4.4. Effects of Termination. The termination of this Agreement or any Order shall not release Customer from the obligation to make payment to Supplier of all amounts then due and payable pursuant to this Agreement, including (i) fees or other compensation for Services payable to Supplier through the effective date of such termination; (ii) any prior-approved expenses incurred by Supplier, pursuant to this Agreement (and/or the applicable Order(s)), and (iii) reservations, contracts, commitments and other arrangements previously authorized by Customer in connection with this Agreement (and/or the applicable Order(s)) that Supplier is unable to cancel, as well as any cancellation penalties imposed by any third party resulting from Supplier’s adherence to Customer’s instructions. Customer will pay fees, including any applicable taxes, to Supplier for Services performed prior to any termination, including for pre-termination Services that generate post-termination obligations. If Supplier terminates this Agreement or an Order due to Customer’s breach, all fees set forth on such Order are immediately due and payable.
4.5. Force Majeure. Each Party hereto shall be excused from performance hereunder, except for payment of invoices to Supplier by Customer, for any period and to the extent that it is prevented from performing any services pursuant hereto in whole or in part, when and to the extent such failure or delay is caused by any circumstances beyond such party’s reasonable control including, but not limited to, (i) acts of God; (ii) flood, fire, earthquake, explosion, epidemic, pandemic or other public health issue; (iii) war, invasion, hostilities (whether war is declared or not), terrorist threats or acts, riot or other civil unrest; (iv) government order, law, or actions; (v) embargoes or blockades in effect on or after the date of this Agreement; (vi) national or regional emergencies; (vii) strikes, labor stoppages or slowdowns, or other industrial disturbances; and (viii) shortage of adequate power or transportation facilities. Each Party shall, however, make all reasonable efforts to remove or eliminate such cause for delay or default and shall, upon cessation of the cause, diligently pursue performance of its obligations under the Agreement.
5. Intellectual Property.
5.1. Except as otherwise provided herein and in the Terms of Use, the Parties agree that no transfer of Intellectual Property Rights (as defined below) or license is, or is meant to be, affected or granted by this Agreement. Each Party shall own and retain all right, title and interest in and to: (a) any of its intellectual property rights, including any development thereof (including all copies, modifications, enhancements, improvements and derivative works thereof); (b) all of its service marks, trademarks, trade names or any other designations associated with such Party’s technology, services or products; (c) all copyrights, patent rights, trade secret rights, and other proprietary rights relating to such Party’s technology, services or products, whether registered or not (collectively “Intellectual Property Rights”). The Parties recognize that performance of Supplier hereunder will require the skills of Supplier and, therefore, Supplier shall retain the right, without fee and for any purpose, to independently use, develop, distribute, enhance and improve its experience and “know-how,” including processes, ideas, approaches, methodologies, concepts, skills, tools, techniques, expressions, software and code (and related components), whether possessed by Supplier prior to, or acquired, developed, or refined by Supplier in the course of performance of this Agreement and the Services. For the avoidance of doubt, Supplier reserves all rights, title and interest in and to the Services, and any algorithms, derivative works, or any modifications, corrections, improvements, or extensions to the Services including all related Intellectual Property Rights. No rights are granted to Customer hereunder other than as expressly set forth herein. Customer acknowledges and agrees that Supplier may provide services to, or prepare materials for, third parties that may be the same or similar to the Services provided to Customer under this Agreement.
5.2. Supplier shall have a royalty-free, worldwide, transferable, sublicensable, irrevocable, perpetual license to use or incorporate into the Services any suggestions, enhancement requests, recommendations or other feedback provided by Customer relating to the operation of the Service. Supplier has the right to analyze the Customer’s use of the Services to improve, enhance, and optimize the performance of the Services. For this purpose, Supplier may collect and analyze the data derived from the Customer’s use of the Service and process such data in an aggregated and anonymized form during or after the term of this Agreement.
6. Confidential Information.
6.1. The Parties understand and acknowledge that they may, from time to time, disclose Confidential Information to each other. For purposes of this Agreement, the term “Confidential Information” relates to the terms of this Agreement, technical, financial, customer, personnel and/or business information in written, graphic, oral or other tangible or intangible form, regardless of whether or not such information is marked confidential. Neither Party will use or disclose to any third party the other Party’s Confidential Information at any time without the prior written consent of the disclosing Party and shall take reasonable measures to prevent any unauthorized disclosure by its employees, agents, contractors, or consultants. Each Party will restrict access to the Confidential Information of the other Party to those of its personnel (including such personnel employed by its affiliates) engaged in the performance, management or use of the Services or performance of such Party’s obligations hereunder, provided that such parties are bound by obligations of confidentiality substantially similar to the terms of this Agreement. Each Party shall be liable for any breach of this Agreement by any of its own or its affiliates’ personnel. The obligations of the Parties with respect to Confidential Information shall begin on the date of initial disclosure of Confidential Information and continue for a period of five (5) years beyond the termination or expiration of this Agreement, except that the nondisclosure obligations and restrictions on use with respect to any information that constitutes a trade secret shall continue in effect so long as the information remains a trade secret under applicable law.
