Master Subscription Agreement
This Master Subscription Agreement (“Agreement”) between Sustain, LLC. (“Sustain”) and the company or other legal entity (“Customer”) that has executed an Order Form (as defined below) is made as of the last signature date (“Effective Date”) on the Order Form that references this Agreement.
This Agreement incorporates by reference the Subscription Schedule, attached as Exhibit A, which describes the following operational matters of the Hosted Applications (as defined below): (1) technical support & update process; (2) service level agreement; and (3) data security measures.
- “Affiliate” means any entity which directly or indirectly controls, is controlled by or is under common control with the subject entity; and “control” for the purposes of this definition means direct or indirect ownership or control of more than 50% of the voting interest of the subject entity, provided that any such Affiliate shall be deemed an Affiliate only for so long as such control lasts.
- “Confidential Information”means all confidential and proprietary information of a disclosing party disclosed by or on behalf of such party to the receiving party, whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including the terms and conditions of this Agreement (including pricing and other terms reflected in all Order Forms hereunder), business and marketing plans, service levels, suppliers, billing history, technology and technical information, product designs, and business processes. Notwithstanding anything to the contrary, the Hosted Applications and Sustain Platform are deemed to be Confidential Information of Sustain. Confidential Information shall not include any information that: (i) is or becomes generally known to the public without breach of any obligation owed to the disclosing party; (ii) was known to the receiving party without restriction prior to its disclosure by the disclosing party and without breach of any obligation owed to the disclosing party; (iii) was independently developed by the receiving party without either use of or reference to any Confidential Information or breach of any obligation owed to the disclosing party; or (iv) is received from a third party without restriction and without breach of any obligation owed to the disclosing party.
- “Sustain Platform” means any software and hardware that enables Sustain to provide Customer with access to and use of the Hosted Applications as contemplated by this Agreement.
- “Customer Data” means any data, information or material provided or submitted by Customer or on behalf of Customer to the Sustain Platform in the course of using the Hosted Applications.
- “Documentation” means the Sustain product documentation relating to the operation and use of the Hosted Applications, including the technical program or interface documentation, operating instructions, update notes, and support knowledge base, as made available and updated from time to time by Sustain.
- “Hosted Application(s)” means applications and associated content (as identified on an Order Form) to be provided by Sustain to Customer as a subscription service and made accessible on a website designated by Sustain.
- “Order Form” means an order form mutually executed by the parties evidencing the purchase of subscriptions to the Hosted Applications specifying, among other things, the Subscription Term, the number of Users, the applicable fees, and the billing period as agreed to between the parties. Each Order Form, once mutually executed, shall be governed by and become part of this Agreement, and is hereby incorporated by this reference.
- “Protected Health Information” has the meaning given to it in the Health Insurance Portability and Accountability Act (“HIPAA”).
- “Protected Information” means Protected Health Information and Regulated Information.
- “Regulated Information” means an individual’s first name and last name (or first initial and last name) in combination with any one or more of the following data elements that relate to such individual: (i) Social Security number; (ii) driver’s license number or state-issued identification card number; or (iii) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to an individual’s financial account.
- “Subscription Term” means the period(s) during which Customer is authorized to use the Hosted Applications pursuant to an Order Form.
- “Support” means the Sustain technical support as specified on the Order Form in accordance with the terms in Exhibit A-1.
- “Updates” means Sustain’s updates of the Hosted Applications for repairs, enhancements or new features applied by Sustain to Customer’s instances, including updates to the Documentation as a result of such updates during the Subscription Term. Updates shall not include additional functionality or upgrades to the Hosted Applications that Sustain requires a separate charge from its other customers generally.
- “Users” means employees of Customer and its representatives, consultants, contractors, subcontractors, or agents who are authorized to use the Hosted Applications and have been supplied unique user identifications and passwords by Customer.
2. SUSTAIN’S OBLIGATIONS
- Provision of the Hosted Applications. Sustain will make available to Customer, and Customer is authorized to use, the Hosted Applications during the Subscription Term as set forth in an applicable Order Form for its internal business purposes in accordance with the Documentation.
- Support, Uptime & Updates. Sustain shall: (i) provide the level of support specified in the Order Form in accordance with Exhibit A-1; (ii) provide Updates at no additional charge as part of Customer’s subscription during the Subscription Term in accordance with Exhibit A-1 and (iii) make the Hosted Applications available in accordance with Exhibit A-2.
- Security. Sustain shall maintain a written information security program of policies, procedures and controls (“Security Program”) governing the processing, storage, transmission and security of Customer Data. The Security Program as of the Effective Date is set forth in Exhibit A-3. The Security Program shall include industry standard practices designed to protect Customer Data from unauthorized access, acquisition, use, disclosure, or destruction. Sustain may periodically review and update the Security Program to address new and evolving security technologies, changes to industry standard practices, and changing security threats, provided that any such update does not materially reduce the overall level of security provided to Customer as described herein.
