1. DEFINITIONS
1.1 “Acceptable Use Policy” means the then-current acceptable use policy of Zahara, which is currently located at Usage Policy, as may be updated, modified, supplemented, or otherwise amended from time to time.
1.2 “Account Administrator” means the Representative(s) set out in the Transaction Document, which, in the management of the Product, has the exclusive right to grant access or use to any Users of the Product on behalf of Customer.
1.3 “Account Information” means any information about Customer, its Affiliates, and any Users which Customer or any User provides to Zahara in connection with the creation or administration of their accounts (including, but not limited to, any Usage Credentials or Usage Metrics).
1.4 “Zahara Secure Connect” shall mean: Zahara’s platform for managing user subscriptions.
1.5 “Best-fit Storage” means an algorithm that may be used together with the Data Acquisition Rate. Best-fit Storage combined with a Data Acquisition Rate of sixty (60) seconds means that regardless of the number of values submitted for a Data Point, only the minimum set of values required to give a good representation of the Data Point for that sixty (60) seconds are stored. The minimum set of values may include, but is not limited to the First, Last, Minimum, Maximum, and Mean value for the Data Point. Best-fit Storage may be set forth in a Transaction Document as applicable to the Product purchased.
1.6 “Billing Metrics” means any information collected, processed, or stored by or on behalf of Zahara for the purposes of computing fees for a Product.
1.7 “Credits” means electronic credits purchased by Customer which are then redeemed against Customer’s chosen Product allowing access to such Product for the Credit Access Period.
1.8 “Credit Access Period” means a period defined in the Transaction Document during which a User may access multiple instances of the Product from multiple devices, and it will count as a single access for the purpose of Credit Charging. Each Credit Access Period consumes the number of Credits shown against the Services in the Subscription Table. Where Customer wishes the Services to be used by multiple Users, the same applies per additional User.
1.9 “Credit Weighting” The number of Credits required for a single User to utilize a Product during a Credit Access Period.
1.10 “Customer Submission” means any software, data (including Personal Data), information, text, image, audio, video, photograph, or other content or material, in any format, that Customer or a User posts, uploads, or otherwise submits (or is posted, uploaded, or submitted on Customer’s or a User’s behalf) to community opened areas or developer or blog forums.
1.11 “Daily Active Users” or “DAU” refers to the total number of Users that have been identified by Zahara as accessing the Product during a calendar day, as measured in Coordinated Universal Time (UTC).
1.12 “Data Acquisition Rate” means the fastest rate at which the Product will store values for a single Data Point. This is expressed in terms of the duration between successive values stored by the Product. Values submitted that exceed the Data Acquisition Rate may not be stored by the Product. Data Acquisition Rates may be set forth in a Transaction Document as applicable to the Product purchased.
1.13 “Data Point” means a discrete unit of information – usually representing a value from a sensor or other device – that is being monitored over time, published and/or stored by the Product. Data Points may be set forth in a Transaction Document as applicable to the Product purchased.
1.14 “Data Source” means a piece of equipment or other system that is providing one or more Data Points to the Product and is being represented and managed as an inbound connection to the Product. Data Sources may be set forth in a Transaction Document as applicable to the Product purchased.
1.15 “Documentation” means the technical documentation, program specifications, operations manuals, and other documentation as are available on the Product (or through Zahara Secure Connect for such Product), which may be updated, modified, supplemented, or otherwise amended by Zahara from time to time.
1.16 “Excess Usage” has the meaning set forth in Section 4.2(e).
1.17 “Goods” means all products, equipment, materials, spare parts, hardware, supplies, and accessories for which support has been purchased under the applicable Transaction Document.
1.18 “High Risk Use” has the meaning set forth in Section 10.
1.19 “Monthly Active Users” or “MAU” means the total number of Users that have been identified by Zahara as accessing the Product during a calendar month, as measured in Coordinated Universal Time (UTC).
