Terms of Service

Introduction

1. SNI owns and operates the fulcrumapp.com web site (the “Site”), through which SNI provides Fulcrum, and SNI also makes available the Products, which collectively enable Customer to perform field data collection on mobile devices and to store Subscriber Content. Fulcrum may also include installation and operation of one or more downloadable software applications from SNI intended for integrated use with Fulcrum.

2. Customer would like to use Fulcrum.  SNI is willing to grant a non-exclusive license to use Fulcrum, subject to the Terms.

3. Customer would like to place the Initial Order to which theseTerms are attached.  From time to time, Customer and SNI may agree to additional Orders or SOWs.  

Agreement

1.         Definitions. Capitalized terms below have the respective meanings set forth below or set forth in these Terms:

1.1.       “Account” means the account of Customer that is the master account used by Customer to access Fulcrum.

1.2.        “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with a Party, solely during the period of such control, where “control” means direct or indirect ownership of more than fifty percent (50%) of the voting interests of such entity or the right to otherwise direct the management or policies of such entity.  

1.3.        “Add-on Feature” means any additional feature that Customer requests that SNI develop.

1.4.        “Agreement” means, collectively, these Terms, together with all Orders and SOWs between Customer and SNI.

1.5.        “API” means any application programming interface made available by SNI in connection with Fulcrum.

1.6.        "Block” means a number of hours of Professional Services that Customer agrees to buy in advance of provision of such Professional Services.

1.7.        “Customer Content” means any data of Customer that is entered into Fulcrum by Customer or any User.

1.8.        “Deliverable” means any item or deliverable provided to Customer as a part of the Services, other than any Add-on Feature or any Output.

1.9.        “Documentation” means the current technical and user documentation for Fulcrum, as SNI may make available on the Site from time to time. The Documentation may be modified from time to time.

1.10.       “Fees” means the Subscription Fees and Professional Services Fees, collectively.

1.11.        “Fulcrum” means, collectively, the Site, the Products, any Optional Services, any applicable mobile application made available by SNI from time to time and the software as a service offering of SNI that enables use of the Site, the Products and any Optional Services.

1.12.        “Initial Order” means the initial Order to which these Terms are attached.

1.13.        “Law” means any declaration, decree, directive, legislative enactment, order, common law, ordinance, regulation, rule, guideline, guidance or other binding restriction or requirement of or by any governmental authority, as may be amended or replaced from time to time.

1.14.        “Maintenance Window” means each period commencing at 8 pm Eastern Time on Friday until 11 pm Eastern Time on Friday, as may be reasonably shortened or extended by SNI from time to time.

1.15.        “Optional Services” means any service, other than Professional Services, that is not part of the standard offering of SNI, which may include additional data storage.

1.16.        “Order” means an ordering document, whether on SNI’s website or a paper copy, pursuant to which Customer licenses Fulcrum or obtains Fulcrum.  

1.17.        “Output” means any report or analytical output created by Customer using Fulcrum.

1.18.        “Party” means each of SNI and Customer, and together they are the “Parties”.

1.19.        “Personal Information” or “PI” means any of the following information provided by or on behalf of Customer to SNI: (a) any information that identifies or can reasonably be used to identify any individual or that can be reasonably associated or linked to any individual, such as first and last name, social security number or other government issued number or identifier, date of birth, home or other physical address, e-mail address or other online contact information, IP address, geolocation data, telephone number, financial account number, credit or debit card number, biometric data, mother's maiden name or any other personally identifiable information; (b) personally identifiable financial, health or insurance information; (c) any unique persistent identifier associated with an individual or a networked device, including a customer number held in a cookie, a user ID, an advertising ID, a browser fingerprint, a processor serial number, a device serial number, or any other number that uniquely identifies a particular telecommunications device, processor or computer; (e) any information that is treated as personal information or its equivalent by an applicable privacy or data security Law; or (f) any other information relating to an individual that is combined with any information in clause (a) of this definition.

1.20.        “Product” means any product or service identified on an Order as a product to be provided by SNI.  

1.21.        “Professional Services” means any implementation, installation, training, consulting, custom development or other professional services provided by SNI to Customer under the Agreement.

1.22.        “Professional Services Fees”means the amount specified or calculated to be the “Professional Services Fees” on each Order or SOW.

1.23.        “Services” means Products, Optional Services and Professional Services, collectively.

1.24.        “SOW” or “Statement ofWork” means any statement of work between the Parties, which the Parties may agree to and execute from time to time.

1.25.        “Subscription Fee” means the amount specified as “Subscription Fees” on each Order, and includes fees for both the Subscription Services and Optional Services set forth on such Order, or any additional amount in the event that Customer exceeds the number of Users set forth on the applicable Order.

1.26.        “Support” means such support as described in Section 5.5 of this DPA.

1.27.        “Terms” means these terms under which SNI provides any Services, attached to the Initial Order, and which shall govern each Order or SOW, subject to Section 2.1 of this DPA.

1.28.        "Third Party” means any person or entity other than a Party or any Affiliate of a Party.

1.29.        “User” means an individual authorized by Customer to use the applicable Product in accordance with an Order regardless of whether the individual is actively using such Product at any given time.

2.         General; Orders; SOWs; License.

2.1.        Orders, SOWs. Subject to the terms of the Agreement, Customer may use Products or Optional Services and use Fulcrum pursuant to any Order.  Each Order shall reference these Terms. Each Order shall be in the form set forth in Exhibit B, except as may otherwise be agreed to by the Parties. Subject to the terms of these Terms and the terms of the applicable SOW, Customer may purchase Professional Services pursuant to any SOW. Each SOW shall reference these Terms. Each SOW shall be in the form set forth in Exhibit C, except as may otherwise be agreed to by the Parties. Any conflict between the terms of an Order or an SOW and these Terms will be resolved in favor of such Order or SOW, only if and to the extent expressly referencing these Terms and the intended change, and only as to such Order or SOW.  Any terms which may appear as pre-printed language or otherwise be on, attached to or inserted within any order form, quote, invoice, bill or other form or document issued by Customer shall be of no force or effect even if such form or document is accepted by SNI.  Any Affiliate of Customer may place any Order or agree to any SOW under this Agreement, in which case such Affiliate shall be bound to these Terms.  Any Order or SOW is only effective once executed by the Parties. Each Order or SOW shall be deemed to incorporate the terms of theseTerms, subject to this Section 2.1.

2.2.        General License.  Subject to the terms of these Terms including payment of all Fees due hereunder, SNI hereby grants to Customer, during the relevant Order Term, a limited, non-exclusive, non-transferable license, without the right to sublicense, to access and use (a) the Products set forth on the applicable Order; (b) Optional Services if Customer subscribes to Optional Services; and (c) any Add-on Features as set forth in Section 5.3, in each case, in accordance with the Documentation, including to generate, use, reproduce and display Output, solely for Customer’s internal business purposes and not for the benefit of any other person or entity.  Additional terms of authorized use are as set forth in each applicable Order, and may include, for example, limitations on the number of Users, in which case Customer shall not use more than the number of User licenses purchased.  In the event that Customer uses more than the number of User licenses purchased, SNI may invoice Customer for additional Subscription Fees and Customer shall pay such User Fees.  Customer understands that SNI may update Fulcrum from time to time.  

2.3.        Copies.  Customer may make a reasonable number of copies of the Documentation solely for back up or disaster recovery purposes.  Customer shall reproduce all copyright, trademark, trade secret and other proprietary notices in such copies.  Customer may not make a copy of any aspect of Fulcrum other than the Documentation.

2.4.        Accounts.  To use Fulcrum, Customer must register for an Account.  Each User must register and create a sub-account as part of Customer’s Account (each, a “Sub-Account”) to be able to use Fulcrum or collaborate and share Customer Content.  Each User may use Fulcrum on the mobile device of such User.  Each User must have a separate Sub-Account for such User. Customer shall not permit any User to share any Sub-Account with any other User.  Customer shall safeguard the username and password for the Account, and shall require each User to safeguard the username and password for each Sub-Account, and Customer shall promptly notify SNI in the event of a breach of the Account of Customer or any Sub-Account of any User and comply with SNI’s reasonable instructions in relation thereto.  Customer is responsible for any action or omission that occurs under the Account of Customer or any Sub-Account of any User.

2.5.        API; API Usage.  SNI has the right to change the API from time to time.  SNI shall use commercially reasonable efforts to provide Customer with reasonable advance notice of any material change to the API.  Customer is responsible for ensuring that calls or requests to Fulcrum, including the API, are compatible with the current API.  SNI will use commercially reasonable efforts to avoid changes to the API that are not backwards compatible.  When Customer uses any API, such usage is based on the Account’s unique API key, and the API key is used for all Sub-Accounts as well. Customer is responsible maintaining the security of the API key for Customer.  Customer is responsible for any action or omission that occurs under the API key of Customer.  SNI may impose limitations on your usage of any API, from time to time, for load-balancing, security or other reasons.

2.6.        Third-Party Software.  Fulcrum uses third-party software to provide certain functionalities, including maps, as may be updated by Fulcrum from time to time. By using Fulcrum, Customer agrees to comply with the terms of service, end user license agreement or other relevant agreement in relation to such third-party software.  Upon Customer’s request, SNI shall make available a list of all third-party software then included as part of Fulcrum.