- Breach Notification. Unless notification is restricted by law, Sustain shall report to Customer’s support contacts designated in Sustain’s customer support portal (“Support Portal”) any unauthorized acquisition, access, use, disclosure or destruction of Customer Data (“Breach”) promptly without undue delay after Sustain determines that a breach has occurred. Unless prohibited by law, Sustain shall share information about the nature of the Breach that is reasonably requested by Customer to enable Customer to notify affected individuals, government agencies and/or credit bureaus. Customer has sole control over the content of Customer Data that it enters into the Sustain Platform and is responsible for determining whether to notify impacted individuals and the applicable regulatory bodies or enforcement commissions and for providing such notice.
- Audit Report. During the Subscription Term, except as stated otherwise on the Order Form, Sustain may engage at its expense, an independent accounting firm to conduct an audit of Sustain’s operations with respect to the Hosted Applications in accordance with the Statement on Standards for Attestation Engagements No. 16 (the “SSAE 16”), and have such accounting firm issue SSAE 16, SOC 1 Type 2 and SOC 2 Type 2 reports (or substantially similar report of a successor auditing standard in the event the SSAE 16 auditing standard is no longer an industry standard) (the “Auditor’s Report”), which shall cover Sustain’s security policies, procedures, and controls. Upon Customer’s request, Sustain shall provide Customer and its external auditors with a current copy of such Auditor’s Report, provided that such report shall be deemed Confidential Information of Sustain.
- Insurance. Sustain shall maintain during the term of this Agreement: (a) Commercial General Liability Insurance with minimum limits of US$1,000,000 combined single limit and combined bodily injury and property damage per occurrence; (b) Workers Compensation Insurance covering Sustain employees pursuant to applicable state laws, and at the maximum limits statutorily required for each such state. Upon request, Sustain shall promptly furnish Customer with a certificate evidencing the coverages set forth above.
3. CUSTOMER’S USE OF THE HOSTED APPLICATIONS
- User Accounts. Customer is responsible for activity occurring under its User accounts and shall ensure that it and its Users abide by all local, state, national and foreign laws, treaties and regulations applicable to Customer’s use of the Hosted Applications. Customer shall: (i) notify Sustain promptly of any unauthorized use of any password or account or any other known or suspected breach of security; (ii) notify Sustain promptly and use reasonable efforts to promptly stop any unauthorized use, copying, or distribution of the Hosted Applications that is known or suspected by Customer or its Users; (iii) not impersonate another Sustain user or provide false identity information to gain access to or use the Hosted Applications or Sustain Platform; and (iv) restrict each User account to only one authorized User at a time.
- Restrictions. Customer shall not (i) license, sublicense, sell, resell, transfer, rent, lease, assign (except as provided in Section 11.3 (Assignment)), distribute, disclose, or otherwise commercially exploit or make available to any third party the Hosted Applications; (ii) copy, modify or make derivative works based upon the Hosted Applications; (iii) “frame” or “mirror” the Hosted Applications on any other server or device; (iv) access the Hosted Applications for any benchmarking or competitive purposes or use the Hosted Applications for application service provider, timesharing or service bureau purposes, or any purpose other than its own internal use, (v) decompile, disassemble, reverse engineer or attempt to discover any source code or underlying ideas or algorithms of the Hosted Applications (except to the extent reverse engineering restrictions are prohibited by applicable law), (vi) remove, obscure or modify a copyright or other proprietary rights notice in the Hosted Applications; (vii) use the Hosted Applications to send or store infringing, obscene, threatening, libelous, or otherwise unlawful material, including material that violates third party privacy rights; (viii) use the Hosted Applications to create, use, send, store, or run material containing software viruses, worms, Trojan horses or otherwise engage in any malicious act or disrupt the security, integrity or operation of the Hosted Applications or the Sustain Platform; (ix) attempt to gain or permit unauthorized access to the Hosted Applications or its related systems or networks; (x) use the Hosted Applications other than in compliance with all applicable laws and regulations or (xi) permit or assist any other party (including any User) to do any of the foregoing.
- User Reassignment. User subscriptions are for designated Users and cannot be shared or used by more than one User but may be reassigned to new Users replacing former Users who no longer require use of the Hosted Applications. Unless otherwise specified in the relevant Order Form, the replacement User shall be under the same Subscription Term of the original User.
- Additional Users. Additional Users may be purchased pursuant to the parties signing an Order Form and unless otherwise specified in the relevant Order Form, the Subscription Term of additional Users shall be coterminous with the Subscription Term in effect at the time the additional Users are added.
- Protected Information. The intended purpose of the Hosted Applications is to optimize Customer’s core utility management processes and Customer acknowledges and agrees that use of the Hosted Applications does not require Customer to provide any Protected Information to or through the Hosted Applications or Sustain Platform. Protected Information should not be stored by any Hosted Applications or Sustain Platform, and Sustain shall have no liability to Customer or its suppliers, Users or any other party related to any Protected Information. Customer shall not (and shall ensure that its suppliers and Users do not) upload, provide or submit any Protected Information to the Hosted Applications or Sustain Platform. Sustain may upon notice suspend all or portion of Customer’s or its supplier’s access to the Hosted Applications if Sustain has a good faith belief that Customer or its supplier has breached the restrictions in this Section. Sustain shall provide Customer with reasonable prior notice to cure before exercising any suspension under this Section.
- Third Party Interactions.
(a) No Supplier Fees. Each party agrees that it shall not charge Customer’s suppliers for the right to interact with Customer through the Sustain Platform.