1.20 “Named User” means a unique, named individual who has logged-in or otherwise accessed the Product. Uniqueness of an individual is determined through a combination of (i) the credentials or other identifying information provided during any login sequence and (ii) the internet address, network address, equipment identifier, International Mobile Equipment Identity or other item that identifies the device being used to access the Product.
1.21 “Permitted Third Party” means any third party specifically listed in a Transaction Document and has issued a Permitted Third-Party Undertaking Letter to Zahara (if requested by Zahara).
1.22 “Permitted Third-Party Undertaking Letter” means a letter, commitment, or agreement, in form and substance satisfactory to Zahara in its sole discretion, requiring such third party to comply with all terms and conditions contained in the Agreement (and to be responsible for any non-compliance).
1.23 “Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person” is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person).
1.24 “Privacy Policy” means the then-current privacy policy of AVEVA, which is currently located at https://zaharacompanies.com/PrivacyPolicy.html, as may be updated, modified, supplemented, or otherwise amended from time to time.
1.25 “Representatives” means any employees, officers, representatives, or advisers of a Party.
1.26 “Service Level” means any service level for a Product that is set forth in a Schedule for such Product.
1.27 “Third-Party Content” means (i) all data and information submitted to Zahara by or on behalf of Customer, (ii) obtained, developed or produced in connection with the provision, receipt or use of the Product, or (iii) to which Zahara has access in connection with the provision of the Product.
1.28 “Top-Up Credits” additional Credits purchased by Customer at any time other than on a renewal term.
1.29 “Usage Metrics” means any information or data that is reasonably necessary to understand, aggregate, compute, measure, or support Customer’s use of the Products.
1.30 “User Credentials” means the username and password of each User as provided by Zahara to use the applicable Product.
1.31 “User” has the meaning set forth in Section 3.1.
2. TRANSACTION DOCUMENTS
2.1. From time to time, Zahara and Customer may enter into Transaction Documents whereby Zahara provides Products to Customer. Each Transaction Document shall constitute a contract between Zahara and Customer separate and distinct from any other Transaction Document. Each Transaction Document shall be deemed to incorporate the terms of the GTCs (whether or not stated on the face of the Transaction Document).
3. USE OF PRODUCTS
3.1. Use of Products. During the TD Term and subject to Customer’s compliance with all terms and conditions of the Agreement (including payment of any applicable fees), Zahara grants to Customer a personal, non-exclusive, non-transferable limited right to access and use the Products and Documentation, through Zahara Secure Connect, solely for the internal business operations of Customer and subject to any usage restrictions set forth for such Product in the Agreement (including any Transaction Documents or applicable Schedule). Customer shall not make such Product accessible or available for use by Affiliates or Permitted Third Parties unless expressly permitted in the Transaction Document; provided, however, that Customer will always be liable for any acts or omissions of Users, Affiliates, and Permitted Third Parties (including for any non-compliance with terms of the Agreement). Customer may allow Account Administrator, employees, contractors, and agents authorized by Customer, as applicable, to use the Products on Customer’s behalf in accordance with the Agreement and the Transaction Document (the “Users”). For a Product that is specifically designed to allow Customer’s clients, agents, customers, suppliers or other third parties to access the Product in order to interact with Customer, such third parties will be considered “Users” subject to the terms of the Agreement and the Transaction Document. Customer shall cause the Users to comply with the Agreement and shall be responsible for the acts and omissions of the Users. Following the expiration or termination of the TD Term, Customer shall not be able to access or use the Product or Documentation. Notwithstanding the foregoing, Zahara recognizes and agrees that certain users of the Products may be OEM customers of Zahara (an “OEM Customer”). In such instance, Zahara understands that such OEM Customer may make the Product available to the OEM Customer’s third-party customers. Zahara consents to such use of the Product by the OEM Customer provided the OEM Customer abides by Zahara’s separate conditions and procedures relating to operating as an OEM Customer of Zahara.
3.2. Restrictions on Use.
3.2.1 Copy Restrictions. Copyright laws and international treaties protect the Product, including the Documentation. Unauthorized copying of the Product, the Documentation or any part thereof, is expressly prohibited. All titles, trademarks, and copyright and restricted rights notices will be reproduced in such copies.