6.2. The following shall not be considered Confidential Information for purposes of this Agreement: (i) information which is or becomes in the public domain through no fault or act of the receiving Party; (ii) information which was independently developed by the receiving Party without the use of or reliance on the disclosing Party’s Confidential Information; (iii) information which was provided to the receiving Party by a third party under no duty of confidentiality to the disclosing Party; or (iv) information which is required to be disclosed by law with no further obligation of confidentiality, provided, however, prompt prior notice thereof shall be given to the Party whose Confidential Information is involved.
6.3. The Parties agree that the disclosure of any of the foregoing Confidential Information by either Party shall give rise to irreparable injury to the owner of the Confidential Information, inadequately compensable in monetary damages. Accordingly, the non-disclosing Party may seek and obtain injunctive relief against the breach or threatened breach of the foregoing undertakings, in addition to any other legal remedies which may be available at law or in equity.
6.4. If a Party (“Ordered Party”) receives a request to disclose any Confidential Information of the other Party, whether pursuant to a valid subpoena or an order issued by a court or regulatory body (“Ordering Party”), and on advice of legal counsel that disclosure is required by law, then prior to disclosure, the Ordered Party shall, to the extent permitted by applicable law (i) notify the other Party of the terms of such request and advice, (ii) cooperate with the other Party in taking lawful steps to resist, narrow, or eliminate the need for such disclosure, and (iii) if disclosure is nonetheless required, work with the other Party to take into account the other Party’s reasonable requirements as to its timing, content and manner of making or delivery and use best efforts to obtain a protective order or other binding assurance from the Ordering Party that confidential treatment shall be afforded to such portion of the Confidential Information as is required to be disclosed. The foregoing is without limitation of the other Party’s ability to seek a protective order or other relief limiting such disclosure; in such a case, the Ordered Party shall cooperate in such efforts by the other Party.
6.5. Upon expiration or termination of this Agreement, or upon written request by the relevant Party, a Party shall promptly return or destroy with documentary evidence thereof, at the other Party’s option, all documents and other materials received from or on behalf of the other Party containing or reflecting such other Party’s Confidential Information, except that such party may retain copies of Confidential Information as required by the receiving Party pursuant to applicable law or that are stored on its IT backup and disaster recovery systems until the ordinary course deletion thereof.
7. Customer Responsibilities.
7.1. In addition to any obligations and responsibilities described elsewhere in this Agreement, Customer shall have responsibility for the following:
7.1.1. To ensure that the Customer systems and any applications to be accessed by Supplier in performing the Services are accessible, available, maintained and updated in order to support the Services;
7.1.2. To provide ready access to all appropriate computing platforms, software, documentation, training material, premises and personnel necessary for Supplier’s performance of the Services throughout the duration of the Agreement;
7.1.3. To supply information requested by Supplier as reasonably necessary to perform the Services contemplated under this Agreement, including without limitation for Gladia to provide any Specific Developments (“Customer Materials”). Customer hereby grants to Supplier the right and limited license to use such Customer Materials solely as necessary to provide Services. Customer shall be solely responsible for the accuracy, quality, integrity, completeness, non-infringement, legality, reliability, and appropriateness of the Customer Materials and all Customer-approved information and lists contained therein. To the extent that any Customer Materials include personal information, the processing of the same by Supplier shall be subject to the provisions of the Data Processing Agreement attached hereto as Exhibit A;
7.1.4. To timely participate in any meetings that may be required for Supplier to provide the Services and make its personnel reasonably available for such meetings, and to assign personnel with relevant training and experience to work as part of a project team with Supplier or in consultation with Supplier’s personnel, as needed for Supplier’s performance of the Services; and
7.1.5. To obtain and maintain all necessary licenses and consents and comply with all applicable laws and regulations in relation to the Services to the extent that such licenses, consents, and laws and regulations relate to Customer’s business, premises, staff, and equipment;
(collectively, the “Customer Responsibilities”).
7.2. Customer shall reasonably cooperate with Supplier in the providing of Services in connection with the Customer Responsibilities. Customer understands that Supplier’s performance depends on Customer’s timely and effective performance of the Customer Responsibilities and obligations hereunder, timely decisions and approvals by Customer, and the accuracy of the assumptions set forth in each Order. Supplier may rely on all Customer decisions and approvals in connection with the Services; any material changes by Customer of its decisions or approvals are subject to a Change Order. Customer shall be responsible for, and agrees to pay, the actual and reasonable costs of delays caused by Customer or its agents, subcontractors, consultants, or employees incurred by Supplier.
8. Representations and Warranties.
8.1. Representations and Warranties of Supplier.
Supplier represents, warrants and agrees that:
8.1.1. It is a duly formed and validly existing entity organized under the laws of the state identified at the outset of this Agreement;
8.1.2. It has the right and authority to enter into this Agreement, and is not under any pre-existing obligation inconsistent with the provisions of this Agreement; and
8.1.3. The Services will be performed in accordance with Customer’s written specifications as set forth in this Agreement.
8.2. Representations and Warranties of Customer.
Customer represents, warrants, and agrees that:
8.2.1. It is a duly formed and validly existing entity organized under the laws of the state identified at the outset of this Agreement and is in good standing under the laws of each jurisdiction where such qualification is required;
8.2.2. It has the right and authority to enter into this Agreement, and is not under any pre-existing obligation inconsistent with the provisions of this Agreement;
8.2.3. It will comply with all applicable federal, state, county, and municipal statutes, laws, regulations, codes, ordinances and orders in the performance of its obligations under this Agreement; and
8.2.4. To the best of Customer’s knowledge, the Customer Materials and any and all other material provided to Supplier under this Agreement have been, or shall be, furnished to Supplier in writing and at all times shall be true, accurate, complete and free of any misrepresentation, misstatement or material omission, and in compliance with all applicable federal, state and local laws and regulations;
8.2.5. It has all rights, consents and authorizations necessary to provide Supplier with the Customer Materials and any data contained therein, including without limitation any personal information of third parties, and to use and transmit such Customer Materials in order to provide the Services; Customer is responsible for the security of Customer Materials that is stored on Customer’s websites, systems or applications or based on Customer’s configuration of the Services;
8.2.6. The Customer Materials and any other information, input or data provided by Customer shall (i) comply with all applicable laws, rules and regulations; (ii) not infringe on the rights of any third parties (including without limitation the image rights of persons and property and intellectual property rights); and (iii) not contain software viruses or any computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment;
8.2.7. If Customer provides Gladia with any personally identifiable information about another person, whether through an audio/video recording or otherwise, Customer (i) has that person’s consent to do so; and (ii) Customer is responsible for ensuring that Customer’s (and any of its personnel or representatives, if applicable) use, control, processing and treatment of such information and any of Customer’s legal policies relating thereto are in compliance with all applicable laws, rules and regulations, the Terms of Use and this Agreement. Customer agrees that the Customer Materials shall not include any data that is subject to specific regulatory or self-regulatory requirements, including, without limitation: financial account numbers, social security numbers, tax ID numbers, passport numbers, any government identification numbers of any kind, payment card data, protected health information or other sensitive information.
8.3. Customer Remedies.
For breach of the express warranties of Supplier set forth above, Customer’s exclusive remedy will be the re-performance of the deficient Services. If Supplier cannot re-perform such deficient Services as warranted, Customer will be entitled to recover a pro-rata portion of the unused fees paid to Supplier for such deficient Services, and such refund will be Supplier’s entire liability.
9. Disclaimer of Warranty.
EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT OR ANY ORDER, NO WARRANTIES, EXPRESS OR IMPLIED, ARE MADE BY SUPPLIER, AND SUPPLIER EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS, EXPRESS OR IMPLIED, ORAL OR WRITTEN, CONTRACTUAL OR STATUTORY, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE OR COMPATIBLE WITH SUBSEQUENT VERSIONS OF RELEVANT SOFTWARE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. EXCEPT WHERE EXPRESSLY PROVIDED OTHERWISE BY SUPPLIER, THE SERVICES ARE PROVIDED TO CUSTOMER ON AN “AS IS” AND “AS AVAILABLE” BASIS. CUSTOMER ACKNOWLEDGES THAT NEITHER SUPPLIER NOR ITS THIRD-PARTY PROVIDERS CONTROLS THE TRANSFER OF DATA OVER COMMUNICATIONS FACILITIES, INCLUDING THE INTERNET, AND THAT THE SERVICES MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF SUCH COMMUNICATIONS FACILITIES. SUPPLIER IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGE RESULTING FROM SUCH PROBLEMS. CUSTOMER ACKNOWLEDGES THAT SUPPLIER IS PERFORMING THE SERVICES HEREUNDER IN RELATION TO CUSTOMER MATERIALS OR OTHER SYSTEMS AND DATA THAT HAVE BEEN PRODUCED BY OR ON BEHALF OF CUSTOMER, AND FOR ALL OF WHICH SUPPLIER HAS NO RESPONSIBILITY. IN ADDITION, SUPPLIER EXPRESSLY DISCLAIMS ANY WARRANTY OR LIABILITY WITH RESPECT TO DESIGN OR LATENT DEFECTS, SECURITY OF DATA OUTSIDE OF SUPPLIER’S NETWORKS, OR COMPLIANCE WITH LAWS, REGULATIONS, OR OTHER OFFICIAL GOVERNMENT RELEASES APPLICABLE TO CUSTOMER, WHICH SHALL BE THE SOLE RESPONSIBILITY OF CUSTOMER. SUPPLIER AND ITS THIRD-PARTY PROVIDERS MAKE NO REPRESENTATIONS OR WARRANTIES REGARDING THE RELIABILITY, AVAILABILITY, TIMELINESS, SUITABILITY, ACCURACY OR COMPLETENESS OF THE SERVICES OR THE RESULTS CUSTOMER MAY OBTAIN BY USING THE SERVICES.
10. Indemnification and Limitation of Liability.
10.1. Mutual Indemnification.
Each Party shall indemnify, defend and hold harmless the other Party, its parent company, affiliates and subsidiaries and each of their respective officers, directors, employees, owners, shareholders, attorneys, representatives, lenders, successors and permitted assigns from and against any and all third party claims, demands, losses, damages or expenses (including, but not limited to, reasonable attorneys’ fees), directly arising from or as a result of:
10.1.1. the negligent or wrongful acts or omissions of a Party, and
10.1.2. bodily injury or death of any person or damage to real and/or tangible personal property directly caused by the negligence or willful conduct of the indemnifying Party, its personnel or agents in connection with the performance of the Services hereunder, and
10.1.3. any breach by a Party of Section 6 (Confidential Information).