3.          Usage Limitations and Requirements.

3.1.        Maintenance Windows.  Customer agrees that Fulcrum may not be available during any Maintenance Window.

3.2.       IP- or Computation-Related Limitations.  Customer shall not, directly or indirectly, and shall not allow any Affiliate or Third Party to: (a) decompile, disassemble, translate, reverse engineer or otherwise attempt to derive source code or any underlying algorithm or idea from Fulcrum; (b) circumvent or violate any technical restriction of Fulcrum; (c) make any copies of Fulcrum or any portion thereof or any Documentation, except as otherwise authorized in Section 2.3; (d) disclose Fulcrum or any portion thereof, or any Documentation to any Third Party; (e) sublicense, rent, lease, lend or host Fulcrum to or for any Third Party; (f) attempt to unlock or bypass any initialization system, encryption method or copy protection devices in Fulcrum; (g) alter, remove or obscure any patent, trademark or copyright notice in Fulcrum or any Documentation; (h) use components of Fulcrum independent of Fulcrum; (i) use any Confidential Information of SNI to contest the validity of any intellectual property of SNI; (j) publish or disclose to any third party any evaluation of the Platform; (k) interfere with or disrupt the integrity or performance of the Platform; (l) interfere with or damage Fulcrum, including through the use of any virus, bot, Trojan horse, harmful code, flood ping, denial of service attack, packet or IP spoofing, forged routing, forged electronic mail address information, means to reproduce or circumvent the navigational structure or presentation of Fulcrum or its contents, or any other similar method or technology; or (m) use any robot, spider, site search/retrieval application or other automated means to access, retrieve, scrape or index any portion of Fulcrum.

3.3.        Use Limitations.  Customer shall not, directly or indirectly, and shall not allow any Affiliate or Third Party to, in connection with use of Fulcrum: (a) violate any applicable Law; (b) infringe the rights of any third party, including intellectual property, privacy or contractual rights; (c) use information obtained through Fulcrum for any unauthorized, improper, or illegal purpose; (d) use Fulcrum (i) to collect, transmit, distribute, post, or submit any unauthorized personal information concerning any person (including any photograph, personal contact information, or numbers of credit, debit or calling cards or accounts) or (ii) to track an individual; (e) use Fulcrum in connection with the distribution of unsolicited commercial email (“spam”) or any advertisement; (f) stalk or harass any person; (g) collect any information about any other user other than as customarily arises in the course of permitted use of Fulcrum; or (h) use Fulcrum to collect information about or from any minor. In order to protect the integrity of Fulcrum, SNI reserves the right at any time in SNI’s sole discretion to block any user from accessing Fulcrum.

3.4.        Equipment.  Customer shall be responsible for procuring all hardware and software necessary to use Fulcrum, or that maybe used to integrate with or connect to Fulcrum, including the API, for exchange of data with Fulcrum.  

3.5.        Devices.  Customer’s license is limited based on the number of Users.  One User is entitled to use Fulcrum with up to three (3) devices; provided, however, that in the event that Customer shares devices or Sub-Accounts among Users, SNI may reduce the number devices per User at any time, by providing notice to Customer and may charge Customer for additional Fees based on the number of Users that made use of Fulcrum that were not authorized to do so including based on retroactive use by Customer. Customer understands that SNI may monitor the usage of Customer and Users to ensure compliance with limitations on the number of devices.

4.        Usage Standard; Customer Content.  

4.1.        Usage Standard.  Customer shall, and shall require each User to, use Fulcrum responsibly, with good judgment, and in a manner conforming at minimum to prevailing standards for internet etiquette.  

4.2.        Compliance with Laws.  Customer will comply with all applicable Laws in connection with its use of the Platform or any Service or Output, including any applicable securities Laws, U.S. Export Administration Regulations, anti-corruption Laws and U.S. embargoes, as well as any Laws of any jurisdiction outside of the United States where Fulcrum or any Service, Output or Deliverable is used.

4.3.        License to Customer Content.  Customer will own Customer Data. For purposes of providing Fulcrum or improving the quality or performance of Fulcrum, Customer hereby grants to SNI anon-exclusive, perpetual, irrevocable, worldwide, sublicensable, transferable, royalty free, fully paid up license to reproduce, distribute, prepare derivative works of, modify, translate, adapt, publicly perform, publicly display and otherwise use Customer Content.  Nothing in this Section 4.3 shall permit SNI to disclose Customer Data to any Third Party, except at the request of Customer.

4.4.        Responsibility.  Customer shall be solely responsible for the accuracy, quality, integrity, legality, appropriation of and the right to use any Customer Data.

4.5.        IP Rights and Customer Content.  Customer represents, warrants and covenants to SNI that: (a) all Customer Content has been collected in compliance with all applicable Laws and policies; (b) no Customer Content contains any confidential or proprietary information that Customer does not have authority to make available via Fulcrum; (c) Customer has the right to submit all Customer Content for storage and use or have received all necessary consents and approvals; (d) Customer shall use all Customer Content in compliance with all applicable Laws and policies; (e) Customer’s use of the Customer Content does not infringe or violate the rights of any Third Party; and (f) Customer is not entitled to any kind of compensation or reimbursement of any kind from SNI for any Customer Content. Customer hereby grants to SNI the right to delete, remove or disable any Customer Content at any time for any reason or no reason. 

4.6.        Problematic Content.  Customer shall not, directly or indirectly, and shall not allow any Affiliate or Third Party to, in connection with use of Fulcrum:: (a) transmit any Customer Content that is unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, offensive, obscene, pornographic, lewd, lascivious or otherwise objectionable, as determined by SNI; (b) use a name or language that SNI, in its sole discretion, deems offensive; (c) post defamatory statements; (d) post hateful or offensive Customer Content or Customer Content that disparages any ethnic, racial, sexual, gender, religious or other group; (e) post Customer Content that depicts or advocates the use of illegal drugs; (f) post Customer Content that characterizes violence as acceptable, glamorous or desirable; (g) post Customer Content which infringes another’s copyright, trademark or trade secret; (h) post unsolicited advertising or unlawfully promote products or services; (i) harass, threaten, bully, stalk or intentionally embarrass or cause distress to another person or entity; (j) promote, solicit or participate in any multi-level marketing or pyramid schemes; (k) exploit children under 18 years of age; (l) engage in disruptive activity, such as sending multiple messages in an effort to monopolize a forum; (m) invade the privacy of any person, including posting personally identifying or otherwise private information about a person without their consent (or their parent’s consent in the case of a child under 13 years of age); (n) solicit personal information from children under 13 years of age; (o) create a false identity or impersonate another person or entity; or (p) encourage conduct that would constitute a criminal or civil offense. The restrictions in this Section 4.6 are intended to be illustrative, and SNI reserves the right to consider other conduct to be prohibited. In addition, Customer shall not post any content to any of SNI’s social media accounts that is any of items (a)–(p) above.

4.7.        DMCA.  If you are a copyright owner or an agent thereof, and believe that any user submission or other content infringes upon your copyrights, you may submit a notification pursuant to the Digital Millennium Copyright Act (“DMCA”) by providing our Copyright Agent with all of the following information in writing (see 17 U.S.C § 512(c)(3) for further detail): (a) a physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed; (b) identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works on Fulcrum are covered by a single notification, a representative list of such works from SNI; (c) identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit us to locate the material; (d) information reasonably sufficient to permit us to contact the complaining party, such as an address, telephone number, and, if available, an email address; (e) a statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law; and a statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

5.         Professional Services; Add-On Features; Output.

5.1.       Professional Services.  Any Professional Services to be provided will be described in an SOW and will be provided on a time-and-materials basis, unless otherwise set forth on the applicable SOW.  Customer shall provide SNI with (a) reasonable assistance to facilitate scheduling and performance of Professional Services; (b) information required to perform the Professional Services; and (c) an engagement manager to help ensure effective delivery of the Professional Services.  Professional Services are accepted when delivered unless otherwise set forth in the applicable SOW.  To the extent that any acceptance is required pursuant to any SOW, such acceptance shall be in the form set forth in ExhibitC-1.
5.2.          Blocks.  Customer may from time to time purchase a Block, whether as part of any Order or as part of any SOW.  If Customer has purchased a Block, SNI shall deduct the number of hours used for Professional Services from such Block until the number of hours in such Block is zero (0). Thereafter, SNI shall invoice Customer at the then-current rate of SNI for Professional Services, except in the event that Customer purchases another Block (unless such other Block is consumed). Upon Customer’s request, SNI shall email Customer within five (5) business days after the end of each calendar month setting forth the number of hours remaining in any Block purchased by Customer.

5.3.          Add-on Features.  Customer may from time to time request that SNI develop any Add-on Feature. The Parties may negotiate an SOW therefor, which shall include the payment of Professional Services Fees for the Professional Services required to develop such Add-on Feature.  Upon acceptance of such Add-on Feature, Customer shall be licensed to use such Add-on Feature in accordance with the license set forth in Section 2.2.  SNI shall be the sole owner of all right, title and interest in and to any improvement to Fulcrum, including any modification, alteration or enhancement made as any Add-On Feature that may be developed in accordance with this Section 5.3. Customer hereby assigns to SNI all of Customer’s right, title and interest in and to any intellectual property in any Add-On Feature.  

5.4.          Output.  Customer shall own all Output created by or on behalf of Customer.  SNI shall not assert any claim of ownership over any Output.

5.5.          Support.  SNI may, but is not obligated to, provide assistance and guidance in respect of Fulcrum. When communicating with SNI, Customer shall not be abusive, obscene, threatening, harassing or racially offensive, or otherwise behave inappropriately. If SNI feels that Customer’s behavior towards any of our representatives is at any time threatening or offensive, SNI reserves the right to immediately terminate Customer’s access to Fulcrum.