3.2.2 Use Restrictions. The Agreement only gives Customer some rights to use and access the Product and Zahara and its licensors reserve all other rights. Customer does not acquire any rights, express or implied, other than those expressly granted in the Agreement. Unless applicable law gives Customer more rights despite this limitation, Customer may use the Product only as expressly permitted in the Agreement. In doing so, Customer agrees that it will comply with any technical limitations in the Product that only allow Customer to use the Product in certain ways. Customer agrees that it will not, nor will Customer permit others to:
(a) reverse engineer, reproduce, decompile, recompile, disassemble, merge, modify, adapt or translate the Product or any component thereof (including Documentation), or create derivative works based on the Product (including Documentation), except and only to the extent that (a) applicable law expressly permits, despite this limitation, (b) Zahara gives it prior written consent, or (c) the Documentation accompanying the Product expressly permits;
(b) incorporate the Product into any other software program or software-as-a-service product not provided by Zahara, except (a) for incorporation of such Product with application program interfaces that Zahara makes publicly available for such Product or (b) to the extent permitted to customize the Product in accordance with the accompanying Documentation;
(c) remove, obliterate, destroy, minimize, block or modify any logos, trademarks, copyright, digital watermarks, or other notices of Zahara or its licensors that are included in the Product, except as may be permitted when using application program interfaces that Zahara makes publicly available for such Product;
(d) work around any technical limitations in the Product;
(e) make more copies of the Product than as allowed in the Agreement or by applicable law, despite this limitation;
(f) publish (or otherwise make available) the Product, including any application programming interfaces included in the Product, or any programs or materials resulting from the Product (excluding Customer Content);
(g) transfer, sublicense, rent, lease, sell, lend, distribute, outsource, permit timesharing or service bureau use of, commercially exploit, make available, or assign the Product or any part thereof (including any materials or programs, such as underlying software programs) to any other person or entity (except as expressly permitted by the Agreement);
(h) transfer the Product to another location or to other equipment without the prior written consent of Zahara (except as otherwise expressly permitted pursuant to the Agreement);
(i) use the Product to store or transmit infringing, libelous, or otherwise unlawful or tortious material (or to store or transmit material in violation of law or third-party privacy rights);
(j) use the Product in a way intended to access or use the underlying infrastructure or to avoid incurring fees or exceed usage limitations;
(k) perform or disclose any of the following security testing of the Product or associated infrastructure without Zahara’s prior written consent: network discovery, port and service identification, vulnerability scanning, password cracking, remote access testing, or penetration testing;
(l) use or access the Product in a manner not permitted by (or otherwise inconsistent with) the Documentation; or
(m) use the Product to build or support, directly or indirectly, products or services competitive to the Product or any other products or services of Zahara.
3.3. Acceptable Use Policy. Customer shall comply with the Acceptable Use Policy and shall not use or permit the use of the Product in a manner that violates the Acceptable Use Policy, which is incorporated herein by reference.
4. PROVISION OF PRODUCTS
4.1. Provision of Product. Zahara will provide the Products through Zahara Secure Connect substantially in accordance with the Agreement.
4.2. Subscription Models. Zahara may offer to Customer various subscription models for the Product. The terms and conditions relating to the applicable subscription models are as follows:
(a) Named User Model. If the Product has been subscribed to on a Named User Model basis, then Customer’s access to and use of the Product shall be limited to the number of (and specified) Named Users set forth in the Transaction Document.
(b) Monthly Active User Model. If the Product has been subscribed to on a Monthly Active User Model basis, then during any calendar month (as measured in Coordinated Universal Time (UTC), Customer’s access to and use of the Product shall be limited to and not exceed the number of Monthly Active Users set forth in the Transaction Document..