(b) Supplier Interactions. During the Subscription Term, Customer may enter into correspondence with and purchase goods and/or services from suppliers on or through the Hosted Applications. Any such activities and associated terms are solely between Customer and the applicable third party supplier. Customer agrees that Sustain shall have no liability, obligation or responsibility for any such correspondence or purchase between Customer and any such third party supplier.
- Billing and Payment of Fees. Customer shall pay subscription fees per the ‘Work Order’ for use of the Hosted Applications. All payment obligations are non-cancellable and all amounts paid are nonrefundable except as otherwise specified in this Agreement. Sustain shall issue invoices to Customer as specified in the Order Form and Customer agrees to pay such amounts not subject to a good faith dispute as specified in the Order Form and if any such invoice is more than 30 days overdue, Sustain may, without limiting its other rights and remedies, suspend the Hosted Applications until such invoice is paid in full. Sustain shall provide prior written notice to Customer of the payment delinquency before exercising any suspension right. Customer agrees to pay Sustain in the currency specified on the Order Form. Customer agrees to provide Sustain with complete and accurate billing and contact information and to update this information promptly upon any change to it. If Customer believes its bill is incorrect, Customer must contact Sustain in writing within 60 days of the date of the invoice containing the amount in question to be eligible to receive an adjustment or credit.
- Taxes. Sustain’s fees are exclusive of all taxes, levies, or duties imposed by taxing authorities, including for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction whatsoever (collectively, “Taxes”) and Customer shall be responsible for payment of all Taxes associated with this Agreement and all Order Forms, except that Sustain is solely responsible for taxes assessable against Sustain based on Sustain’s net income, property and employees. If Customer is legally entitled to an exemption from any sales, use, or similar transaction tax, upon signing an Order Form, Customer shall provide to Sustain with a legally sufficient tax exemption certificate for each taxing jurisdiction, and Sustain shall not charge Customer any taxes from which it is exempt. If any deduction or withholding is required by law, Customer shall notify Sustain and shall pay Sustain any additional amounts necessary to ensure that the net amount that Sustain receives, after any deduction and withholding, equals the amount Sustain would have received if no deduction or withholding had been required. Customer shall also provide to Sustain documentation showing that the withheld and deducted amounts have been paid to the relevant taxing authority.
5. PROPRIETARY RIGHTS
- Sustain’s Intellectual Property Rights. As between Sustain and Customer, all rights, title, and interest in and to all intellectual property rights in the Hosted Applications and Sustain Platform (including all derivatives, modifications and enhancements thereof) are and shall be owned exclusively by Sustain notwithstanding any other provision in this Agreement or Order Form. This Agreement is not a sale and does not convey to Customer any rights of ownership in or related to the Hosted Applications or Sustain Platform. The Sustain name, logo and product names associated with the Hosted Applications or Sustain Platform are trademarks of Sustain, and no right or license is granted to use them. All rights not expressly granted to Customer are reserved by Sustain. Sustain alone shall own all rights, title and interest in and to any suggestions, enhancement requests, feedback, recommendations or other information provided by Customer or any third party relating thereto.
- Customer Data. As between Customer and Sustain, Customer exclusively owns all rights, title and interest in and to all Customer Data. Customer shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership of and right to use all Customer Data, and hereby warrants that that it has and will have all rights and consents necessary to allow Sustain to use all such data as contemplated by this Agreement. Customer hereby grants to Sustain a royalty-free, fully-paid, non-exclusive, non-transferable (except as set forth in Section 11.3 (Assignment)), sub-licensable, worldwide right to use and process Customer Data solely for the purpose of providing to Customer the Hosted Applications and any other activities expressly agreed to by Customer.
6. CONFIDENTIAL INFORMATION
- Obligations. The receiving party shall not disclose or use any Confidential Information of the disclosing party for any purpose outside the scope of this Agreement, except with the disclosing party’s prior written permission. Each party agrees to protect the confidentiality of the Confidential Information of the other party in the same manner that it protects the confidentiality of its own proprietary and confidential information of like kind (but in no event using less than reasonable care). If the receiving party is compelled by law to disclose Confidential Information of the disclosing party, it shall provide the disclosing party with prior written notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at disclosing party’s cost, if the disclosing party wishes to contest the disclosure, and any information so disclosed shall continue to be treated as Confidential Information for all other purposes.
- Remedies. Except as expressly provided in this Agreement, if the receiving party discloses or uses (or threatens to disclose or use) any Confidential Information of the disclosing party in breach of confidentiality protections hereunder, the disclosing party shall have the right, in addition to any other remedies available to it, to seek injunctive relief to enjoin such acts, it being specifically acknowledged by the parties that any other available remedies may be inadequate.
- Use of Aggregate Data. Customer agrees that Sustain may collect, use and disclose quantitative data derived from the use of the Hosted Applications for industry analysis, benchmarking, analytics, marketing, and other business purposes. All data collected, used, and disclosed will be in aggregate form only and will not identify Customer or its Users.
- Sustain’s Obligations.Sustain warrants that during the Subscription Term (i) Customer’s production instances of the Hosted Applications shall materially conform to the Documentation and (ii) that the functionality of the Hosted Applications at the time of the Order Form shall not materially decrease during the Subscription Term.
