NIST Privacy Framework : Our Essential Data Protection Guide

Close

SUBSCRIPTION SERVICES AGREEMENT

This agreement is between Spirion, LLC, a Delaware limited liability company (Spirion), and the Customer agreeing to these terms (Customer) and is effective as of the date of the last signature below.

1. SOFTWARE SERVICE.

This agreement and the applicable order provide Customer and its Affiliates (defined below) access to and usage of an Internet-based software service, including, without limitation, its features, functions, and user interface, and underlying software, as specified on an order (Service).

2. USE OF SERVICE.

  1. Customer Owned Data. All data uploaded by Customer to the Service remains the property of Customer, as between Spirion and Customer (Customer Data). Customer represents and warrants to Spirion that Customer has provided all required notices and has obtained all required licenses, permissions, and consents regarding Customer Data for use within the Service under this agreement. Customer grants Spirion the right to use the Customer Data solely for purposes of performing under this agreement.
  2. Affiliates and Contractors. Customer, including its Affiliates, may enter into orders with Spirion and its Affiliates. An Affiliate entering into an order agrees to be bound by this agreement as if it were an original party hereto. Customer may allow its Affiliates and contractors to use the Service, provided Customer is responsible for their compliance with the terms of this agreement, and use by its Affiliates and contractors is solely for Customer’s or Affiliate’s benefit.Affiliate means any company controlled by or under common control with the subject entity, directly or indirectly, with an ownership interest of at least 50%.
  3. Customer Responsibilities. Customer: (i) must keep its passwords secure and confidential and use industry-standard password management practices; (ii) is responsible for its access control policies and administration of access rights to its account within the Service, the acts and omissions of its users, and the legality and accuracy of Customer Data; (iii) must use commercially reasonable efforts to prevent unauthorized access to its account, and notify Spirion promptly of any such unauthorized access; and (iv) may use the Service only in accordance with the Service’s technical documentation and applicable law.
  4. Spirion Technical Support. Spirion must provide Customer support for the Service under the terms of Spirion’s Customer Support Policy (Support), as provided here.
  5. Trial Version.If Customer has registered for a trial use of the Service, Customer may access the Service for the designated trial period (unless extended by Spirion). The Service is provided ‘AS IS’, with no warranty during this time period.All Customer Data will be deleted after the trial period, unless Customer converts its account to a paid Service.
  6. Customer Components.
    • Definition. Customer controls its computing environment and any individual internal or third-party components (Customer Components) located on Customer’s premises or cloud based. The Service allows Customer to search the Customer Components for which it is designed to operate, which include without limitation, Customer provided end points, cloud services, on premise devices, storage, APIs, protocols, and interfaces, as further described at
      Platforms we keep secure
      .
    • Availability of Customer Components. The Service may depend on continuing availability of and access to Customer Components, for full functionality.
      • Spirion will make reasonable commercial efforts to provide continued support of the technical integration to the Customer Components.
      • If a Customer Components ceases to be available with the Service (other than due to a temporary issue for no longer than 30 days or Customer’s act or omission), then Customer may terminate the affected orders and Spirion will refund to Customer any prepaid and unused fees on a pro rata basis. If a third party requires a fee for the access or usage of the Customer Component, Customer is responsible for obtaining all rights and the payment of all fees associated with all such components for purposes of this agreement.
  7. API. Spirion provides access to its application-programming interface (API) as part of the Service for no additional fee. Subject to the other terms of this Agreement, Spirion grants Customer a non-exclusive, nontransferable, terminable license to interact only with the Service as allowed by the API, and as follows:
    • Customer may not use the API in a manner–as reasonably determined by Spirion–that exceeds reasonable request volume, constitutes excessive or abusive usage, or fails to comply with any part of the API. If any of these occur, Spirion may rate limit, suspend, or terminate Customer’s access to the API on a temporary or permanent basis.
    • Spirion may change or remove existing endpoints or fields in API results with at least 30 days’ notice to Customer, but Spirion will use commercially reasonable efforts to support the previous version of the API for at least 6 months. Spirion may add new endpoints or fields in API results without prior notice to Customer.
    • The API is provided on an AS IS basis. Spirion has no liability to Customer as a result of any change, temporary unavailability, suspension, or termination of access to the API.

