These terms are a legal agreement between Meet Kairos, Inc. (the "Provider") and the customer named below, or named in the applicable invoice issued by Provider or the Order Form (the "Customer").  

Please read all the terms before indicating acceptance. Unless modified, superceded, or otherwise altered by an external agreement, these terms apply to the Kairos platform, any support and online services that we provide, and any modules, updates, upgrades, supplements, new features, and additional services for the Kairos platform, unless other terms accompany those items. If so, those terms apply. By using the Kairos platform and services, or any updates to our platform, the Customer accepts these terms. If the Customer does not accept them, then the Customer is not authorized to use the platform or services or any updates. Customer is bound by these terms even if it does not read all the terms.  

 

1. DEFINITIONS  

1.1 "Effective Date" means the date on which the following has occurred: payment for access to the Kairos Platform, and acceptance of these terms by Customer;
1.2 "Fees" is defined in Section 5.1;
1.3 "Customer" means the company or other legal entity acquiring access to the Platform and Services, together with its affiliated companies, as listed in the invoice issued by the Provider or the Order Form;  
1.4 "Customer Data" means the Customer's proprietary information input by the Customer's Users, or accessed by the Platform, in the course of Customer's use of the Platform or Services;
1.5 "Kairos Intellectual Property" is defined in Section 3.0;
1.6 "Order Form" means the checkout page, or the invoice from Provider, listing specific modules, tiers of access, user licenses, seats for access to the Platform, and any related Services;
1.7 "Personal Information" means personal information about an identifiable individual but excludes business contact information or anonymized data;
1.8 "Platform" means the Kairos platform, together with any fixes, patches or updates released by Provider, associated products, and all modules licensed hereunder as listed in the invoice or Order Form issued by the Provider;
1.9 "Platform Data" means the aggregate information including meta-data created or generated by the Platform (excluding Personal Information and Customer Data);
1.10 "Privacy Policy" means the Provider privacy policy updated from time to time, the current version of which is posted at https://meetkairos.com/kairos-privacy-policy;
1.11 "Services" means the technical support, and any consulting services or onboarding services provided by Provider or its designated consultants, as may be identified in an Order Form; 
1.12 "Term" is defined in Section 10.1; 
1.13 "User" means Customer’s authorized end-users (including concurrent and/or named users) of the Platform and Services. 

2. ACCESS 

2.1 Access by Users. Access to the Platform is licensed to Customer (not sold) based on the number of Customer’s Users that access the Platform, all as set forth in the Order Form. Customer is granted a non-exclusive, non-sublicensable, non-assignable, and non-transferable right and license for its Users to access the Platform during the Term, conditional upon payment of all Fees.  
2.2 Service Level Commitments. The Provider warrants that it will make the Platform available to the Customer in accordance with the Service Level Agreement (SLA) set forth in Appendix 1, forming part of this Agreement. 
2.3 User Licenses. As part of the license, Customer shall acquire a user access license for the total number of users or seats to access the Platform directly or indirectly at any one time (including ‘"concurrent users" who are assigned a unique login name/password combination to access and/or use the Platform in a manner that limits the number of such users having simultaneous access and/or "named users" who are named individuals having the right to access and/or use the Platform). Customer may acquire access licenses for additional concurrent or named Users for the Platform based on Provider’s then-current standard pricing. 
2.4 Circumvention Prohibited.  Any hardware, software or methods used by Customer to directly or indirectly access the Platform, pool connections, or reduce the number of devices or users that directly access or use the Platform (sometimes referred to as "multiplexing" or "pooling"), does not reduce the number of user licenses that Customer requires.  If Customer exceeds the maximum number of permitted Users, through any such method, Customer will be in breach of this Agreement. 
2.5 Customer’s Account. Customer is responsible for maintaining the confidentiality of Customer’s account information, password and login information. Customer is responsible for all uses of Customer’s account by its Users. Customer agrees to immediately notify Provider of any unauthorized use of Platform. Customer represents and warrants that Customer or the person entering into this Agreement has the authority to do so. 
2.6 System Requirements. Customer shall ensure that it meets and complies with the system requirements as published by the Provider.  