- Procedure. To submit a warranty claim under this Section, Customer shall (1) reference this Section; and (2) submit a support request to resolve the non-conformity as provided in the Subscription Schedule. If the non-conformity persists without relief more than thirty (30) days after written notice of a warranty claim provided to Sustain under this Section, then Customer may terminate the affected Hosted Applications and Sustain, as its sole liability in connection with a breach of this warranty, shall refund to Customer any prepaid subscription fees covering the remainder of the Subscription Term of the affected subscription after the effective date of termination. Notwithstanding the foregoing, this warranty shall not apply to any non-conformity due to any modification of or defect in the Hosted Applications that is made or caused by someone other than Sustain (or someone acting at Sustain’s direction).
- SUSTAIN’S OBLIGATIONS. Subject to this Agreement, Sustain shall: (i) defend Customer, its officers, directors and employees against any third party suit, claim, or demand (each a “Claim”) that alleges the Hosted Applications used in accordance with this Agreement and the applicable Order Form infringe any issued patent, copyright, trademark or misappropriation of any trade secret of, such third party; and (ii) pay any court-ordered award of damages or settlement amount to the extent arising from such Claims. Notwithstanding the foregoing, if Sustain reasonably believes that Customer’s use of any portion of the Hosted Applications is likely to be enjoined by reason of any Claims then Sustain may, at its expense and in its sole discretion: (i) procure for Customer the right to continue using the Hosted Applications; (ii) replace the same with other products of substantially equivalent functions and efficiency that are not subject to any Claims of infringement; or (iii) modify the applicable Hosted Applications so that there is no longer any infringement, provided that such modification does not materially and adversely affect the functional capabilities of the Hosted Applications as set out herein or in the applicable Order Form. If (i), (ii), and (iii) above are not available on commercially reasonable terms in Sustain’s judgment, Sustain may terminate the affected Hosted Applications and refund to Customer the fees paid by Customer covering the remaining portion of the applicable Subscription Term for the affected Hosted Applications after the date of termination. The foregoing indemnification obligation of Sustain shall not apply: (1) if the Hosted Application is modified by any party other than Sustain, but solely to the extent the alleged infringement is related to such modification; (2) the Hosted Application is combined with other non-Sustain products, applications, or processes, but solely to the extent the alleged infringement is related to such combination; (3) to the extent the Claim arises in connection with any unauthorized use of the Hosted Application, or use that is not in compliance with all applicable laws and related Documentation; (4) to any third party products, processes or materials that are not provided by Sustain; or (5) to any Claims arising as a result of the content of the Customer Data. THIS SECTION SETS FORTH SUSTAIN’S SOLE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO ANY CLAIM OF INTELLECTUAL PROPERTY INFRINGEMENT.
- CUSTOMER’S OBLIGATIONS. Customer shall defend Sustain, its officers, directors, and employees against any expense, liability, loss, damage or costs (including reasonable attorneys’ fees), each to the extent payable to a third party, incurred in connection with Claims made or brought against Sustain by a third party arising from or relating to the Customer Data or a dispute between Customer and its suppliers arising from Customer’s use of the Hosted Applications to exchange information with or conduct business with such supplier. To the extent affected by the following, Customer’s indemnification obligation shall not apply: (1) if the Customer Data is modified by Sustain or by any party under Sustain’s control, without Customer’s authorization but solely to the extent the Claim is caused by such modification or (2) to any use or disclosure of the Customer Data by Sustain not contemplated by this Agreement.
- PROCESS. Each party’s indemnity obligations are subject to the following: (i) the indemnified party shall promptly notify the indemnifier in writing of any Claims; (ii) the indemnifier shall have sole control of the defense and all related settlement negotiations with respect to any Claims (provided that the indemnifier may not settle any Claims that require the indemnified party to admit any civil or criminal liability or incur any financial obligation without the indemnified party’s consent, which consent shall not be unreasonably withheld); and (iii) the indemnified party shall cooperate fully to the extent necessary at the indemnifier’s cost in such defense and settlement.
9. DISCLAIMER AND LIMITATIONS OF LIABILITY
- DISCLAIMER OF WARRANTIES. EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, SUSTAIN DOES NOT MAKE ANY OTHER REPRESENTATION, WARRANTY, OR GUARANTY, AS TO THE RELIABILITY, TIMELINESS, QUALITY, SUITABILITY, AVAILABILITY, ACCURACY OR COMPLETENESS OF THE SERVICES PROVIDED OR OFFERED HEREUNDER. EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE SERVICES PROVIDED TO CUSTOMER HEREUNDER ARE PROVIDED STRICTLY ON AN “AS IS” BASIS AND ALL CONDITIONS, REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT OF THIRD PARTY RIGHTS OR ANY WARRANTIES ARISING FROM USAGE OF TRADE, COURSE OF DEALING OR COURSE OF PERFORMANCE ARE HEREBY DISCLAIMED TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.