3. SERVICE LEVEL AGREEMENT AND WARRANTY.

  1. Warranty. Spirion warrants to Customer that: (i) Spirion will use commercially reasonable efforts to maintain the availability of the Service as provided at SaaS – SERVICE LEVEL AGREEMENT (which terms are incorporated into this agreement); (ii) Service will materially perform in accordance with its technical documentation; and (iii) neither the Service nor Support (both defined above) nor the Security Measures (defined below) will materially decrease during any paid term. Customer’s exclusive remedy and Spirion’s sole obligation for Spirion’s breach of these warranties shall be, for (i), a credit to Customer as provided in the link above (or if this agreement is not renewed, then an equivalent refund) and for (ii) and (iii), as described in the “Mutual Termination for Material Breach” and “Effect of Termination” sections set forth in this agreement.
  2. Implementation Services Warranty. Spirion warrants that, for a period of 30 days from delivery, it has performed the Implementation Services in conformance with generally accepted practices within the software services industry. Customer must notify Spirion of any breach of this warranty no later than 30 days after delivery of the Implementation Services. CUSTOMER’S EXCLUSIVE REMEDY AND SPIRION’S ENTIRE LIABILITY UNDER THIS WARRANTY WILL BE FOR SPIRION TO RE-PERFORM ANY NON-CONFORMING PORTION OF THE IMPLEMENTATION SERVICES, OR IF SPIRION CANNOT REMEDY THE BREACH, THEN REFUND THE PORTION OF THE FEE ATTRIBUTABLE TO SUCH NON-CONFORMING PORTION OF THE IMPLEMENTATION SERVICES. THIS WARRANTY WILL NOT APPLY TO THE EXTENT CUSTOMER, ITS CONTRACTORS, OR AGENTS HAVE MODIFIED ANY ITEM.
  3. DISCLAIMER. SPIRION DISCLAIMS ALL OTHER WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, AND FITNESS FOR A PARTICULAR PURPOSE. WHILE SPIRION TAKES REASONABLE PHYSICAL, TECHNICAL, AND ADMINISTRATIVE MEASURES TO SECURE THE SERVICE, SPIRION DOES NOT GUARANTEE THAT THE SERVICE CANNOT BE COMPROMISED. CUSTOMER UNDERSTANDS AND AGREES THAT THE SERVICE MAY NOT BE ERROR-FREE AND THE USE MAY BE INTERRUPTED, AND SPIRION IS NOT RESPONSIBLE OR LIABLE FOR ANY THIRD-PARTY SERVICE ISSUES. SPIRION IS NOT LIABLE FOR PROBLEMS INHERENT IN USE OF THE INTERNET OR FOR ISSUES RELATED TO CUSTOMER’S NETWORK OR CLOUD PROVIDER ACCOUNTS, OR FOR DECISIONS CUSTOMER MAKES REGARDING ITS CONFIGURATION OF THE SERVICE. THE SERVICE IS ONE TOOL IN CUSTOMER’S DATA PROTECTION STRATEGY AND DOES NOT REPRESENT A SHIFT IN RESPONSIBILITY FOR CUSTOMER’S OVERALL DATA PROTECTION.

4. PAYMENT.

  1. Fees and Payment. Customer must pay all fees as specified on the order, but if not specified, then within 30 days of receipt of an invoice. The fees are exclusive of sales, use, withholding, VAT and other similar taxes, and Customer is responsible for payment of such taxes at the rate and in the manner for the time being prescribed by law. If Spirion has the legal obligation to pay or collect taxes for which Customer is responsible under this section, Spirion will invoice Customer and Customer  will pay that amount unless Customer  provides Spirion  with a valid tax exemption certificate authorized by the appropriate taxing authority. This agreement contemplates one or more orders for the Service, which orders are governed by the terms of this agreement.
  2. Nonpayment. If an invoiced amount is 30 days or more past due, Spirion may suspend Service until the amount is paid in full, provided Spirion has given Customer at least 30 days’ prior written notice that its account is past due.
  3. Reseller Transactions. If the order is placed through an authorized Spirion reseller, then the payment terms in Section 4(a)will not apply (unless Spirion notifies Customer otherwise), as the Customer’s payment terms with the reseller will apply.

