nontransferable license to execute and use the Service for Partner’s business purposes of providing IT management to its third party customers. References to users in this Agreement will include Partner’s third party customers and their users.
2.2 Except as expressly set forth in Section 2.1, Partner may use the Service only for Partner’s internal business operations, and may not use the Service to provide service to third parties, including without limitation, through commercial timesharing, rental or sharing arrangements, “service bureau” based services, “application service provider” based services or software as a service (SaaS) based services, or any other use of the Service for the benefit of any third party.
2.3 Partner will be responsible for all activity occurring under its Service accounts. Partner agrees not to disclose user IDs to any third-party. Partner will promptly notify Nerdio of any unauthorized use of Partner’s account or of any other breach of security. Nerdio will not be liable for any loss that Partner may incur as a result of someone else using Partner’s passwords or account, either with or without Partner’s knowledge.
2.4 Partner will abide by all applicable local, state, national and foreign laws and regulations in connection with the use of the Service, including, without limitation, those related to data privacy and the transmission of technical or personal data.
2.5 Partner warrants that it will have the necessary rights and licenses to all software or services, including without limitation Microsoft Azure, accessed or used by Partner through the Service. Partner will have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use of all data input by Partner into the Service.
2.6 Partner will designate and notify Nerdio of the person at Partner with responsibility for the administration of the Service, including such person’s name, position, phone, fax, email, and address.
2.7 Partner will be responsible for:
- 2.7.1 its users’ use of the Service and compliance with this Agreement;
- 2.7.2 all Internet, communication and other costs associated with use of the Service;
- 2.7.3 implementing reasonable security and environmental precautions in its facilities and its hardware and software infrastructure; and
- 2.7.4 reporting to Nerdio all errors in the Service promptly by web submission, e-mail or telephone.
2.8 Partner will not, and will not permit its users to:
- 2.8.1 permit access to the Service to any persons other than users who have been issued an individual identification or password code by Partner;
- 2.8.2 remove from the Service any copyright notices, disclaimers or other indicia of ownership or restrictions on use;
- 2.8.3 use the Service for any purpose that is unlawful or prohibited by the terms and conditions of these Terms or the AUP;
- 2.8.4 interfere with or disrupt the integrity or performance of the Service or third-party data or information contained therein;
- 2.8.5 use the Service in any manner that could damage, disable, overburden, or impair Nerdio’s hardware and software infrastructure (the “Environment”), or interfere with any other party’s use of the Service;
- 2.8.6 attempt to gain unauthorized access to the Environment, the Service, the accounts of other Partners of Nerdio or computer systems or networks connected to Nerdio’s servers or to the Service;
- 2.8.7 attempt to obtain any information from the Service through any means that are not intentionally made available to Partner by Nerdio, or otherwise collect information about others;
- 2.8.8 use the Service to store or transmit infringing, libelous, or otherwise unlawful or tortuous material, or to store or transmit material in violation of third-party privacy or other rights;
- 2.8.9 upload files that contain viruses, Trojan horses, worms, time bombs, corrupted files, or take other actions whose purpose or effect is to (a) disrupt, disable, harm, or otherwise impede in any manner or impair the operation of the Environment or the Service; (b) permit unauthorized access to the Environment or the Service; (c) cause the Environment or the Service to cease functioning or to damage or corrupt data, storage media, programs, equipment or communications, or otherwise interfere with, or upload software or programs that may damage, the operation of another computer or property of another; or
- 2.8.10 access the Service for purposes of monitoring service availability, performance or functionality, or for any other benchmarking or competitive purposes.
2.9 Partner will cooperate with Nerdio’s reasonable investigation of Service outages, security problems, and any suspected breach of these Terms.
3. Fees
3.1 Payment. Billings will be made by Nerdio in arrears on a monthly basis on or about the first day of each month, and will simultaneously be charged to Partner’s credit card on file with Nerdio. All payments under this Agreement will be made in United States dollars. Partner will reimburse Nerdio for expenses and costs including, without limitation, reasonable attorneys’ fees, incurred by Nerdio to collect unpaid amounts hereunder.