6.              Fees; Audits.

6.1.           Fees.  Customer shall pay to SNI, or SNI’s authorized designee, the Fees set forth in each Order or SOW and reimburse SNI for any costs or expenses associated with Professional Services, subject to SNI’s compliance with Customer’s policies for such costs or expenses that have been provided to SNI in advance.  Fees and reimbursement of costs or expenses are due and payable within thirty (30) days after the date of SNI’s invoice. Customer shall pay to SNI a late charge of one percent (1%) per month or the highest amount permitted by applicable Law, whichever is less, on any Fees or costs or expenses not paid by the due date, with such interest accruing daily and capitalizing monthly.  Customer may dispute any invoice within sixty (60) days after receipt, in which case Customer shall pay the undisputed portion of such invoice and the Parties shall promptly attempt to resolve such dispute.

6.1.          Commitments; Non-Refundable.  Any Order may set forth a commitment period for any Product.  In such event, upon entering into such Order, Customer hereby agrees to pay the Subscription Fees for such Product during the entirety of the applicable commitment period.  In the event that any Order is terminated, Customer shall pay to SNI the amount of any such commitment within thirty (30) days after the effectiveness of such termination.  SNI shall not be obligated to refund any Fees to Customer in any circumstances, including in the event of any termination of the Agreement.

6.3.          Credit Card Customers.  If the applicable Order sets forth that Customer is paying Fees by credit card, Customer shall provide SNI’s credit card processor with a credit card number for a credit card that is valid during the Initial Order Term for such Order on the Effective Date of such Order, and Customer hereby authorizes SNI (through SNI’s credit card processor) to charge such credit card for the full amount of Fees for each billing cycle on the first day of each billing cycle for each Product, and, at SNI’s option, a reasonable charge for a credit card processing fee.  However, in the event that the Fees exceed twenty-four thousand dollars ($24,000) in any calendar year or two thousand dollars ($2,000) in any month, SNI may require Customer to pay to SNI such Fees by another method, such as ACH.  

6.4.          Currency; Bank Charges.  Unless otherwise identified in an Order or SOW, all Fees are stated in, and all Fees and reimbursement of costs or expenses will be paid in, United States dollars.  Customer is responsible for any currency conversion fees or bank charges imposed on any transaction hereunder.  

6.5.          Taxes.  The Fees do not include any amount for taxes.  Customer will pay all international, national, federal, state, provincial or local sales, use, value added, goods and services, property, excise, or other taxes imposed on or with respect to this Agreement, except for any taxes imposed on the income of SNI.  If any sales, use, value added, goods and services, property, excise, or other taxes (except for taxes based on Licensor’s net income) are assessed against or required to be collected in connection with any Order or SOW, SNI will itemize such taxes on each invoice issued in connection with such Order or SOW.

6.6.          Audits.  Customer shall maintain any records necessary to verify compliance with this Agreement. Upon SNI’s request, Customer shall make available to SNI such records.  SNI or its designated third party has the right, but not the obligation, to verify Customer’s compliance with the terms of the Agreement remotely, or, on five (5) days’ written notice, on location at any location and for any environment in which Customer uses Fulcrum.  Such local verification will take place during normal business hours in a manner which minimizes disruption to Customer’s work environment.  SNI will notify Customer in writing if any such verification indicates that Customer has used Fulcrum in excess of the use authorized by the Agreement. In the event of any such excess use, Customer agrees to promptly enter into an Order and pay all associated fees directly to SNI for the charges that SNI specifies including: (a) any excess use; (b) maintenance or subscription fees for the excess use for the duration of such excess; and (c) any additional Fees determined as a result of such verification.

7.              Intellectual Property.  

7.1.          Ownership.  SNI owns all right, title and interest in and to Fulcrum and any intellectual property rights therein, subject to the limited licenses granted herein. Customer shall not use any trademark in any manner, including “Fulcrum”, including as part of a meta tag on any other website.

7.2.          No Sale.  The grant of rights to Fulcrum is not a sale of Fulcrum or any portion thereof.  SNI retains all right, title and interest in and to Fulcrum, including any modifications, alterations or enhancements thereto.  

7.3.          No Implied Licenses.  Except for the express licenses set forth in this Agreement, this Agreement does not grant to Customer any license, by implication, estoppel or otherwise.

7.4.          No Assignment.  Except for the express licenses set forth in this Agreement, this Agreement does not transfer any right, title or interest in any intellectual property right of either Party to the other Party.  This is not a work made-for-hire agreement (as that term is defined in Section 101 of Title 17 oft he United States Code).
 
7.5.          Framing.  Customer shall not display Fulcrum, or any portion thereof, in a frame unless done through a supported, built-in feature of Fulcrum, and shall not display any of Customer Content via any in-line links. Customer may, however, establish ordinary links to the homepage of theSite and other sections of the Site.

7.6.          Third-Party Sites.  SNI may provide links to third-party websites on Fulcrum, and some of the Customer Content may be supplied by any third party. SNI has no responsibility or accountability for any third-party website or any content made available by any Third Party.  A link to any other website or service is not an endorsement of that website or service or the information it provides. Customer’s use of any information on any third-party site is at Customer’s own risk.

7.7.          Feedback.  If Customer elects to provide SNI with any suggestion, idea for improvement, recommendation or other feedback (collectively, “Feedback”), SNI may use such Feedback without any restriction or payment, including to improve Fulcrum.  

7.8.          Improvement.  SNI has the right to collect and analyze data relating to provision, use or performance of Fulcrum, and SNI may (a) use such data to improve Fulcrum or for other development, diagnostic or corrective purposes in connection with Fulcrum or to develop other SNI offerings; (b) disclose such data solely in aggregate or de-identified form; and (c) use any such improvement or make any such disclosure without limitation hereunder.

7.9.          AI Improvements.  Customer hereby authorizes SNIto improve Fulcrum through application of machine learning, tuning or any modification, alteration or enhancement to Fulcrum (“AI Improvements”). Customer agrees that, in the ordinary course of machine learning development, as part of such AI Improvements, SNI may extract and retain patterns from data associated with an annotation arising in connection with this Agreement which do not identify Customer and do not enable reconstruction of Customer Content (“Patterns”) and use, copy, prepare derivative works of or otherwise exploit any such Pattern to continue to improve Fulcrum, or any successor product or service, in perpetuity. Any AI Improvement arising from the Agreement shall be the sole and exclusive property of SNI and shall constitute intellectual property of SNI.

7.10.          No Challenge.  Customer shall not, and shall ensure that each Affiliate of Customer shall not, make any claim against SNI, any Affiliate of SNI or any of its or their direct or indirect customers or Customers for infringement of any patent or other intellectual property right owned by Customer or any related entity of Customer relating to intellectual property developed by or for Customer using Fulcrum.  

7.11.          US Government Customers.  If Customer is the U.S.Government or any agency or department thereof (collectively, the “Government”), Fulcrum is provided with RESTRICTED RIGHTS; use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraphs (c)(1) and (2) of the Commercial Computer Software Restricted Rights clause at 48C.F.R. 52.227-19.

8.              Confidentiality.  

8.1.            Confidential Information.  Each Party may from time to time disclose information to the other Party in connection with this Agreement, whether or not marked as such, and whether disclosed in writing, orally, visually or otherwise (“Confidential Information”).  Customer Data and Output shall be deemed to be the Confidential Information of Customer. Fulcrum, any API or Feedback or any information regarding Fees shall each be deemed to be Confidential Information of SNI.   Notwithstanding the foregoing, ConfidentialInformation does not include any information that: (a) is or becomes available to the public other than through a breach of this Agreement by the receiving Party; (b) is received by the receiving Party from a Third Party not subject to any confidentiality obligation in favor of the disclosing Party; or (c) is independently developed by the receiving Party without access or reference toConfidential Information of the disclosing Party.

8.2.          Obligations.  The receiving Party shall not use any Confidential Information of the disclosing Party for any purpose other than in furtherance of this Agreement.  The receiving Party shall not disclose any Confidential Information of the disclosing Party, except to any employee, consultant or other representative bound by confidentiality obligations at least as stringenta s those set forth herein or to any investor, lender or financing source that is made aware of the confidential status of the Confidential Information of the disclosing Party.  The receiving Party shall be responsible for any action or omission by any such employee, consultant or other representative, or any investor, lender or financing source, as if made by the receiving Party. The receiving Party shall promptly notify the disclosing Party of any breach of this Section 8.2.  

8.3.          Permitted Disclosures. Notwithstanding Section 8.2, the receiving Party may discloseConfidential Information of the disclosing Party to the extent that the receiving Party is required or requested to do so pursuant to applicable Law by any governmental authority or rules of a stock exchange; provided, however, that prior to any such disclosure, the receiving Party shall (a) assert the confidential nature of the Confidential Information of the disclosing Party to such governmental authority or stock exchange; (b) promptly notify the Disclosing Party of the governmental authority’s requirement or request to disclose; and (c) cooperate with the disclosing Party in contesting any such disclosure or obtaining a protective order, confidential treatment or the like at the expense of the disclosing Party.

