Online Master License and Services Agreement
Last Modified: May 19, 2020 (view archived version)
THIS ONLINE MASTER LICENSE AND SERVICES AGREEMENT (“AGREEMENT”) IS BY AND BETWEEN CHEF SOFTWARE INC., LOCATED AT 619 WESTERN AVENUE, SUITE 400, SEATTLE WA 98104 (“CHEF” OR “US”) AND THE INDIVIDUAL OR LEGAL ENTITY (“CUSTOMER” OR “YOU”) WHO HAS EXECUTED AN ORDER FORM (OR OTHER ORDERING OR PURCHASING DOCUMENT) REFERENCING THIS AGREEMENT OR IS USING THE APPLICABLE SOFTWARE MADE AVAILABLE BY CHEF (“SOFTWARE”) OR PROFESSIONAL SERVICES (“SERVICES” AND TOGETHER WITH THE SOFTWARE, THE “PRODUCT”) AND GOVERNS ALL USE BY CUSTOMER OF THE PRODUCT REFERENCED IN SUCH ORDER FORM.
BY EXECUTING AN ORDER FORM, CLICKING THE “I ACCEPT” BUTTON OR BY ACCESSING, DOWNLOADING OR OTHERWISE USING THE PRODUCT, CUSTOMER EXPRESSLY ACCEPTS AND AGREES TO THE TERMS OF THIS AGREEMENT. IF YOU ARE AN INDIVIDUAL AGREEING TO THE TERMS OF THIS AGREEMENT ON BEHALF OF AN ENTITY, SUCH AS YOUR EMPLOYER, YOU REPRESENT THAT YOU HAVE THE LEGAL AUTHORITY TO BIND THAT ENTITY AND “CUSTOMER” WILL REFER HEREIN TO SUCH ENTITY. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THE TERMS OF THIS AGREEMENT, YOU MUST NOT EXECUTE THE ORDER FORM AND YOU ARE NOT GRANTED PERMISSION TO ACCESS OR OTHERWISE USE THE PRODUCT.
This Agreement, including all referenced documents located at the URLs listed below is effective as of the date You download the Software
- Definitions. Capitalized terms used herein have the following definitions:
- “Affiliate” means any entity that is controlled by or under common control with Customer, where “control” means the ability whether directly or indirectly to direct the affairs of another by means of ownership, contract or otherwise.
- “Chef Proprietary Item” means any Software Usage and Technical Support Data, work, materials, or other tangible or intangible property used by Chef in the course of its performance under this Agreement or any Order Form that is (i) not a Deliverable; or (ii) developed by Chef independently of this Agreement. Inclusion of any Chef Proprietary Item in a Deliverable does not change its character as a Chef Proprietary Item.
- “Confidential Information” means any proprietary information received by the other party during, or prior to entering into, this Agreement that is identified as confidential at the time of disclosure or that a party reasonably should know is confidential or proprietary based on the circumstances surrounding the disclosure including, without limitation, the Software and any non-public technical and business information. Confidential Information does not include information that (i) is or becomes generally known to the public through no fault of or breach of this Agreement by the receiving party; (ii) is rightfully known by the receiving party at the time of disclosure without an obligation of confidentiality; (iii) is independently developed by the receiving party without use of the disclosing party’s Confidential Information; or (iv) the receiving party rightfully obtains from a third party without restriction on use or disclosure.
- “Documentation” means any on-line help files, instruction manuals, operating instructions and user manuals created and provided by Chef that describe the use of the Software and either accompany the Software or are available at https://docs.chef.io and https://www.habitat.sh/docs/overview.
- “Habitat Supervisor” means a process manager in Chef Habitat™ that (i) starts and monitors the child app service defined in a package; and (ii) receives and acts upon configuration changes from other Habitat Supervisors to which it is connected.
- “Intellectual Property Rights” means patent rights (including without limitation patent applications and disclosures), copyrights (including without limitation rights in audiovisual works and moral rights), trade secrets, trademarks, know-how, moral rights, and any other intellectual property rights recognized in any country or jurisdiction in the world.
- “License Fee” means fees paid to Chef from Customer in exchange for Customer’s right to use the Software as provided in this Agreement.
- “License Term” means the term during which Customer is permitted to use the Software, which will be: (i) month to month until either party gives the other party thirty (30) days’ written notice of termination; or (ii) the License Term described in the applicable Order Form.
- “License Unit” means a specific type of numeric quantity used in an Order Form to establish the extent and amount of Customer’s license to Software. “License Unit” includes Node, Service Instance, and/or Target.
- “Node” means each individual component of Customer’s system – physical or virtual (i.e., server, workstation, IP router, Virtual Machine, or other device or component) that is assessed, installed, configured, updated, scanned and/or managed through the use of Chef Infra.
- “Order Form” means a separate document that references this Agreement and is signed by both Parties.
- “Professional Services” means any professional services performed by Chef for Customer pursuant to any Order Form.
- “Service Instance” means each single instance of an application service that has been packaged by Chef Habitat and is deployed to any environment, including but not limited to application services that are (a) managed by Habitat Supervisors, or (b) downstream of a pipeline that integrates the Habitat Builder service.
- “Services” means, collectively, Professional Services and Support Services.
- “Software” means the applicable software made available by Chef and referenced on an Order Form, including all updates, libraries, gems, databases, plug-ins, messaging services, authentication sub-functions, certificate management, and environments provided by Chef to Customer during the applicable License Term.
- “Support Services” means the technical support services described at https://www.chef.io/service-level-agreement or in any Order Form.
- “Target” means each instance of infrastructure, software, configuration, or other technical resource that is the compliance target of one or more Chef InSpec profiles used by Customer.
- License Grant and Support. During the applicable License Term, and subject to Customer’s compliance with the terms and conditions of this Agreement, Chef grants to Customer
a worldwide, non-exclusive, non-transferable, non-sublicensable license to (i) install and use the Software only for the internal use of Customer (“License”), (whether on premises or in the cloud, and including any information
technology infrastructure for the benefit of Customer’s customers) and limited to the number of License Units for which Customer is current in the payment of the applicable License Fee and, (ii) to use the Documentation only for its
internal operation and use.
- Support. During the applicable License Term, Chef will provide Customer Support Services for the Software as listed at https://www.chef.io/service-level-agreement at the “Standard” level, or as otherwise described in the applicable Order Form.
- Third Party Support. Customer may also elect, at its discretion, to obtain separate support by a third party for all or some of its licensed Software (“Administered License Units”).
- Customer agrees that it will provide Chef the following information in connection with all Administered License Units for all periods that it is using a third party to support Administered License Units during the applicable License
- Customer identification number/name with third party;
- Number of Administered License Units for the prior month as of the 10th day of each following Month.
- The License Term for the Software is independent of any support term for Administered License Units that Customer may elect with a third party.
- Customer agrees that it will provide Chef the following information in connection with all Administered License Units for all periods that it is using a third party to support Administered License Units during the applicable License Term:
- Third Party Software. The Software includes components under license from third parties, including open source licenses (the “Third Party Components”). Third Party Components are subject to the terms of their accompanying licenses. Please see https://www.chef.io/3rd-party-licenses for more details. For avoidance of doubt, Chef’s warranty of the Software includes all Third Party Components to the extent embedded in, and used by, the Software.
- Restrictions. The License is limited. Except as otherwise expressly permitted in this Agreement, Customer will not: (a) copy or use the Software in any manner except as expressly permitted in this Agreement; (b) use or deploy the Software in excess of the License Units for which Customer has paid the applicable License Fee; (c) transfer, sell, rent, lease, commercialize, lend, distribute, or sublicense the Software to any third party; (d) reverse engineer, disassemble, or decompile the Software (except to the extent such restrictions are prohibited by law); (e) alter or remove any proprietary notices in the Software; (f) make available to any third party the functionality of the Software or any license keys used in connection with the Software; or (g) use the Software for any purpose that is unlawful or prohibited by this Agreement or otherwise. If Customer does not comply with the License terms or the foregoing restrictions, Chef may terminate the applicable License.
- Proprietary Rights.
- Software and Documentation. Other than the License granted in Section 2, Chef and its licensors retain all right, title and interest in and to the Software and Documentation and all components thereof, including all patent, copyright, trademark, and trade secret rights, whether such rights are registered or unregistered, and wherever in the world those rights may exist and in any derivatives, modifications and enhancements thereto (collectively, the “Chef Rights”). Customer will not commit any act or omission or permit or induce any third party to commit any act or omission, inconsistent with the Chef Rights. Chef or its licensors own all graphics, user and visual interfaces, images, code, applications, and text, as well as the design, structure, selection, coordination, expression, “look and feel”, and arrangement of the Software and its content, and the trademarks, service marks, proprietary logos and other distinctive brand features found in the Software (collectively, the “Chef Marks”). This Agreement does not permit Customer to distribute any product or service using the Chef Marks, including in connection with any Third Party Components. Chef will retain title to all copies of the Software provided to Customer or made by Customer. There are no implied rights or licenses in this Agreement. All rights are expressly reserved by Chef.
- Proprietary Items. Customer will have or obtain no rights in Chef Proprietary Items (or in any modifications or enhancements to them or any derivative work within the meaning of the US Copyright Act) except that, to the extent the Chef Proprietary Items are incorporated into a Deliverable, Chef will grant Customer a License in such Chef Proprietary Items to use them as part of (but not unbundled from) the Deliverable. All other Intellectual Property Rights in and to the Chef Proprietary Items will remain in and/or are hereby assigned to Chef.
- Fees and Payment Terms:
- License Fee. The specific License Fee will be as provided at https://www.chef.io/pricing unless an Order Form provides otherwise. The License Fee will increase by 5% annually. License Fees are based on Software purchased, not actual usage (subject always to Section 15). Except as otherwise provided in this Agreement, all License Fees and Professional Services fees designated as “fixed fee” are non-cancelable, fees paid are non-refundable, and Customer shall not be entitled to a refund for any such fees. The number of License Units purchased cannot be decreased during the relevant License Term. License Fees will be paid in advance monthly or in accordance with any different billing frequency stated in the applicable Order Form.
- Professional Services Fee. For Professional Services fees designated as “fixed fee”, Chef will invoice Customer upon execution of the applicable Order Form. For Professional Services not designated as fixed fee, Chef will invoice monthly in arrears based on actual hours worked during the preceding month. Unless the applicable Order Form provides otherwise, Professional Services Fees designated as “fixed fee” are non-cancelable and fees paid are non-refundable.
- Costs and Expenses. Customer will reimburse Chef for any reasonable expenses incurred by Chef in the performance of the Services, including without limitation, travel and lodging expenses.
- Payments. Unless otherwise provided in an Order Form, all payments of fees or charges payable to Chef under this Agreement will be made in United States dollars and are due in full within thirty (30) days from the invoice date. Customer will provide complete and accurate billing and contact information to Chef and will notify Chef of any changes to such information.
- Late payments. Late payments (other than amounts disputed in good faith by Customer) will bear interest at the lesser of one and one-half percent (1 ½%) per month or the maximum rate allowed by law. All fees payable under this Agreement are net amounts and are payable in full, without deduction for taxes or duties of any kind. Further, Chef may terminate the License if Customer’s payments are overdue by more than thirty (30) days.
- Taxes. The fees, reimbursable expenses, compensation and other amounts payable to Chef under this Agreement are exclusive of any taxes, customs, duties, fees or other amounts assessed or imposed by any governmental authority, including sales, use, value-added (“VAT”), goods and services (“GST”), or other similar transactional taxes. Customer will be responsible for all such amounts upon demand or provide certificates or other evidence of exemption. In no event will this apply to taxes imposed on the net income of Chef.
- Delivery and Acceptance.
- Acceptance. Chef will make the Software available to Customer electronically. Software will be deemed to be delivered to Customer’s billing address unless Customer provides written notice of an alternative delivery address. The Software will be deemed accepted immediately upon delivery. Acceptance (if any) of Deliverables will be specified in an Order Form.
- Term and Renewal; Termination.
- Term of Agreement. The term of this Agreement (the “Term”) will take effect on the earlier of (i) the date You sign this Agreement; (ii) at the moment You click “I ACCEPT” or; (iii) the date You access or use the Software (the “Effective Date”). This Agreement will continue until terminated as provided herein. Except as otherwise provided in this Section 8, termination of this Agreement will not affect any outstanding Order Form, and this Agreement will remain in effect until all Professional Services and Deliverables to be provided thereunder have been completed and/or the applicable License Term has expired per the terms of such Order Form.
- Early Termination. Either party may terminate this Agreement or any Order Form if the other party materially breaches its obligations under such Agreement or Order Form and, where such breach is curable such breach remains uncured for thirty (30) days following written notice of the breach. Customer’s failure to pay any fees owing to Chef within thirty (30) days after such fees are due and payable is a material breach for which Chef may terminate the applicable Order Form pursuant to this Section 8(b) immediately upon written notice.
- Effect of Termination.
- Upon termination of this Agreement, Customer will discontinue all representations that it is a Customer of Chef. Termination of the Agreement will not terminate an Order Form unless the basis for termination also prevents full performance under such Order Form and the non-breaching party includes notice of termination of such Order Form in its notice of termination of the Agreement.
- Upon termination of an Order Form, the following will apply in respect of that specific Order Form only:
- the parties will cooperate to affect an orderly, efficient, effective and expeditious termination of the parties’ obligations under that Order Form;
- Chef will have no obligation to perform any Services under the terminated Order Form after the effective date of the termination;
- Customer will pay to Chef any fees, reimbursable expenses, compensation or other amounts payable for Services performed under the terminated Order Form prior to the effective date of the termination;
- all licenses granted by Chef thereunder will automatically cease as of the effective date of termination of such Order Form, and if Customer has no other applicable Software License, Customer must uninstall any installed Software, cease using all Software and destroy or return all copies of the Software to Chef; and certify in writing that all known copies thereof, including backup copies, have been destroyed or disabled in all forms and types of media as of the effective date of termination; and
- upon Customer’s termination of an Order Form as provided in Section 8(b), Chef will pay to Customer the following:
- a pro rata portion of the applicable prepaid License Fees following the effective date of termination through the expiration of the applicable License Term; and
- Professional Services fees designated as “fixed fee” that have not been performed as of the effective date of termination.
- Upon termination of this Agreement and completion, termination or expiration of all outstanding Order Forms, each party will promptly return to the other all of the other party’s Confidential Information within its possession or control and will certify in writing that it has complied with its obligations to return all such Confidential Information.
- The following shall survive termination of this Agreement for any reason: any and all liabilities accrued before the effective date of termination; and the provisions of this Agreement concerning proprietary rights, indemnity, disclaimers of warranty, limitation of liability, payment of fees and governing law.
- Professional Services. Chef will perform the Professional Services detailed in any Order Form. Order Forms will set forth a description of the work to be performed, fees, time schedules
and other special terms and conditions applicable to the particular project. Each Order Form will become effective only upon acceptance by both parties hereto as evidenced by signature of an authorized representative of each party on the applicable
Order Form. Chef will perform the Professional Services using its employees, subcontractors or agents, as Chef in its sole discretion deems appropriate. Chef will remain responsible to Customer for the actions of its employees, subcontractors
or agents when so used.
- Customer Responsibilities. Customer understands its business needs and has determined independently that the Deliverables and Professional Services will meet its needs.
- Intellectual Property Ownership. Should the Professional Services set forth in an Order Form result in any reports, work product or other tangible items identified in an Order Form as a deliverable (“Deliverables”), unless otherwise provided in an Order Form, Chef grants to Customer a worldwide, non-exclusive, non-transferable, non sub-licensable license to use the Deliverables for Customer’s internal use. Other than the limited license to the Deliverables contained herein or as otherwise set forth in an Order Form, Chef will own and retain all right, title and interest, express or implied, in and to any Deliverables created during the course of providing the Professional Services and to all other works of authorship of any kind or nature prepared, created or conceived by Chef in the performance of the Professional Services, exclusive of any Confidential Information of Customer incorporated therein. Chef will not own or have any right, title or interest in or to the Confidential Information of Customer, whether by assignment, license or otherwise.
- Residuals/Items of General Knowledge. Chef may use its general knowledge, skills and experience, and any ideas, concepts, know-how, and techniques within the scope of its professional services practice in the course of providing the Professional Services, including information publicly known or available or that could reasonably be acquired in similar work performed for another customer of Chef. In no event will Chef be precluded from developing for itself, or for others, materials that are competitive with the Deliverables, irrespective of their similarity to the Deliverables, provided this is done without use of Customer’s Confidential Information.