3.2 Fees. Nerdio’s fees generally include sales, use, excise, occupation, value-added and similar taxes. Any additional taxes applicable to the sale or furnishing of the Service or to their use by Partner relating (excluding any tax on the net income of Nerdio) that are imposed after execution of this Agreement and are not already included with the fees will be separately itemized on Partner’s invoice, and Partner will pay, or reimburse Nerdio for, the gross amount of any such taxes.
4. Term and Termination
4.1 Initial Term. This Agreement will commence on the Effective Date and continue until terminated in accordance with this Agreement (the “Initial Term”).
4.2 Termination. Partner or Nerdio may terminate this Agreement at any time with or without cause by prior written notice to the other party.
4.3 Post Termination Obligations. Nerdio will continue to provide the Service to the effective date of any such termination. Promptly after the date of any such termination Nerdio will render a final billing to Partner and simultaneously charge such amounts to Partner’s credit card on file with Nerdio.
4.4 Suspension. Nerdio may suspend Partner’s use of the Service without liability if: (a) Nerdio reasonably believes that the Partner’s use of the Service violates law or this Agreement, infringes the intellectual property rights of a third party or poses a threat to Nerdio’s systems, equipment, processes, business or intellectual property; (b) Partner does not cooperate with Nerdio’s reasonable investigation of any suspected violation of this Agreement; (c) there is an attack on Partner’s server(s), Partner’s server is accessed or manipulated by a third party without Partner’s consent, or there is another event for which Nerdio reasonably believe that the suspension of Service is necessary to protect the Nerdio network or Nerdio’s other Partners; (d) Partner fails to pay fees when due; or (e) if required by law. Nerdio will give Partner advance notice of suspension of at least twelve hours unless Nerdio determines in Nerdio’s reasonable commercial judgment that a suspension on shorter or contemporaneous notice is necessary to protect Nerdio, its Partners or others.
5. Confidential Information
5.1 Confidential Information. Each party understands and acknowledges that any data or information, oral or written, that relates to the other’s research, development or business activities (including without limitation any unannounced products and services, other clients, suppliers, and service providers, business processes and plans, finances, internal operations) which is disclosed or otherwise made available to the other party (collectively, “Confidential Information”) represent valuable confidential information entitled to protection as trade secrets. Each party will keep confidential, will not disclose, and will protect from unauthorized disclosure by its employees and agents, Confidential Information and all copies or physical embodiments thereof in any media in its possession, and will limit access to Confidential Information to those who require such access in connection with this Agreement. Each party will secure and protect the Confidential Information and any and all copies and other physical embodiments thereof in any media in its possession in a manner consistent with the steps taken to protect its own trade secrets and Confidential Information, but not less than a reasonable degree of care. Each party will take appropriate action with its employees who are permitted access to the Confidential Information to satisfy its obligations hereunder.
5.2. Exceptions. The confidentiality obligations set forth above will not apply to (i) information previously known to the receiving party without reference to Confidential Information, (ii) information which is or becomes publicly known through no wrongful act of the receiving party, (iii) information received from a third party under no confidentiality obligation with respect to the Confidential Information or (iv) information required to be disclosed under administrative or court order or in arbitration or litigation arising out of this Agreement.
6. Indemnification, Disclaimers and Limitations of Warranties and Liability
6.1. Indemnification Obligations
- 6.1.1 Each party (the “Indemnifying Party”) will indemnify, defend and hold the other party and its stockholders, directors, employees and agents (in each case, an “Indemnified Party”) harmless from and against all damages and expenses of any kind (including reasonable attorneys’ fees) (collectively, “Damages”), incurred for third party claims arising out of or in connection with (i) infringement by the Indemnifying Party of any United States copyright, patent, trademark, trade secret or other intellectual property rights of any third party, (ii) any misrepresentation or breach of any representation, warranty or obligation by the Indemnifying Party under this Agreement, or (iii) any negligent or unlawful act by the Indemnifying Party in its performance of this Agreement, except in each case to the extent that such Damages arise out of any action by the Indemnified Party.
- 6.1.2 A party seeking indemnification will promptly notify the other party in writing of any claim, provided, that failure to give notice will only relieve the Indemnifying Party of liability if the Indemnifying Party has suffered actual material prejudice by such failure. The Indemnifying Party will (i) control the defense of any such claim; (ii) reimburse the Indemnified Party for any reasonable legal expenses directly incurred in such defense, as such expenses are incurred; and (iii) have the right to consent to judgment on, or otherwise settle, an indemnified claim with the prior written consent of the Indemnified Party, which consent will not be unreasonably withheld; provided, that the Indemnified Party may withhold its consent if the judgment or settlement imposes an unreimbursed or continuing obligation on the Indemnified Party or does not include an unconditional release of each Indemnified Party.
6.2 Warranties; Disclaimer of Warranties
- 6.2.1 Nerdio warrants that the Service will be provided in accordance with this Agreement and substantially in accordance with any Service descriptions or specifications. Nerdio does not warrant that the Service will meet Partner’s requirements or that the operation of the Service will be uninterrupted or error free or that all defects will be corrected. This warranty is void if failure of the Service has resulted from: (a) misuse, neglect, accident, abuse, modification, or misapplication of the Service; (b) Partner’s failure to use the Service in accordance with its documentation or this Agreement; or (c) the combination of the Service with any items not provided by Nerdio or specified in the Service’s documentation.
- 6.2.2 EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, (I) THE SERVICE IS PROVIDED AS IS AND AS AVAILABLE AND (II) TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NERDIO DISCLAIMS ANY AND ALL WARRANTIES, WRITTEN OR ORAL, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE SERVICE.
6.3 Exclusion of Liability
EXCEPT WITH RESPECT TO ITS INDEMNIFICATION OBLIGATIONS UNDER SECTION 6.1, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY WILL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY INCLUDING NEGLIGENCE, AND EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
6.4 Limitation of Liability
EXCEPT WITH RESPECT TO ITS INDEMNIFICATION OBLIGATIONS UNDER SECTION 6.1, EACH PARTY’S LIABILITY UNDER THIS AGREEMENT FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THIS AGREEMENT (EXCLUDING ACTIONS TO COLLECT FEES) WILL NOT EXCEED THE FEES ACTUALLY PAID BY PARTNER TO NERDIO UNDER THIS AGREEMENT.
7. Intellectual Property
Partner acknowledges that, as between Partner and Nerdio, Nerdio owns all right, title and interest in all copyright, patent, trademark, trade secret and other intellectual property rights with respect to the Service. Partner understands and agrees that its use of or access to any of the foregoing Nerdio property in connection with this Agreement will not create in it any right, title or interest, in or to such property, and that all such use or access and goodwill associated with any such use or access will inure to the benefit of and be on behalf of Nerdio.
8. Miscellaneous
8.1 Mutual Representations and Warranties. Each Party hereby represents and warrants to the other Party that (a) it is duly organized, validly existing and in good standing under the laws of the jurisdiction of its organization and has all the necessary power and authority to enter into and perform its obligations under this Agreement and (b) this Agreement has been duly authorized, executed and delivered by it and its execution and delivery of this Agreement, and the performance of its obligations and duties hereunder, will not (i) conflict with or result in any violation or breach of, or constitute a default (or give rise to any right of termination, cancellation or acceleration) under, any terms, conditions or provisions of agreement or other instrument or obligation to which it is a party or by which any of its properties or assets may be bound, except for such violations, breaches or defaults which would not, individually or in the aggregate, have a material adverse effect on it and its ability to perform its obligations under this Agreement.
8.2 Independent Contractor. Nerdio and Partner are and will remain independent contractors. The Agreement does not constitute a partnership. Neither party is a franchisee, agent or legal representative of the other for any purpose, and neither party has the authority to act for, bind or make commitments on behalf of the other.
8.3 No Assignment. Neither party may sell, transfer, assign, or subcontract its rights or obligations under this Agreement without the express written consent of the other party. Any attempt to do so without such consent will be null and void. Notwithstanding the foregoing, Nerdio may, without Partner’s consent, assign this Agreement and its rights and obligations hereunder in connection with (i) a merger, combination, consolidation or similar business combination involving Nerdio, (ii) a sale of all or substantially all of Nerdio’s assets, or (iii) a sale of a majority of Nerdio’s outstanding voting securities.