3. INTELLECTUAL PROPERTY & CONFIDENTIALITY 

3.1 Intellectual Property. Provider (and its third-party licensors) own any and all any intellectual property rights, and all right, title and interest in and to the Platform, the Platform Data, any documentation supplied with the Platform or the Services, and the trademarks of Provider (collectively the "Kairos Intellectual Property") immediately upon creation. Kairos Intellectual Property is protected by Canadian, US and international copyrights and may be subject to applicable patent rights. The Kairos content is protected by copyright and is not licensed for any independent use apart from the Platform. All inventions, discoveries, improvements, software, copyright, know-how or other intellectual property, whether or not protected by patent or copyright, created, developed or authored by Provider prior to or during this Agreement pertaining to Kairos Intellectual Property, are and will remain the sole and absolute property of Provider. Customer will maintain any proprietary notices which may appear thereon. 
3.2 Confidentiality. Provider shall at all times maintain confidentiality over all Customer Data processed under this Agreement using at least the same degree of care as it uses to safeguard its own information of a highly confidential nature.  Provider agrees not to use, copy or disclose Customer Data processed under the Agreement to any third party except as required to provide the Platform and Services to the Users, or as authorized by the Customer, or as required under applicable law.  

4. PERSONAL INFORMATION, DATA & CONTENT 

4.1 Data Processing. The Provider warrants that it will process Personal Information in accordance with the Data Processing Agreement (DPA) set forth in Appendix 2, forming part of this Agreement. 
4.2 Personal Information. The Privacy Policy is incorporated into this Agreement. Provider and Customer shall abide by the Privacy Policy and all applicable provincial, state, and federal personal information protection laws with respect to the handling of Personal Information. Provider may collect, aggregate and anonymize data provided it does not contain or disclose any Personal Information. Any Personal Information collected, used or disclosed by Provider is subject to the terms of the Privacy Policy.   
4.3 Archiving & Security. Customer is responsible for archiving and data back-up for its own purposes. The Platform is not an archive or data back-up service. Customer is responsible for the security of its systems that access the Platform.  
4.4 Aggregated Data. Provider may collect, aggregate and anonymize Platform Data for the purpose of purpose of statistical analysis, data analytics, research, product improvement, benchmarking, and for other business purposes, subject to the following:  
4.5 All aggregated data will be stripped of identifiers (such as specific users, corporate or business names or serial numbers) that would identify specifics about individual users; 
4.6 Aggregated data will not be traceable back to any specific users; and 
4.7 Provider shall have rights hereunder to use, dispose of and own such anonymized and aggregated data at its discretion whether during or after the term of this Agreement. 

 

5. PAYMENTS 

5.1 Fees. As a condition of accessing the Platform and obtaining any Services, the Customer agrees to pay to Provider the fees including user access fees, fees for Services, as set forth in the applicable invoice or Order Form issued by Provider (collectively the "Fees"). The Fees will be payable within 30 days of the invoice date, or as set forth in the applicable invoice or Order Form issued by Provider. 
5.2 Other Payments or Expenses.  The Fees payable under each invoice or Order Form issued by the Provider are net and do not include any taxes, duties, excises, or other payments payable under any relevant tax authority, or federal, state, provincial or local laws ("Additional Amounts"). Customer will be responsible for the payment of any Additional Amounts related to its access to the Platform or Services, and any additional modules which may be licensed from time to time, as set forth in the applicable invoice or Order Form. Customer undertakes and agrees to self-assess and to remit any Additional Amounts that it may owe, with respect to its access to the Platform and any Services.  

 

Provider reserves the right to charge the Customer an amount equal to such Additional Amounts in addition to any Fees owed under the applicable invoice or Order Form. If Customer's relevant tax authority requires Customer to withhold any Additional Amounts, the Customer remains liable to pay Provider the full amount listed in the invoice or Order Form, grossed up as if the amount to be withheld was an amount payable in addition to the amount payable net to Provider. If Customer requires a revised quotation or invoice recording such additional sums payable, it is Customer's responsibility to notify Provider in writing to provide a revised quotation or invoice. Customer hereby agrees to indemnify and save harmless the Provider from any and all such Additional Amounts, including interest and penalties that may be assessed against the Provider as a result of the Provider not collecting or remitting such amounts in respect of the Customer's failure under this section. 