- LIMITATIONS OF LIABILITY. TO THE EXTENT PERMITTED BY LAW, NEITHER PARTY’S TOTAL AND AGGREGATED LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT OR THE SERVICES PROVIDED HEREUNDER WHETHER BASED ON CONTRACT, TORT (INCLUDING NEGLIGENCE) OR ANY OTHER LEGAL OR EQUITABLE THEORY, SHALL EXCEED THE AMOUNTS ACTUALLY PAID BY AND/OR DUE FROM CUSTOMER IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO SUCH LIABILITY UNDER THIS AGREEMENT. THE EXISTENCE OF MORE THAN ONE CLAIM SHALL NOT ENLARGE THIS LIMIT. THE LIMITATIONS IN THIS SECTION SHALL NOT APPLY TO CUSTOMER’S OBLIGATION TO PAY FEES LEGALLY OWED UNDER THIS AGREEMENT, EACH PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 8, OR INFRINGEMENT BY A PARTY OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS.
- EXCLUSION OF DAMAGES. IN NO EVENT SHALL EITHER PARTY BE LIABLE UNDER THE AGREEMENT FOR ANY INDIRECT, PUNITIVE, SPECIAL, EXEMPLARY, INCIDENTAL, CONSEQUENTIAL OR OTHER DAMAGES OF ANY TYPE OR KIND (INCLUDING LOSS OF DATA, REVENUE, PROFITS, USE OR OTHER ECONOMIC ADVANTAGE), REGARDLESS OF THE CAUSE, ARISING OUT OF OR IN CONNECTION WITH THE AGREEMENT OR THE SERVICES PROVIDED HEREUNDER, EVEN IF THE PARTY FROM WHICH DAMAGES ARE BEING SOUGHT HAS BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
- GROSS NEGLIGENCE; WILLFUL MISCONDUCT. NOTHING HEREIN SHALL LIMIT A PARTY’S LIABILITY IN AN ACTION IN TORT (SEPARATE AND DISTINCT FROM A CAUSE OF ACTION FOR BREACH OF THIS AGREEMENT) FOR THE PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT.
10. TERM; TERMINATION
- Term. The Agreement commences on the Effective Date and continues until all Order Forms subject to this Agreement have expired or terminated, unless this Agreement is earlier terminated in accordance with this Section 10. User subscriptions commence on the subscription start date specified in the relevant Order Form and continue for the Subscription Term specified therein. Unless otherwise provided in the Order Form, user subscriptions shall automatically renew for additional periods of one year on the same terms unless either party gives the other notice of non-renewal or a new price quote at least 30 days prior to the end of the relevant Subscription Term.
- Termination. A party may immediately terminate this Agreement for cause: (i) upon 30 days written notice of a material breach to the other party if such breach remains uncured at the expiration of such period or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors that is not dismissed within sixty (60) days of its commencement or an assignment for the benefit of creditors. Upon any termination for cause by Customer, Sustain shall refund any prepaid fees covering the remainder of the Subscription Term after the effective date of termination. Termination shall not relieve Customer of the obligation to pay any fees accrued or payable to Sustain prior to the effective date of termination.
- Return of Customer Data. Upon Customer’s written request within 30 days after the effective date of termination, Sustain shall make available for download a file of Customer Data in comma separated value (.csv) format along with attachments in their native format. After such 30-day period, Sustain shall have no obligation to maintain or provide any Customer Data and may thereafter, unless legally prohibited, delete all Customer Data in its systems or otherwise in its possession or under its control.
- Transition Services. Upon termination of the Agreement, at Customer’s election, Sustain shall provide transition services to facilitate the orderly and complete transfer of the Customer Data to Customer or to any replacement provider designated by Customer (“Transition Services”), provided that the scope and fees of the Transition Services shall be mutually agreed to by the parties in a statement of work prior to commencing Transition Services. Notwithstanding the provisions of this subsection, in no event shall Sustain be required to disclose any of its Confidential Information or provide a license under any of its intellectual property to Customer or any third party as part of the Transition Services. For the avoidance of doubt, Customer shall continue to pay the subscription fees for the use of the Hosted Applications during the transition period.
- Survival. Upon expiration or termination of the Agreement, Sections 1 (Definitions), 3.2 (Restrictions), 4.1 (Billing and Payment of Fees), 5 (Proprietary Rights), 6 (Confidential Information), 8 (Indemnification), 9 (Disclaimer and Limitations of Liability), 10 (Term; Termination), and 11 (General Provisions) of this Agreement shall survive.
11. GENERAL PROVISIONS
- Compliance with Laws and Export Control.Each party shall comply with all applicable laws and government regulations, including the export laws and regulations of the United States and other applicable jurisdictions, in connection with providing and using the Hosted Applications and/or Sustain Platform. Without limiting the foregoing, (i) each party represents that it is not named on any government list of persons or entities prohibited from receiving exports, and (ii) Customer shall not, and shall ensure that Users do not violate any export embargo, prohibition, restriction or other similar law in connection with this Agreement.
- Notice. Except as provided elsewhere in this Agreement, either party may give notice by written communication sent by next-day mail delivered by a nationally recognized delivery service: (i) if to Customer, to Customer’s address on record in Sustain’s account information or (ii) if to Sustain, to 1644 Platte Street, Denver, CO 80202, addressed to the attention of: Legal Dept. Such notice shall be deemed to have been given upon the expiration of 48 hours after mailing.
- Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (not to be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety (including all Order Forms), without the consent of the other party, to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors and permitted assigns.
- Dispute Resolution. This Agreement shall be governed by Colorado law and controlling United States federal law, without regard to the choice or conflicts of law provisions of any jurisdiction and without regard to the United Nations Convention on the International Sale of Goods or the Uniform Computer Information Transactions Act. Any disputes, actions, claims or causes of action arising out of or in connection with this Agreement (“Dispute”) shall be subject to the exclusive jurisdiction of the state and federal courts located in Denver, Colorado (and the parties hereby consent to jurisdiction and venue in the U.S. federal courts located in the District of Colorado). However, notwithstanding the above, any Dispute shall be submitted to and finally settled by arbitration in Denver, Colorado for any arbitration, using the English language in accordance with the Arbitration Rules and Procedures of the Judicial Arbitration and Mediation Services, Inc. (JAMS) then in effect, by one or more commercial arbitrator(s) with substantial experience in the industry and in resolving complex commercial contract disputes. Judgment upon the award so rendered may be entered in a court having jurisdiction or application may be made to such court for judicial acceptance of any award and an order of enforcement, as the case may be. Notwithstanding the foregoing, each party shall have the right to institute an action in any court of proper jurisdiction for injunctive relief. The prevailing party in any dispute arising under this Agreement shall be awarded its reasonable attorney fees and costs.
- Entirety. The Agreement comprises the entire agreement between Customer and Sustain and supersedes all prior or contemporaneous negotiations, discussions or agreements, whether written or oral, between the parties regarding the subject matter contained herein. In the event of any conflict between this Agreement and the Order Form, the Order Form shall govern. No text or information set forth on any other purchase order, preprinted form or document shall add to or vary the terms and conditions of this Agreement. If any provision of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision(s) shall be construed, as nearly as possible, to reflect the intentions of the invalid or unenforceable provision(s), with all other provisions remaining in full force and effect. Customer agrees that Customer’s purchase of any subscription is neither contingent upon the delivery of any future functionality or features nor dependent upon any oral or written comments made by Sustain with respect to future functionality or features. No joint venture, partnership, employment, or agency relationship exists between Customer and Sustain as a result of the Agreement or use of the Hosted Applications or Sustain Platform. The failure of a party to enforce any right or provision in this Agreement shall not constitute a waiver of such right or provision.
- Force Majeure. No party shall be liable or responsible to the other party, nor be deemed to have defaulted under or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement (excluding Customer’s failure to pay amounts owed when due), when and to the extent such failure or delay is caused by or results from acts beyond the affected party’s reasonable control, including without limitation: strikes, lock-outs or other industrial disputes (whether involving its own workforce or a third party’s), trespassing, sabotage, theft or other criminal acts, cyber-attacks, failure of energy sources or transport network, acts of God, export bans, sanctions and other government actions, war, terrorism, riot, civil commotion, interference by civil or military authorities, national or international calamity, armed conflict, malicious damage, breakdown of plant or machinery, nuclear, chemical or biological contamination, explosions, collapse of building structures, fires, floods, storms, earthquakes, epidemics or similar events, natural disasters or extreme adverse weather conditions (each a “Force Majeure Event”). The party suffering a Force Majeure Event shall use reasonable efforts to mitigate against the effects of such Force Majeure Event.
EXHIBIT A – SUBSCRIPTION SCHEDULE EXHIBIT
A-1: TECHNICAL SUPPORT
The following describes the technical support services (“Technical Support”) Sustain shall provide for the support level purchased by Customer (“Support Level”) as stated on the Order Form. The following terms may be updated from time to time, however, for each Order Form, the terms effective as of the execution of the Order Form shall apply for the duration of the applicable Subscription Term.
- Scope. The purpose of Technical Support is to address defects in the Hosted Applications that prevent them from performing in substantial conformance with the applicable Documentation. A resolution to such a defect may consist of a fix, workaround or other relief reasonably determined by Sustain’s Technical Support staff.
- Online Support Portal. The Support Portal includes an online knowledge base, best practices for use of the Hosted Applications, and a portal for the Designated Support Contacts (as defined below) to submit support tickets.
- Live Phone Support.Sustain personnel is available to provide Technical Support to Customer, depending on the Support Level (as defined below) purchased by Customer.
- Severity Levels. Each support ticket shall be categorized by Customer into one of the following severity levels.
||Severe error that results in the Hosted Applications experiencing complete unavailability and halting transactions with no workaround.
||Serious error that results in a major function of the Hosted Applications suffering a reproducible problem causing either major inconvenience to Users or consistent failure in a common functionality.
||Error that results in a common functionality experiencing an intermittent problem or a consistent failure in a less common functionality.
||Service requests such as sandbox refreshes, SSO setups, and other how-to type of questions.