10.2. Customer Indemnification.
Customer shall indemnify, defend and hold harmless Supplier, its officers, directors, employees, affiliates and agents (collectively, the “Supplier Indemnified Parties”) and each of their respective officers, directors, employees, owners, shareholders, attorneys, representatives, lenders, successors and permitted assigns from and against any and all third party claims, demands, losses, damages or expenses (including, but not limited to, reasonable attorney’s fees), directly arising from or as a result of: (i) Supplier’s use or reliance upon any Customer Materials or any other plans, specifications, content and materials (including, without limitation, any software, hardware, systems, data and networks) provided by or on behalf of Customer in connection with the Services and/or the Specific Developments; (ii) any dispute or other proceeding (including, without limitation, response to any third-party subpoena, but excluding any dispute between Customer and Supplier) in which Customer becomes involved (even if only as a non-party or third-party participant) as a result of Customer’s misuse of the Services, including reimbursement of Supplier’s time and expenses (including reasonable external and internal legal costs) incurred to respond to any request or participate in any proceedings; or (iii) Customer’s breach of any representation, warranty, or obligation of Customer under this Agreement.
10.3. Indemnification Procedure.
The Party seeking indemnification under this Section will give prompt written notice to the other Party of a claim that is subject to such indemnification. The failure by an indemnified Party to give notice as provided above shall not relieve the indemnifying Party of its obligations under this Section, except to the extent that such failure results in the failure of actual notice and the indemnifying Party is damaged as a result of the failure to give notice. In addition, the indemnified Party will allow the indemnifying Party to direct and control the defense and settlement of any such claim, with counsel of the indemnifying Party’s choosing, and will provide the indemnifying Party, at the indemnifying Party’s expense, with information and assistance that is reasonably necessary for the defense and settlement of the claim. The indemnified Party shall have the right to employ separate counsel and to participate in (but not control) such action, but the fees and expenses of such counsel shall be at the expense of the indemnified Party unless: (i) the employment of counsel by the indemnified Party has been authorized by the indemnifying Party; (ii) the indemnified Party has been advised by its counsel in writing that there is a conflict of interest between the indemnifying Party and the indemnified Party in the conduct of the defense of the action; or (iii) the indemnifying Party has not in fact employed counsel to assume the defense of the action within a reasonable time following receipt of the notice given pursuant to this Section, in each of which cases the fees and expenses of such counsel shall be at the expense of the indemnifying Party. If any proposed settlement materially affects an indemnified Party, the indemnifying Party shall not settle any claim without the written consent of the indemnified Party, which consent shall not be unreasonably withheld, conditioned or delayed.
10.4. Limitation of Liability.
TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE TOTAL AGGREGATE LIABILITY OF EITHER PARTY ARISING OUT OF OR RELATED TO THIS AGREEMENT, THE SERVICES, WHETHER ARISING OF OUT OF OR RELATED TO BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, BREACH OF WARRANTIES, FAILURE OF ESSENTIAL PURPOSE, OR OTHERWISE, EXCEED THE TOTAL AMOUNT OF FEES PAID TO SUPPLIER BY CUSTOMER PURSUANT TO THE APPLICABLE ORDER UNDER WHICH THE LIABILITY PRINCIPALLY ARISES DURING THE SIX (6) MONTH PERIOD PRECEDING THE LAST EVENT UPON WHICH LIABILITY IS PRINCIPALLY PREDICATED. IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY LOSS OF USE, LOST REVENUE, LOST PROFITS, LOSS OF DATA, OR DIMINUTION IN VALUE, OR FOR ANY INDIRECT, PUNITIVE, EXEMPLARY, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHETHER ARISING OUT OF BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE AND STRICT PRODUCT LIABILITY), OR OTHERWISE, REGARDLESS OF WHETHER SUCH DAMAGE WAS FORESEEABLE AND WHETHER OR NOT SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE.
11. Commercial References.
Gladia may use the Customer’s names, trademarks and logos and refer to Customer’s websites as commercial references for the duration of the contractual relationship and three (3) years thereafter.
12. Miscellaneous Clauses.
12.1. Waiver.
The rights and remedies provided to each of the Parties herein shall be cumulative and in addition to any other rights and remedies provided by law or otherwise. Any failure in the exercise by either Party of its right to terminate this Agreement or to enforce any provision of this Agreement for default or violation by the other Party shall not prejudice such Party’s rights of termination or enforcement for any further or other’s default or violation or be deemed a waiver or forfeiture of those rights.
12.2. Assignment.
Neither Party may assign this Agreement or any obligations hereunder without the prior written consent of the other Party, which may be withheld for any reason at such Party’s sole discretion; provided, however, that Gladia may in good faith assign this Agreement to a parent, affiliate, or subsidiary, including in connection with a merger, acquisition, reorganization, or consolidation without Customer’s consent. Any attempted assignment, other than as set forth in this Section 12, without such written consent shall be null and void. Supplier shall not subcontract the provisions of the Services or any other obligations of Supplier hereunder without Customer’s prior information. Customer acknowledges and agrees that Supplier uses third parties to provide supporting functions related to the Services including offsite data storage, janitorial, maintenance and site security and that such indirect services are not deemed to be subcontracting pursuant to this Agreement.