- Software Warranty. Chef warrants that the Software will perform in all material respects as specified in its accompanying Documentation under normal use for the duration of the Warranty Period (as defined below). This warranty extends only to Customer. Chef’s sole obligation under the warranty set forth in this Section 10(a) is (i) to use its reasonable efforts to correct or replace any non-conforming Software once Chef has been made aware of such non-conformance, but only if such notice is provided to Chef within the Warranty Period or, in Chef’s sole discretion, (ii) to terminate the applicable Order Form (in which event, Customer will immediately stop using the Software) and refund a pro rata portion of the applicable prepaid License Fees following the effective date of termination through the expiration of the applicable License Term.
- Services Warranty. Chef warrants to Customer for a period of sixty 60 days after Customer acceptance of Services or Deliverables or initial receipt of or access to the Software, as applicable (the “Warranty Period”) that: (i) the Services will be performed in a good and workmanlike manner; and (ii) the Deliverables will conform in all material respects to applicable specifications identified in an Order Form. Chef’s sole obligation under the limited warranty set forth in this Section 10(b) is to use commercially reasonable efforts to correct any Services or Deliverables that do not comply with the warranties set forth in this Section 10(b) (e.g., by reperformance of any noncomplying Services or modifying any noncomplying Deliverables); provided that Customer gives Chef written notice of the noncompliance within the Warranty Period. If, after the expenditure of commercially reasonable efforts, Chef is unable to correct the noncompliance, Chef may choose to refund an equitable portion (e.g., based upon the value of Customer’s actual use of, or any benefits received by Customer) of the fee paid by Customer for such Deliverables or Services, whereupon the same will be deleted from the Deliverables or Services and no longer considered a part thereof.
- Exclusions. The warranties under Sections 10(a) and 10(b) do not apply to: 1) any use of experimental features which Customer may enable in the Software or use of the Software without payment, including for trial/evaluation purposes; 2) any noncompliance resulting from any: (i) use not in accordance with this Agreement or any applicable Order Form, including Customer operation or use of the Software or Deliverables other than in accordance with applicable documentation or design or on hardware not recommended, supplied or approved by Chef; (ii) modification, damage, misuse or other action of Customer or any third party; (iii) combination with any goods, services or other items provided by Customer or any third party; or (iv) combination of the Software with any distribution or binary not provided by Chef, even if the distribution or binary is derived from the same source code as the Chef Software. Further, Chef does not warrant that the Software or Deliverables or any other items furnished by Chef under this Agreement or any Order Form are free from non-material bugs, errors, defects or deficiencies.
- Disclaimer. EXCEPT FOR THE LIMITED WARRANTY IN SECTIONS 10(a) AND 10(b) ABOVE, THE SOFTWARE, DELIVERABLES, AND ANY SERVICES PROVIDED UNDER THIS AGREEMENT ARE PROVIDED “AS IS”, WITHOUT ANY WARRANTIES OF ANY KIND, INCLUDING BUT NOT LIMITED TO, WARRANTIES CONCERNING THE USE, INTER-OPERABILITY, OR PERFORMANCE OF THE SOFTWARE. CHEF DISCLAIMS ANY AND ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND/OR NON-INFRINGEMENT. CHEF DOES NOT WARRANT THAT THE SOFTWARE, DELIVERABLES, OR SERVICES WILL MEET CUSTOMER’S REQUIREMENTS OR THAT THE OPERATION THEREOF WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ERRORS WILL BE CORRECTED.
- Indemnification by Chef. Chef will indemnify Customer and will pay any costs or damages that may be finally awarded in respect of any third party claims, proceedings, costs or damages, including actual attorneys’ fees and court costs and expenses in any such third party action, proceeding or case, and agreed settlements to the extent that the Software or Deliverables infringe any United States patent, or any copyright, trademark or other proprietary right of such third party; provided that Customer: (i) promptly notifies Chef of the claim; (ii) gives Chef all necessary information regarding the claim; (iii) reasonably cooperates with Chef; and (iv) allows Chef to control the defense and all related settlement negotiations; provided that, if any settlement requires a non-monetary obligation of an indemnified party (other than ceasing use of the Software or Deliverables), then such settlement will require the Customer’s prior written consent, which consent will not be unreasonably withheld.
- Injunction. If an injunction is sought or obtained against Customer’s use of Software or Deliverables as a result of a third party infringement claim or in Chef’s opinion is likely to be enjoined, Chef may, at its sole option and expense, (i) procure for Customer the right to continue using the affected Software or Deliverable, (ii) replace or modify the affected Software with substantially equivalent software functionality so that it does not infringe, or, if either (i) or (ii) is not commercially feasible in Chef’s opinion, (iii) terminate the License and promptly refund Customer a pro-rata portion of any prepaid License Fees based on the remainder of the License Term.
- Exclusions. Chef will have no liability for: 1) any claims arising from use of experimental features which Customer may enable in the Software or use of the Software without payment, including for trial/evaluation purposes; or 2) any infringement claim (a) based on modifications to the Software or Deliverables made by a party other than Chef or third party acting on behalf of Chef, if a claim would not have occurred but for such modifications, (b) based on the use of other than the then-current, unaltered version or release of the Software or Deliverables, unless the infringing portion is also in the then-current, unaltered version or release; (c) based on the use, operation or combination of the Software or Deliverables with non-Chef programs, data, equipment or documentation if such infringement would have been avoided but for such use, operation or combination; (d) attributable to any Third Party Components; (e) based on Customer’s use of the Software or Deliverables other than in accordance with this Agreement or the applicable Documentation; or (f) based on combination of the Software with any distribution or binary not provided by Chef, even if the distribution or binary is derived from the same source code as the Chef Software.
- Sole Remedy. THE TERMS OF THIS SECTION 11 CONSTITUTE THE ENTIRE LIABILITY OF CHEF, AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO ANY INDEMNIFICATION CLAIMS OF ANY KIND.
- Indemnification by Customer. Customer will defend, indemnify, and hold harmless Chef and affiliates and all of their respective employees, agents, directors, officers, shareholders, attorneys, successors, and assigns from and against any third party claim arising from or in any way related to Customer’s violation of (i) applicable laws, rules or regulations and/or (ii) the confidentiality provisions of this Agreement, including any liability or expense arising from all claims, losses, damages (actual and consequential), suits, judgments, litigation costs and attorneys’ fees, of every kind and nature. In such a case, Chef will provide Customer with written notice of such claim, suit or action.
- Limitation of Liability.
- Indirect Damages. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EXCEPT AS OTHERWISE PROVIDED SPECIFICALLY IN THIS AGREEMENT, IN NO EVENT WILL EITHER PARTY, ITS AFFILIATES, LICENSORS, OR THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, CONTRACTORS OR AGENTS BE LIABLE TO THE OTHER PARTY OR TO ANY THIRD PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES OR FOR THE COST OF PROCURING SUBSTITUTE PRODUCTS OR SERVICES ARISING OUT OF OR IN ANY WAY RELATING TO OR IN CONNECTION WITH THIS AGREEMENT OR THE USE OF OR INABILITY TO USE THE SOFTWARE, DOCUMENTATION, DELIVERABLES, OR THE SERVICES PROVIDED BY CHEF HEREUNDER INCLUDING, WITHOUT LIMITATION, DAMAGES OR OTHER LOSSES FOR LOSS OF USE, LOSS OF BUSINESS, LOSS OF GOODWILL, WORK STOPPAGE, LOST PROFITS, LOSS OF DATA, COMPUTER FAILURE OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES EVEN IF ADVISED OF THE POSSIBILITY THEREOF AND REGARDLESS OF THE LEGAL OR EQUITABLE THEORY (CONTRACT, TORT OR OTHERWISE) UPON WHICH THE CLAIM IS BASED.
- Aggregate Liability. IN NO EVENT WILL EITHER PARTY’S AGGREGATE LIABILITY, FROM ALL CAUSES OF ACTION AND UNDER ALL THEORIES OF LIABILITY, EXCEED THE TOTAL LICENSE FEES DUE UNDER THIS AGREEMENT DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE ARISING OF A CLAIM.
- General. THESE LIMITATIONS APPLY EVEN IF THIS SECTION 12 IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE. SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR OTHER DAMAGES, SO THE ABOVE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY. IN SUCH EVENT, THE LIABILITY OF THE PARTIES WILL BE LIMITED TO THE GREATEST EXTENT PERMITTED BY APPLICABLE LAW.
- Exclusion – Violations of Law. The limits in Section 12(a) and Section 12(b) above do not apply to damages incurred by a party due to the other party’s violation of applicable laws.
- Confidentiality and Privacy. Customer and Chef will maintain the confidentiality of Confidential Information. The receiving party of any Confidential Information of the other party agrees not to use such Confidential Information for any purpose except as necessary to fulfill its obligations and exercise its rights under this Agreement. The receiving party will protect the secrecy of and prevent disclosure and unauthorized use of the disclosing party’s Confidential Information using the same degree of care that it takes to protect its own confidential information and in no event will use less than reasonable care. The terms of this Confidentiality section will survive termination of this Agreement. Upon termination or expiration of this Agreement, the receiving party will, at the disclosing party’s option, promptly return or destroy (and provide written certification of such destruction) the disclosing party’s Confidential Information, save once copy for archival and dispute resolution purposes.
- Data Protection. If the General Data Protection Regulation (“GDPR”) applies to Customer, then the following terms will apply:
- Definitions: In this Section 14, the following
terms will have the following meanings:
- “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity;
- “Controller“, “Processor“, “Data Subject“, “ Personal Data“, “Processing” (and “Process“) and “Special Categories of Personal Data” will have the meanings given in Applicable Data Protection Law;
- “Applicable Data Protection Law” will mean: (i) prior to 25 May 2018, the EU Data Protection Directive (Directive 95/46/EC); and (ii) on and after 25 May 2018, the EU General Data Protection Regulation (Regulation 2016/679).
- “Standard Contractual Clauses” means the contractual clauses set out in Exhibit 1 to this Agreement.
- Processing of Data:
- Applicability. This Section 14 will apply only to the extent Customer is established within the EEA or Switzerland and/or to the extent Chef processes Personal Data of Data Subjects located in the European Economic Area (“EEA”) or Switzerland on behalf of Customer.
- Relationship of the Parties. The Customer (the “Controller”) appoints Chef as a processor to Process the Personal Data that is the subject of the Agreement (the “Data”) for the purposes described in this Agreement and any Order Form (or as otherwise agreed in writing by the parties) (the “Permitted Purpose”). Each party will comply with the obligations that apply to it under Applicable Data Protection Law.
- Prohibited Data. The Customer will not disclose any Special Categories of Data to Chef for processing.
- Purpose Limitation. Chef will process the Data as a Processor as necessary to perform its obligations under this Agreement and any Order Form, and in accordance with the documented instructions of Customer (the “Permitted Purpose”), except where otherwise required by any EU (or any EU Member State) law applicable to Chef. The duration of the Processing, the nature and purpose of the Processing, the types of Data and categories of Data Subjects Processed under this Agreement are further specified in Appendix 1 to the Standard Contractual Clauses.