(c) Credit Based Subscription Model. If the Product has been subscribed to on a Credit Based Subscription Model basis, then then Customer’s access to and use of the Product shall be limited to and shall not exceed the number of Credits set forth in the Transaction Document. Customer will purchase Credits at the start of the initial term and on each renewal term. The Customer’s rights to use such Credits will expire on the initial term and any renewal term on which the Credits were purchased. Where Customer purchases Top-up Credits, such Top-up Credits will be purchased at the agreed rate and will expire at the end of the initial term or renewal term, as applicable. Zahara may, but is not required to efforts to send notifications to the Account Administrator in connection with the following events:
• One month before Customer’s projected usage will have consumed all remaining Credits.
• One week before Customer’s projected usage will have consumed all remaining Credits.
• When all credits have been consumed.
Where the Customer’s use of the Product exceeds the number of Credits or Top-Up Credits purchased (“Excess Usage”), Zahara reserves the right to deny access to such Product. Zahara reserves the right to charge Customer for Excess Usage at a rate equal to 40% of the applicable fees for such Product.
4.3. Disclaimer of Third-Party Products. The Product may enable Customer to access, use, or purchase Third-Party Products (including through external websites). Any access, use, or purchase of the Third-Party Products (including, but not limited to, any content, data, information, pictures, or other materials available or provided through such Third-Party Products) will be solely at Customer’s own risk and Zahara disclaims all liability or obligation relating to such Third-Party Products (including any content, data, information, pictures, or other materials offered or available through such Third-Party Products). Any contract entered into, and any transactions completed, via a Third-Party Product is between Customer and the relevant third party, not Zahara.
4.4. Modifications or Discontinuance of Content. At any time, Zahara may modify or discontinue any of the following that is made available or accessible through a Product (other than Customer Content, unless such Customer Content violates the Agreement): software, machine images, data (including, but not limited to, engineering data, models, samples, libraries, and standards), information, text, audio, video, images, or other content or material contained in the Product, Documentation, application programming interfaces, sample code, software, libraries, command line tools, proofs of concept, templates, and other related technology.
4.5. Modifications or Discontinuance of Products. At any time, Zahara may modify or update the features, specifications, or functionality of, or discontinue, any Product and any Documentation, in whole or in part.
4.6. Collection of Usage and Billing Metrics. Zahara and its licensors may collect, and process Usage Metrics, Billing Metrics and other information relating to the provision or use of the Products (i) for Zahara’s own internal purposes, (ii) in order to ensure Customer’s compliance with the Agreement and (iii) to prevent fraud.
5. SECURITY MEASURES AND DATA PRIVACY
5.1. Security Measures. Zahara will implement commercially reasonable measures to secure and protect the Products, including against accidental or unlawful loss, access, or disclosure. However, Zahara accepts no liability for any security breaches, including, without limitation, security breaches resulting from computer hackers, unlawful entry, unauthorized access, or theft.
5.2. Usage of Personal Data. Notwithstanding any prohibition on the uploading of Personal Data contained in Section 6.4, Customer acknowledges and agrees that AVEVA may use Personal Data (including any Account Information) in accordance with Zahara’s then-current Privacy Policy and each Party shall comply with the Data Processing Addendum. Except as requested by Zahara to set up User Credentials, Customer shall not upload any Personal Data as Customer Content.
5.3. Customer Security Requirements. Customer acknowledges and agrees that Customer has reviewed the security features and responsibilities as described in the Agreement (including the applicable Documentation) and has determined that such features and responsibilities meet Customer’s needs. Customer is solely responsible for determining the appropriate procedures and controls regarding security of the Customer Content and for the implementation of any such procedures and controls. If the current security, procedures, and controls offered by Zahara with respect to the Product do not meet Customer’s requirements, then Customer should not use the Product.