12.3. Notices.
All notices required under or regarding this Agreement will be in writing and will be considered if delivered personally, mailed via registered or certified mail (return receipt requested and postage prepaid), given by email (confirmed by registered mail or courier) or sent by courier (confirmed by receipt).
12.4. Severability.
If any term or provision of this Agreement is held to be illegal or unenforceable, the validity or enforceability of the remainder of this Agreement will not be affected.
12.5. Captions.
The section headings in this Agreement are intended solely for convenience of reference and shall be given no effect in the construction or interpretation of this Agreement.
12.6. Entire Agreement.
This Agreement incorporated herein and any exhibits hereto, along with the Terms of Use, constitutes the entire agreement between the Parties and shall supersede any prior or contemporaneous communications, representations or agreements between the Parties, whether oral or written, regarding the subject matter of this Agreement. In the event of any inconsistency between this Agreement and the Terms of Use, this Agreement shall take precedence.
12.7. Independent Contractor.
The Parties enter into this Agreement as independent contractors and nothing within this Agreement shall be construed to create a joint venture, partnership, agency, or other employment relationship between the Parties. Neither Party shall have authority to create any obligation for the other Party, except to the extent stated in this Agreement. Each Party will be solely responsible for payment of all compensation owed to its employees, including all applicable federal, state and local employment taxes and will make deductions for all taxes and withholdings required by law.
12.8. No-Hire.
Customer acknowledges that the recruitment and retention of Gladia personnel (employees and contractors) represents a significant investment, the loss of which would interfere with Gladia’s provision of the Services and be detrimental to Gladia’s current and future business and profits. Accordingly, Customer agrees that, without written consent, for the duration of this Agreement and for a period of two (2) year thereafter, Customer shall not directly, or knowingly indirectly, induce, initiate, solicit for hire, or cause a third party to induce, initiate, or solicit for hire any Gladia personnel and shall not seek to interfere with the working relationship of any such individual and Gladia. Such non-solicitation shall not prohibit: (i) general solicitation such as job fairs or general advertising for available employment positions used in the ordinary course of Customer’s business, consistent with past practices; and (ii) “cold calls” from employee search firms where neither the prospect, the prospect’s position, or Gladia has been identified to the search firm, directly or indirectly, by Customer.
12.9. Amendments.
This Agreement may be amended only by an instrument in writing executed by the Parties hereto specifically referencing this Agreement and the provision to be amended.
12.10. Conflict.
In the event of any inconsistency between this Agreement and any Order or Exhibits entered into by and between the Parties, the terms of the Order shall prevail.
12.11. Survivability.
Each term and provision of this Agreement that would by its very nature or terms survive any termination or expiration of this Agreement shall survive any termination or expiration of this Agreement, regardless of the cause thereof.
12.12. Dispute Resolution.
The Parties shall attempt in good faith to resolve any dispute arising out of or relating to this Agreement promptly by negotiation between executives who have authority to settle the controversy and who are at a higher level of management than the persons with direct responsibility for administration of this Agreement. All negotiations pursuant to this Section are confidential and shall be treated as compromise and settlement negotiations for purposes of applicable rules of evidence.
12.13. Applicable Law and Venue.
This Agreement shall be governed by, and construed and interpreted in accordance with, the laws of the State of New York, without reference to principles of conflict of laws thereof. Any action brought by either Party against the other Party with respect to, or in any manner arising from, this Agreement shall be filed in and maintained exclusively in a court of competent jurisdiction in New York County, New York, which shall be the sole and exclusive venue for any such action. Each of the Parties hereby agrees to submit to the exclusive jurisdiction of such courts in New York County, New York. The Parties waive, to the fullest extent permitted by law, any right to trial by jury in any action, suit or proceeding brought to enforce, defend or interpret any right or remedy under, or arising in connection with, or relating to, this Agreement.
12.14. Successors and Third-Party Beneficiaries.
Subject to Section 12.2 of the Agreement (Assignment), this Agreement shall inure to the benefit of Supplier and Customer and any successors or assigns of Supplier and Customer. No third party shall have any rights hereunder.
12.15. Counterpart Execution.
This Agreement may be executed in counterparts, each of which shall be deemed an original, but all of which shall constitute the same agreement. The exchange of copies of this Agreement and of signature pages by facsimile or other electronic transmission shall constitute effective execution and delivery of this Agreement as to the Parties and may be used in lieu of the original Agreement for all purposes. Signature of the Parties transmitted by facsimile or other electronic means shall be deemed to be their original signature for all purposes.
EXHIBIT A
Data processing agreement
1. Purpose and Scope
The purpose of this “Data Processing Agreement” is to define the conditions under which Gladia (hereinafter the “Processor”) undertakes to carry out in the name and on behalf of the Customer (hereinafter the “Controller” or the “Data Controller”) the personal data processing operations defined in Annex I. Annexes I to III form an integral part of the Agreement.
Personal data will be processed for the purpose of performing the services pursuant to the Agreement, in particular for the purpose of processing personal data, including audio or video files transmitted by the Data Controller to the Processor in accordance with the Agreement.