- International Transfers. Chef will not transfer the Data (nor permit the Data to be transferred) outside of the EEA unless it has taken such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law. Such measures may include (without limitation) transferring the Data to a recipient in a country that the European Commission has decided provides adequate protection for personal data, to a recipient that has achieved binding corporate rules authorization in accordance with Applicable Data Protection Law, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission. The following transfer mechanisms listed below will apply, in the following order of precedence, to any transfers of Data under this Agreement from the European Union, the European Economic Area and/or their member states, Switzerland and the United Kingdom to countries which do not ensure an adequate level of data protection within the meaning of Data Protection Laws and Regulations of the foregoing territories, to the extent such transfers are subject to such Data Protection Laws and Regulations; (1) EU-U.S. and Swiss-U.S. Privacy Shield Framework self-certifications (if applicable); (2) The Standard Contractual Clauses set forth in Exhibit 1 to this Agreement.
- Confidentiality of Processing. Chef will ensure that any person it authorizes to process the Data (an “Authorized Person”) will protect the Data in accordance with Chef’s confidentiality obligations under this Agreement.
- Security. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Chef will implement technical and organizational measures to protect the Data (1) from accidental or unlawful destruction, and (2) loss, alteration, unauthorized disclosure of, or access to the Data (a “Security Incident”).
- Sub-Processing. The Customer consents to Chef engaging third party sub processors to process the Data for the Permitted Purpose provided that: (1) Chef maintains an up-to-date list of its sub processors; (2) Chef imposes data protection terms on any sub processor it appoints that require it to protect the Data to the standard required by Applicable Data Protection Law; and (3) Chef remains liable for any breach of this Clause that is caused by an act, error or omission of its sub processor. The Customer may object to Chef’s appointment or replacement of a sub processor, provided such objection is based on reasonable grounds relating to data protection. In such event, Chef will use reasonable efforts to make available to Customer a change in the Services or recommend a commercially reasonable change to Customer’s configuration or use of the Services to avoid Processing of Personal Data by the objected-to new Sub-processor without unreasonably burdening the Customer. If Chef is unable to make available such change within a reasonable period of time, which will not exceed thirty (30) days, Customer may terminate the applicable Order Form(s) with respect only to those Services which cannot be provided by Chef without the use of the objected-to new Sub-processor by providing written notice to Chef. Chef will refund Customer any prepaid fees covering the remainder of the term of such Order Form(s) following the effective date of termination with respect to such terminated Services, without imposing a penalty for such termination on Customer.
- Cooperation and Data Subjects’ Rights. Chef will provide reasonable and timely assistance to the Customer to enable the Customer to respond to: (1) any request from a Data Subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable); and (2) any other correspondence, inquiry or complaint received from a Data Subject, regulator or other third party in connection with the processing of the Data. In the event that any such request, correspondence, enquiry or complaint is made directly to Chef, Chef will promptly inform the Customer providing full details of the same.
- Data Protection Impact Assessment. If Chef believes or becomes aware that its processing of the Data is likely to result in a high risk to the data protection rights and freedoms of Data Subjects, it will inform the Customer and provide reasonable cooperation to the Customer (at the Customer’s expense) in connection with any data protection impact assessment that may be required under Applicable Data Protection Law.
- Security Incidents. If Chef becomes aware of a confirmed Security Incident (as defined in Section 14(b)(vii) above), it will inform the Customer without undue delay and will provide reasonable information and cooperation to the Customer so that the Customer can fulfill any data breach reporting obligations it may have under (and in accordance with the timescales required by) Applicable Data Protection Law. Chef will further take such any reasonably necessary measures and actions to remedy or mitigate the effects of the Security Incident and will keep the Customer of all material developments in connection with the Security Incident.
- Deletion or Return of Data. Upon termination or expiration of the Agreement, Chef will (at the Customer’s election) destroy or return to the Customer all Data in its possession or control. This requirement will not apply to the extent that Chef is required by applicable law to retain some or all of the Data, or to Data it has archived on back-up systems, which Data Chef will securely isolate and protect from any further processing except to the extent required by such law.
- Audit. The Customer acknowledges that Chef is regularly audited by independent third party auditors. Upon request, Chef will supply a summary copy of its audit report(s) to the Customer, which reports will be subject to the confidentiality provisions of this Agreement. Chef will also respond to any written audit questions submitted to it by the Customer, provided that the Customer will not exercise this right more than once per year.
- Definitions: In this Section 14, the following terms will have the following meanings:
- Software Usage Tracking.
- If and when Customer adds additional License Units to its License, Customer will pay to Chef for such additional License Units added to any License. Upon Chef’s request (such request not to be made more than twice during any 12 month period without good cause), Customer agrees to promptly deliver to Chef (i) any usage files and reports generated by the Software to permit Chef to verify the number of License Units actually used by Customer during the applicable License Term; and/or (ii) a certification signed by one of Customer’s officers regarding the number of License Units actually used by Customer during the applicable License Term. Notwithstanding the foregoing, Customer agrees to reasonably cooperate with Chef to verify the number of License Units actually used by Customer during the applicable License Term. If Chef confirms that Customer has exceeded the number of License Units for the applicable License Term, in addition to any other remedies available under this Agreement or applicable law, Customer agrees to pay the then-current License Fees for the additional License Units used by Customer.
- Unless Customer chooses to disable telemetry features in the Software, Customer consents to Chef receiving data and information directly from the Software for the sole purpose of obtaining information regarding Customer’s use of the Software (i.e., when Customer installs an update or upgrade), as well as any Software bugs, errors, and other similar technical support issues. Chef will only use such data and information (“Software Usage and Technical Support Data”) for its own business purposes, including but not limited to the purposes of (i) providing the Support Services; and (ii) to gather information about how Customer uses the Software, which may be combined with information about how others use the Software, in order to help Chef better understand trends and Customers’ needs in order to better consider new features, and (iii) improving the Software and Customer’s use experience. Chef will use Software Usage and Technical Support Data solely in aggregate, anonymized form and solely for Chef’s own business purposes. For instructions on how to disable Chef’s access to the Software Usage and Technical Support Data, please refer to the Software Documentation or contact Chef Support.
- Export Compliance. As required by the laws of the United States and other countries, Customer represents and warrants that Customer: (a) understands that the Software and its components may be subject to export controls under the U.S. Commerce Department’s Export Administration Regulations (“EAR”); (b) is not located in a prohibited destination country under the EAR or U.S. sanctions regulations; (c) will not export, re-export, or transfer the Software to any prohibited destination or persons or entities on the U.S. Bureau of Industry and Security Denied Parties List or Entity List, or the U.S. Office of Foreign Assets Control list of Specially Designated Nationals and Blocked Persons, or any similar lists maintained by other countries, without the necessary export license(s) or authorization(s); (d) will not use or transfer the Software in connection with any nuclear, chemical or biological weapons, missile technology, or military end-uses where prohibited by an applicable arms embargo, unless authorized by the relevant government agency by regulation or specific license; and (e) understands that countries including the United States may restrict the import, use, or export of encryption products (which may include the Software and the components) and agrees that Customer will be solely responsible for compliance with any such import, use, or export restrictions.
- FCPA, UK Bribery Act Compliance and No Unlawful Payments. Neither the Customer nor any of its subsidiaries nor, to the Customer’s knowledge, any other person associated with or acting on behalf of the Customer or any of its subsidiaries, including, without limitation, any director, officer, agent, employee or affiliate of the Customer or any of its subsidiaries (“Representatives”) has (a) used any corporate funds for any unlawful contribution, gift, entertainment or other unlawful expense relating to political activity or to influence official action; (b) made any direct or indirect unlawful payment to any foreign or domestic government official or employee from corporate funds; (c) made any bribe, rebate, payoff, influence payment, kickback or other unlawful payment; (d) violated or is in violation of any provision of the U.S. Foreign Corrupt Practices Act of 1977, as amended, and the rules and regulations thereunder; or (e) violated or is in violation of any provision of the UK Bribery Act 2010, as amended, and the rules and regulations thereunder; and the Customer has instituted and maintains policies and procedures designed to ensure compliance therewith. Further, Customer will, and will cause its Representatives to, comply with, as applicable the FCPA and/or UK Bribery Act, including maintaining and complying with all policies and procedures to ensure compliance with these laws.
- Additional Obligations. Each Party will comply with all applicable local, state, national, and international laws and regulations with respect to its rights and obligations under this Agreement. Customer further agrees that its purchase under this Agreement is neither contingent on the delivery of any future functionality or features nor dependent on any oral or written public comments made by Chef regarding future functionality or features of the Software. By downloading, accessing, or using the Software, Customer represents that it is at least the legal age of majority.
- U.S. Government. The Software is “Commercial Computer Software” as defined under FAR 252.227-7014. If Customer is subject to the Defense Federal Acquisition Resolutions (DFAR), the Software and Documentation are licensed pursuant to Chef’s standard commercial license according to DFARS 227.7202. For all other government entities, use, duplication, or disclosure of the Software and Documentation by the U.S. Government is subject to restrictions set forth in subparagraph (b)(2) of 48 CFR 52.227-19, as applicable.
- Neither party may assign this Agreement except upon the advance written consent of the other party, except that either party may assign this Agreement in connection with a merger, reorganization, acquisition or other transfer of all or substantially all of such party’s voting securities or the assets governed by this Agreement; provided, that: (i) the assignor or assignee provides reasonably prompt written notice of such assignment to the non-assigning party; and (ii) the assignee is capable of fully performing the obligations of the assignor under the Agreement. Any attempt to assign this Agreement, without such consent, will be null and of no effect. Subject to the foregoing, this Agreement will bind and inure to the benefit of each party’s successors and permitted assigns.
- Chef may use Customer’s name and logo, in reference to Customer’s use of Chef’s product offerings, for marketing purposes.
- If for any reason a court of competent jurisdiction finds any provision of this Agreement invalid or unenforceable, that provision of the Agreement will be enforced to the maximum extent permissible and the other provisions of this Agreement will remain in full force and effect.
- Except for payment obligations, neither party will be liable for any delay or failure to perform any obligation under this Agreement where the delay or failure results from any cause beyond its reasonable control, including acts of God, pandemic, labor disputes or other industrial disturbances, electrical or power outage, utilities or telecommunications failures, earthquake, storms or other elements of nature, blockages, embargoes, riots, acts or orders of government, acts of terrorism, or war.
- The failure by either party to enforce any provision of this Agreement will not constitute a waiver of future enforcement of that or any other provision. All waivers must be in writing and signed by both parties.
- All notices permitted or required under this Agreement will be in writing and will be delivered in person, by confirmed facsimile, overnight courier service or mailed by first class, registered or certified mail, postage prepaid. Such notice will be deemed to have been given upon receipt.
- This Agreement will be governed by the laws of the State of Washington, U.S.A., excluding its conflicts of law rules.
- The parties expressly agree that the UN Convention for the International Sale of Goods (CISG) or the Uniform Computer Information Transactions Act (UCITA) will not apply.
- Any amendment or modification to the Agreement must be in writing signed by both parties.
- In the event of a conflict between this Agreement and other applicable documents between the Parties, such documents will apply in the following descending order of precedence: (i) Order Form; (ii) this Agreement; (iii); other applicable agreements. In the event of a conflict between any terms of this Agreement or terms of an Order Form and the terms and conditions attached to or otherwise forming part of any Purchase Order issued by Customer (collectively, “Purchase Order Terms”), the terms of this Agreement and/or Order Form will control or supersede the Purchase Order Terms and void any additional obligations placed on Chef not contemplated by this Agreement. This Agreement supersedes the terms of any shrinkwrap or click-through license agreement included in any package or downloadable version of the Software.