- Support Levels
|Online Ticket Submission
||Weekdays (8 am to 6 pm at Customer’s headquarters)
||24×7 for Severity 1 cases
||24×7 for Severity 1 cases
|Designated Support Contacts
||Maximum of 3
||Maximum of 5
||Maximum of 7
||1 Business Day
||2 Business Days
||1 Business Day
||4 Business Days
||3 Business Days
||3 Business Days
||7 Business Days
||7 Business Days
||7 Business Days
6. Customer Responsibilities
- Customer shall designate no more than the number of Sustain Platform administrators (“Designated Support Contacts”) set forth above who may contact and interact with Sustain in connection with Technical Support requests. Customer’s Designated Support Contacts shall answer questions and resolve issues as needed when they arise from other Users of the Hosted Applications. Customer’s Designated Support Contacts enter support request tickets, work through Technical Support issues with Sustain, and take action as needed to implement the resolution to the issue. Customer agrees that Sustain may communicate, and follow instructions to make changes to Customer Data and/or Customer’s instances, with its Designated Support Contacts via email, phone or through the Support Portal.
- Customer shall ensure that Customer’s Designated Support Contacts are trained on the use and administration of the Hosted Applications. (c) Customer shall ensure that the name, contact and other information for these Designated Support Contacts are current in the Support Portal. Customer may replace Designated Support Contacts by updating the applicable information in the Support Portal, provided that at no time may Customer have more than the number of Designated Support Contacts permitted based on its Support Level.
7. Support Exclusions. Sustain is not required to provide resolutions for immaterial defects or defects due to modifications of the Hosted Applications made by anyone other than Sustain (or anyone acting at Sustain’s direction). The following are also excluded from Technical Support:
- Implementation services
- Configuration services
- Integration services
- Customization services or other custom software development
- Assistance with administrative functions
8. Update Process. Sustain shall use commercially reasonable efforts to (1) monitor the Hosted Applications and related infrastructure for opportunities to address performance, availability and security issues; and (2) at Sustain’s discretion, deliver functionality enhancements to address customer and market requirements to improve such Hosted Applications based on Sustain innovation. Sustain’s update and release process, as updated from time to time, is described in the Support Portal (“Update Process”).
Customer shall upon notice comply with the Update Process and understands that only the latest release of the Sustain Platform and Hosted Applications contains the most current features, availability, performance and security, including software fixes. Sustain is not responsible for product defects or security issues affecting the Hosted Applications or failure to meet the Uptime SLA (defined in Exhibit A-2) for Hosted Applications when Customer is not in compliance with the Update Process.
EXHIBIT A-2: SERVICE LEVEL AGREEMENT (SLA)
- If service outages result in a failure of any production instance of a Hosted Application to meet an uptime availability requirement of 99.8% over a calendar month (“Uptime SLA”), Customer’s sole and exclusive remedy shall be a service credit equal to the greater of:
- Ten percent (10%) of the subscription fees set forth in the applicable Order Form for the applicable Hosted Application for that calendar month; or
- The actual unavailability rate for that calendar month (as an example, if the Hosted Application has an uptime availability of 85% during a calendar month, then the service credit shall be fifteen percent (15%) of the applicable subscription fees for that calendar month).
- The following events shall be excluded in calculating Uptime SLA:
- Planned maintenance windows, which are described in the Support Portal; and
- Emergency maintenance required to address an exigent situation with the Hosted Application or Sustain Platform that if not addressed on an emergency basis could result in material harm to the Hosted Application or Sustain Platform. Sustain shall provide advance notice of emergency maintenance via the Support Portal to the extent practicable.
- Any unavailability caused by circumstances beyond Sustain’s reasonable control, including without limitation, unavailability due to Customer or its Users’ acts or omissions, a Force Majeure Event, Internet service provider failures or delays, failure or malfunction of equipment or systems not belonging to or controlled by Sustain,
- Items (a) – (c) collectively, “Excused Downtime”.
Sustain reserves the right to perform planned maintenance outside the target periods above if circumstances require, and Sustain shall provide prior notice to Customer via the Support Portal before doing so.
- Uptime SLA is calculated as follows:
- [(x-y-z)/(x-z)] x100
- x=total number of minutes in a calendar month
- y=downtown that is not excluded
- z=excused downtime (as defined herein)
- Customer must request all service credits in writing to Sustain within thirty (30) days of the end of the month in which the Uptime SLA was not met, including identifying the period Customer’s production instance of the Hosted Applications was not available. Sustain shall apply the service credit during Customer’s next billing cycle unless the service credit is reasonably disputed by Sustain, in which case Customer and Sustain shall work together in good faith to resolve such dispute in a timely manner. The total amount of service credits for any month may not exceed the applicable monthly subscription fee for the affected Hosted Applications, and has no cash value (unless a service credit is owed at the termination or expiration of this Agreement without a renewal order, in which case, such service credit shall be paid to Customer within ninety (90) days of the end of the Subscription Term).
EXHIBIT A-3: DATA SECURITY MEASURES
The following terms may be updated from time to time, however, for each Order Form, terms effective as of the execution of the Order Form shall apply for the duration of the applicable Subscription Term.
A. ORGANIZATIONAL ACCESS CONTROL
- Control Environment. Sustain employees are required to sign a written acknowledgment form documenting their receipt and understanding of the employee handbook and their responsibility for adhering to the policies and procedures therein. Employees are also required to sign a confidentiality agreement agreeing not to disclose proprietary or confidential information, including client information, to unauthorized parties.
- Access Administration. Sustain employees do not have direct access to Customer Data, except where necessary for Technical Support, system management, maintenance, backups and other purposes separately authorized by Customer in writing. Access to Customer Data is further restricted to technical and customer support staff on a need-to-know basis. When an employee or contractor no longer has a business need for these privileges, his or her access is revoked in a timely manner, even if he or she continues to be an employee or contractor of Sustain. Sustain’s policies require Sustain personnel to report any known security incidents to Sustain management for investigation and action.