8.4 Amendments in Writing. No amendment, modification, or waiver of any provision of this Agreement will be effective unless set forth in a writing that refers to this Agreement and is executed by authorized representatives of each party. No failure or delay by any party in exercising any right, power, or remedy will operate as a waiver of any such right, power, or remedy.
8.5 Force Majeure. Nerdio will not be liable or deemed to be in breach of its obligations hereunder for any delay or failure in performance under this Agreement or other interruption of service resulting, directly or indirectly, from acts of God, civil or military authority, act of war, accidents, electronic, computer or communications failures, natural disasters or catastrophes, strikes, or other work stoppages or any other cause beyond the reasonable control of the party affected thereby.
8.6 Notices. Any notice to be given under this Agreement will be in writing, will be deemed given upon receipt, and will be delivered in person, by e-mail or by overnight delivery service with proof of delivery, to the address set forth in the Service Order (or such other address previously designated by the receiving party by written notice) to the attention of the receiving party’s designated primary contact.
8.7 Governing Law; Dispute Forum. This Agreement will be governed by and construed in accordance with the laws of the State of Illinois. The first party initiating any legal action under this Agreement will commence that action in the state or federal courts located in Chicago, Illinois, and each party agrees to the exclusive jurisdiction of such courts with respect to any dispute arising under this Agreement.
8.8 Entire Agreement; Severability. This Agreement, together with the schedules, amendments, and other attachments, contains a full and complete expression of the rights and obligations of the parties. If any provision of this Agreement conflicts with any schedule, amendment or attachment to this Agreement, this Agreement will control with respect to the subject matter of such schedule, amendment or attachment. This Agreement supersedes any and all other previous agreements, written or oral, made by the parties concerning its subject matter. If any provision of this Agreement is held by a court or arbitration panel of competent jurisdiction to be unlawful, the remaining provisions of this Agreement will remain in full force and effect to the extent that the parties’ intent can be lawfully enforced. Without limiting the generality of the foregoing, it is expressly agreed that the terms of any Partner purchase order will be subject to the terms of this Agreement and that any acceptance of a purchase order by Nerdio will be for acknowledgment purposes only and none of the terms set forth in the purchase order will be binding upon Nerdio.
8.9 Headings. The headings to these terms and conditions have been included solely for references and are to have no force or effect in interpreting the provisions of the Agreement.
8.10 Survival. Sections 4.3, 5, 6, 7 and 8 will survive any termination of this Agreement.
8001 Lincoln Ave, Suite 212
Skokie, IL 60077
Email: hello@getnerdio.com
Phone: (877) 909-5410
Fax: (224) 534-3588
Effective April 3, 2019
Exhibit C
This Data Protection Addendum (“Addendum”) forms part of the Standard Terms and Conditions (“Agreement”) between Nerdio and Customer. Capitalized terms not otherwise defined herein will have the meaning given to them in the Agreement. Except as modified below, the terms of the Agreement will remain in full force and effect.
In consideration of the mutual obligations set out herein, the parties hereby agree that the terms and conditions set out below will be added as an Addendum to the Agreement. Except where the context requires otherwise, references in this Addendum to the Agreement are to the Agreement as amended by, and including, this Addendum.
1. Definitions
1.1. In this Addendum, the following terms will have the meanings set out below and cognate terms will be construed accordingly:
1.1.1. “Applicable Laws” means (a) European Union or Member State laws with respect to any Customer Personal Data in respect of which Customer is subject to EU Data Protection Laws; and (b) any other applicable law with respect to any Customer Personal Data in respect of which Customer is subject to any other Data Protection Laws;
1.1.2. “Customer Personal Data” means any Personal Data Processed by a Contracted Processor on behalf of Customer pursuant to or in connection with the Agreement;
1.1.3. “Contracted Processor” means Nerdio or a Subprocessor;
1.1.4. “Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;
1.1.5. “EEA” means the European Economic Area;
1.1.6. “GDPR” means EU General Data Protection Regulation 2016/679;
1.1.7. “Restricted Transfer” means:
- 1.1.7.1. a transfer of Customer Personal Data from Customer to a Contracted Processor; or
- 1.1.7.2. an onward transfer of Customer Personal Data from a Contracted Processor to a Contracted Processor, or between two establishments of a Contracted Processor,
in each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws) in the absence of the Standard Contractual Clauses to be established under section 5.4.3 or 11 below;
1.1.8. “Services” means the services and other activities to be supplied to or carried out by or on behalf of Nerdio for Customer pursuant to the Agreement;
1.1.9. “Standard Contractual Clauses” means the contractual clauses set out in Annex 2, amended as indicated (in square brackets and italics) in that Annex and under section 13.4;
1.1.10. “Subprocessor” means any person (including any third party, but excluding an employee of Nerdio or any of its sub-contractors) appointed by or on behalf of Nerdio to Process Personal Data on behalf of Customer in connection with the Agreement; and
1.2. The terms, “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing” and “Supervisory Authority” will have the same meaning as in the GDPR, and their cognate terms will be construed accordingly.