8.4.          Breach.  Notwithstanding any other provision of this Agreement, each Party acknowledges that any use of Confidential Information of the disclosing Party in a manner inconsistent with this Agreement, or Customer’s use of Fulcrum in breach of this Agreement, may cause the other Party irreparable and immediate damage for which remedies other than injunctive relief may be inadequate.  Therefore, eachParty agrees that, in addition to any other remedy to which the other Party maybe entitled hereunder, at law or in equity, the other Party shall be entitled to injunctive relief, without the posting of any bond and without proof of actual damages, to restrain such use in addition to any other applicable remedy available under applicable Law.
8.5.          Publicity.  SNI is happy to have Customer asa valued customer. Customer hereby grants to SNI a worldwide, non-exclusive, royalty-free, non-transferable license to use Customer’s trademarks, service marks or logos for the purpose of identifying Customer as a Fulcrum customer in order to promote Fulcrum. If Customer prefers that SNI not use Customer’s name or logo in a particular way, please contact support@fulcrumapp.com and SNI will respect Customer’s wishes.

9.              Personal Information.

9.1.            Personal Information.  Customer shall be solely responsible for the accuracy, quality, integrity, legality, reliability and appropriateness of all Customer Content including any Personal Information, and use and processing of any Customer Content including any Personal Information hereunder.  Customer shall be responsible for obtaining any consent that may be required to collect, submit and use Customer Content including any Personal Information on Fulcrum.  Customer shall be solely responsible for ensuring that the collection, disclosure, analysis and use of Customer Content including Personal Information compliance with any applicable Law.  Customer shall not use Fulcrum to collect or otherwise transmit to SNI any sensitive PI, including any Social Security number, financial account number, financial information, driver’s license number, passport number, government identification number, health information or biometric data.  Customer shall maintain a policy that complies with applicable Law in respect of handling of Personal Information.  

9.2.          Data Processing Agreements.  Attached as Exhibit Dis a data processing agreement (the “GDPR Data Processing Agreement”) and attached as Exhibit E is a data processing agreement (the “CCPA Data Processing Agreement”).  By accepting this Agreement, Customer is agreeing to the GDPR Data Processing Agreement and the CCPA Data Processing Agreement, each of which shall govern in the event of a conflict between the Terms and such agreement.

9.3.          Data Security.  SNI agrees that all systems used to process and store Customer Content will adhere to commercially reasonable security standards.  SNI may process and store Customer Content with a Third Party in the United States of America or any other country in which such Third Party maintains facilities.  SNI takes data security very seriously and will vigorously pursue all actual or threatened security breaches. Customer agrees to report any security concerns to abuse@fulcrumapp.com.

9.4.          Privacy.  Use of Fulcrum is also governed by SNI’s Privacy Policy located at https://www.fulcrumapp.com/privacy/.By using Fulcrum, Customer accepts and agrees to abide by the terms of the Fulcrum Privacy Policy.

10.              Liability; Indemnity.

10.1.            Authority and Usage.  Customer hereby represents and warrants to SNI that: (a) Customer has the right, ability and authority to enter into and perform the Agreement; and (b) Customer’s use of Fulcrum will not violate the Agreement in any respect.

10.2.          No Consequential Damages.  SUBJECT TO SECTION 10.4, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY LOSS OF DATA, PROFITS, REVENUES OR USE OF FULCRUM, OR FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, MULTIPLE OR OTHER INDIRECT DAMAGES, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF FULCRUM OR THIS AGREEMENT.

10.3.          Damages Cap.  SUBJECT TO SECTION 10.4, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY, REGARDLESS OF THE FORM OF ANY CLAIM OR ACTION, IN AN AMOUNT IN EXCESS OF THE AGGREGATE FEES PAID TO SNI IN THE TWELVE (12) MONTHS PRECEDING THE EVENTS GIVING RISE TO THE MOST RECENT CLAIM UNDER THE ORDER OR SOW UNDER WHICH THE CLAIM AROSE.  

10.4.          Exceptions.  The limitations and exculpations of liability set forth in Sections 10.2 and 10.3 shall not apply in respect of (a) any breach of Sections 2, 3, 4, 7 or 8; (b) a Party’s indemnification obligations set forth in this Section 10; (c) any Fees owed hereunder; or (d) a Party’s infringement of the other Party’s intellectual property rights, but shall otherwise apply to the maximum extent permitted by applicable Law.  EACH PARTY ACKNOWLEDGES THAT THE LIMITATIONS AND EXCULPATIONS OF LIABILITY SET FORTH IN THIS SECTION 10ARE AN ESSENTIAL BASIS OF THE BARGAIN AND THAT, ABSENT SUCH LIMITATIONS AND EXCULPATIONS, THE FEES WOULD HAVE NECESSARILY BEEN MUCH HIGHER.
 
10.5.          Timing of Claim.  ANY CLAIM BY CUSTOMER SHALL BE BROUGHT WITHIN TWELVE (12) MONTHS FOLLOWING THE EVENTS GIVING RISE TO SUCH CLAIM.

10.6.          Disclaimer.  SNI DOES NOT WARRANT THAT FULCRUM WILL OPERATE ERROR-FREE OR THAT SNI WILL CORRECT ANY ERROR.  FULCRUM AND ANY SERVICES ARE PROVIDED “AS IS” AND “AS-AVAILABLE”.  SNI DOES NOT WARRANT THAT ANY CUSTOMER CONTENT WILL BE ACCURATE OR RELIABLE.  SNI ANDITS THIRD PARTY SUPPLIERS DISCLAIM ALL OTHER WARRANTIES, EXPRESS OR IMPLIED,WITH RESPECT TO FULCRUM OR SERVICES FURNISHED UNDER THIS AGREEMENT, INCLUDING WITHOUT LIMITATION ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, RELIABILITY, COURSE OF DEALING, COURSE OF PERFORMANCE OR USAGE INT RADE.  ANY USE OF FULCRUM OR SERVICES BY ANY PARTY, INCLUDING CUSTOMER, IN ANY HIGH RISK APPLICATION, INCLUDING WITHOUT LIMITATION IN CONNECTION WITH ANY CUSTOMER SOFTWARE WHICH IS A HIGH RISK APPLICATION, IS DONE AT THE USER’S OWN RISK, WITHOUT ANY WARRANTY.  A “High Risk Application” is any application or use where the failure of Fulcrum or Services could cause serious risk, including risk of injury to persons or property, or a life-threatening situation, including medical, nuclear, aviation, navigation, emergency services, emergency weather alerts, or military applications.  SNI is not, directly or indirectly, via Fulcrum or Services or otherwise, providing any medical, legal, financial or other advice subject to regulatory oversight, or acting as a doctor, lawyer, broker, insurance agent or other regulated entity.

10.7.          Customer Indemnification.  Subject to Section 10.10, Customer hereby agrees to defend, indemnify and hold harmless SNI and its Affiliates from any costs (including reasonable attorneys’ fees), expenses, claims, liabilities, judgments, damages or losses (collectively, “Losses”), in each case, arising out of any claim by a Third Party to the extent alleging (a) any failure by Customer to comply with any applicable Laws; (b) any violation of privacy rights of any Third Party by Customer; (c) any gross negligence or intentional misconduct of Customer; (d) use of Fulcrum by Customer in combination with products or software not provided by SNI; (e) any modification, alteration or enhancement of Fulcrum not created by or on behalf of SNI; or (f) any infringement or misappropriation of any patent, copyright, trademark or trade secret of any Third Party by any Customer Content.

10.8.          SNI Indemnification.  Subject to Sections 10.9 and 10.10, SNI hereby agrees to defend, indemnify and hold harmless Customer and itsAffiliates from any Losses arising out of any claim by a Third Party to the extent caused by (a) the gross negligence or intentional misconduct of SNI; or (b) Fulcrum infringing a United States patent, copyright, trademark or trade secret of such Third Party, except to the extent arising out of: (i) use of Fulcrum by Customer in combination with products or software not provided by SNI; or (ii) any modification, alteration or enhancement of Fulcrum not created by or on behalf of SNI.  If Customer’s use of the Platform is, or in SNI’s opinion is likely to be, found to infringe, SNI may, in its sole discretion: (x) modify the infringing element of Fulcrum to be non-infringing without materially degrading the functionality of Fulcrum; (y) procure for Customer the right to continue using Fulcrum; or (z) terminate the affected Order(s) and refund to Customer the pro rata portion of any prepaid Fees associated with Fulcrum for any unused portion of the Order Term for the affected Order(s).   THIS SECTION 10.8 SETS FORTH SNI’S SOLE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO ANY CLAIM OF INTELLECTUAL PROPERTY INFRINGEMENT BY FULCRUM.

10.9.          Exceptions.  The defense and indemnification obligations of SNI shall not apply to the extent the alleged infringement arises out of (a) use of Fulcrum by Customer in combination with products or software not provided by SNI; (b) any modification, alteration or enhancement of Fulcrum not created by or on behalf of SNI; (c) failure to implement the latest release of Fulcrum; or (d) any matter indemnified by Customer in Section 10.7.  

10.10.          Indemnity Conditions.  As a condition to the indemnity obligations of a Party hereunder, the indemnified Party or its Affiliates shall (a) provide prompt notice of any indemnifiable claim; (b) tender the defense of the claim to the indemnifying Party; (c) cooperate with the indemnifying Party at the indemnifying Party’s expense; and (d) not settle or compromise any such claim without the consent of the indemnifyingParty.  Customer will immediately informSNI as soon as Customer becomes aware of any threatened or actual liability claim by any Third Party relating to the Platform or Services.

11.              Term; Termination.

11.1.            Term. The term of the Agreement commences on the Effective Date (which is set forth on the Initial Order) and continues until either Party terminates this Agreement in accordance with this Section 11. Each Order will be effective as of the “Effective Date” set forth in such Order and remain in effect until the end of the Order Term for such Order, unless terminated in accordance with these Terms.  

11.2.          Termination.  If there is no Order then in effect, either Party may terminate the Agreement upon five (5) days’ prior notice to the other Party.  Either Party may terminate the applicable Order by notice to the other Party if the other Party materially breaches such Order and fails to cure such breach within sixty (60) days after receipt of such notice, or an additional period of time as agreed to by the Parties.

11.3.          Suspension.  SNI may suspend access to Fulcrum (a) in the event of any failure to pay Fees when due or (b) in the event of any other breach of the Agreement that is not cured within fifteen (15) days after notice thereof to Customer.  SNI may delete the Account or any Sub-Account and bar access to any Customer Content in such event.  

11.4.          Effect of Termination.  Upon termination of any Order, Customer will immediately cease use of the applicable Services and delete or remove all copies of any downloadable application from any device of Customer.  Each Party will return or destroy any Confidential Information of the other Party on termination of this Agreement.  To the extent set forth int he applicable Order, SNI shall provide Customer Content to Customer in an industry standard format, such as .csv. SNI shall not be liable for any loss of access to Customer Content or loss of use of Fulcrum.  SNI is not responsible for refunding any Fees, including for any Block that was purchased or for any portion of a Block that was not used.  

11.5.          Survival.  Accrued obligations and Sections 1, 3.2, 3.3, 4.3, 4.4, 4.5, 4.6, 4.7, 6, 7, 8, 9.1, 9.4, 10, 11.3, this 11.4 and 12 will survive termination of this Agreement, any Order or any SOW.

12.              Miscellaneous.

12.1.            Notices.  Any communication, demand, approval, consent or other notice from one Party to the other Party shall be in writing and personally delivered, sent via certified mail, postage prepaid and return receipt requested, sent via internationally recognized courier service or sent via email with a copy sent by one of the other previous means, to the other Party at the address set forth on the Initial Order or such other address as either Party may from time to time designate in writing to the other Party.  No change of address shall be binding upon the other Party until notice thereof is received by such Party at the address show herein.  Each notice shall be in English.  Each notice shall be effective (a) on personal delivery; (b) five (5) days after delivery by certified mail, postage prepaid and return receipt requested, (c) two (2) business days after being sent via internationally recognized courier service; or (d) the next business day after being sent via email with a copy sent by one of the other previous means.  Any notice that is not in relation to any dispute, bankruptcy, insolvency or indemnification must be sent via email.  Customer may notify SNI of any changes in such e-mail address for notices at any time by submitting a request to SNI at billing@fulcrumapp.com. Customer agrees to accept correspondence from SNI at its designated e-mail address.  

12.2.          Force Majeure.  Except for Customer’s payment obligations, neither Party is responsible for any delay or failure to perform resulting from any cause beyond such Party’s reasonable control, including any act of God, fire, hurricane, flood, terrorism, act of war, riot, labor disturbance, telecommunications failure, utility failure, network failure, epidemic, pandemic, act of governmental authorities or change of applicable Laws.

12.3.          Assignment.  Customer is not permitted to transfer or assign (by operation of law or otherwise) any of its rights or obligations under any Order or the Agreement without the prior consent of SNI, which consent will not be unreasonably withheld, delayed or denied.  Any such transfer or assignment without SNI’s consent will be void and of no force and effect.  The Agreement inures to the benefit of theParties.  The Agreement does not create any benefit or provide any cause of action to any Third Party.

12.4.          Severability.  If any provision of the Agreement, or portion thereof, is held to be invalid, illegal or unenforceable by a court of competent jurisdiction, such provision will be severed and the remaining provisions of the Agreement will remain in full force and effect.

12.5.          Independent Contractor.  Each Party will act as an independent contractor and employees of each Party will not be considered to be employees of the other Party.  No agency, partnership, joint venture or other joint relationship is created by this Agreement.  Neither Party may make any commitments binding on the other Party, nor may either Party make anyr epresentation that they are acting for, or on behalf of, the other Party.

12.6.          Applicable Law; Dispute Resolution.

(a)            This Agreement will be governed by, and construed in accordance with, the laws of the State of Florida, without regard to its principles of conflict of Laws. Notwithstanding the foregoing, if Customer is the Government, then the Agreement will be governed by, and construed in accordance with, the federal laws of the United States of America.

(b)            In the event of any dispute arising out of or relating to this Agreement, a suit will be brought only in a federal or state court of competent jurisdiction located in Tampa, Florida, United States of America.    

(c)             Notwithstanding the exclusive jurisdiction set forth in Section 12.6(b), in the event that Customer is an entity that is formed outside of the United States of America, the Parties agree that SNI may, at its sole discretion, request in writing that any dispute, claim or controversy in connection with this Agreement, including any questions regarding its formation, existence, validity, enforceability, performance, interpretation, breach or termination, shall be resolved by a final, binding arbitration conducted under the Commercial Arbitration Rules of the American Arbitration Association.  If SNI elects to exercise its right to resolve such dispute, claim, or controversy by binding arbitration, the following parameters shall apply to the arbitration: (a) the arbitration shall be decided by one (1) arbitrator appointed in accordance with such rules; (b) the place of the arbitration shall be Tampa, Florida, United States of America; (c) the language of the arbitration shall be English; and (d) at any time, a Party may seek or obtain preliminary, interim, or conservatory measures from the arbitrator or from a court of competent jurisdiction.  If such dispute, claim, or controversy was initially brought by Customer, SNI must make such a request for arbitration within thirty (30) days after SNI has beens erved with the applicable complaint.

12.7.          Headings.  Captions and headings contained in the Agreement have been included for ease of reference and convenience and shall not be considered in interpreting or construing the Agreement.

12.8.          Interpretation.  Except where the context expressly requires otherwise, (a) the use of the singular will be deemed to include the plural (and vice versa); (b) the words “include”, “includes”,“including”  or “e.g.” will be deemed to be followed by the phrase “without limitation”; (c) the word “will” will be construed to have the same meaning and effect as the word “shall”; (d) the words “herein”, “hereof” and “hereunder”, or any word of similar import, will be construed to refer to the Agreement in its entirety and not to any particular provision hereof, including each Order or SOW that references these Terms, and (f) the term “or”will be interpreted in the inclusive sense commonly associated with the term “and/or”.

12.9.          Governing Language.  The Parties have required that the Agreement be drawn in the English language, and that the English language version shall control over any translations thereof.  If Customer is located in Quebec, the following sentence shall apply: Les parties conviennent que cette entente ainsique tout document accessoire soient rediges en anglais.

12.10.          Costs, Expenses and Attorneys’ Fees.  If either Party commences any action or proceeding against the other Party to enforce or interpret this Agreement, the prevailing Party in such action or proceeding shall be entitled to recover from the other Party the actual costs, expenses and reasonable attorneys’ fees (including all related costs and expenses), incurred by such prevailing Party in connection with such action or proceeding and in connection with obtaining and enforcing any judgment or order thereby obtained.

12.11.          Entire Agreement.  This Agreement and each Order, SOW, and all appendices, exhibits, schedules and attachments hereto constitute the sole and complete agreement between the Parties with regard to its subject matter, may not be modified or amended except by a writing signed by both Parties except as otherwise indicated herein, and supersedes all proposals, understandings, representations, prior agreements or communications relating to Fulcrum or the subject matter of the Agreement.  The Agreement also supersedes any pre-printed terms contained on any purchase order or similar document issued by Customer and any such terms will have no force or effect.  Neither the Agreement nor any Order or SOW will be construed against the Party that has prepared the Agreement or such Order or SOW, but instead will be construed as if both Parties prepared the Agreement, Order or SOW.

12.12.          Counterparts. The Agreement may be executed in any number of counterparts, each of which shall be deemed an original but all of such together shall constitute one and the same instrument.  Execution of the Agreement may be by digital signatures or exchange of PDF signature pages, or by exchange of signed copies of this Agreement.

Order Form (PDF)

SOW Form (PDF)

Acceptance Form (PDF)

                   

GDPR Data Processing Agreement

This GDPR Data Processing Agreement (“DPA”) amends the Agreement solely to the extent that the Agreement involves the Processing of personal data of Data Subjects located in the European Economic Area. Capitalized terms used but not defined herein have the respective meanings given to such terms in the Agreement or pursuant to the GDPR.  The Parties agree to comply with the following provisions with respect to any Personal Data that is Processed by SNI for Customer in connection with the provision of the Services. References to the Agreement will be construed as including this DPA. To the extent that the terms of this DPA differ from those in the Agreement, the terms of this DPA shall govern.

1.            Definitions.

1.1.          “Data Controller” means the entity which determines the purposes and means of the Processing of Personal Data.

1.2.          “Data Processor” means the entity which Processes Personal Data on behalf of the Data Controller.

1.3.          “Data Protection Laws” means all privacy and data protection laws and regulations applicable to the Processing of Personal Data under the Agreement, including, as applicable: (a) the GDPR; and/or (b) the Federal Data Protection Act of 19 June 1992 (Switzerland), and applicable to the Processing of Personal Data under the Agreement.

1.4.          “Data Subject” means the individual to whom Personal Data relates.

1.5.          “Effective Date” means the Effective Date of the Initial Order.

1.6.          “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1.7.          “Personal Data” means any information relating to an identified or identifiable person that is subject to the Data Protection Laws as specified in Appendix 1. The types of Personal Data and categories of Data Subjects Processed under this DPA include the following: geolocation ID, device ID, IP addresses and cookie ID’s received from Customer regarding mobile devices used by employees or contractors of Customer.

1.8.          “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction (“Process”, “Processes” and “Processed” have correlative meanings).

1.9.          “Security Breach” has the meaning set forth in Section 7 of this DPA.

1.10.        “Sub-processor” means any sub-processor engaged by SNI for the Processing of Personal Data.

1.11.        “Term” means the period from the Effective Date to the date the DPA is terminated in accordance with Section 11.1.

11.12.        “Third Party Partner” means any entity engaged by Customer for the Processing of Personal Data.

2.              Processing of Personal Data.

2.1.          Controller and Processor Status.  To the extent that any Services involve the Processing of Personal Data, the Parties agree that Customer is the Data Controller and SNI is a Data Processor and that the subject matter and details of the processing of such Personal Data are described in Appendix 1. To the extent that the data protection legislation of another jurisdiction is applicable to either Party’s Processing of data, the parties acknowledge and agree that the relevant party will comply with any obligations applicable to it under that legislation with respect to the processing of that data. SNI shall keep a record of all Processing activities with respect to Customer’s Personal Data as required under applicable Data Protection Laws.

2.2.          Compliance with Laws.  Each Party will comply with the obligations applicable to it under applicable Data Protection Laws with respect to the Processing of Personal Data, including providing the other Party contact details for each Party’s Data Protection Officer which are accurate and up to date. Customer shall, in its use or receipt of the Services, Process Personal Data in accordance with the requirements of the Data Protection Laws and Customer will ensure that its instructions for the Processing of Personal Data shall comply with the Data Protection Laws. If SNI believes or becomes aware that any of Customer’s instructions conflicts with any Data Protection Laws, SNI shall inform Customer. As between the Parties, Customer shall have sole responsibility for determining the legal basis for processing of Personal Data and (to the extent legally required) obtain all consents from Data Subjects necessary for collection, storage (e.g., via HTTP cookies) and Processing of Personal Data in the scope of the Services.

2.3.          Objective; Instructions.  The objective of Processing of Personal Data by SNI is the performance of the Services pursuant to the Agreement. During the Term, SNI shall only Process Personal Data on behalf of and in accordance with the Agreement and Customer’s instructions and shall treat Personal Data as Confidential Information. Customer instructs SNI to Process Personal Data for the following purposes: (i) Processing in accordance with the Agreement; (ii) Processing that is permitted by the Agreement; or (iii) Processing to comply with other reasonable instructions provided by Customer where such instructions are acknowledged by SNI as consistent with the terms of the Agreement. SNI may Process Personal Data other than on the instructions of Customer if it is mandatory under applicable Law to which SNI is subject.  In this situation, SNI shall inform Customer of such a requirement unless the law or regulation prohibits such notice. Both Parties agree that Customer instructions may include Customer directing SNI to send data to one or more Third Party Partner(s) for further processing.

3.              Rights of Data Subjects.

3.1.          Indirect Requests.  SNI shall provide reasonable and timely assistance to Customer (at Customer’s expense) to enable Customer to respond to: (i) any request from a Data Subject to exercise any of such Data Subject’s rights under any Data Protection Law (including such Data Subject’s rights of access, correction, objection, erasure or data portability, as applicable); and (ii) any other correspondence, enquiry or complaint received from or on behalf of a Data Subject in connection with the processing of any Personal Data.  

3.2.          Direct Requests.  In the event that any such request, correspondence, enquiry or complaint is made directly to SNI (a “Direct Access Request”), SNI shall, to the extent legally permitted, promptly inform Customer providing full details of the same and, upon request, provide Customer with contact details of the applicable Data Subject(s). If Customer fails to respond to a Direct Access Request within thirty (30) days, SNI reserves the right to take appropriate steps in its reasonable judgement to respond to such request(s).

4.              SNI Personnel.

4.1.          Informing.  SNI shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data as well as any security obligations with respect to such Personal Data.

4.2.          Compliance.  SNI will take appropriate steps to ensure compliance with the Security Measures set forth in Appendix 2 by its personnel to the extent applicable to their scope of performance, including ensuring that all persons authorized to process Personal Data of Customer have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and that any such obligations survive the termination of that individual’s engagement with SNI.

4.3.          Limitation.  SNI shall ensure that access to Personal Data is limited to those personnel who require such access to perform the Services.

5.              Sub-Processors.

5.1.          Affiliates, Third Parties.  Customer acknowledges and agrees that (i) SNI Affiliates may be retained as Sub-processors; and (ii) SNI may engage Third Party Sub-processors in connection with the provision of Services. Any such Sub-processors will be permitted to obtain Personal Data only to deliver the services SNI has retained them to provide, and are prohibited from using Personal Data for any other purpose. SNI will have a written agreement with each Sub-processor and agrees that any agreement with a Sub-processor will include substantially the same data protection obligations as set forth in this DPA.

5.2.          List of Sub-processors.  A list of Sub-processors is available in the SNI user interface or may be made available to Customer at a website specified by SNI from time to time. SNI may from time to time change the list of such other Sub-processors by no less than five (5) business days’ notice via the SNI user interface. If Customer objects to SNI’s change in such Sub-processors, SNI may, at SNI’s option, terminate the portion of the Agreement relating to the Services that cannot be reasonably provided without the objected-to new Sub-processor by providing thirty (30) days’ notice to Customer.  Any such termination by SNI shall be Customer’s sole and exclusive remedy.

5.3.          Liability.  SNI shall be liable for the acts and omissions of its Sub-processors to the same extent SNI would be liable if performing the services of each Sub-processor directly under the terms of this DPA, except as otherwise set forth in the Agreement.

5.4.          Third Party Partners.  Customer acknowledges and agrees that Third Party Partners are not Sub-processors and SNI assumes no responsibility or liability for the acts or omissions of such Third Party Partners.

6.              Security; Audit Rights; Privacy Impact Assessments.

6.1.          Security.  SNI shall maintain administrative, physical and technical safeguards for protection of the security, confidentiality and integrity of Customer’s Personal Data. SNI will implement and maintain technical and organizational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access as described in Appendix 2 (the “Security Measures”). As described in Appendix 2, the Security Measures include measures to protect Personal Data; to help ensure ongoing confidentiality, integrity, availability and resilience of SNI’s systems and services; to help restore timely access to Personal Data following an incident; and for regular testing of effectiveness. SNI may update or modify the Security Measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Services.

6.2.          Assistance with Compliance.  SNI will (taking into account the nature of the processing of Customer Personal Data and the information available to SNI) assist Customer in ensuring compliance with any of Customer’s obligations with respect to the security of Personal Data and Personal Data breaches applicable to GDPR, at Customer’s expense, including (if applicable) Customer’s obligations pursuant to Articles 32 to 34 (inclusive) of the GDPR, by: (i) implementing and maintaining the Security Measures in accordance with Appendix 2; and (ii) complying with the terms of Section 7 of this DPA.

6.3.          Audits.  No more than once per year, Customer may engage a mutually agreed upon third party to audit SNI solely for the purposes of meeting its audit requirements pursuant to Article 28, Section 3(h) of the GDPR.  To request an audit, Customer must submit a detailed audit plan at least four (4) weeks in advance of the proposed audit date describing the proposed scope, duration and start date of the audit. Audit requests must be sent to compliance@fulcrumapp.com. The auditor must execute a written confidentiality agreement acceptable to SNI before conducting the audit. The audit must be conducted during regular business hours, subject to SNI’s policies, and may not unreasonably interfere with SNI’s business activities.  Any audits are at Customer’s expense.

6.4.          SNI Assistance.  Any request for SNI to provide assistance with an audit is considered a separate service if such audit assistance requires the use of resources different from or in addition to those required by Law.  Customer shall reimburse SNI for any time spent for any such audit at the rates agreed to by the Parties. Before the commencement of any such audit, Customer and SNI shall mutually agree upon the scope, timing and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by SNI.

6.5.          Non-Compliance.  Customer shall promptly notify SNI with information regarding any non-compliance discovered during the course of an audit.

7.              Security Breach Management and Notification.

7.1.          Breach.  If SNI becomes aware of any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to any Customer Personal Data transmitted, stored or otherwise Processed on SNI’s equipment or facilities (“Security Breach”) which, in the reasonable opinion of SNI’s Data Protection Officer, requires such notification, SNI will promptly notify Customer of such Security Breach. Notifications made pursuant to this Section 7.1 of this DPA will describe, to the extent possible, details of the Security Breach, including steps taken to mitigate the potential risks and steps SNI recommends Customer take to address the Security Breach.

7.2.          Unsuccessful Breach.  Customer agrees that an unsuccessful Security Breach attempt will not be subject to this Section 7. An unsuccessful Security Breach attempt is one that results in no unauthorized access to Customer Personal Data or to any of SNI’s equipment or facilities storing Customer Personal Data, and may include pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks any or similar incident.

7.3.          Notification.  Notification(s) of Security Breaches, if any, will be delivered to one or more of Customer’s business, technical or administrative contacts by any means SNI selects, including via email. It is Customer’s sole responsibility to ensure Customer maintains accurate contact information on SNI’s support systems at all times.

7.4.          No Fault.  SNI’s notification of or response to a Security Breach under this Section 7 of this DPA will not be construed as an acknowledgement by SNI of any fault or liability with respect to the Security Breach.

7.5.          Security.  SNI shall implement reasonable technical and organizational Security Measures to provide a level of security appropriate to the risk in respect to the Customer Personal Data. As technical and organizational measures are subject to technological development, SNI is entitled to implement alternative measures provided that such alternative measures do not fall short of the level of data protection required by applicable Data Protection Laws.

7.6.          Appropriateness.  Customer acknowledges and agrees that (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Personal Data as well as the risks to individuals) the Security Measures provide a level of security appropriate to the risk in respect to the Customer Personal Data.

8.              Return and Deletion of Personal Data.

8.1.          Deletion.  SNI will enable Customer to delete Customer Personal Data during the Term in a manner consistent with the functionality of the Services. If Customer uses the Services to delete any Customer Personal Data during the Term and that Customer Personal Data cannot be recovered by Customer, this use will constitute an instruction to SNI to delete the relevant Customer Personal Data from SNI’s systems in accordance with Data Protection Laws. SNI will comply with instructions from the Customer to delete certain Personal Data as soon as reasonably practicable and within a maximum period of thirty (30) days, unless applicable Data Protection Laws (or, in the case the data is not subject to Data Protection Laws, applicable Law) requires further storage. On expiration or termination of the Agreement, Customer instructs SNI to delete all Personal Data (including existing copies) from SNI’s systems and discontinue Processing of such Personal Data in accordance with applicable Data Protection Laws. SNI will comply with this instruction as soon as reasonably practicable and within a maximum period of thirty (30) days, unless applicable Data Protection Laws (or, in the case the data is not subject to Data Protection Laws, applicable Law) requires further storage. This requirement shall not apply to the extent that SNI has archived Personal Data on back-up systems so long as SNI securely isolates and protect such data from any further Processing except to the extent required by applicable Law. Without prejudice to this Section 8.1 of this DPA, Customer acknowledges and agrees that Customer will be responsible for exporting, before the expiration or termination of the Agreement, any Personal Data that Customer wishes to retain thereafter. Notwithstanding the foregoing, the provisions of this DPA will survive the expiration or termination of the Agreement for as long as SNI retains any Customer Personal Data.

9.              Cross-Border Data Transfers.

9.1.          Storage and Processing.  SNI may, subject to this Section 9 of this DPA, store and process the relevant Customer Data in the European Economic Area, the United States and / or Switzerland.

9.2.          Transfers.  SNI shall only transfer Personal Data to the United States of America consistent with applicable Law.  At the request of Customer, or if the Services involve the storage and / or Processing of Customer Personal Data which transfers Customer Personal Data out of the European Economic Area to any jurisdiction that does not have adequate Data Protection Laws, and the applicable Data Protection Laws apply to the transfers of such data (“Transferred Personal Data”), the Parties will enter into Model Contract Clauses or find an alternative legal basis for such Transferred Personal Data which is in compliance with applicable Data Protection Laws.

9.3.          Receipt.  To the extent that Customer is the recipient of Personal Data from SNI pursuant to this DPA, SNI will provide at least the same level of protection for the information as is available under the Model Contract Clauses.

10.           Liability.

10.1.        Apportionment.  Subject to Section 10.2 of this DPA, both Parties agree that their respective liability under this DPA shall be apportioned according to each Party’s respective responsibility for the harm (if any) caused by each respective Party.

10.2.        Liability Cap Exclusions. Nothing in this Section 10 of this DPA will affect the remaining terms of the Agreement relating to liability, disclaimers of consequential damages or the maximum aggregate liability of SNI (including any specific exclusions from any limitation of liability).

11.           Miscellaneous.

11.1.        Term.  This DPA will take effect on the Effective Date and will remain in effect until, and automatically expire upon, the deletion of all Customer Personal Data by SNI as described in this DPA.

11.2.        No Third Party Beneficiaries.  Nothing in this DPA shall confer any benefits or rights on any person or entity other than the Parties.

11.3.        Affiliates.  Where Customer’s Affiliates are Data Controllers of the Personal Data, they may enforce the terms of this DPA against SNI directly.

11.4.        Counterparts.  This DPA may be executed in any number of counterparts, each of which when executed shall constitute a duplicate original, but all the counterparts shall together constitute the one Agreement.


Appendix 1

Data exporter

The data exporter is Customer.

Data importer

The data importer is Spatial Networks, Inc. a company focused on digital transformation of field workforces using AI-powered data collection for commercial field workers.

Data subjects

The personal data transferred concern the following category of data subjects: Employees, Consultants, Contractors, Trainees.

Categories of data

The personal data transferred concern the following categories of personal data:

•                First and last name;

•                Physical address;

•                E-mail;

•                IP-address;

•                Geo-location;

•                Bandwidth;

•                ISP;

•                Proxy;

•                Domain; and

•                Demographic data.

Special categories of data (if appropriate)

The personal data transferred concern the following special categories of data: No sensitive personal data from any user will be processedu nder this arrangement. In order to manage the Agreement, SNI will process Personal Data from Customer’s employees and other personnel such as name, title, email address, telephone number and (for billing purposes) Customer’s payment details.

Processing operations

The personal data transferred will be subject to the following basic processing activities: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Appendix 2

Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached)

1.               Security Policy and Counsellor, Supervision, Inspection and Maintenance

The Data Processor has drawn up a written policy in relation to data security, giving a precise description of the security strategies and protection features selected for data security. The Security Policy takes into account the real risks the Personal Data are exposed to. It includes a description of how to manage security incidents, a description of the awareness-raising process for the policy within the organization and a description of the various responsibilities and organizational rules. It also specifies the measures foreseen for keeping the security system up-to-date after installation.

The security policy has been approved by the relevant persons in charge and has been adequately disseminated within the organization. A reassessment of the technical and organizational measures is performed on a regular basis in order to assure that the initial goals and the measures taken remain up-to-date so that improvements can be made if necessary. In case of reorganization or modification of infrastructure, security controls are updated. The security policy will be adapted where necessary as a result of modifications or reassessment.

The Data Processor has appointed a security counsellor, who is in charge of the implementation of the security policy. The security counsellor possesses the necessary competences, is adequately trained and will not be able to discharge any function or take up any responsibility that is incompatible with that of a security counsellor.

2.               Organization and Human Aspects of Security

The Data Processor has made available sufficient and adequate organizational, technical and financial resources to organize security.

Information classification procedures have been elaborated. Whenever necessary, an inventory can be drawn up and all Personal Data being processed can be localized, irrespective of the type of data carrier.

Guidelines on Personal Data protection have been elaborated and disseminated within the organization in order to ensure that all employees participating in the Processing of Personal Data are sufficiently informeda bout their duties and responsibilities during Processing operations.

3.               Access control to premises and facilities

The Data Processor takes – amongst other things – the following measures to avoid the access of unauthorized persons to the carriers of Personal Data and computer systems by which the Personal Data is processed or used:

By formal/technical access procedures, the access to the involved data processing centers is regulated. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.

4.               Access control to systems and data

The Data Processor takes – amongst other things – the following measures to avoid the use by unauthorized persons of equipment by which Personal Data is processed:

•                Secured access connections and technologies for the authentication control are implemented to regulate the access to the Data Processor’s systems and internal support-tools.

•                Techniques for encryption are used to secure user authentications.

The Data Processor follows a formal process to permit the access to the Data Processor’s resources or to deny such access. Unique login names, strong passwords and periodic examinations of the access lists exist to guarantee the appropriate use of user accounts. All groups which have access to the Data Processor’s services are controlled by a regular examination. All named measures are described in a formalized concept of authorization.

5.               Access Authority Control

The Data Processor ensures (i) that authorized users who have access to the data processing systems can only access Personal Data within their processing authorization and (ii) that the unauthorized reading, copying, changing or deletion of Personal Data is excluded during use or Processing or after the storing of Personal Data.

The granting of access rights is based on the job responsibilities of the user and on a need-to-know basis and has to be authorized and granted by the corresponding supervisor of the person who makes an application for it. The authorizations are made by workflow tools. The access to productive systems is only granted to users who are periodically trained and authorized for the corresponding action. The access to productive systems is also immediately withdrawn in case of a termination of the contract of employment or in case of an assignment of a different task.

6.               Disclosure control

The Data Processor takes – amongst other things – the following measures to guarantee that Personal Data is not read, copied, altered or removed during the process of electronic transmission, during the transport or storage of data on data carriers.

The remote access to data on the Data Processor’s production machines depends on a connection to the company’s network which is regulated via a double authentication.

The transmission of Personal Data to and from the Data Processor’s network is completed with the help of commonly accepted security and encryption technologies.

The data processing systems are protected against the risk of intrusion with the help of suitable software and hardware whose effectiveness and updating is checked periodically. The routers are appropriately configured to secure the Data Processor’s internal network from unauthorized external connections and to secure that computer connections and data flow do not breach the logical access adjustment control of the Data Processor systems. Amendments on the hardware-based network components or on their configurations need the acceptance of the designated person in charge and are subject to a change management process.

The Data Processor has a firewall configuration regulation which defines acceptable ports. Only used ports and services are open. The access for the amendment of the firewall configuration is restricted to an internal team of security experts. Such team regularly examines critical firewall regulations.

 7.               Input control

The Data Processor takes – amongst other things – the following measures to guarantee that it can be examined and determined subsequently if and by whom Personal Data have been entered into data processing systems, altered or removed:

Effective input control is applied to ensure that Personal Data cannot be read, copied, modified or re-modified without authorization in the course of Processing or use and after storage. All access requests are logged and their compliance is monitored. Because detection data are also personal data, any operation performed on these data is submitted to adequate security measures.

8.               Job control

The Data Processor takes – amongst other things – the following measures to guarantee that the Processing of Personal Data is made in correspondence with the instructions:

The functions and obligations of every individual with access to the Personal Data are clearly defined, updated and documented. Measures are adopted to make staff familiar and periodically trained with respect to the specific rules applicable to their functions and the consequences of any breach of these rules.