In the context of their contractual relations, the Parties undertake to comply with the regulations applicable to the processing of personal data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 applicable from 25th May 2018, Section 5 of the Federal Trade Commission Act, the FTC Standards for Safeguarding Customer Information, best industry standards, and all other state and federal privacy and data breach notification laws and regulations (including without limitation regulations relating to the foregoing enumerated statutes) governing the collection, transfer, processing, and security of personal data (all together, the “Data Protection Laws”).
2. Interpretation and hierarchy
Where terms defined in the Data Protection Laws appear in this Agreement, they shall be construed as in the Data Protection Laws.
The provisions of the Agreement should be read and interpreted considering the provisions of the Data Protection Laws.
In the event of any conflict between these provisions and those of related agreements existing between the Parties at the time of the conclusion of this Agreement, the Agreement shall prevail.
3. Description of processing operations
Any processing of personal data under this Agreement will be carried out in accordance with the Data Protection Laws. The Processor, as a service provider, is not, however, responsible for compliance with the laws and regulations strictly applicable to the Data Controller or its industry, unless explicitly agreed otherwise between the Parties.
The details of the processing operations, and in particular the categories of personal data and the purposes of the processing for which the personal data are processed on behalf of the Controller, are specified in Annex I.
When the Controller wishes to change the subject, duration, nature and purpose of the processing of personal data, it shall inform the Processor in writing. When the Processor considers that the modification does not comply with the regulations in force, it informs the Data Controller.
4. Privacy and data protection representatives
Where required by regulation, the Parties will appoint privacy and data protection officers (hereinafter “Data Protection Officer” or "DPO"), and will exchange contact information.
The DPO of the Gladia Processor can be contacted at the following email address:
privacy@gladia.io
5. Obligations of the Parties
5.1. Instructions
a) The Processor shall only process personal data on documented instructions from the Controller, unless it is required to do otherwise under Data Protection Laws. In this case, the Processor shall inform the Controller of this legal obligation prior to processing, unless prohibited by law for important reasons of public interest. Instructions may also be given during the configuration and use of the solution or later by the Data Controller throughout the processing of personal data. These instructions must always be documented and written. The Parties acknowledge that this Agreement constitutes such documented instructions.
b) When the Processor detects an instruction that could potentially constitute a violation of Data Protection Laws, it shall immediately inform the Data Controller.
5.2. Responsibilities
a) The Data Controller is responsible for the legality of the personal data and their processing pursuant to the Agreement. It declares and warrants that when providing personal data to the Processor for processing by the latter:
(i) it has duly informed data subjects of their rights and obligations and, in particular, informed them of the possibility that the Processor (or a category of service providers to which it belongs) may process their personal data on its behalf and in accordance with its instructions and it has obtained such data subject’s consent, to the extent required;
(ii) that it has complied with all legislation relating to the protection of personal data in the collection of such personal data and its communication to the Processor.
b) The Data Controller is responsible for the security of personal data provided to the Processor and will be liable for any harm resulting from data corruption, including damage caused by viruses or other security breaches, originating from unsafe data shared by the Data Controller.
c) The Data Controller is responsible for any misuse of IT devices by one of its agents as well as for the quality and accuracy of the personal data entered by its agents. The Data Controller shall indemnify the Processor against any claim by a third party, including the Data subject, resulting from misuse of IT devices and specific obligations of data protection regulations.
d) The Data Controller acknowledges and accepts that the Processor shall only provide analyses based on the data processed by the Controller which constitute only one of the possible means to enable the Data Controller to achieve its performance objectives. Under no circumstances may the Processor be held responsible for the decisions taken by the Controller based on the reports sent by the Processor.
5.3. Purpose limitation
The Processor processes personal data only for the specific purpose(s) of the processing, as defined in Annex I, unless further instructed by the Controller.
5.4. Duration of processing of personal data
Processing by the Processor shall only take place for the period specified in Annex I. The Processor undertakes to keep personal data only for the period necessary to achieve the purposes for which they are processed, unless a legal or regulatory provision obliges it to keep them for longer periods. The Processor will destroy the personal data or return them to the Data Controller, either when the purpose for which they are processed is achieved or at the end of the legal or regulatory retention period.
5.5. Disclosure
a) The Processor will not disclose any personal data to any third party except (i) at the request of the Controller, (ii) as provided for in the Agreement, (iii) as required by processing by sub-processors in accordance with this Agreement or (iv) as required by law or a competent authority.
b) If the Controller instructs the Processor to transfer personal data to a third party contractually linked to the Controller, it is the sole responsibility of the Controller to enter into a written agreement with such party regarding the protection of such personal data, including, where applicable, the obligations imposed by the Data Protection Laws, including using the standard contractual clauses issued by the European Commission. The Controller shall indemnify, defend and hold harmless the Processor from any liability for any losses whatsoever arising from such transfer of data to the third party, unless and insofar as the losses are attributable to proven defects of the Processor.
c) The Processor represents and warrants that persons acting on its behalf who are authorized to process personal data undertake to protect the security and confidentiality of the personal data in accordance with the provisions of this Agreement. To this end, the Processor is obliged to inform persons acting on its behalf who have access to the personal data of the applicable requirements and to ensure compliance with such requirements through contractual or legal confidentiality obligations.
5.6. Security of processing
a) The Data Controller shall implement and maintain the required technical and organizational data protection measures for the components it provides or controls, including workstations connected to the Processor’s services, the data transfer mechanisms used and the identifiers issued to the Controller’s personnel. The Data Controller shall take all reasonable measures to keep the personal data up to date to ensure that they are accurate and complete in relation to the purpose for which they were collected.
b) The Processor shall implement the technical and organizational measures specified in Annex II to ensure the security of personal data. These measures include the protection of data against any breach of security resulting in, accidentally or unlawfully, the destruction, loss, alteration, unauthorized disclosure of or access to personal data (personal data breach). When assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks to data subjects. During the term of the Agreement, the Data Controller may request the Processor to provide, within a reasonable time, a current description of the technical and organizational protection measures implemented.
c) When assessing appropriate technical and organizational security measures, the Parties shall take into account:
(i) the state of the art,
(ii) the cost of implementing the measures,
(iii) the nature, scope, context and purposes for which the personal data are processed,
(iv) the risks posed by the processing of data to the rights and freedoms of Data subjects, resulting, inter alia, from the destruction, loss, alteration or unauthorized disclosure of, or accidental or unlawful access to, personal data transmitted, stored or otherwise processed,
(v) and the likelihood that the processing will affect the rights and freedoms of Data subjects.
d) The Processor shall grant its personnel members access to the personal data subject to the processing only to the extent strictly necessary for the execution, management and monitoring of the contract. The Processor shall ensure that persons authorized to process personal data undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality.
e) These measures shall be updated by the Parties in the light of the state of the art and any incidents.
5.7. Documentation and Compliance
a) The Parties shall be able to demonstrate compliance with this Agreement.
b) The Processor shall promptly and adequately process the Controller's requests for data processing in accordance with this Agreement.
c) The Processor shall make available to the Controller the information necessary to demonstrate compliance with the obligations set out in this Agreement and arising directly from the Data Protection Laws. At the request of the Controller and at its expense, the Processor shall also allow and contribute to audits of the processing activities covered by this Agreement at reasonable intervals or where there are indications of non-compliance. When deciding on an examination or audit, the Controller may take into account the relevant certifications in the Processor's possession.
d) The Controller may decide to carry out the audit itself or to appoint an independent auditor. Audits may also include inspections at the Processor's premises or physical facilities and shall, where appropriate, be carried out on reasonable notice.
e) The Processor may refuse the identity of the selected auditor if it belongs to a competing company. The audit shall be carried out during working hours and in such a way as to minimize disruption of the Processor’s activity. The audit must in no way threaten (i) the technical and organizational security measures implemented by the Processor, (ii) the security and confidentiality of the data of the Processor’s other clients and (iii) the proper functioning and organization of the Processor. In addition, the Data Controller shall ensure that the auditor and, more specifically, the personnel performing the audit are subject to appropriate confidentiality obligations.
f) As far as possible, the Parties shall agree beforehand on the scope of the audit. The audit report will be sent to the Processor for written comments, which will be attached to the final version of the audit report. Each audit report will be considered confidential information.
g) The Parties shall make available to the competent supervisory authorities, upon request, the information set out in this Agreement, including the results of any audit.
5.8. Sub-processors
a) The Processor has the general authorization of the Controller with regard to the recruitment of sub-processors on the basis of an agreed list for the provision of services (Annex III). The Processor shall specifically inform the Controller in writing of any proposed changes to this list by adding or replacing sub-processors at least fifteen (15) days in advance, thereby giving the Controller the opportunity to submit legitimate and justified objections. In the absence of notification of objections after this period, the Controller shall be deemed to have authorized the use of the sub-processor concerned. The Processor shall provide the Controller with the information necessary to enable it to exercise its right of objection. By signing this Agreement, the Data Controller authorizes the recruitment of the sub-processors established in Annex III.
b) In case of continued objections from the Data Controller, the Parties will meet in good faith and do their best to discuss a solution. Gladia may choose (i) not to hire the sub-processor or (ii) to take corrective action as requested by the Data Controller in relation to objections before hiring the sub-processor. If neither option is reasonably possible, and Gladia can’t, for legitimate reasons, hire another sub-processor for processing, either Party may terminate this Agreement upon thirty (30) days’ notice.
c) Where the Processor engages a sub-processor to carry out specific processing activities on behalf of the Controller, it does so by means of a contract that imposes on the sub-processor, in substance, the same data protection obligations as those imposed on the Processor under this Agreement. The Processor shall ensure that the sub-processor complies with the obligations to which it is itself subject under this Agreement and the Data Protection Laws.
d) At the request of the Controller, the Processor shall provide the Controller with a copy of this contract with the sub-processor and any subsequent amendments thereto. To the extent necessary to protect trade secrets or other confidential information, including personal data, the Processor may redact the text of the contract before disseminating a copy.
e) The Processor shall remain fully responsible to the Controller for the performance of the obligations of the sub-processor in accordance with the contract concluded with the sub-processor. The Processor shall inform the Controller of any breach by the sub-processor of its contractual obligations.
f) The Processor shall agree with the sub-processor a clause of the third-party beneficiary according to which — in the event that the Processor has factually disappeared, ceased to exist in law or has become insolvent — the Controller has the right to terminate the contract with the sub-processor and to instruct the sub-processor to erase or return the personal data.
5.9. International transfers
a) The transfer of personal data to a country outside the European Economic Area is permitted provided that (i) such transfer is necessary under a binding legal rule under Data Protection Laws, (ii) the country or company(ies) to which the personal data are transferred guarantees an adequate level of protection, (iii) or that the transfer takes place within the framework of standard contractual clauses issued by the European Commission (iv) or that the transfer takes place within the Data Protection Framework in force and approved by the European Commission.
b) The Processor guarantees that the country or company to which the personal data is transferred guarantees an adequate level of protection.
6. Assistance to the controller
a) The Parties undertake to provide mutual assistance to meet the requirements of the Data Protection Laws. In particular, they shall cooperate and exchange the information necessary to carry out data protection impact assessments, audits and inspections relating to the processing of personal data.
b) The Processor shall promptly inform the Data Controller of any request it has received from the data subject. It does not comply with this request himself, unless the Data Controller has authorized him to do so.
c) The Processor assists the Controller in fulfilling its obligation to respond to data subjects' requests to exercise their rights, taking into account the nature of the processing. In performing its obligations in accordance with points b) and c), the Processor shall comply with the instructions of the Controller.
d) In addition to the Processor's obligation to assist the Controller, the Processor shall also assist the Controller in ensuring compliance with the following obligations, taking into account the nature of the processing and the information that the Controller has made available to its Processor:
(1) the obligation to carry out an assessment of the impact of the envisaged processing operations on the protection of personal data (‘data protection impact assessment’) where a type of processing is likely to pose a high risk to the rights and freedoms of natural persons;
(2) the obligation to consult the competent supervisory authorities prior to processing where a data protection impact assessment indicates that the processing would pose a high risk if the Controller did not take measures to mitigate the risk;
(3) the obligation to ensure that the personal data are accurate and up-to-date, by informing the Controller without undue delay if the processor becomes aware that the personal data it processes are inaccurate or have become obsolete;
(4) the obligations laid down in Article 32 of Regulation (EU) 2016/679.
e) The Parties shall set out in Annex II the appropriate technical and organizational measures by which the Processor is required to assist the Controller in the application of this Agreement, as well as the scope and extent of the assistance required.
7. Breach of personal data protection
In the event of a breach of the protection of personal data, each Party shall immediately inform the other Party by telephone and email, after its detection.
In the event of a personal data breach, the Processor shall cooperate with and assist the Controller in complying with its obligations under Articles 33 and 34 of Regulation (EU) 2016/679 or Articles 34 and 35 of Regulation (EU) 2018/1725, whichever is applicable, or any other obligation under the applicable Data Protection Laws, taking into account the nature of the processing and the information available to the Processor.
7.1. Data breach in relation to processes managed by the Controller
As part of the relationship between the Data Controller and the Processor, in the event of a personal data breach in relation to processing managed by the Controller, the Processor shall assist the Controller:
a) for the purpose of notifying the personal data breach to the competent supervisory authorities, as soon as possible after the Controller becomes aware of it, where applicable (unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons);
b) for the purpose of obtaining the following information which, in accordance with Article 33(3) of Regulation (EU) 2016/679 and any similar provision provided in the Data Protection Laws, is to be included in the Controller's notification, and include, at least:
(i) the nature of the personal data, including, where possible, the categories and approximate number of data subjects affected by the breach and the categories and approximate number of records of personal data concerned;
(ii) the likely consequences of the personal data breach;
(iii) the measures taken or the measures that the Controller proposes to take to remedy the personal data breach, including where applicable, measures to mitigate any negative consequences.
Where, and to the extent that, it is not possible to provide all the information at the same time, the initial notification shall contain the information available at that time and, as it becomes available, additional information shall subsequently be submitted as soon as possible.
c) for the purpose of fulfilling, in accordance with Article 34 of Regulation (EU) 2016/679 and any similar provision provided in the applicable Data Protection Laws, the obligation to communicate the personal data breach to the data subject without undue delay, where the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons.
7.2. Data breach in relation to processes managed by the Processor
In the event of a personal data breach in relation to processes managed by the Processor, the Processor shall inform the Controller as soon as possible after becoming aware of it. This notification shall contain at least:
a) a description of the nature of the breach found (including, where possible, the categories and approximate number of persons affected by the breach and records of personal data concerned);
b) the contact details of a contact point from which additional information can be obtained about the personal data breach;
c) its likely consequences and the measures taken or proposed to be taken to remedy the violation, including mitigating any negative consequences.
Where, and to the extent that, it is not possible to provide all the information at the same time, the initial notification shall contain the information available at that time and, as it becomes available, additional information shall subsequently be submitted as soon as possible.
The Parties shall set out in Annex II all other elements to be communicated by the Processor when assisting the Controller in fulfilling the Controller's obligations under Articles 33 and 34 of Regulation (EU) 2016/679 and any similar provision provided in the applicable Data Protection Laws.
8. Termination of the Agreement
Following the termination of the Agreement and according to the choice of the Controller, the Processor (i) deletes all personal data processed on its behalf and certifies to the Controller that it has carried out this deletion, (ii) or send all personal data back to him and destroy existing copies, unless Union or national law requires that they be kept longer. The Processor shall continue to ensure compliance with this Agreement until the data is deleted or returned.
List of Annexes:
- Annex I: Description of processing
- Annex II: Technical and organizational measures, including technical and organizational measures to ensure data security
- Annex III: List of sub-processors