2.Processing of Customer Personal Data
2.1. Nerdio will:
- 2.1.1. comply with all applicable Data Protection Laws in the Processing of Customer Personal Data; and
- 2.1.2. not Process Customer Personal Data other than on the Customer’s documented instructions unless Processing is required by Applicable Laws to which the relevant Contracted Processor is subject, in which case Nerdio will to the extent permitted by Applicable Laws inform the Customer of that legal requirement before the relevant Processing of that Personal Data.
2.2. Customer:
- 2.2.1. instructs Nerdio (and authorizes Nerdio to instruct each Subprocessor) to:
- 2.2.1.1. Process Customer Personal Data; and
- 2.2.1.2. in particular, transfer Customer Personal Data to any country or territory,
- as reasonably necessary for the provision of the Services and consistent with the Agreement.
2.3. Annex 1 to this Addendum sets out certain information regarding the Contracted Processors’ Processing of the Customer Personal Data as required by article 28(3) of the GDPR (and, possibly, equivalent requirements of other Data Protection Laws). Customer may make reasonable amendments to Annex 1 by written notice to Nerdio from time to time as Customer reasonably considers necessary to meet those requirements. Nothing in Annex 1 (including as amended pursuant to this section 2.3) confers any right or imposes any obligation on any party to this Addendum.
3. Nerdio Personnel
Nerdio will take reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to the Customer Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know/access the relevant Customer Personal Data, as strictly necessary for the purposes of the Agreement, and to comply with Applicable Laws in the context of that individual’s duties to the Contracted Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
4. Security
4.1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Nerdio will in relation to the Customer Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.
4.2. In assessing the appropriate level of security, Nerdio will take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
5. Subprocessing
5.1. Customer authorizes Nerdio to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 and any restrictions in the Agreement.
5.2. Nerdio may continue to use those Subprocessors already engaged by Nerdio as at the date of this Addendum, subject to Nerdio in each case as soon as practicable meeting the obligations set out in section 5.4.
5.3. Nerdio will give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within five (5) business days of receipt of that notice, Customer notifies Nerdio in writing of any objections (on reasonable grounds) to the proposed appointment:
- 5.3.1 Ne will work with Customer in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor; and
- 5.3.2 where such a change cannot be made within ten (10) business days from Nerdio’s receipt of Customer’s notice, notwithstanding anything in the Agreement, Customer may by written notice to Nerdio with immediate effect terminate the Agreement to the extent that it relates to the Services which require the use of the proposed Subprocessor.
5.4. With respect to each Subprocessor, Nerdio will:
- 5.4.1. before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 5.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement;
- 5.4.2. ensure that the arrangement between on the one hand (a) Nerdio or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum and meet the requirements of article 28(3) of the GDPR;
- 5.4.3. if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) Nerdio or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer; and
- 5.4.4. provide to Customer for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to time.
5.5. Nerdio will ensure that each Subprocessor performs the obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of Nerdio.
6. Data Subject Rights
6.1. Taking into account the nature of the Processing, Nerdio will assist Customer by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Customer’s obligations, as reasonably understood by Customer, to respond to requests to exercise Data Subject rights under the Data Protection Laws.