9.               Availability control

The Data Processor takes – amongst other things – the following measures to guarantee that Personal Data is protected against damage by accident or loss:

Personal data is protected from accidental destruction or loss through effective retrieval systems, disaster recovery and business continuity planning. The procedures laid down for making backup copies and for recovering data ensure that they can be reconstructed in the state they were at the time they were last backed up.

10.             Security Incident and Continuity Management

The security policy contains a precise description of the steps to be taken when a security incident relating to Personal Data is detected, as well as of the persons in charge of dealing with the incident, in order to return to the normal situation as quickly as possible.

The procedure for reporting and managing security incidents includes a record of each incident, the time at which it occurred, the person reporting it, to whom it was reported and the effects thereof.

The circumstances of any incident are to be analyzed in order to elaborate preventive measures or make adaptations so as to avoid a repetition of this type of incident.

11.             Segregation control

The Data Processor undertakes – amongst other things – the following measures to separate the Processing of collected data for different purposes:

Each data Processing is made on database systems which are separated by a system of logical and physical access controls in the network.

The Personal Data Processing is only made for the purpose as further specified in the Agreement.  

12.             Documentation

The Data Processor has completed centralized documentation relating to security, which is complete and formalized, proportional to security needs, up-to-date at any time and accompanied by a directory at the disposal of properly authorized persons whenever necessary.

Such documentation should at least contain the following elements: the identity of the security counsellor, the security policy, the implementation of security measures, an inventory of the personal data being processed, their localization and the operations performed on them, a nominative list of the bodies or appointees having access to the data; the system and network configuration, technical documentation about the security controls that were introduced, a schedule of planned operations, the detection policy, security control test plans, incident reports, audit reports, if any.

CCPA Data Processing Agreement

This California Data Processing Agreement (“California DPA”) amends the Agreement solely to the extent that the Agreement involves the Processing of personal information subject to the California Consumer Privacy Act (“CCPA”).  

The Parties agree to comply with the following provisions with respect to any personal information processed in connection with the Agreement that is subject to the California Consumer Privacy Act (“CCPA”).  The purposes of this California DPA are to ensure such Processing is conducted in accordance with data protection Laws, including the CCPA.  References to the Agreement will be construed as including this California DPA. Capitalized terms used but not defined herein have the respective meanings given to such terms in the Agreement or pursuant to the CCPA. The Parties agree to comply with the following provisions with respect to any Personal Information that is Processed by SNI for Customer in connection with the provision of the Services. References to the Agreement will be construed as including this California DPA. To the extent that the terms of this California DPA differ from those in the Agreement, the terms of this California DPA shall govern.

1.            Definitions.

1.1.          The terms “consumer”, “personal information”, “processing”, “sell”, “service provider” and “verifiable consumer request” are as defined under Section 1798.140 of the CCPA.

1.2.          “Approved Sub-processor” means a third-party entity that processes data on behalf of and as specifically directed by SNI pursuant to a written contract and is thereby bound by obligations that are no less onerous than the obligations set out in this California DPA. A list of Approved Sub-processors is available via the account settings on Customer’s account with SNI.

1.3.          “Customer Personal Information” means personal information provided by Customer pursuant to the Agreement.

1.4.          “Customer Third Party Partner” means any third-party entity engaged by Customer for the processing of Company Personal Information. Company may provide SNI with written notice to send Company Personal Information to one or more Company Third Party Partner(s). A partial list of Third Party Partners is available at https://www.fulcrumapp.com/company/partners/.

1.5.          “Incident” means the known or suspected accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to transmitted, stored, or otherwise processed by SNI or a Sub-processor of SNI.

2.              Mutual Warranties.

Each Party represents and warrants that such Party understands the rules, restrictions, requirements and definitions of the CCPA and agrees to adhere to the requirements of the CCPA that applies to such Party’s processing of Customer Personal Information, including: (a) providing privacy policy notice as required by CCPA; (b) providing data subjects with a notice and opt-out choice where required by CCPA; and (c) providing each other reasonable cooperation with respect to verifiable consumer requests as required under CCPA. Both Parties further agree that SNI is not responsible for the privacy or security practices of any Customer Third Party Partners. Company is further encouraged to review the boilerplate language provided in Appendix A.

3.              SNI Warranties. SNI agrees that: (a) SNI shall collect, store, transfer, dispose, disclose and use all Customer Personal Information using the standard of care to ensure the protection of such data required by applicable Law and in compliance with all applicable federal, state and international Laws; (b) SNI shall not collect, retain, process, share or otherwise use Customer Personal Information except for performing the Services as described in the Agreement unless as required by applicable Law or any governmental authority (in which case SNI shall use its best efforts to notify Company before such disclosure or as soon thereafter as reasonably possible); (c) SNI shall act asa service provider and shall not sell Customer Personal Information; (d) SNI shall take reasonable steps as a service provider to ensure that the transfer of Customer Personal Information is not a sale of personal information; and (e) except for Approved Sub-processors, SNI shall only transfer Customer Personal Information to a third party, including a Customer Third Party Partner as specifically directed by Customer. Any Sub-processors will be permitted to obtain Customer Personal Information only to deliver the services SNI has retained them to provide and are prohibited from using Customer Personal Information for any other purpose. SNIs hall remain fully liable for all acts or omissions of its Sub-processors.

4.              Data Retention.

SNI shall retain Customer Personal Information only for as long as necessary to provide Services to Company. Upon termination of the Agreement for any reason, SNI shall promptly erase, de-identify, or destroy all or any part of such Customer PersonalInformation.

5.              Security.

5.1.          Information Security Standard. Both Parties agree that they will use their commercially reasonable efforts to maintain administrative, technical and physical safeguards that are no less rigorous than industry standard practices to ensure the security and confidentiality of Customer Personal Information, protect against any anticipated threats or hazards to the confidentiality, availability or integrity of Customer Personal Information, and protect against unauthorized access, use, or alteration of Customer Personal Information. Both Parties agree not to process non-encrypted or non-redacted personal information as defined Section 1798.81.5(d)(1) of the California Civil Code under this Agreement except with the written permission of the other Party, whereby such permission shall not be unreasonably withheld.

5.2.          Written Information Security Program.  Both Parties shall maintain, in writing, reasonable security procedures and practices (“Written Information Security Program” or “WISP”) as necessary to protect Customer Personal Information within its control from unauthorized access, destruction, use, modification, or disclosure. Without limiting the foregoing, the WISP shall at a minimum encompass each of the elements set forth below.

5.3.          Incident Procedures.  Any Incident involving the nonencrypted or nonredacted personal information as defined under section 1798.81.5(d)(1) of the California Civil Code (each, a “Reportable Incident”) shall be subject to the following procedures:

(a)            SNI shall notify Company promptly (within 72 hours) of any Reportable Incident by sending an email with all available and relevant details to the contact details provided by Customer to SNI.

(b)            SNI shall investigate theReportable Incident, and provide reasonable and necessary cooperation with Company, including facilitating interviews with relevant personnel, making available all relevant records, logs, files, data reporting and other materials, and providing Company with reasonable physical access to the facilities affected where owned by SNI.

(c)             Unless required by applicable Law, SNI shall not inform any Third Party, other than incident response and forensics specialists under NDA, of any Reportable Incident without first obtaining Company’s prior consent, other than to inform a complainant that the matter has been forwarded to Customer’s legal counsel.

(d)            Following a Reportable Incident, SNI shall document responsive actions taken in connection with the Incident and shall conduct a post-breach review of events and actions taken, if any, to make changes in security practices and procedures to prevent such Incident from occurring again in the future.

5.4.          Incident Remediation.  SNI shall use its commercially reasonable efforts to mitigate and remedy any Incident and prevent any further Incident at its sole expense.

5.5.          Third Party Notification.  SNI agrees that, unless applicable Law states otherwise, Customer shall have the sole right to determine (i) whether notice of the Reportable Incident is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies or others as required by law or regulation, or otherwise in Customer’s discretion, (ii) the contents of such notice, and (iii) whether any type of remediation may be offered to affected persons, as well as the nature and extent of any such remediation. SNI agrees to reimburse Company for reasonable costs described in this section for Reportable Incidents as required by applicable Law.

Appendix 1 – Privacy Notice Boilerplate

In order for a transfer of personal information from a business to a service provider to not be considered a sale under CCPA, businesses should provide a general description of service provider activities in the business’ privacy policies. Here is sample language that may be useful to Customer as Customer considers its privacy policy obligations under CCPA and is provided solely as a convenience to Customer. Customer is strongly encouraged to consult with counsel and/or a privacy professional.

“We use third-party agents to process certain personal information collected from our websites, mobile applications and other digital properties on our behalf. Sometimes, this information is merged with data collected offline. The role of these third-party agents is to structure data coming from multiple sources to help us more effectively use that data to operate our business. For example, this information may be used for our advertising and marketing campaigns. These third-party agents are contractually prohibited from using this information other than as directed.”

 

Changelog

  • 06 Aug 2020: Amended copyright notice in Fulcrum Community language.
  • 17 Aug 2018: Added link to Google’s Terms of Service.
  • 26 Apr 2018: Added Fulcrum Community language to create single ToS.
  • 20 Jun 2017: Change company name to Spatial Networks, Inc. to reflect company merger.
  • 24 May 2016: Added Publicity section.
  • 06 Jan 2016: Change company name to Fulcrum Mobile Solutions, LLC to reflect new entity, clarification on member terms under Purpose, add indemnification clarity, add detail on customer service responsibilities.
  • 21 Sep 2015: Rearrangement of terms sections for readability.