5.3 Price Increases. Provider reserves the right to change its prices at any time. For Customers on a subscription plan, changes to the Fees will not apply until the next renewal, or thirty (30) days after notice, whichever is later. 

 

6. SERVICES & SUPPORT  

6.1 Services. If Services are listed in an Order Form, and such Order Form is accepted by the Provider in writing, then the Provider will provide the Services as set forth in the applicable Order Form.  

6.2 Support. If technical support is part of the Services (as listed in an Order Form), the Provider’s responsibility for such Services is explicitly related to the Platform and does not include support, troubleshooting or maintenance for the hardware, software or modules of third parties or other platform vendors. This Agreement does not include (i) support for the Platform outside the scope of this Section 6.0, or (ii) any custom software development services.  

 

7. RESTRICTIONS  

7.1 Restrictions. Customer shall not, and shall not authorize any third party to. 
(a) make unauthorized copies of Kairos Intellectual Property; 
(b) modify, decompile, disassemble, translate into another computer language, create derivative works, access the source code, hack, decrypt, rename files, or otherwise reverse engineer Kairos Intellectual Property; 
(c) incorporate any portion of Kairos Intellectual Property into any products which will be sold, licensed or transferred to a third party; 
(d) use Kairos Intellectual Property in connection with a computer based service business for others, or display the visual output of Kairos Intellectual Property for others; 
(e) distribute, sell, lease, transfer, assign, trade, rent, lease, divulge, share, disclose, or lend Kairos Intellectual Property or publish, license, sublicense or cross-license Kairos Intellectual Property or any part thereof and/ or copies thereof to others;  
(f) copy, duplicate or use the Platform or any part of that work as a standalone database, or distribute, sell or otherwise make such work available to others, except as part of the licensed use of the Platform; 
(g) use Kairos Intellectual Property or any part thereof in violation of any law or regulation, or for any purpose other than as expressly permitted in this Agreement; 
(h) distribute screen shots, or disclose to a third party the results of any benchmark test of Kairos Intellectual Property without Provider approval; 
(i) permit any person other than authorized Users to use Kairos Intellectual Property; 
(j) upload, post or submit content or data that infringes any copyright, or other intellectual property rights, or offends privacy rights, or otherwise offends the standards set by Provider from time to time; or 
(k) copy, misuse or duplicate the layout and design of Kairos Intellectual Property, or the underlying code and database structures or any part thereof. 

 

8. LIMITATION OF LIABILITY & DISCLAIMER OF WARRANTY 

8.1 Limited Warranty. Provider warrants to the Customer that (a) it has all necessary rights to grant access to the Platform for the Customer and its Users as contemplated in this Agreement, (b) the Platform and any Services are provided in accordance with industry standards, and (c) the Platform does not infringe or misappropriate any third party patent issued or trademark or copyright registered as of the Effective Date. 

8.2 DISCLAIMER. Except for the warranties set forth in Section 8.1. the Platform and Services are provided "AS IS" without additional warranties, conditions or representations of any kind, and Provider expressly disclaims, to the fullest extent permitted by applicable law, any warranty or condition, express or implied, statutory or otherwise, whether arising from trade or course of dealing, including, without limitation, any warranty that the Platform and Services (i) shall correspond with a particular description, (ii) are fit for Customer’s particular purpose, (iii) do not and will not infringe any other intellectual property or other proprietary rights of any third party, (iv) are bug or error free, or (v) are accessible through all devices or browsers. Customer acknowledges that entry, conversion and storage of data is subject to human and machine error and that Provider shall not be liable to Customer or Customer’s Users for any loss, exfiltration, corruption or errors in data. Provider is not responsible for any third-party data-hosts, resellers, installers or consultants that are not approved in writing by Provider. Provider makes no representations or warranties with respect to such third-party hosts, resellers, installers or consultants, nor do they have any authority to bind Provider or modify any of these terms, verbally or otherwise. Provider does not warrant and disclaims all liability in connection with any third-party software, modules, viruses, hardware or failures in the internet.  

8.3 ALLOCATION OF RISK. Provider shall not be liable for any monetary damages whatsoever with respect to Customer’s or any Users’ use of the Kairos Intellectual Property and Services hereunder, nor shall Provider be liable for any indirect, incidental, consequential, special, punitive or exemplary damages arising out of this Agreement, even if Provider is advised of the possibility of such damages. The entire risk as to the results and performance of the Kairos Intellectual Property and Services is assumed by Customer and Customer agrees to implement and adopt reasonable measures to examine and confirm results prior to use, to back-up its data, and limit exposure to errors and failures in data and storage media. 

8.4 LIMITATION OF LIABILITY. The total liability of Provider, whether under the express or implied terms of this Agreement, in tort (including negligence or other duty of care) or at common law, for any loss or damage including but not limited to any data loss, exfiltration or corruption, suffered by Customer or any of Customer’s Users or third parties, whether direct, indirect or special, or any other similar damage that may arise or does arise from any Kairos Intellectual Property and Services or any breach of this Agreement by Provider, shall in no event exceed the fees paid by Customer to Provider under the Order Form during the twelve (12) month period immediately preceding Customer's first assertion of any claim against Provider under this Agreement.   

9. INDEMNITY  

9.1 Customer Indemnity.  Customer indemnifies, holds harmless and defends Provider against any and all third-party claims (including all associated legal fees and disbursements actually incurred) against Provider arising out of a breach by Customer or Customer’s Users of the obligations under this Agreement, or the use or misuse of the Platform or Services by Customer or any of Customer’s Users. 

9.2 Provider Indemnity.  Provider indemnifies, holds harmless and defends Customer against any and all third-party claims (including all associated legal fees and disbursements actually incurred) against Customer arising out of a breach of the warranties in Section 8.1. The indemnity arising out of a breach of the warranty in Section 8.1(c) shall not apply to the extent that the alleged infringement is based on: (i) a modification of the Platform by anyone other than the Provider; (ii) access to or use of the Platform in a manner contrary to the terms of this Agreement; or (iii) access to or use of the Platform by Users after notice of any alleged infringement from the Provider. If the Platform or any part thereof becomes, or in Provider’s reasonable opinion, is likely to become, the subject of a claim for infringement against which Provider is liable to indemnify the Participant under this Section, then Provider may, at its sole option and expense: (A) procure for the Customer the right to use and access the infringing or potentially infringing element(s) of the Platform free of any liability for infringement; or (B) replace or modify the infringing or potentially infringing element(s) of the Platform with a non-infringing substitute otherwise materially complying with the functionality of the replaced system. If (A) or (B) is not reasonably available in Provider’s reasonable opinion Provider may terminate this Agreement, in which case the Participant shall receive a pro rata refund of prepaid unearned Fees to the date of termination. The foregoing shall be Provider's sole liability and Customer's sole remedy in respect of the indemnity under this Section. 

 

10. TERM & TERMINATION 

10.1 Term. This Agreement will start on the Effective Date and will continue for the period set forth in the Order Form, or as renewed under Section 10.2, unless terminated earlier under this Agreement (the "Term").  

10.2 Renewal. Customer's subscription will automatically renew on a monthly or annual basis as applicable unless written notice of non-renewal is delivered by the Customer at least 30 days prior to the end of the then-current period

10.3 Termination. Customer’s account will terminate in the event of Customer’s failure to pay Fees. Customer’s account may be automatically suspended if Customer or any of Customer’s Users breach any material term of this Agreement. Customer may terminate this Agreement without cause at any time, in which case any prepaid amounts will be non-refundable. Customer may also terminate this Agreement on 21 days’ written notice if Provider is in breach of any material term of this Agreement and such breach has not been cured within the notice period. Provider shall have the right to terminate this Agreement (a) on 21 days’ written notice if Customer is in breach of any material term of this Agreement or any other agreement with Provider and such breach has not been cured within the notice period; or (b) immediately without notice if Customer is bankrupt, insolvent or the subject of any proceeding under the Bankruptcy and Insolvency Act or CCAA, or any other statute of similar purpose which has not been successfully resolved in Customer’s favour within ninety (90) days; or (c) on 30 days written notice to Customer. Such termination shall be in addition to and not in lieu of any legal remedies otherwise available to the terminating party.  

10.4 Effect of Termination.  Upon termination or expiry of this Agreement (a) Customer will cease all use of the Platform and access to the Services; and (b) the Provider will cease all use of and will securely delete or return to the Customer all Customer Data.  

11. VERIFICATION & PRODUCT IMPROVEMENT 

11.1 Verification.  Provider has the right to monitor usage and verify compliance with the terms of this Agreement and Customer agrees to provide Provider with information as may be reasonably requested from time to time regarding the number of Users of Platform, and access of the Services through Customer’s account, for product improvement and other compliance requirements.  

 

12. GOVERNING LAW & DISPUTES  

12.1 Governing Law. This Agreement is governed by the laws of the Province of Alberta (Canada), without regard to its conflict of laws rules.   
12.2 Dispute Resolution. Any dispute, claim or controversy arising out of or relating to this Agreement or the breach, termination, enforcement, interpretation or validity thereof, including the determination of the scope or applicability of this agreement to arbitrate, shall be determined by arbitration in the City of Edmonton, Alberta, before one arbitrator. The arbitration shall be administered by JAMS pursuant to JAMS' Streamlined Arbitration Rules and Procedures.  
12.3 Attornment. Judgment on the award may be entered in any court having jurisdiction. This Article 12.0 shall not preclude parties from seeking provisional remedies in aid of arbitration from a court of appropriate jurisdiction. Both parties agree that by entering into this Agreement they have attorned to the jurisdiction of the courts in the Province of Alberta (Canada). 
12.4 Waiver of Jury Trial. Each party acknowledges and agrees that any controversy that may arise under this Agreement, including exhibits, schedules, attachments, and appendices attached to this Agreement, is likely to involve complicated and difficult issues and, therefore, each such party irrevocably and unconditionally waives any right it may have to a trial by jury in respect of any legal action arising out of or relating to this Agreement, including any exhibits, schedules, attachments, or appendices attached to this Agreement, or the transactions contemplated hereby. 

13. SECURITY 

13.1 Security. In its provision of the Platform and performance of any Services, the Provider shall implement, and shall ensure that Provider's employees, agents, and subcontractors, implement, maintain and monitor reasonable physical, technical and administrative security measures designed to protect Customer's information from unauthorized access, exfiltration, destruction, use, modification or disclosure.  
13.2 Breach Notification. Provider shall immediately notify Customer in writing when provider becomes aware of any unauthorized access, exfiltration, destruction, use, modification or disclosure respecting Personal Information of the Customer, or if Provider becomes the subject of any government, regulatory, or other investigation or proceeding relating to its privacy, data security, or handling practices in relation to the Platform or Services. The notice in writing from the Provider to the Customer shall include sufficient detail, including the nature of the breach, the Personal Information impacted, records impacted, individuals impacted, and intended resolution. 

14. GENERAL TERMS 

14.1 Feedback. If users submit unsolicited suggestions, product improvement requests, ideas or user feedback, this does not obligate Provider to implement any changes to the product, and Provider makes no assurances that any such ideas will be treated as confidential or proprietary. Provider may elect to adopt or use, or refrain from adopting or using any feedback from users without any compensation, acknowledgement or attribution.  
14.2 Portfolio. Customer consents to be identified as a customer of the Provider and to the display of its corporate name and logo on Provider's site, during the Term of this Agreement.  
14.3 Commercial Third-Party Licenses.  Customer is required to obtain and maintain any commercial third-party hardware and software which may be required to use the Platform and access Services including any wireless data communications services from a service provider; and any wireless handheld end-user devices. 
14.4 Assignment.  Customer will not assign, transfer, encumber or otherwise dispose of any or all of the rights granted to Customer under this Agreement without the prior written consent of Provider, provided however that if Customer provide written notice to Provider with sufficient details, consent will not be unreasonably withheld if the assignment is part of a duly authorized corporate re-organization or duly authorized disposition of all or substantially all of the assets of the Customer. Provider may assign this Agreement to a third-party upon written notice to Customer.   
14.5 No Partnership. Nothing contained in this Agreement is to be deemed or construed to create between the parties a partnership or joint venture.  No party has the authority to act on behalf of any other party, or to commit any other party in any manner at all or cause any other party's name to be used in any way not specifically authorized by this Agreement. 
14.6 Enurement. Subject to the limitations in this Agreement, this Agreement operates for the benefit of and is binding on the parties and their respective successors and permitted assigns. 
14.7 No Waiver. No condoning, excusing or overlooking by any party of any default, breach or nonobservance by any other party at any time regarding any terms of this Agreement operates as a waiver of that party's rights under this Agreement.  No exercise of a specific right or remedy by any party precludes it from or prejudices it in exercising another right or pursuing another remedy or maintaining an action to which it may otherwise be entitled either at law or in equity. 
14.8 Survival.  All terms which require performance by the parties after the expiry or termination of this Agreement, will remain in force despite this Agreement's expiry or termination for any reason.  The following terms shall survive termination: 3.0, 8.0, 10.4 and 12.0. 
14.9 Language.  It is the express will of the parties that this Agreement and all related documents be drawn up in English. Les parties aux présents ont exigés que la présente convention ainsi que tous les documents et avis qui s’y rattachent ou qui en découleront soient rédigés en anglais. 
14.10 Severability.  Part or all of any section that is indefinite, invalid, illegal or otherwise voidable or unenforceable may be severed and the balance of this Agreement will continue in full force and effect. 
14.11 Entire Agreement. This Agreement, the applicable invoice issued by the Provider, the Order Form (collectively the "Agreement") set out the entire understanding between the parties related to access to Platform and the Services. 
14.12 Precedence: If there is any discrepancy or inconsistency between this Agreement and any purchase order, email, attachment or other document issued by the Customer, this Agreement will prevail to the extent required to resolve the discrepancy or inconsistency. The documents will be interpreted such that the documents will take precedence over any contrary terms in the following order: 
(a) the invoice or Order Form approved by the Provider; 
(b) the main body of the Agreement;  
(c) Privacy Policy; 
(d) the DPA; 
(e) the SLA. 

14.13 Changes. On release of any update or upgrade to the Platform or material change in the Services, Provider reserves the right to modify this Agreement and to impose new or additional terms or conditions on Customer’s use of the Platform or Services. The then-current terms (including any modifications and additional terms and conditions if applicable) will be presented to the Customer and will be effective immediately upon Customer’s acceptance of the terms and continued use of the Platform or Services. 

14.14 Electronic Acceptance. This Agreement may be agreed to by electronic acceptance. 

If Customer has questions about these terms or wish to contact Provider for any reason, please contact us at:  privacy@meetkairos.com 

[03/2004]  End of Terms 

 

Appendix 1 

Service Level Agreement (SLA) 

1. Service Levels: Provider commits to providing Customer with availability for the Platform to meet or exceed the following service level commitments: SLA Uptime of 99% 
2. SLA Uptime: To calculate SLA Uptime, we use the following formula on a calendar month basis:  

(Total Available Hours – Total Validated Downtime) / (Total Available Hours). These calculations are performed only if more than 3 hours of validated downtime occurs in a month. 

3. Defined Terms: 

Total Available Hours means: 

Start with the total number of hours in the month for the specific instance. Subtract the Scheduled Downtime Windows for that instance. The result is "Total Available Hours".  

Scheduled Downtime Windows means the following windows: 

Weekly maintenance window:  

Fridays from 10pm-3am MT. This downtime is excluded from SLA calculations. 

Major release/ Upgrade window:  

Approximately once per quarter, Provider may make major product releases. Admin users will be notified at least one week in advance, with a list of features to be released.  Major releases will start at 10pm on Friday, but it is possible that we will require additional downtime (beyond the typical maintenance window) to complete them. Downtime for major releases will be excluded from SLA calculations - up to 48 hrs from the notified start time (10pm PT on the relevant Friday) 

Total Validated Downtime means: 

Users must advise of any downtime occurrences within 5 days of the end of the month in which the event occurred to support@meetkairos.com. The User's name, start of downtime, and end of downtime must be included. Provider will verify the downtime event in our server logs, and when validated will be considered "validated downtime". The sum of those hours for a single instance in a calendar month will determine be "Total Validated Downtime". Downtime occurrences exclude any failures in the internet or telecommunications facilities, or any outages or bandwidth restrictions in Customer’s internet service. 

4. Credit for Breach of SLA Service Level: For each hour (or partial hour) during which the availability falls below the service level commitment in Section 1, a service credit will be applied to Customer’s account for the following Term equal to two times (2x) the confirmed downtime. 

5. Charge for re-scheduled session:  In the event that Customer re-schedules a Kairos coaching session with less than forty-eight (48) hours notice, a $500 USD charge will be issued from Provider to Customer, payable in accordance with Section 5. of the Master Service Agreement. 

6. Other Notes: By default all deployments and hosting will be in the Amazon Web Services US East locale, in the Eastern Time Zone. If Provider moves a Customer’s system to a server based in another time zone, Provider reserves the right to update the scheduled downtime windows / major release/upgrade windows for those accounts to a local time zone.   

 

Appendix 2 

Data Processing Agreement (DPA) 

1. DEFINITIONS. 

1.1 For the purpose of this DPA, the defined terms shall have the following meaning: 
(a) "Controller" means the entity which determines the purposes and means of the Processing of Personal Data; 
(b) "Data Protection Laws" means those privacy and data protection laws and regulations which are applicable to the Processing of Personal Data pursuant to the Agreement, which may include the Personal Information Protection and Electronic Documents Act (PIPEDA), or any successor Canadian federal privacy protection legislation, and any applicable Canadian provincial personal information protection laws, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR"), the General Data Protection Regulation (EU) 2016/679 as it forms part of the law of the United Kingdom ("UK") by virtue of section 3 of the European Union (Withdrawal) Act 2018, the Data Protection Act 2018 and any legislation and/or regulation which amends, replaces, re-enacts or consolidates them, the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., as amended, and its implementing regulations ("CCPA"), and the Swiss Federal Act on Data Protection ("FADP") of June 19, 1992 (as updated, amended, and replaced from time to time); 
(c) "Data Subject" means the identified or identifiable person to whom Personal Data relates; 
(d) "Personal Data" means: (1) any information relating to an identified or identifiable natural person; and (2) any information defined as "personally identifiable information," "personal information," or "personal data," as such terms are defined under applicable Data Protection Laws, limited to that Personal Data Provider Processes in connection with the Services provided to Customer;  
(e) "Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, disseminating, or otherwise making available, combining, restricting, erasing or destroying;  
(f) "Processor" means the entity which Processes Personal Data on behalf of the Controller, including as applicable any "service provider" as that term is defined in the CCPA, or applicable Data Protection Laws; 
(g) "Standard Contractual Clauses" means the standard contractual clauses and their appendices issued pursuant to the International Data Transfer DPA to the EU Commission Standard Contractual Clauses by the Information Commissioner for Parties making Restricted Transfers, and European Commission Decision 2021/914, or any replacement clauses issued from time to time by the European Commission, any applicable data protection authority, or other body with competent authority and jurisdiction (including, for the avoidance of doubt, analogous clauses issued by a competent authority in the UK);  
(h) "Sub-Processor" means any other Processor engaged by Provider for carrying out Processing on behalf of Customer. 

2. ROLES. 

2.1 The Parties acknowledge and agree that Customer determines the purpose and means of the Personal Data Processing activities performed by Provider to deliver the Platform and Services under the Agreement and shall be considered the Controller. Provider Processes Personal Data on behalf of Customer, and shall be considered the Processor. 
2.2 Both Provider and Customer shall fulfill their respective legal obligations under applicable Data Protection Laws. 

3. GENERAL. 

3.1 For the purposes of this DPA, including any attachments thereto, the Parties agree: 
3.1.1 the subject matter and nature and purpose of Processing are set forth in the Agreement; 
3.1.2 the duration of Processing is the term of the Agreement; 
3.1.3 the categories of Data Subjects are Customer’s end users and examinees; 
3.1.4 the categories of Personal Data that will be Processed in connection with the Services include the following: 

Categories of Personal Data: Post meeting assessment data, connectivity information, employee names, titles, e-mail addresses, reporting structures, artifacts related to meetings, meeting transcript information and analysis, meeting sentiment analysis, and other related and supplementary information. 

3.1.5 the purpose for Processing the Personal Data is limited to the performance of the Provider's obligations under the Agreement, and Personal Data may not be collected, used or disclosed for any other purpose. 

3.2 The above provision and the Agreement constitute Customer’s documented instructions concerning Provider’s Processing of Personal Data for Customer. Provider will immediately inform Customer if, in Provider’s opinion, any instruction from Customer violates any applicable Data Protection Laws. 

3.3 This DPA only applies to the extent that the Data Protection Laws apply to the Processing of Personal Data under the Agreement.

3.4 The stipulations on choice of law, venue, and jurisdiction in the Agreement apply to this DPA, unless otherwise noted. 

3.5 No change of, or amendment to, this DPA shall be valid and binding unless made in writing (including electronic copies) signed by or on behalf of the Parties.  
3.6 If one or more provisions of this DPA are deemed void, this shall not affect validity of the other provisions of this DPA. 

4. PROCESSING.  

4.1 Provider shall: 
4.1.1 comply with all Data Protection Laws in the Processing of Personal Data;  
4.1.2 maintain appropriate technical, organisational and physical security measures to meet the requirements of applicable Data Protection Laws; 
4.1.3 ensure that all its personnel having access to Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; 
4.1.4 not Process Personal Data other than pursuant to Customer’s documented instructions unless alternative Processing is required by Data Protection Laws to which the Processor is subject, in which case Provider shall to the extent permitted by applicable law inform Customer of that legal requirement in writing before Processing that Personal Data. 

4.2 Provider will Process Personal Data on behalf of Customer and will not collect, retain, use, disclose, or sell Personal Data for any purpose, including for any commercial purpose, other than for the purposes set out in the Agreement. 

 

5. SUB-PROCESSING.  

5.1 Customer acknowledges and agrees that Provider may engage Third Parties as Sub-Processors in connection with the Services. Sub-Processors shall be obliged to (i) comply with applicable Data Protection Laws and (ii) provide the same data protection obligations as those required of Provider in this DPA. 
5.2 A full list of all Sub-Processors as of the Effective Date of this DPA may be provided by Provider in writing upon request. Customer’s execution the Agreement operates as its general authorization for Provider to modify its Sub-Processors, provided that Provider informs Customer of any intended changes and gives Customer a reasonable time to object.   
5.3 The Provider remains liable for the conduct of any Sub-Processors and the performance of any obligations of a Sub-Processor under this Agreement. 

6. CROSS BORDER TRANSFERS. 

6.1 Provider shall only transfer Personal Data outside of Canada, USA, the European Union, UK, or Switzerland where sufficient safeguards are in place. For transfers to countries that have not received an adequacy finding under GDPR Article 45, or as otherwise prescribed by applicable data protection authorities, Provider shall comply with the protections set forth in the Standard Contractual Clauses, which are adopted and incorporated into this DPA by reference.   

7. ASSISTANCE TO CUSTOMER. 

7.1 Data Subject Requests. Where required by applicable Data Protection Laws, Provider will assist Customer by appropriate technical, organisational and physical measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to Data Subject requests. 
7.2 Data Protection Impact Assessment and Prior Consultation. Provider shall provide reasonable assistance to Customer with any data protection impact assessments, and prior consultations with any data privacy authorities, which Customer reasonably considers to be required by GDPR Articles 35 or 36 or equivalent provisions of any other Data Protection Laws in each case solely in relation to Processing of Personal Data by, and taking into account the nature of the Processing and information available to, Provider or its Sub-Processors. 
7.3 Security and Breach. Taking into account the nature of the Processing and the information available to Provider, Provider shall reasonably assist Customer in ensuring compliance with its security obligations under GDPR Article 32 or analogous obligations under the Data Protection Laws. Where Personal Data is subject to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, Provider shall notify Customer without undue delay, and shall reasonably cooperate with Customer to assist in the investigation, mitigation, notification, and remediation of any such breach in accordance with applicable Data Protection Laws. 
7.4 Audits. Provider will make available to Customer all information necessary to demonstrate Provider’s compliance with applicable Data Protection Laws in relation to the Processing of Personal Data, including allowing for and contributing to audits and allowing for inspections, conducted by Customer or another auditor mandated by Customer. 

8. DATA RETENTION, DELETION AND RETURN. 

8.1 At the end of the Term, Provider shall, at the choice of Customer, delete or return all Personal Data obtained from Customer, and delete existing copies. 

8.2 Provider may retain a copy of Personal Data where required by Data Protection Laws or other applicable law, and only to the extent and for such period as required by the Data Protection Laws or other applicable law, and always provided that Provider shall ensure that such Personal Data is only Processed as necessary for the purpose(s) specified in the Data Protection Laws or other applicable law requiring retention.