6. CUSTOMER OBLIGATIONS AND CONTENT
6.1. Customer Content. Customer shall obtain all rights related to Customer Content required in connection with the performance, receipt or use of the Products and hereby grants all necessary rights and permissions to enable Zahara, its Affiliates, its subcontractors, and its subprocessors to host, use, copy, provide, store, distribute, transmit, process, modify, display, and perform the Customer Content using the Products or to fulfil Zahara’s obligations under the Agreement, including, without limitation, making necessary disclosures and obtaining all licenses, permits, approvals, or consents required in connection with the personal data or regulated content in the Customer Content. Customer is solely responsible for the accuracy, quality, integrity, legality, reliability, and appropriateness of Customer Content. Without prejudice to the Data Processing Addendum, Customer is responsible for (a) any security vulnerabilities, and the consequences of such vulnerabilities, arising from Customer Content, including any viruses, Trojan horses, worms or other harmful programming routines contained in Customer Content, and (b) any use by Customer or Customer’s Users of the Products in a manner that is inconsistent with the Agreement. To the extent Customer discloses or transmits Customer Content to a third party, Zahara is no longer responsible for the security, integrity or confidentiality of such content outside of Zahara’s control.
6.2. Provision of Information. In order to use or access the Product, Customer must provide details as specified by Zahara during the registration process for at least one Account Administrator. The Account Administrator can then register for User Credentials for Users for their access to the Product. User Credentials are personal, and Customer may not sell, transfer, sublicense, or otherwise assign them to any other person or entity.
6.3. Specific Customer Responsibilities. Customer is solely responsible for Customer’s and Users’ use of the Products and shall: (a) make all Users aware of the terms of the Agreement; (b) be liable for any fees for Users who the Account Administrator has registered to the Products; (c) not allow any User Credentials to be used by more than one individual User unless it has been reassigned in its entirety to another individual, in which case the prior User shall no longer have any right to use or access the Products; (d) ensure that the use and access of the Products and provision and submission of any Customer Content or Customer Submission does not violate any Zahara policy, applicable law, or the Agreement, including the AUP; (e) provide any reasonably necessary information and cooperation for Zahara to provide the Products; (f) be responsible and liable for all activities of Users and for any use of Customer’s User Credentials and shall ensure that the User Credentials are kept confidential and secure (Zahara will not be responsible for any unauthorized access through Customer’s User Credentials); (g) ensure that Customer Content is compatible with the application program interfaces; (h) ensure that Customer’s network and systems comply with relevant specifications and requirements that may be provided by Zahara from time to time; (i) be solely responsible for Customer Submissions, including the accuracy, legality, reliability, integrity, and quality of such Customer Submissions; (j) be solely responsible for procuring and maintaining any systems, network connections, and telecommunications links necessary to access any Products (including any application program interfaces); and (k) use commercially reasonable efforts to prevent any unauthorized use of or access to the Products (and upon becoming aware of such unauthorized use or access, promptly notify Zahara of such use or access).
6.4. No Special or Specific Data. Unless otherwise specified in the applicable Transaction Document or Schedule for a particular Product, Customer Content may not include any sensitive or special data that imposes specific data security, data protection obligations, or governmental regulations on Zahara, including, but not limited to: (i) all applicable laws and non-governmental standards protecting personal; (ii) all laws concerning the protection, transport, storage, use and processing of data; and (iii) all applicable laws similar to those laws listed in subsections (i) through (iii) above.
6.5. Return of Customer Content During TD Term. Without prejudice to the Data Processing Addendum, Customer may request in writing during the TD Term that Zahara return to Customer any Customer Content stored on the Product. Following receipt of such request, Zahara will (at Customer’s expense) use commercially reasonable efforts to return (in Zahara’s standard format or any other format selected by Zahara) such Customer Content within sixty (60) days after receipt of such request.
6.6. Return of Customer Content Following Expiration or Termination. Without prejudice to the Data Processing Addendum, upon Customer’s request before the sixtieth (60th) day after the expiration or termination of the applicable Transaction Document, Zahara will return (in Zahara’s standard format or any other format selected by Zahara) or remove Customer Content from the Products, except where required to retain such Customer Content in accordance with applicable law. Zahara may charge for certain activities performed at Customer’s request (such as delivering Customer Content in a specific format). Following the sixtieth (60th) day after the expiration or termination of the applicable Transaction Document, Zahara shall have no obligation to continue to hold, export, store, or return Customer Content (and Zahara will have no liability for deletion of any Customer Content in accordance with the Agreement).
6.7. Customer Content. The Parties acknowledge and agree that “Customer Content” shall not be deemed to include the Products, the software agents, applications and tools that Zahara makes available to Customer for download, the Zahara products and services, the Zahara Intellectual Property Rights, and any and all derivative works of the foregoing. However, “Customer Content” shall be deemed to include any Third-Party Content that is brought by Customer into the Products by Customer’s (or any User’s) use of the Products.
6.8. Legal and Regulatory Requirements. Customer acknowledges and agrees that Customer is solely responsible for Customer’s compliance with any laws, rules, and regulations. Customer is solely responsible for ensuring that the Product meets any requirements (whether technical, functional, legal, or otherwise) that are necessary for Customer to fulfill its compliance obligations. If the Product does not meet Customer’s requirements, then Customer should not use the Product.
6.9. Data Retention System. Customer acknowledges and agrees that the Product is not intended to act as a document or data retention system for Customer. The Product has limited capacity to store Customer’s data (including the Customer Content) and Customer must store and backup such data (including the Customer Content) in a separate system. Customer is also responsible for any individual’s personal information or any information Customer considers confidential that is included in the Customer Content.
7. SUSPENSION OF PRODUCTS
7.1. Suspension Rights. Zahara may immediately suspend Customer’s or any User’s right to access or use all or any part of a Product upon notice to Customer if, in Zahara’s reasonable opinion, the use of or access to such Product (i) poses a security risk to Zahara or others or impacts the functionality of the Product, (ii) adversely impacts Zahara’s or its licensor’s systems or the Product, (iii) is in breach of applicable laws, (v) adversely impacts the access to or use by Zahara’s other customers of such Product, or (v) is in breach or violation of the Agreement. If Zahara suspends Customer’s or User’s right to access or use all or any part of a Product, then Zahara will use reasonable efforts to provide advance notice to Customer to the extent practicable.
7.2. Restoration of Product. If Zahara suspends any right to access or use the Product in accordance with Section 7.1, then Zahara will use commercially reasonable efforts to restore such access or use as soon as practicable after Customer has resolved the problem or incident giving rise to such suspension.
7.3. Material Breach of Agreement. Any incident or problem that would permit Zahara to suspend any use or access rights pursuant to Section 7.1 shall be deemed to be a material breach of the Agreement.
8. SERVICE LEVELS
Zahara may change or discontinue Service Levels from time to time but will provide ninety (90) days’ prior notice to Customer before any material change to a Service Level.
9. DISCLAIMER
Customer acknowledges and agrees that in no circumstance will Zahara be liable for (i) investments, expenditures, or commitments related to the access or use of a Product, (ii) Zahara’s reliance on any information provided by an individual, entity, or other organization using Customer’s account and password (or any User account and password), or (iii) temporary unavailability of all or parts of a Product.
10. HIGH RISK USE
The Product is not fault-tolerant and is not guaranteed to be error free or to operate uninterrupted. Unless Zahara gives its prior written consent, Customer has no right to use (and must not use) the Product in any application or situation where the failure of the Product could lead to death or serious bodily injury of any person, or to severe physical or environmental damage (“High Risk Use”). High Risk Use does not include utilization of the Product for administrative purposes, to store configuration data, engineering and/or configuration tools, or other applications, the failure of which would not result in death, personal injury, or severe physical or environmental damage.
11. AUDITS AND VERIFICATION
11.1. Record Keeping. During the TD Term and for a period of two (2) years thereafter, Customer shall maintain complete and accurate records documenting the location and use of the Product in a manner sufficient to permit Zahara to conduct an audit in accordance with Section 11.2 of this Cloud Services Addendum.
11.2. Audit Right. During the TD Term and for a period of two (2) years thereafter, Zahara shall be permitted to audit and shall be permitted to have its designee audit (at least once annually and in accordance with Zahara’s standard procedures, which may include on-site or remote audits of facilities, systems, records, and personnel) the usage of the Product and Customer’s compliance with the Agreement. Zahara will conduct any such audit during regular business hours. Customer shall cooperate reasonably in the conduct of such audits. Additionally, Zahara may at any time audit Customer’s access to or use of the Products through any functionality contained in the Products to verify Customer’s compliance with the terms of the Agreement. Any reasonable and actual costs incurred by Zahara for such audit shall be paid by Customer if the audit results indicate usage in excess of the permitted quantities or levels, underpayment of any fees, or breach of the Agreement.
11.3. Compliance Certificate. Within thirty (30) days of receipt of Zahara’s written request, Customer shall provide Zahara with a signed certification of compliance with the Product usage conditions; provided, however, that Zahara shall not request more than one compliance certificate annually.
12. SUPPORT SERVICES AND MAINTENANCE
Zahara will maintain and support the Product in accordance with Zahara’s then-current maintenance and support policies.
13. SUBCONTRACTORS AND DATA CENTERS
Customer understands and agrees that Zahara, its Affiliates, and its subcontractors may perform certain aspects of the Product, such as (but not limited to) service administration, hosting, support, and/or disaster recovery, from data centers and other facilities located throughout the world. As such, Customer acknowledges and agrees that use of the Product may result in the Customer’s data (including, but not limited to, any Customer Content) being collected, transferred, processed, and/or used in any area of the world. Zahara reserves the right to contract with third-party subcontractors to provide all or part of the Product on behalf of Zahara and Zahara may change or replace such subcontractors at any time in its sole discretion.
14. DISCLAIMER OF WARRANTIES
14.1. DISCLAIMER OF ALL OTHER WARRANTIES. FOR THE AVOIDANCE OF DOUBT, THE DISCLAIMER OF WARRANTIES SET FORTH IN SECTION 7 (DISCLAIMER OF WARRANTIES) OF THE GTCS IS INCORPORATED INTO THIS CLOUD SERVICES ADDENDUM BY REFERENCE.
15. ADDITIONAL INDEMNIFICATION
In addition to Customer’s indemnification obligations set forth in Section 9.2 (Indemnification by Customer) of the GTCs, Customer shall defend, indemnify, and hold harmless Zahara and its Affiliates against claims brought against Zahara by any third party arising from or related to (a) Zahara’s or Customer’s use of or access to Third-Party Products; (b) Zahara’s use of or access to Customer’s software, machines, equipment, systems, information technology environment, or premises in connection with the provision of any support services; and (c) Customer’s use of the Product in connection with any High Risk Use.
16. NOTICE
Notwithstanding the notice provisions contained in Section 14.5 (Notices) of the GTCs, any notices or other communications required or permitted to be provided pursuant to this Agreement may be provided by Zahara to Customer (i) on the Zahara portal for the Product or (ii) by electronic mail to Customer’s email address on record in Zahara’s account information records.
17. MODIFICATION OR AMENDMENT OF AGREEMENT
Notwithstanding the provisions contained in Section 14.17 (Entire Agreement; Amendments; Execution) of the GTCs, Customer agrees and acknowledges that Zahara may modify or amend any terms and conditions contained in the Agreement, in whole or in part, at any time by posting any such modifications or amendments (or the modified or amended Agreement) on the Cloud Services and such modifications or amendments will be effective when posted. If any modifications or amendments to the Agreement have a material adverse impact on Customer’s use of the Product, then Customer may terminate the Transaction Document as it relates to the impacted Product by providing Zahara with a notice of termination on or before the tenth (10th) day following the posting of such modifications or amendments (or the modified or amended Agreement). If Customer terminates the Transaction Document as it relates to the impacted Product, then Zahara shall provide to Customer a refund of any prepaid but unused subscription fees paid to Zahara for such Product under the applicable Transaction Document for the corresponding remaining portion of the TD Term.