5. MUTUAL CONFIDENTIALITY AND DATA SECURITY.

  1. Definition of Confidential Information. Confidential Information means all non-public information disclosed by a party (Discloser) to the other party (Recipient), whether orally, visually, or in writing, which is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure (Confidential Information). Spirion’s Confidential Information includes, without limitation, the Service, pricing information, and the Software and Documentation (defined below). Customer’s Confidential Information includes, without limitation, the Customer Data.
  2. Protection of Confidential Information. Recipient must use the same degree of care that it uses to protect the confidentiality of its
own confidential information of like kind (but not less than reasonable care) to: (i) not use any Confidential Information of Discloser for any purpose outside the scope of this agreement; and (ii) limit access to Confidential Information of Discloser to those of its and its Affiliates’ employees
and contractors who need that access for purposes consistent with this agreement and who have signed confidentiality
agreements with Recipient containing protections not materially less protective of the Confidential Information than
those in this agreement.
  3. Exclusions. Confidential Information excludes information that: (i) is or becomes generally known to the public without breach of any obligation owed to Discloser; (ii) was known to the Recipient before its disclosure by the Discloser without breach of any obligation owed to the Discloser; (iii) is received from a third party without breach of any obligation owed to Discloser; or (iv) is independently developed by the Recipient without use of or access to the Confidential Information. The Recipient may disclose Confidential Information to the extent required by law or court order, but will provide Discloser with advance notice to seek a protective order.
  4. Data Security Measures.
    • Security Measures. Spirion: (i) implements and maintains reasonable security measures appropriate to the nature of the Customer Data including, without limitation, technical, physical, administrative, and organizational controls, designed to maintain the confidentiality, security, and integrity of the Customer Data; (ii) implements and maintains industry standard systems and procedures for detecting, preventing, and responding to attacks, intrusions, or other systems failures and regularly tests, or otherwise monitors the effectiveness of the safeguards’ key controls, systems, and procedures; (iii) designates an employee or employees to coordinate implementation and maintenance of its Security Measures (as defined below); and (iv) identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of the Customer Data that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of safeguards in place to control these risks (collectively, Security Measures).
    • Notice of Data Breach. If Spirion becomes aware that Customer Data was accessed or disclosed in breach of this agreement, Spirion will so notify Customer without undue delay, immediately act to eliminate the breach and preserve forensic evidence, and provide available information to Customer regarding the nature and scope of the breach.
  5. Data Privacy Roles and Data Processing Addendum.
    • To the extent that personal data is processed when Customer or authorized users use the Service, the parties acknowledge that Spirion is a data processor and Customer is a data controller and the parties must comply with their respective obligations under applicable data protection law and the terms of the Data Processing Addendum(DPA), located here.

6. PROPERTY

  1. Reservation of Rights. Spirion and its licensors are the sole owners of the Service and the Software and Documentation, including all associated intellectual property rights, and they remain only with Spirion. Customer may not remove or modify any proprietary marking or restrictive legends in the Service or Software and Documentation. Spirion reserves all rights that are not expressly granted in this agreement.
  2. Restrictions. Customer may not: (i) sell, resell, rent, or lease the Service or Software and Documentation or use it in a service-provider capacity; (ii) use the Service to store or transmit unsolicited marketing emails, libelous, or otherwise objectionable, unlawful, or tortious material, or to store or transmit infringing material in violation of third-party rights; (iii) interfere with or disrupt the integrity or performance of the Service; (iv) attempt to gain unauthorized access to the Service or its related systems or networks; (v) reverse engineer the Service or the Software and Documentation except as allowed by applicable law despite this limitation; or (vi) access the Service or use the Software and Documentation to build a competitive service or product, or copy any feature, function, or graphic for competitive purposes. Spirion may suspend Service to Customer if Spirion believes in good faith that Customer’s use of the Service poses an imminent threat to the security, availability or legality of the Service; in such event, Spirion will work with Customer to address the issue and restore Service as quickly as possible.
  3. Software and Documentation. All software provided by Spirion as part of the Service, and the Service documentation, sample data, marketing materials, training materials, any third-party content, and other materials provided through the Service or by Spirion (Software and Documentation) are licensed to Customer as follows: Spirion grants Customer a non-exclusive, non-transferable license during the term of this agreement, to use and copy such Software in accordance with the Documentation, solely in connection with the Service.
  4. Statistical Information. Spirion may compile statistical information related to the performance of the Service and may make such information publicly available, provided that such information does not identify Customer Data or Customer, and there is no means to re-identify Customer Data or Customer. Spirion retains all intellectual property rights in such information.