- Personnel Screening. Criminal background checks are performed for employees with access to Customer Data as a component of the hiring process.
- Security Awareness and Training. Sustain maintains a security awareness program that includes appropriate training of Sustain personnel on Sustain’s security program. Training is conducted at the time of hire and periodically in accordance with the Sustain Information Security Policy.
- Subprocessors and Data Transfer. Sustain may engage Subprocessors and other Third Party Suppliers (each as defined below) to perform some of its obligations under the Agreement. Sustain shall ensure that Subprocessors only access and use Customer Data in accordance with the terms of the Agreement and that they are bound by written obligations to protect Customer Data. At the written request of Customer, Sustain shall provide additional information regarding Third Party Suppliers and their locations. Customer may send such requests to Sustain’s Data Privacy Officer at firstname.lastname@example.org. “Subprocessors” means Sustain affiliates and Third Party Suppliers that have access to, and process, Customer Data. “Third Party Suppliers” means the third party contractors and suppliers engaged by Sustain for the purpose of processing Customer Data in the context of the provision of the Hosted Applications or Sustain Platform. As part of providing the Hosted Applications or Sustain Platform, Sustain may transfer, store and process Customer Data in the United States or any other country in which Sustain and its Subprocessors maintain facilities.
- Business Continuity Management Process. Sustain shall maintain a business continuity plan (BCP) that defines the processes and procedures for the company to follow in the event of a disaster and shall review and shall regularly test Sustain’s disaster recovery plan to ensure that it is capable of recovering Sustain assets and continuing key Sustain business processes in a timely manner.
B. PHYSICAL ACCESS CONTROL
- Physical Protection of the Data Centers. Physical access to data centers is strictly controlled by the cloud infrastructure provider (“IaaS Provider”, e.g., AWS, SoftLayer or Azure) both at the perimeter and at building ingress points by security staff. Authorized staff must pass a two-factor authentication to access data center floors which are monitored by cameras. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. The IaaS Provider only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee or contractor no longer has a business need for these privileges, his or her access is immediately revoked, even if he or she continues to be an employee or contractor of the IaaS Provider. All physical access to data centers is logged and audited routinely.
- Availability. Data centers are built in various global regions. All data centers are online and serving customers; no data center is “cold.” In case of failure, automated processes move Customer Data traffic away from the affected area. The datacenters have backup power and environmental protection systems, which are regularly maintained and tested.
- Disaster Recovery. Each customer environment has one (1) master and at least one (1) slave instances that are mirrored continuously to one another. These instances of the Hosted Applications are located in physically separate data centers. Each Sustain production instance is backed up on a regular interval at the IaaS Provider.
- Fire Detection and Suppression. Automatic fire detection and suppression equipment has been installed to reduce risk and damage to data center environments.
- Power. The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Data center facilities have power backup and environmental protection systems in the event of an electrical failure for critical and essential loads in the facility.
- Climate and Temperature. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels.
- Monitoring. The IaaS Provider monitors electrical, mechanical, and life support systems and equipment so that any issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment.
C. TECHNICAL SECURITY MEASURES
- Database Protection. Database infrastructure is completely segregated from the application servers and the Internet via firewalls.
- Encryption. All communications are encrypted between the data exporter and the data centers using high-grade encryption (AES-256). Access to Sustain’s on-demand applications and services is only available through secure sessions (https) and only available with an authenticated login and password. Passwords are never transmitted or stored in their original form.
- Intrusion Protection. The application infrastructure is protected against intrusion by industry standard firewalls at the network, host, and application levels, and intrusion detection systems across all servers. Customer is prohibited from performing its own penetration on any system of Sustain or its supplier.
- Instance Isolation. Different IaaS instances are hosted on the same physical machine and are isolated from each other through the hypervisor layer. All packets pass through this layer so that another instance has no more access to Customer’s instance than any other host on the Internet – the instances look like they are on separate physical hosts. Customer instances in the IaaS infrastructure have no access to raw disk devices but instead, are presented with virtualized disks.
- Malicious Software Protection. Sustain and the IaaS Provider shall ensure that the Hosted Applications and the Sustain Platform include reasonably up-to-date versions of system security agent software which shall include reasonably current and tested malware protection, patches, and anti-virus protection.
- Exclusions. If Customer installs, uses, or enables third-party services that interoperate with the Hosted Applications then the Hosted Applications may allow such third-party services to access, use, or otherwise process and transmit Customer Data. Sustain’s Security Program does not apply to any processing, storage, or transmission of any such Customer Data, and Sustain is not responsible for the security practices (or any acts or omissions) of such third-party service providers with respect to data transmitted to and from such third-party services. The Security Program excludes: (i) data or information shared with Sustain that is not stored in the applicable Sustain Platform; (ii) data in Customer’s virtual private network (VPN) or a third-party network other than one that is under a subcontract with Sustain to assist Sustain in fulfilling its obligations in the Agreement; or (iii) any data used, processed, stored or transmitted by Customer or Users in violation of this Agreement.