DATA PROCESSING ADDENDUM
1. DEFINITIONS
1.1. References to Personal Data, Data Subject, Data Controller, Data Processor, Processing, or Personal Data Breach shall be as defined under the Data Protection Legislation.
1.2. “Customer Personal Data” shall mean the Personal Data that is uploaded into the Products or otherwise provided to Zahara or its representatives pursuant to the delivery of Products pursuant to a valid license or other agreement with the Customer.
1.3. “Data Protection Legislation” shall mean (i) The Privacy Act (1988) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, and then (ii) any successor legislation to The Privacy Act.
1.4. “Standard Contractual Clauses” shall mean the standard contractual clauses for the transfer of Personal Data from Australia to processors established in third countries (controller-to-processor transfers).
2. DATA PROTECTION
2.1. This Data Processing Addendum shall only apply to the extent the Data Protection Legislation applies to Products and services rendered pursuant to the Agreement. To the extent the Data Protection Legislation applies, then this Addendum shall form a part of and become incorporated therein with the terms and conditions of the Agreement.
2.2. Both Parties will comply with all applicable requirements of the Data Protection Legislation. This Section 2.2 is in addition to, and does not relieve, remove or replace, a Party’s obligations under the Data Protection Legislation.
2.3. The Parties acknowledge that for the purposes of the Data Protection Legislation, the Customer is the Data Controller and Zahara is the Data Processor. The following set out the details of the Data Processing to be undertaken by Zahara.
| Nature of processing | Transfer, storage and such other processing activities that are specified by the Customer pursuant to the Product terms and conditions. |
| Purpose of processing | The provision of Products to the Customer. |
| Duration of the processing | The duration that a valid agreement is in place with the Customer unless otherwise required by law. |
| Types of Personal Data | The Customer Personal Data (as defined above) which may include but not be limited to Name, Email address, Phone number, Device ID (with data about the vendor, version & features of the device), IP address and/or Postal code. |
| Categories of Data Subject | The Customer’s customers, employees, suppliers. |
2.4. Without prejudice to the generality of Section 2.2, the Customer will ensure that it has a legal basis for processing, including all necessary and appropriate consents and notices, to enable the lawful transfer of the Personal Data to Zahara for the duration and purposes of this agreement.
2.5. Zahara shall process the Customer Personal Data only on the written instructions of the Customer (as detailed in Section 2.3 above) unless Zahara is required by the laws applicable to Zahara to process Personal Data (“Applicable Laws”), which shall be undertaken upon notice to the Customer (where permitted). Confirming acceptance to these terms shall constitute the Customer’s written instructions for Zahara to undertake the processing detailed in Section 2.3.
2.6. Zahara shall ensure that it has in place appropriate technical and organizational measures, to protect against unauthorized or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate and proportionate to the harm that might result from the same, having regard to the state of technological development and the cost of implementing any measures.
2.7. Zahara shall, in relation to any Customer Personal Data processed in connection with the performance by Zahara of its obligations under this agreement:
2.7.1. ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and
2.7.2. not transfer any Personal Data outside of Australia unless the prior
written authorization of the Customer has been obtained and the following conditions are fulfilled:
(a) the Customer or Zahara has provided appropriate safeguards in relation to the transfer which shall include use of the Standard Contractual Clauses
(b) the data subject has enforceable rights and effective legal remedies;
(c) Zahara complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
(d) Zahara complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data;
(e) taking into account the nature of the processing and the information available to Zahara, assist the Customer, at the Customer’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators, as applicable;
2.7.3. notify the Customer without undue delay on becoming aware of a Personal Data Breach;
2.7.4. at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the agreement unless required by Applicable Law to store the Personal Data; and
2.7.5. maintain complete and accurate records and information to demonstrate its compliance with this Section 2.7 and allow for audits by the Customer or the Customer’s designated auditor.
2.8. The Customer consents to Zahara appointing third-party processors of Personal Data under this agreement. Zahara confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement incorporating terms which are substantially similar to those set out in this Data Processing Addendum.