7. TERM AND TERMINATION.

  1. Term. This agreement continues until the 30th day after all orders have expired, unless earlier terminated as provided below.
  2. Term of Order Forms. Each order, whether from Spirion or Authorized Reseller, will specify an order term. Except as provided in an order, (i) a party may cancel the order at the end of the order term (Renewal Date) by so notifying the other party 60 or more days before the Renewal Date, (ii) if no such notice is given, then on the Renewal Date the order and all subscriptions under it will renew for an additional year, (iii) in any such renewal, the order terms will remain unchanged from the prior term except for any pricing increase of which Spirion has notified Customer 120 or more days before the Renewal Date, which increase will not exceed 9% over the per-unit pricing in the prior term unless the prior pricing was clearly designated in the order as promotional or one-time, and (iv) the Order Form will continue to renew until canceled in accordance with this section.
  3. Mutual Termination for Material Breach. If either party is in material breach of this agreement, the other party may terminate this agreement at the end of a written 30-day notice/cure period, if the breach has not been cured.
  4. Post-Termination Access to Customer
    • Within 14 days after termination, upon request Spirion will make the Service available for Customer.
    • After such 14-day period, Spirion has no obligation to maintain the Customer Data and may destroy it.
  5. Effect of Termination. If this agreement is terminated for Spirion’s breach, Spirion will refund Customer fees prepaid for the remainder of the term of all orders after the termination effective date. Upon request, following any termination of this agreement, each party will destroy or return all of the other party’s property that it holds, subject to the “Post-Termination Access to Customer Data” section above.

8. LIABILITY LIMIT.

  1. EXCLUSION OF INDIRECT DAMAGES. TO THE MAXIMUM EXTENT ALLOWED BY LAW, Spirion IS NOT LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT (INCLUDING, WITHOUT LIMITATION, COSTS OF DELAY; LOSS OF OR UNAUTHORIZED ACCESS TO DATA OR INFORMATION; AND LOST PROFITS, REVENUE, OR ANTICIPATED COST SAVINGS), EVEN IF IT KNOWS OF THE POSSIBILITY OR FORESEEABILITY OF SUCH DAMAGE OR LOSS.
  2. TOTAL LIMIT ON LIABILITY. TO THE MAXIMUM EXTENT ALLOWED BY LAW, EXCEPT FOR SPIRION’S INDEMNITY OBLIGATIONS, SPIRION’S TOTAL LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT (WHETHER IN CONTRACT, TORT, OR OTHERWISE) DOES NOT EXCEED THE AMOUNT PAID BY CUSTOMER WITHIN THE 12-MONTH PERIOD PRIOR TO THE EVENT THAT GAVE RISE TO THE LIABILITY, EXCEPT THAT THE ABOVE LIMITATION DOES NOT APPLY TO CUSTOMER’S PAYMENT OBLIGATIONS FOR THE SERVICE.

9. INDEMNIFICATION FOR THIRD-PARTY CLAIMS.

Spirion will defend or settle any third-party claim against Customer to the extent that such claim alleges that Spirion technology used to provide the Service infringes a copyright, patent, trademark, or other intellectual property right, if Customer promptly notifies Spirion of the claim in writing, cooperates with Spirion in the defense, and allows Spirion to solely control the defense or settlement of the claim. Costs. Spirion will indemnify and hold harmless Customer from any infringement claim defense costs it incurs in defending Customer under this indemnity, Spirion-negotiated settlement amounts agreed to by Spirion, and court-awarded damages. Process.If such a claim appears likely, then Spirion may modify the Service, procure the necessary rights, or replace it with the functional equivalent. If Spirion determines that none of these are reasonably available, then Spirion may terminate the Service and refund any prepaid and unused fees. Exclusions. Spirion has no obligation for any claim arising from: Spirion’s compliance with Customer’s specifications; a combination of the Service with other technology or aspects where the infringement would not occur but for the combination; Customer Data; or technology or aspects not provided by Spirion. THIS SECTION CONTAINS CUSTOMER’S EXCLUSIVE REMEDIES AND SPIRION’S SOLE LIABILITY FOR INTELLECTUAL PROPERTY INFRINGEMENT.