- Each of the parties has caused this Agreement to be executed by its duly authorized representatives as of the Effective Date.
- Except as expressly set forth in this Agreement, the exercise by either party of any of its remedies under this Agreement will be without prejudice to its other remedies under this Agreement or otherwise.
- The parties to this Agreement are independent contractors and this Agreement will not establish any relationship of partnership, joint venture, employment, franchise, or agency between the parties. Neither party will have the power to bind the other or incur obligations on the other’s behalf without the other’s prior written consent.
STANDARD CONTRACTUAL CLAUSES
These Clauses are deemed to be amended from time to time, to the extent that they relate to a Restricted Transfer which is subject to the Data Protection Laws of a given country or territory, to reflect (to the extent possible without material uncertainty as to the result) any change (including any replacement) made in accordance with those Data Protection Laws (i) by the Commission to or of the equivalent contractual clauses approved by the Commission under EU Directive 95/46/EC or the GDPR (in the case of the Data Protection Laws of the European Union or a Member State); or (ii) by an equivalent competent authority to or of any equivalent contractual clauses approved by it or by another competent authority under another Data Protection Law (otherwise).
Standard Contractual Clauses (processors)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.
Name of the data exporting organization: See customer name and address on Page 1 to this Agreement.
Tel.: ____________; fax: __________________; e-mail: __________________________
Other information needed to identify the organization: N/A
(the data exporter)
Name of the data importing organization: Chef Software Inc.
Address: 619 Western Avenue, Suite 400, Seattle Washington 98104
Tel.: 206-508-4799; e-mail: email@example.com
Other information needed to identify the organization: N/A
(the data importer)
each a “party”; together “the parties”,
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
The data exporter has entered into an Agreement (“Agreement”) with the data importer. Pursuant to the terms of the Agreement, it is contemplated that Services provided by the data importer will involve the transfer of personal data to data importer. Data importer is located in a country not ensuring an adequate level of data protection. To ensure compliance with Directive 95/46/EC and applicable data protection law, the controller agrees to the provision of such Services, including the processing of personal data incidental thereto, subject to the data importer’s execution of, and compliance with, the terms of these Clauses.
For the purposes of the Clauses:
- ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ will have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
- ‘the data exporter’ means the controller who transfers the personal data;
- ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
- ‘the subprocessor’ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
- ‘the applicable data protection law‘ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
- ‘technical and organizational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Third-party beneficiary clause
- The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
- The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
- The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor will be limited to its own processing operations under the Clauses.
- The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Obligations of the data exporter
The data exporter agrees and warrants:
- that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
- that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
- that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures specified in Appendix 2 to this contract;
- that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
- that it will ensure compliance with the security measures;
- that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
- to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
- to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
- that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
- that it will ensure compliance with Clause 4(a) to (i).
Obligations of the data importer
The data importer agrees and warrants:
- to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
- that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
- that it has implemented the technical and organizational security measures specified in Appendix 2 before processing the personal data transferred;
- that it will promptly notify the data exporter about:
- any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
- any accidental or unauthorized access, and
- any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;
- to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
- at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which will be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
- to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which will be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
- that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
- that the processing services by the subprocessor will be carried out in accordance with Clause 11;
- to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
- The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
- If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
- The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
- If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor will be limited to its own processing operations under the Clauses.
Mediation and jurisdiction
- The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
- to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
- to refer the dispute to the courts in the Member State in which the data exporter is established.
- The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Cooperation with supervisory authorities
- The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
- The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
- The data importer will promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter will be entitled to take the measures foreseen in Clause 5 (b).
The Clauses will be governed by the law of the Member State in which the data exporter is established.
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
- The data importer will not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it will do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfill its data protection obligations under such written agreement the data importer will remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement.
- The prior written contract between the data importer and the subprocessor will also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor will be limited to its own processing operations under the Clauses.
- The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 will be governed by the law of the Member State in which the data exporter is established.
- The data exporter will keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which will be updated at least once a year. The list will be available to the data exporter’s data protection supervisory authority.
Obligation after the termination of personal data processing services
- The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor will, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or will destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
- The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES
This Appendix forms part of the Clauses and must be completed and signed by the parties
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix
The data exporter is (i) the legal entity that has executed the Standard Contractual Clauses as a Data Exporter and (ii) all Affiliates (as defined in the Agreement) of Data Exporter.
The data importer is Chef Software Inc. – a provider of enterprise automation software to organizations which processes Data upon the instruction of the data exporter in accordance with the terms of the Agreement
The personal data transferred concern the following categories of data subjects:
Data exporter may submit Data to Chef, the extent of which is determined and controlled by the data exporter in its sole discretion, and which may include, but is not limited to Data relating to the following categories of Data Subjects:
- Prospects, customers, business partners and vendors of Customer (who are natural persons)
- Employees or contact persons of Customer’s prospects, customers, business partners and vendors
- Employees, agents, advisors, freelancers of Customer (who are natural persons)
- Customer’s Users authorized by Customer to use the Services
Categories of data
The personal data transferred concern the following categories of data:
Data exporter may submit Data to Chef, the extent of which is determined and controlled by the data exporter in its sole discretion, and which may include, but is not limited to the following categories of Data:
- First and last name
- Contact information (company, email, phone, physical business address)
- ID data
- Professional life data
- Personal life data
- IP Addresses, Cookies, Usage data, etc.
- Localization data
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data: None
APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES
This Appendix forms part of the Clauses and must be completed and signed by the parties.
Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c):
Data importer will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of the Data Processed in accordance with the Agreement and as otherwise made reasonably available by data importer upon written request from Customer. Data Importer will not materially decrease the overall security of the Services during a License Term.