6.2. Nerdio will:
- 6.2.1. promptly notify Customer if any Contracted Processor receives a request from a Data Subject under any Data Protection Law in respect of Customer Personal Data; and
- 6.2.2. ensure that the Contracted Processor does not respond to that request except on the documented instructions of Customer or as required by Applicable Laws to which the Contracted Processor is subject, in which case Nerdio will to the extent permitted by Applicable Laws inform Customer of that legal requirement before the Contracted Processor responds to the request.
7. Personal Data Breach
7.1. Nerdio will notify Customer promptly upon Nerdio or any Subprocessor becoming aware of a Personal Data Breach affecting Customer Personal Data, providing Customer with sufficient information to allow Customer to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
7.2. Nerdio will co-operate with Customer and take such reasonable commercial steps as are directed by Customer to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
8. Data Protection Impact Assessment and Prior Consultation
Nerdio will provide reasonable assistance to Customer with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Customer reasonably considers to be required of Customer by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Customer Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.
9. Deletion or return of Customer Personal Data
9.1. Subject to sections 9.2 and 9.3 Nerdio will promptly and in any event within thirty-one (31) days of the date of cessation of any Services involving the Processing of Customer Personal Data (the “Cessation Date”), delete and procure the deletion of all copies of those Customer Personal Data.
9.2. Subject to section 9.3, Customer may in its absolute discretion by written notice to Nerdio within thirty (30) days of the Cessation Date require Nerdio to (a) return a complete copy of all Customer Personal Data to Customer by secure file transfer in such format as is reasonably notified by Customer to Nerdio; and (b) delete and procure the deletion of all other copies of Customer Personal Data Processed by any Contracted Processor. Nerdio will comply with any such written request within thirty-one (31) days of the Cessation Date.
9.3. Each Contracted Processor may retain Customer Personal Data to the extent required by Applicable Laws and only to the extent and for such period as required by Applicable Laws and always provided that Nerdio will ensure the confidentiality of all such Customer Personal Data and will ensure that such Customer Personal Data is only Processed as necessary for the purpose(s) specified in the Applicable Laws requiring its storage and for no other purpose.
9.4. Nerdio will provide written certification to Customer that it has fully complied with this section 10 within thirty-one (31) days of the Cessation Date.
10. Audit rights
10.1. Subject to sections 10.1 to 10.3, Nerdio will make available to Customer on request all information necessary to demonstrate compliance with this Addendum, and will allow for and contribute to audits, including inspections, by Customer or an auditor mandated by Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors.
10.2. Information and audit rights of the Customer only arise under section 10.1 to the extent that the Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law (including, where applicable, article 28(3)(h) of the GDPR).
10.3. Customer will give Nerdio reasonable notice of any audit or inspection to be conducted under section 10.1 and will make (and ensure that each of its mandated auditors makes) reasonable efforts to avoid causing (or, if it cannot avoid, to minimize) any damage, injury or disruption to the Contracted Processors’ premises, equipment, personnel and business while its personnel are on those premises in the course of such an audit or inspection. A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection:
- 10.3.1. to any individual unless he or she produces reasonable evidence of identity and authority;
- 10.3.2. outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Nerdio that this is the case before attendance outside those hours begins; or
- 10.3.3. for the purposes of more than [one] audit or inspection, in respect of each Contracted Processor, in any [calendar year], except for any additional audits or inspections which:
- 10.3.3.1. Customer reasonably considers necessary because of genuine concerns as to Nerdio’s compliance with this Addendum; or
- 10.3.3.2. Customer is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory,
- where Customer has identified its concerns or the relevant requirement or request in its notice to Nerdio of the audit or inspection.]
11. Restricted Transfers
11.1. Subject to section 11.3, Customer (as “data exporter”) and each Contracted Processor, as appropriate, (as “data importer”) hereby enter into the Standard Contractual Clauses in respect of any Restricted Transfer from Customer to that Contracted Processor.
11.2. The Standard Contractual Clauses will come into effect under section 12.1 on the later of:
- 11.2.1. the data exporter becoming a party to them;
- 11.2.2. the data importer becoming a party to them; and
- 11.2.3.commencement of the relevant Restricted Transfer.
11.3. Section 11.1 will not apply to a Restricted Transfer unless its effect, together with other reasonably practicable compliance steps (which, for the avoidance of doubt, do not include obtaining consents from Data Subjects), is to allow the relevant Restricted Transfer to take place without breach of applicable Data Protection Law.
12. General Terms
Governing law and jurisdiction
12.1. Without prejudice to clauses 7 (Mediation and Jurisdiction) and 9 (Governing Law) of the Standard Contractual Clauses:
- 12.1.1. the parties to this Addendum hereby submit to the choice of jurisdiction stipulated in the Agreement with respect to any disputes or claims howsoever arising under this Addendum, including disputes regarding its existence, validity or termination or the consequences of its nullity; and
- 12.1.2. this Addendum and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in the Agreement.
Order of precedence
12.2. Nothing in this Addendum reduces Nerdio’s obligations under the Agreement in relation to the protection of Personal Data or permits Nerdio to Process (or permit the Processing of) Personal Data in a manner which is prohibited by the Agreement. In the event of any conflict or inconsistency between this Addendum and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail.
12.3. Subject to section 12.2, with regard to the subject matter of this Addendum, in the event of inconsistencies between the provisions of this Addendum and any other agreements between the parties, including the Agreement and including (except where explicitly agreed otherwise in writing, signed on behalf of the parties) agreements entered into or purported to be entered into after the date of this Addendum, the provisions of this Addendum will prevail.
Changes in Data Protection Laws, etc.
12.4. Customer may:
- 12.4.1. by at least 30 (thirty) calendar days’ written notice to Nerdio from time to time make any variations to the Standard Contractual Clauses (including any Standard Contractual Clauses entered into under section 11.1), as they apply to Restricted Transfers which are subject to a particular Data Protection Law, which are required, as a result of any change in, or decision of a competent authority under, that Data Protection Law, to allow those Restricted Transfers to be made (or continue to be made) without breach of that Data Protection Law; and
- 12.4.2. propose any other variations to this Addendum which Customer reasonably considers to be necessary to address the requirements of any Data Protection Law.
12.5. If Customer gives notice under section 12.4.1:
- 12.5.1. Nerdio will promptly co-operate (and ensure that any affected Subprocessors promptly co-operate) to ensure that equivalent variations are made to any agreement put in place under section 5.4.3; and
- 12.5.2. Customer will not unreasonably withhold or delay agreement to any consequential variations to this Addendum proposed by Nerdio to protect the Contracted Processors against additional risks associated with the variations made under section 12.4.1 and/or 12.5.1.
12.6. If Customer gives notice under section 12.4.2, the parties will promptly discuss the proposed variations and negotiate in good faith with a view to agreeing and implementing those or alternative variations designed to address the requirements identified in Customer’s notice as soon as is reasonably practicable.
Severance
12.7. Should any provision of this Addendum be invalid or unenforceable, then the remainder of this Addendum will remain valid and in force. The invalid or unenforceable provision will be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.
ANNEX 1: DETAILS OF PROCESSING OF COMPANY PERSONAL DATA
This Annex 1 includes certain details of the Processing of Customer Personal Data as required by Article 28(3) GDPR.
Subject matter and duration of the Processing of Customer Personal Data
The subject matter and duration of the Processing of the Customer Personal Data are set out in the Agreement and this Addendum.
The nature and purpose of the Processing of Customer Personal Data
Nerdio for Azure (NFA) Service as provided under the Agreement.
The types of Customer Personal Data to be Processed
[Include list of data types here]
The categories of Data Subject to whom the Customer Personal Data relates
[Include categories of data subjects here]
The obligations and rights of Customer
The obligations and rights of Customer are set out in the Agreement and this Addendum.
ANNEX 2: STANDARD CONTRACTUAL CLAUSES
[These Clauses are deemed to be amended from time to time, to the extent that they relate to a Restricted Transfer which is subject to the Data Protection Laws of a given country or territory, to reflect (to the extent possible without material uncertainty as to the result) any change (including any replacement) made in accordance with those Data Protection Laws (i) by the Commission to or of the equivalent contractual clauses approved by the Commission under EU Directive 95/46/EC or the GDPR (in the case of the Data Protection Laws of the European Union or a Member State); or (ii) by an equivalent competent authority to or of any equivalent contractual clauses approved by it or by another competent authority under another Data Protection Law (otherwise).]
[If these Clauses are not governed by the law of a Member State, the terms “Member State” and “State” are replaced, throughout, by the word “jurisdiction”.]
Standard Contractual Clauses (processors)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection [This opening recital is deleted if these Clauses are not governed by the law of a member state of the EEA.]
[The gaps below are populated with details of the Customer:]
Name of the data exporting organisation:
Address:
Tel.: ____________; fax: __________________; e-mail: __________________
Other information needed to identify the organisation
……………………………………………………………
(the data exporter)
And
[The gaps below are populated with details of the relevant Contracted Processor:]
Name of the data importing organisation:
Address:
Tel.: ________________; fax: _________________; e-mail:__________________
Other information needed to identify the organisation:
…………………………………………………………………
(the data importer)
each a “party”; together “the parties”,
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
Background
The data exporter has entered into a data processing addendum (“DPA”) with the data importer. Pursuant to the terms of the DPA, it is contemplated that services provided by the data importer will involve the transfer of personal data to data importer. Data importer is located in a country not ensuring an adequate level of data protection. To ensure compliance with Directive 95/46/EC and applicable data protection law, the controller agrees to the provision of such Services, including the processing of personal data incidental thereto, subject to the data importer’s execution of, and compliance with, the terms of these Clauses.
Clause 1
Definitions
For the purposes of the Clauses:
(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; [If these Clauses are governed by a law which extends the protection of data protection laws to corporate persons, the words “except that, if these Clauses govern a transfer of data relating to identified or identifiable corporate (as well as natural) persons, the definition of “personal data” is expanded to include those data” are added.]
(b) ‘the data exporter’ means the controller who transfers the personal data;
(c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC; [If these Clauses are not governed by the law of a Member State, the words “and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC” are deleted.]
(d) ‘the subprocessor’ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Clause 2
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Clause 3
Third-party beneficiary clause
1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Clause 4
Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC; [If these Clauses are not governed by the law of a Member State, the words “within the meaning of Directive 95/46/EC” are deleted.]
(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
Clause 5
Obligations of the data importer
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
- (i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
- (ii) any accidental or unauthorised access, and
- (iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
Clause 6
Liability
1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
Clause 7
Mediation and jurisdiction
1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.
2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Clause 8
Cooperation with supervisory authorities
1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).
Clause 9
Governing Law
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
Clause 10
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
Clause 11
Subprocessing
1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement.
2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.
Clause 12
Obligation after the termination of personal data processing services
1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
On behalf of the data exporter:
[Populated with details of, and deemed signed on behalf of, the data exporter:]
Name (written out in full):
Position:
Address:
Other information necessary in order for the contract to be binding (if any):
Signature……………………………………….
On behalf of the data importer:
[Populated with details of, and deemed signed on behalf of, the data importer:]
Name (written out in full):
Position:
Address:
Other information necessary in order for the contract to be binding (if any):
Signature……………………………………….
Appendix 1 to the Standard Contractual Clauses
This Appendix forms part of the Clauses and must be completed and signed by the parties
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix
Data exporter
The data exporter is:
[TO BE COMPLETED]
Data importer
The data importer is:
[TO BE COMPLETED]
Data subjects
The personal data transferred concern the following categories of data subjects:
[TO BE COMPLETED]
Categories of data
The personal data transferred concern the following categories of data:
[TO BE COMPLETED]
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data:
[TO BE COMPLETED]
Processing operations
The personal data transferred will be subject to the following basic processing activities:
[TO BE COMPLETED]
DATA EXPORTER
[Populated with details of, and deemed to be signed on behalf of, the data exporter:]
Name:………………………………
Authorised Signature ……………………
DATA IMPORTER
[Populated with details of, and deemed to be signed on behalf of, the data importer:]
Name:………………………………
Authorised Signature ……………………
Appendix 2 to the Standard Contractual Clauses
This Appendix forms part of the Clauses and must be completed and signed by the parties.
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c):
[TO BE COMPLETED]
ANNEX 3: LIST OF MANDATED AUDITORS
[TO BE COMPLETED]