If a third party claims against Spirion that any part of the Customer Data is unlawful (or was provided to Spirion unlawfully) or infringes or violates that party’s patent, copyright, or other right, Customer will defend Spirion against that claim at Customer’s expense and pay all costs, damages, and attorneys’ fees that a court finally awards or that are included in a settlement approved by Customer, provided that Spirion promptly notifies Customer of the claim in writing, cooperates with Customer in the defense, and allows Customer to solely control the defense or settlement of the claim.

10. GOVERNING LAW AND FORUM.

This agreement is governed by the laws of the State of Florida (without regard to conflicts of law principles) for any dispute between the parties or relating in any way to the subject matter of this agreement. Any dispute arising out of or in connection with this agreement must be solely decided by a single arbitrator under the Streamlined Arbitration Rules of the Judicial Arbitration and Mediation Services/JAMS or such other dispute resolution entity jointly agreed upon by the parties. Any arbitration hearing must take place in a venue mutually acceptable to the parties.  The decision of the arbitrator is final and binding, and the award may be entered in any court of competent jurisdiction. The prevailing party is entitled to an award of its reasonable attorneys’ fees and costs, in addition to an award of damages or other relief, if any. Nothing in this agreement prevents either party from seeking injunctive relief in a court of competent jurisdiction.

11. OTHER TERMS.

  1. Entire Agreement and Changes. This agreement and the order constitute the entire agreement between the parties and supersede any prior or contemporaneous negotiations or agreements, whether oral or written, related to this subject matter. Customer is not relying on any representation concerning this subject matter, oral or written, not included in this agreement. No representation, promise, or inducement not included in this agreement is binding. No modification or waiver of any term of this agreement is effective unless both parties sign it.
  2. No Assignment. Neither party may assign or transfer this agreement to a third party, nor delegate any duty, except that the agreement and all orders may be assigned, without the consent of the other party, as part of a merger or sale of all or substantially all a party’s businesses, assets, not involving a competitor of the other party, or at any time to an Affiliate.
  3. Export Compliance. The Service, the Software and Documentation, and Confidential Information may be subject to export laws and regulations of the United States and other jurisdictions. Each party represents that it is not named on any U.S. government denied-party list.  Neither party will permit its personnel or representatives to access any Service in a U.S.-embargoed country or in violation of any applicable export law or regulation.
  4. Independent Contractors. The parties are independent contractors with respect to each other, and neither party is an agent, employee, or partner of the other party or the other party’s Affiliates.
  5. Enforceability and Force Majeure. If any term of this agreement is invalid or unenforceable, the other terms remain in effect. Neither party is liable for its non-performance due to events beyond its reasonable control, including but not limited to natural weather events and disasters, labor disruptions, and disruptions in the supply of utilities.
  6. Money Damages Insufficient. Any breach by a party of this agreement or violation of the other party’s intellectual property rights could cause irreparable injury or harm to the other party. The other party may seek a court order to stop any breach or avoid any future breach of this agreement.
  7. No Additional Terms. Spirion rejects additional or conflicting terms of a Customer’s form-purchasing document.
  8. Order of Precedence. If there is an inconsistency between this agreement and an order, the order prevails.
  9. Survival of Terms. All provisions of this agreement regarding payment, confidentiality, indemnification, limitations of liability, proprietary rights and such other provisions that by fair implication require performance beyond the term of this agreement must survive expiration or termination of this agreement until fully performed or otherwise are inapplicable. The UN Convention on Contracts for the International Sale of Goods does not apply.
  10. Feedback. If Customer provides feedback or suggestions about the Service, then Spirion (and those it allows to use its technology) may use such information without obligation to Customer.

__________ (Customer)Spirion, LLC (Spirion)
Signature:Signature:
Printed Name:Printed Name:
Title:Title:
Date:Date:
Address:Address:

Spirion Subscription Services Agreement (v.20220422) View / Download

The following Schedules will be provided to Customer when applicable:
  • Customer Support Policy (v.20220426) View
  • Service Level Agreement (v.20211201) View / Download
The following Addendums will be provided to Customer when applicable: