End User License Agreement

PRECOG DATA INC.

LICENSE AGREEMENT

 

This LICENSE AGREEMENT (this “Agreement”) is entered into between Precog Data Inc., a Delaware corporation (“Precog” “we” or “us”), an [ENTITY NAME], a [STATE] corporation] (“Licensee”).

Precog has developed and offers data preparation and transformation software known as Precog. Licensee wishes to obtain a license to access and use the Precog software as specifically described in one or more Orders (as defined below) executed by Precog and Licensee from time to time (the “Precog Software”). This Agreement and the addenda hereto set forth the terms and conditions under which Precog is willing to provide Licensee with a limited license to use the Precog Software.  

 

This Agreement supersedes all oral or written agreements or understandings between the parties, as to the subject matter of the Agreement. This Agreement is in the English language only, which language will be controlling in all respects. This Agreement is entered into as of the earlier of the date Licensee first executed this Agreement or first installed, accessed, or used the Precog Software (the “Effective Date”).

 

  1. All capitalized terms used in this Agreement and defined in the context in which they are used will have the meanings given to them herein. All other terms used in this Agreement will have their plain English meaning as commonly interpreted in the United States.

 

  1. In connection with this Agreement, Licensee has submitted one or more orders (in either electronic or other form) to Precog requesting access to the Precog Software (each, an “Order”). Once an Order is accepted by Precog, all Precog Software requested in any Order will be subject to the terms of this Agreement. The provisions of this Agreement will control in the event of a conflict between any Order and this Agreement.

 

  1. LICENSE
    • License Grant. The Precog Software is offered in the following license types, which may be combined, pursuant to the specific grant and restrictions set forth below and noted in an applicable Order. The following license types may also be available as site, team or enterprise licenses if noted on the Order. The license covers any updates, upgrades, or new releases, if any are provided to Licensee by Precog and any copies Licensor is permitted to make hereunder and any available documentation. Any references to a “sale” or a “purchase” of the Precog Software in this or any other document means “license” in accordance with the terms contained in this Agreement. Licensee may make a reasonable number of backup copies of the Precog Software and documentation for internal, non-commercial, non-production use. All titles, trademarks and copyright and restricted notices in the Precog Software must be reproduced in any copies Licensee is permitted to make hereunder.
      • Cloud License. If indicated on an applicable Order, subject to Licensee’s compliance with this Agreement, during the term of this Agreement, Precog grants Licensee a limited, non-exclusive, personal, non-transferable, non-sublicensable right to access and use the Precog Software in accordance with the terms and conditions set forth herein and in such applicable Order.
      • On-Premises Container License. If indicated on an applicable Order, subject to Licensee’s compliance with this Agreement, during the term of this Agreement, Precog grants Licensee a limited, non-exclusive, personal, non-transferable, non-sublicensable right to install and operate the Precog Software in accordance with the terms and conditions set forth herein and in such applicable Order.

 

  • Limitations on License Grant. The rights granted in this Section do not include any right to modify any portion of the Precog Software. Licensee shall receive no right to promote, market, or provide access to the Precog Software on a standalone basis or to provide access to the functionality of the Precog Software to third parties unless authorized by a separate agreement with Precog. Access and use of the functionality of the Precog Software will be solely by Licensee and no more than the number of Authorized Uses as specified on each applicable Order. “Authorized Use” means is a unit, for example of sources or volume, specified on an applicable Order.

 

  1. The Precog Software, including the databases, software development tools, application programming interfaces, and other software provided as part of the Precog Software and the structure, organization, and underlying data, information, and source code thereof, constitute valuable intellectual property of Precog. In addition to the other restrictions in this Agreement, Licensee will not and will not permit any third party to: (1) use or access the Precog Software or any portion thereof, except as expressly provided in this Agreement; (2) modify, adapt, alter, translate, or create derivative works from the Precog Software; (3) sublicense, distribute, sell, convey, assign, pledge, or otherwise transfer or in any way encumber the Precog Software or any portion thereof; (4) make the Precog Software available to any third party, including without limitation re-selling or incorporating into a separate application (e.g. OEM distribution), except as part of a separate written agreement with Precog; (5) reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code, structure, design, or method of operation for the Precog Software; (6) circumvent or overcome (or attempt to circumvent or overcome) any technological protection measures intended to restrict access to any portion of the Precog Software; (7) utilize the Precog Software for any purpose that is illegal in any way or that advocates illegal activity; (8) interfere in any manner with the operation of the Precog Software or attempt to gain unauthorized access to the Precog Software; (9) use automated scripts to collect information from or otherwise interact with the Precog Software; (10) alter, obscure, or remove any copyright notice, copyright management information or proprietary legend contained in or on the Precog Software. All use of the Precog Software will be in accordance with any documentation for the Precog Software provided by Precog; (11) use the Precog Software together with other third-party software in a derivative work that causes the Precog Software to become subject to a third-party license; or (12) use the Precog Software for benchmarking or to create products or services like it.

 

  1. MAINTENANCE OR SUPPORT. Any support, maintenance, or training for the Precog Software, will be pursuant to a separate agreement for support, maintenance, or training, as applicable, provided that any updates, upgrades, new versions, or new releases of or to the Precog Software provided by Precog will be treated as part of the “Precog Software” for purposes of this For questions regarding the Precog Software, please email [email protected].

 

  1. FEES AND PAYMENT. Licensee agrees to pay Precog, or any applicable third party indicated in any applicable Order, all fees and other amounts set forth in each Order under this Agreement (“Fees”). All Fees will be invoiced as indicated in each applicable Order. If the applicable Order does not specify any applicable payment terms, Licensee agrees to pay all Fees as set forth on each invoice for the Fees issued by Precog under this Agreement on the date of invoice before being given access to the Precog Software. If Licensee has specified credit card or direct withdrawal from a bank account as an applicable payment mechanism under this Agreement, Licensee grants Precog the right to charge the credit card or debit the bank account provided to Precog for all Fees incurred under this Agreement. Except as otherwise set forth herein, all Fees will be non-refundable once paid to Precog (including upon any termination or suspension of this Agreement). Until paid in full, all past due amounts will bear an additional charge of the lesser of 1½% per month or the maximum amount permitted under applicable law. Precog may change any portion of the Fees upon any renewal of this Agreement, such changes to take effect at the beginning of the subsequent term of this

 

  1. All right, title, and interest in the Precog Software, including any derivatives, modifications, improvements, or enhancements thereof or thereto, created by either party, either alone or with the other party or any third party, and all intellectual property rights therein or relating thereto throughout the world, and any other deliverables and materials furnished or made available hereunder, including any copies made by Licensee, corrections, bug fixes, enhancements, updates, upgrades, and new releases, are and will remain the exclusive property of Precog. Licensee agrees to and does hereby make all assignments necessary to enable Precog to maintain ownership of the Precog Software as set forth in this Section. Licensee will perform all acts reasonably necessary to assist Precog in perfecting and defending Precog’s rights and interests in the Precog Software as reasonably requested by Precog. Except as expressly set forth in this Agreement, Precog grants no rights or licenses to Licensee (whether by implication, estoppel, or otherwise) in or to the Precog Software or any intellectual property rights therein or relating thereto. Any rights not expressly granted to Licensee hereunder are reserved by Precog.

 

  1. SUPPORT SERVICES. Licensee may request that we provide certain support services related to the Precog Software. Any support services to be provided will be included in the Order or a separate agreement governing such services, which shall describe the fees, costs, and expenses payable by Licensee in connection with the performance of such services, and which shall describe the scope of such services. The Order and any ancillary agreement for the provision of support services (a “Support Agreement”) shall be binding upon the parties only after mutual execution or performance by us and payment of any required fees by Licensee. Any such Order and Support Agreement shall be considered an integral part of this Agreement.

 

  1. Data Privacy and Security. If Licensee installs and uses the Precog Software on-premise network environments under its control, Licensee is solely responsible for: (A) use of the Precog Software, including without limitation, installation, deployment, and management of the Precog Software; (B) use of the Precog Software in compliance with all applicable laws; (C) ensuring the security of all data collected, processed, stored, and maintained using the Precog Software; and (D) providing adequate notice and obtaining and maintaining valid consents from all of Licensee’s end users, as may be necessary under applicable law (including data protection or data processing laws and regulations), to process their personal data using the Precog Software for Licensee’s intended purposes. Precog will not have any access to any data which is accessed and used as part of, or through Licensee’s use of the Precog Software. Therefore, Precog is not considered a ‘processor’ under the European Union’s General Data Protection Regulation (EU/2016/679) (GDPR) or like privacy laws. For business to business data collected during the sales, registration, marketing and installation process, including names of natural persons, email addresses, IP addresses, domains, and machine names accessible or used by the Precog Software which are automatically and securely transmitted to us in the United States of America, we are a ‘processor’ and rely on the legal basis of legitimate interest, consent and contract to securely process and store such information as more fully set out in privacy policy available at https://precog.com/privacy-policy/.

    If the Licensee utilizes Precog Software deployed in Precog’s cloud environment, Precog will be responsible for: (A) installation, deployment and management of the Precog Software; (B) ensuring the security of all data collected, processed, stored or maintained in the Precog Software environment; (C) providing reasonable security, protection and monitoring of the systems.  The Licensee is responsible for:  (A) the use of the Precog Software in compliance with applicable laws; (B) providing adequate notice and obtaining and maintaining valid consents from all of the Licensee’s end users as may be necessary under applicable law (including data protection or data processing laws; (C) ensuring Licensee conforms with its obligations as a data controller pursuant to the EU’s General Data Protection Regulation (“GDPR”) or is authorized by the data controller to leverage Precog Software to perform the configured data transfers; (D) ensuring the security and any applicable legal validation of the configured end points to be in compliance with applicable laws and regulations.  When Licensee leverages Precog Software to transfer data which is governed by privacy or data protection laws, including without limitation the GDPR, the Licensee is acting as a Controller under GDPR and is contracting with Precog to act as a “Processor” under the GDPR.  The Licensee agrees to provide Precog the personal data elements in Addendum B being processed in accordance with applicable privacy law.  For business to business data collected during the sales, registration, marketing and installation process, including names of natural persons, email addresses, IP addresses, domains, and machine names accessible or used by the Precog Software which are automatically and securely transmitted to us in the United States of America, Precog relies on the legal bases of legitimate interest and performance of a contract to process information, as more fully set out in Precog’s privacy policy available at https://precog.com/privacy-policy/. When Licensee is a Controller based in the EU or UK, Licensee as Controller and Precog as Processor will enter into European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements under GDPR. The form of Standard Contractual Clauses is attached hereto as Addendum C.

 

  1. THIRD PARTY CODE. The Precog Software may contain or include software code owned or provided by third party licensors of Precog (“ThirdParty Code”). For any Third-Party Code clearly indicated to be subject to the terms of a third-party license (a “ThirdParty License”), the terms of the applicable Third-Party License will apply to the Third-Party Code independent of the terms of this Agreement. All other Third-Party Code provided to Licensee by Precog may be used only under the terms of this Agreement. Nothing in this Agreement limits Licensee’s rights under, or grants rights to Licensee that supersede, the terms of any such applicable Third-Party License

 

  1. TERM AND TERMINATION. The term of this Agreement will begin on the Effective Date and will continue for the subscription term purchased under the applicable Order, unless terminated earlier under this Section. If no subscription term is stated in the applicable Order, then the subscription term of this Agreement will be 1 year. Except as specified in an applicable Order, at the end of each subscription term, the term of this Agreement will automatically renew for an additional subscription term of equal duration, unless either party gives the other party notice of non-renewal at least 30 days prior to the end of the then-current subscription Either party may terminate this Agreement for any reason upon 30 days’ notice to the other party, provided that Precog will provide no refunds in the event of Licensee’s termination for convenience. Precog may also terminate this Agreement upon notice to Licensee if Licensee breaches any term of this Agreement and fails to cure such breach within 10 days of notice thereof from Precog if such breach is capable of being cured, or immediately if the breach is not capable of being cured. Upon any termination or expiration of this Agreement, all rights and licenses granted to Licensee hereunder will immediately terminate and Licensee will immediately and at Licensee’s expense: (1) cease all use of the Precog Software; and (2) at the option of Precog, return to Precog or destroy, all Precog Software and Confidential Information. Upon the request of Precog, Licensee (or, as applicable, an officer of Licensee) will certify in writing to Licensee’s compliance with the terms of this Section. The relevant portions of Sections 1, 4, 6- 9, and 12-22 will survive termination or expiration of this Agreement for any reason.

 

  1. RECORDS AND INSPECTION. During the term of this Agreement and for a period of 12 months thereafter, Licensee will keep and maintain detailed records reflecting all information reasonably required for Precog to confirm Licensee’s compliance with this Agreement, including confirmation of all Authorized Uses and Instances. During the term of this Agreement and for a period of 12 months following any termination or expiration, Precog may, upon 2 business days advance written notice, conduct a review of such records to confirm Licensee’s compliance with the terms of this Agreement. As part of such inspection, Precog may examine, audit, and take extracts from such records. If any review reveals an underpayment of any Fees under this Agreement, Licensee will promptly pay the amount of the underpayment. If such underpayment exceeds 5% of the Fees due under this Agreement during any given payment period, Licensee will pay Precog interest on the amount of such underpayment from the time of such underpayment at a rate of 12% per annum (or, if less, the maximum amount permitted by applicable law) and reimburse Precog for the actual cost of its review. Precog may, at its discretion, retain an independent auditor to conduct such review.

 

  1. WARRANTY AND DISCLAIMER. Each party hereby represents, warrants, and covenants to the other that: (1) it has the legal right and authority to enter into this Agreement; (2) this Agreement forms a binding legal obligation on behalf of such party; and (3) it has the legal right and authority to perform its obligations under this Agreement and to grant the rights and licenses described in this Agreement. EXCEPT AS OTHERWISE PROVIDED IN THIS SECTION, THE PRECOG SOFTWARE IS PROVIDED BY PRECOG AND ITS LICENSORS “AS IS” AND “AS AVAILABLE,” WITHOUT ANY REPRESENTATIONS, WARRANTIES, OR COVENANTS OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAWS, PRECOG EXPRESSLY DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, AND COVENANTS, WHETHER EXPRESSED OR IMPLIED, REGARDING THIS AGREEMENT AND THE PRECOG SOFTWARE, INCLUDING, WITHOUT LIMITATION, ANY AND ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NONINFRINGEMENT. PRECOG DOES NOT WARRANT THAT THE SERVICES OR FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET LICENSEE’S REQUIREMENTS, OR THAT THE OPERATION OF THE SOFTWARE WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT DEFECTS IN THE SOFTWARE WILL BE CORRECTED. FURTHERMORE, NEITHER PRECOG (NOR ITS LICENSORS) WARRANT OR MAKE ANY REPRESENTATIONS AND DISCLAIM ALL LIABILITY REGARDING ANY LOSS OF DATA OR LOSS OF USE OF DATA (INCLUDING PERSONAL DATA), THE PERFORMANCE OR THE RESULTS OF THE USE OF THE SOFTWARE IN TERMS OF THEIR CORRECTNESS, ACCURACY, RELIABILITY, OR OTHERWISE. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY PRECOG OR ITS AGENTS OR REPRESENTATIVES WILL CREATE ANY REPRESENTATIONS, WARRANTIES, OR COVENANTS UNLESS CONFIRMED IN WRITING BY PRECOG AS AN AMENDMENT TO THIS THE FOREGOING LIMITATIONS AND EXCLUSIONS APPLY TO THE EXTENT PERMITTED BY APPLICABLE LAW IN LICENSEE’S OR CHANNEL PARTNER’S JURISDICTION. IF APPLICABLE LAW LIMITS THE APPLICATION OF THE PROVISIONS OF THIS SECTION, PRECOG’S LIABILITY WILL BE LIMITED TO THE MAXIMUM EXTENT PERMISSIBLE.

 

  1. Both parties will indemnify, hold harmless, and defend the other party (and its officers, directors, employees, contractors, and agents) from and against any actual damages, liabilities, losses, costs, and expenses (including reasonable attorneys’ fees) incurred in connection with or because of the indemnifying party’s infringement of any patent, trademark, trade secret, copyright, or other intellectual property or other rights of any other person. The indemnified party shall cooperate with the indemnifying party in connection with the indemnified party’s defense of any such suit. At indemnified party’s sole discretion, it may tender control of any such suit to the indemnifying party. The indemnified party shall cooperate in connection with the defense of the claim at the reasonable expense of the indemnifying party.

 

  1. LIMITATION OF LIABILITY. IN NO EVENT WILL PRECOG BE LIABLE TO LICENSEE OR TO ANY THIRD PARTY FOR ANY SPECIAL, INDIRECT, INCIDENTAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL LOSSES OR DAMAGES OF ANY KIND ARISING OUT OF THE USE OR INABILITY TO USE THE PRECOG SOFTWARE, INCLUDING ANY LOST, CORRUPTED, OR ALTERED DATA OR INFORMATION, LOSS OF USE OF DATA OR INFORMATION, RECOVERY OF DATA OR INFORMATION, OR LOSS OR INTERRUPTION OF BUSINESS OR PROFITS, EVEN IF PRECOG HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES AND WHETHER OR NOT SUCH LOSSES OR DAMAGES ARE FORESEEABLE. IN NO EVENT WILL THE LIABILITY OF PRECOG RELATING TO THIS AGREEMENT, THE PRECOG SOFTWARE, OR ANY RESULTS OBTAINED FROM THE USE OF THE PRECOG SOFTWARE, EXCEED THE AGGREGATE OF THE AMOUNTS PAID BY LICENSEE TO PRECOG UNDER THIS AGREEMENT IN THE TWELVE MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM. MULTIPLE CLAIMS WILL NOT EXPAND THIS LIMITATION. IN JURISDICTIONS WHERE LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES IS NOT PERMITTED, PRECOG’S LIABILITY IS LIMITED TO THE MAXIMUM EXTENT PERMITTED BY

 

  1. For purposes of this Agreement, “Confidential Information” means any non-public information that is marked “confidential” or that a reasonable person should understand is confidential, including, but not limited to, the Precog Software and all documentation, information, data, and materials relating to the Precog Software, regardless of the form thereof, including all copies and extracts thereof. Licensee will not disclose Confidential Information to any third party without Precog’s prior written consent. Licensee may disclose the Confidential Information only to those of its employees who have a need to know the Confidential Information for purposes of Licensee’s valid use of the Precog Software as permitted under this Agreement and who are bound by an obligation of confidentiality at least as protective of the Confidential Information as the terms of this Agreement. Licensee will treat all Confidential Information with the same degree of care as Licensee treats its own confidential information which, in no event, will be less than reasonable care. Licensee will not utilize the Confidential Information other than as expressly permitted in this Agreement. Both parties agree that if the one party provides the other with any suggestions, comments, or other feedback about their Confidential Information (“Feedback“) such Feedback is given voluntarily. Both parties also agree that even if the party giving such Feedback designates it as confidential, unless the parties enter into a separate subsequent written agreement, the Feedback shall not be confidential and the owner of the original Confidential Information shall be free to use, disclose, reproduce, license, or otherwise distribute the Feedback in their sole discretion without any obligations or restrictions of any kind, including without limitation

 

  1. UTILIZATION DATA. Precog will have the right to collect, extract, compile synthesize, and analyze data or information resulting from Licensee’s utilization of the Precog Software (not the data that Licensee accesses when using Precog). To the extent collected by Precog, such data will be solely owned by Precog and may be used by Precog for any lawful business purpose without a duty of accounting to Licensee or any third party, provided that such data is used only in an aggregated form without specifically identifying Licensee as the source of the

 

  1. EQUITABLE RELIEF. Due to the unique nature of the Precog Software and the Confidential Information, there can be no adequate remedy at law for any breach of Licensee’s obligations hereunder, that any such breach may allow Licensee or third parties to unfairly compete with Precog resulting in irreparable harm to Precog, and therefore, that upon any such breach of this Agreement or threat thereof, Licensee will not oppose any attempt by Precog to obtain, in addition to whatever remedies it may have at law, an injunction or other appropriate equitable relief without making any additional showing of irreparable harm (and agrees to support the waiver of any requirement that Precog be required to post a bond prior to the issuance of any such injunction or other appropriate equitable relief).

 

  1. S. GOVERNMENT END USERS. The Precog Software, including all Third-Party Software, is a “commercial item” as that term is defined at FAR 2.101 (Oct 1995), consisting of “commercial computer software” and “commercial computer software documentation” as such terms are used in 48 C.F.R. 12.212 (Sep 1995) and is provided to the U.S. Government only as a commercial end item. Consistent with FAR. 12.212 and DFARS 227.7202 (Jun 1995), all U.S. Government Users acquire the licenses granted with respect to the software and Third-Party Software with only those rights set forth herein.

 

  1. EXPORT CONTROLS. The Precog Software, including all Third-Party Software, and related technology are subject to U.S. export control laws and regulations and may be subject to export or import regulations in other Licensee agrees to strictly comply with all such laws and regulations and acknowledge that Licensee has the responsibility to obtain such licenses to export, re-export, or import as may be required. Licensee will indemnify and hold Precog and all Third-Party service providers harmless from all claims, losses, liabilities, damages, fines, penalties, costs, and expenses (including attorney’s fees) arising from or relating to any breach by Licensee of Licensee’s obligations under this Section.

 

  1. All notices to be given by a party hereunder will be in writing and will either be via: (1) hand-delivery; (2) Federal Express or a comparable overnight mail service; or (3) certified mail, return receipt requested. Precog may also provide Licensee with any notices under this Agreement by sending Licensee an email to any email address Licensee provides to Precog in connection with an Order. Notices provided to Precog will be deemed given when received by Precog. Notices provided to Licensee by email will be deemed given 24 hours after sending via e-mail. Other notices provided to Licensee will be effective upon the earlier of actual receipt (or when delivery is refused) or 2 business days after being deposited in the mail, whichever occurs sooner. Either party may change its address for notice by giving notice of the new address to the other party.

 

  1. This Agreement, our Privacy Policy set forth at https://precog.com/privacy-policy/, and any Orders entered by the parties hereunder constitute the complete and exclusive understanding and agreement between the parties and supersede any prior or contemporaneous oral or written proposal, agreement, or other communication between the parties, regarding Licensee’s access to and use of the Precog Software. Any inconsistent terms on documents issued by Licensee at any time, are for Licensee’s internal use only, and any provisions contained in any such document shall have no effect whatsoever upon this Agreement. This Agreement may be executed via electronic signature. This Agreement will be governed by the laws of the State of Colorado, without regard to conflicts of law principles thereof. The federal and state courts in Denver, Colorado will have sole and exclusive jurisdiction over any disputes arising hereunder and the parties hereby irrevocably submit to the personal jurisdiction of such courts. Except as expressly set forth in this Agreement, this Agreement may be amended or modified only by a writing signed by both parties. A party is not liable for non-performance of obligations under this Agreement if the non-performance is caused by events or conditions beyond that party’s control, and the party gives prompt notice and makes all reasonable efforts to perform. In no event will this provision affect a party’s obligation to make payments under this Agreement. The waiver of a breach of any provision of this Agreement will not operate or be interpreted as a waiver of any other or subsequent breach. If any provision of this Agreement is held by a court of competent jurisdiction to be unenforceable, such provision will be changed and interpreted to accomplish the objectives of such provision to the greatest extent possible under applicable law and the remaining provisions of this Agreement will continue in full force and effect. The parties are independent contractors, and nothing in this Agreement will be construed as creating an employer-employee relationship, a partnership, or a joint venture between the parties. Neither party is an agent of the other and neither party is authorized to make any representation, contract, or commitment on behalf of the other party. No term of this Agreement will be construed to confer any third-party beneficiary rights on any non-party. Except as expressly limited herein, every right and remedy hereunder is cumulative with every other right and remedy herein or in any other agreement between the parties or under applicable law. Any reference herein to “including” will mean “including, without limitation.” Licensee may not assign or delegate, whether by operation of law or otherwise, this Agreement or any of Licensee’s rights or obligations under this Agreement to any third party without the prior written consent of Precog. For the purposes of this Section, any change of control of Licensee will be deemed an assignment. Any assignment in violation of the foregoing will be null and void and will be considered a breach of this Agreement. Precog will not be liable for any failure in performance under this Agreement to the extent that such failure results from causes beyond Precog’s reasonable control.

 

Agreed as of the Effective Date:

Precog Data Inc.                                                         Licensee:

Name:                                                                          Name:

Signature:                                                                     Signature:

Title:                                                                            Title:

Date:                                                                            Date:

 

Addendum A

Precog Order Form

 

THIS PRECOG AGREEMENT ORDER FORM (“Order”) is entered into

between Precog Data Inc. (“Precog”) and the entity listed below (“You” or “Licensee”) as of the “Order Effective Date” set forth below. Once signed by both parties below, this Order forms an “Order” under the Precog License Agreement entered into between the parties, a copy of which is attached hereto (the “Agreement”). This Order is solely for the Precog software set forth below (the “Precog Software”) under the terms set forth below. All terms of this Order and all use of and access to the Precog Software is subject to the terms and conditions of the Agreement. Licensee may enter into additional Orders under the Agreement only if signed by both parties in a form approved by Precog.

 

 

Order #:

For Precog use

Order Effective Date:

 

 

Licensee:

Name:

 

Address:

Licensee Contact:

Name:

Phone: E-mail:

 

 

License Type:

¨ Cloud License

¨ On-Premises Container License

Subscription Term:

¨ One year from the Order Effective Date

¨ Multi-year from the Order Effective Date : Number of Years ___

Licensee Platform:

Precog Software may only be incorporated into Customer’s platform.

Support Terms:

¨ Not applicable

¨ Attached as Addendum A

      ¨ Regular

      ¨ Premium

 

 

 

 

 

 

Precog Software

 

Version/Description

Count

Fees Due in USD

1

Precog

Annual License

Year 1:

 

 

2

Installation and

configuration

Details

●          Installation, Training and Configuration

 

 

Total Fees:

 

 

The Fees under this Order include the Total Fees set forth above. Licensee may also be responsible for other Fees as set forth in the Agreement. Any additional Order will contain separate Fees due under the Agreement. Precog will invoice Licensee for the Fees under this Order starting on the Order Effective Date. Licensee agrees to pay any consulting services Fees before consulting services will be provided. Licensee agrees to pay all other Fees shown on any Precog invoice upon receipt of the invoice. Licensee will pay any taxes resulting from the license of the Precog Software to Licensee under this Order or the payment of any Fees under the Agreement.

 

By signing this Order, Licensee acknowledges and agrees that this Order is incorporated into and forms a part of the Agreement, and that Licensee is bound by the terms and conditions of the Agreement with respect to this Order. No changes, modifications, or waivers to this Order or any other terms or conditions of the Agreement will be effective unless made in writing and signed by authorized representatives of both parties. The terms of the terms and conditions of the Agreement will govern this Order. If any conflict arises between this Order and any of the other terms of the Agreement, the other terms of the Agreement will control. The Agreement constitutes the entire agreement between the parties regarding the subject hereof and supersedes all prior agreements, understandings, and communication, whether written or oral.

 

FOR Precog: Precog Data Inc.                                       FOR Licensee:

Name:                                                                          Name:

Signature:                                                                     Signature:

Title:                                                                            Title:

Date:                                                                            Date:

 

 

Addendum B

 

This Addendum B includes certain details of the Processing (as defined in the GDPR) of Personal Data as required by Article 28(3) of GDPR. Licensees leveraging Precog Software in the cloud to transmit data controlled by data privacy or data protection laws must provide Precog with an updated list of the elements Processed by Precog. 

 

Subject matter and duration of the Processing of Personal Data:

The personal data transferred will be subject to the following basic processing activities:

 

Precog will process Personal Data as necessary to perform the services for Licensee pursuant to the Agreement.

 

The Duration of the processing of Personal Data will be the duration set forth in Addendum A.

 

Legal Basis for Processing:

The Processing is necessary for the performance of the Agreement. In addition, Licensee/Controller has a legitimate interest in using Precog’s Software and services for database management and integration.

 

Data Subject Types:

The Personal Data to be processed may include the following categories of data subjects:

  • Employees of Licensee, including temporary or contract workers
  • Customers and business partners of Licensee

 

Personal Data Categories:

The Personal Data that Precog Processes for Licensee is comprised of the following data types/categories:

 

 

Data Subject Type 1

Data Subject Type 2

Data Subject Type 3

Data Subject Type 4

Other: [Describe]

Name

[__]

[__]

[__]

[__]

[__]

Personal contact details (e.g phone, email, social media account)

[__]

[__]

[__]

[__]

[_]

Date of birth / age

[__]

[__]

[__]

[__]

[__]

Nationality

[__]

[__]

[__]

[__]

[__]

Credit card / bank account information

[__]

[__]

[__]

[__]

[__]

ID number (e.g. passport number)

[__]

[__]

[__]

[__]

[__]

Employment history / CV / recruitment information

[__]

[__]

[__]

[__]

[__]

Marital / civil status

[__]

[__]

[__]

[__]

[__]

Photo / video / voice recording

[__]

[__]

[__]

[__]

[__]

Health data (e.g. medical history, exams, diagnosis, conditions, prescriptions, data from medical devices)

[__]

[__]

[__]

[__]

[__]

Geolocation (e.g. location data, GPS data)

[__]

[__]

[__]

[__]

 

Online activities (e.g. web browsing, cookies, data analytics)

[__]

[__]

[__]

[__]

[__]

Biometrics (e.g. finger print, retina scan)

[__]

[__]

[__]

[__]

[__]

Criminal background checks / court proceedings

[__]

[__]

[__]

[__]

[__]

Lifestyle information (e.g. drinking habits)

[__]

[__]

[__]

[__]

[__]

Personality profiles / profiling information

[__]

[__]

[__]

[__]

[__]

Political views or activities

[__]

[__]

[__]

[__]

[__]

Trade union membership, views or activities

[__]

[__]

[__]

[__]

[__]

Sexual orientation/ sex life

[__]

[__]

[__]

[__]

[__]

Racial or ethnic origin

[__]

[__]

[__]

[__]

[__]

Disability, access and special requirements

[__]

[__]

[__]

[__]

[__]

IP address / device ID / other electronic ID

[__]

[__]

[__]

[__]

[__]

Other [Describe]

[__]

[__]

[__]

[__]

[__]

 

 

 

Addendum C

STANDARD CONTRACTUAL CLAUSES

 

SECTION I

Clause 1

Purpose and scope

  • The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country.
  • The Parties:
    • the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter “entity/ies”) transferring the personal data, as listed in Annex I.A. (hereinafter each “data exporter”), and
    • the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A. (hereinafter each “data importer”)

have agreed to these standard contractual clauses (hereinafter: “Clauses”).

  • These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.
  • The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.

Clause 2

Effect and invariability of the Clauses

  • These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46 (2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.
  • These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.

Clause 3

Third-party beneficiaries

  • Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:
    • Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;
    • Clause 8 – Module One: Clause 8.5 (e) and Clause 8.9(b); Module Two: Clause 8.1(b), 8.9(a), (c), (d) and (e); Module Three: Clause 8.1(a), (c) and (d) and Clause 8.9(a), (c), (d), (e), (f) and (g); Module Four: Clause 8.1 (b) and Clause 8.3(b);
    • Clause 9 – Module Two: Clause 9(a), (c), (d) and (e); Module Three: Clause 9(a), (c), (d) and (e);
    • Clause 12 – Modules Two and Three: Clause 12(a), (d) and (f);
    • Clause 13;
    • Clause 15.1(c), (d) and (e);
    • Clause 16(e);
    • Clause 18 – Modules One, Two and Three: Clause 18(a)
  • Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.

Clause 4

Interpretation

  • Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.
  • These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
  • These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.

 

 

Clause 5

Hierarchy

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

Clause 6

Description of the transfer(s)

The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.

Clause 7 – Optional

Docking clause

  • An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.
  • Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.
  • The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

 

SECTION II – OBLIGATIONS OF THE PARTIES

Clause 8

Data protection safeguards

The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.

 

MODULE TWO: Transfer controller to processor

8.1         Instructions

  • The data importer shall process the personal data only on documented instructions from the data exporter. The data exporter may give such instructions throughout the duration of the contract.
  • The data importer shall immediately inform the data exporter if it is unable to follow those instructions.

8.2         Purpose limitation

The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I.B, unless on further instructions from the data exporter.

8.3         Transparency

On request, the data exporter shall make a copy of these Clauses, including the Appendix as completed by the Parties, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including the measures described in Annex II and personal data, the data exporter may redact part of the text of the Appendix to these Clauses prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand the its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information. This Clause is without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679. 

8.4         Accuracy

If the data importer becomes aware that the personal data it has received is inaccurate, or has become outdated, it shall inform the data exporter without undue delay. In this case, the data importer shall cooperate with the data exporter to erase or rectify the data.

8.5         Duration of processing and erasure or return of data

Processing by the data importer shall only take place for the duration specified in Annex I.B. After the end of the provision of the processing services, the data importer shall, at the choice of the data exporter, delete all personal data processed on behalf of the data exporter and certify to the data exporter that it has done so, or return to the data exporter all personal data processed on its behalf and delete existing copies. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit return or deletion of the personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process it to the extent and for as long as required under that local law. This is without prejudice to Clause 14, in particular the requirement for the data importer under Clause 14(e) to notify the data exporter throughout the duration of the contract if it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under Clause 14(a).

8.6         Security of processing

  • The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter “personal data breach”). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonymisation, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.
  • The data importer shall grant access to the personal data to members of its personnel only to the extent strictly necessary for the implementation, management and monitoring of the contract. It shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  • In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the breach, including measures to mitigate its adverse effects. The data importer shall also notify the data exporter without undue delay after having become aware of the breach. Such notification shall contain the details of a contact point where more information can be obtained, a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), its likely consequences and the measures taken or proposed to address the breach including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide all information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.
  • The data importer shall cooperate with and assist the data exporter to enable the data exporter to comply with its obligations under Regulation (EU) 2016/679, in particular to notify the competent supervisory authority and the affected data subjects, taking into account the nature of processing and the information available to the data importer.

8.7         Sensitive data

Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offences (hereinafter “sensitive data”), the data importer shall apply the specific restrictions and/or additional safeguards described in Annex I.B.

8.8         Onward transfers

The data importer shall only disclose the personal data to a third party on documented instructions from the data exporter. In addition, the data may only be disclosed to a third party located outside the European Union (in the same country as the data importer or in another third country, hereinafter “onward transfer”) if the third party is or agrees to be bound by these Clauses, under the appropriate Module, or if:

  • the onward transfer is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;
  • the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 Regulation of (EU) 2016/679 with respect to the processing in question;
  • the onward transfer is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or
  • the onward transfer is necessary in order to protect the vital interests of the data subject or of another natural person.

Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.

 

 

8.9         Documentation and compliance

  • The data importer shall promptly and adequately deal with enquiries from the data exporter that relate to the processing under these Clauses.
  • The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data importer shall keep appropriate documentation on the processing activities carried out on behalf of the data exporter.
  • The data importer shall make available to the data exporter all information necessary to demonstrate compliance with the obligations set out in these Clauses and at the data exporter’s request, allow for and contribute to audits of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non-compliance. In deciding on a review or audit, the data exporter may take into account relevant certifications held by the data importer.
  • The data exporter may choose to conduct the audit by itself or mandate an independent auditor. Audits may include inspections at the premises or physical facilities of the data importer and shall, where appropriate, be carried out with reasonable notice.
  • The Parties shall make the information referred to in paragraphs (b) and (c), including the results of any audits, available to the competent supervisory authority on request.

 

Clause 9

Use of sub-processors

 

MODULE TWO: Transfer controller to processor

  • OPTION 1: SPECIFIC PRIOR AUTHORISATION The data importer shall not sub-contract any of its processing activities performed on behalf of the data exporter under these Clauses to a sub-processor without the data exporter’s prior specific written authorisation. The data importer shall submit the request for specific authorisation at least [Specify time period] prior to the engagement of the sub-processor, together with the information necessary to enable the data exporter to decide on the authorisation. The list of sub-processors already authorised by the data exporter can be found in Annex III. The Parties shall keep Annex III up to date.

OPTION 2: GENERAL WRITTEN AUTHORISATION The data importer has the data exporter’s general authorisation for the engagement of sub-processor(s) from an agreed list. The data importer shall specifically inform the data exporter in writing of any intended changes to that list through the addition or replacement of sub-processors at least [Specify time period] in advance, thereby giving the data exporter sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). The data importer shall provide the data exporter with the information necessary to enable the data exporter to exercise its right to object.

  • Where the data importer engages a sub-processor to carry out specific processing activities (on behalf of the data exporter), it shall do so by way of a written contract that provides for, in substance, the same data protection obligations as those binding the data importer under these Clauses, including in terms of third-party beneficiary rights for data subjects. The Parties agree that, by complying with this Clause, the data importer fulfils its obligations under Clause 8.8. The data importer shall ensure that the sub-processor complies with the obligations to which the data importer is subject pursuant to these Clauses.
  • The data importer shall provide, at the data exporter’s request, a copy of such a sub-processor agreement and any subsequent amendments to the data exporter. To the extent necessary to protect business secrets or other confidential information, including personal data, the data importer may redact the text of the agreement prior to sharing a copy.
  • The data importer shall remain fully responsible to the data exporter for the performance of the sub-processor’s obligations under its contract with the data importer. The data importer shall notify the data exporter of any failure by the sub-processor to fulfil its obligations under that contract.
  • The data importer shall agree a third-party beneficiary clause with the sub-processor whereby – in the event the data importer has factually disappeared, ceased to exist in law or has become insolvent – the data exporter shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

 

Clause 10

Data subject rights

MODULE TWO: Transfer controller to processor

  • The data importer shall promptly notify the data exporter of any request it has received from a data subject. It shall not respond to that request itself unless it has been authorised to do so by the data exporter.
  • The data importer shall assist the data exporter in fulfilling its obligations to respond to data subjects’ requests for the exercise of their rights under Regulation (EU) 2016/679. In this regard, the Parties shall set out in Annex II the appropriate technical and organisational measures, taking into account the nature of the processing, by which the assistance shall be provided, as well as the scope and the extent of the assistance required.
  • In fulfilling its obligations under paragraphs (a) and (b), the data importer shall comply with the instructions from the data exporter.

Clause 11

Redress

  • The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.

 

MODULE TWO: Transfer controller to processor

  • In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them.
  • Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to:
    • lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13;
    • refer the dispute to the competent courts within the meaning of Clause 18.
  • The Parties accept that the data subject may be represented by a not-for-profit body, organisation or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.
  • The data importer shall abide by a decision that is binding under the applicable EU or Member State law.
  • The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws.

Clause 12

Liability

MODULE TWO: Transfer controller to processor

  • Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.
  • The data importer shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data importer or its sub-processor causes the data subject by breaching the third-party beneficiary rights under these Clauses.
  • Notwithstanding paragraph (b), the data exporter shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data exporter or the data importer (or its sub-processor) causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter and, where the data exporter is a processor acting on behalf of a controller, to the liability of the controller under Regulation (EU) 2016/679 or Regulation (EU) 2018/1725, as applicable.
  • The Parties agree that if the data exporter is held liable under paragraph (c) for damages caused by the data importer (or its sub-processor), it shall be entitled to claim back from the data importer that part of the compensation corresponding to the data importer’s responsibility for the damage.
  • Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.
  • The Parties agree that if one Party is held liable under paragraph (e), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its / their responsibility for the damage.
  • The data importer may not invoke the conduct of a sub-processor to avoid its own liability.

Clause 13

Supervision

MODULE TWO: Transfer controller to processor

  • The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as indicated in Annex I.C, shall act as competent supervisory authority.
  • The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.

SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES

Clause 14

Local laws and practices affecting compliance with the Clauses

 

MODULE TWO: Transfer controller to processor

  • The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.
  • The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:
    • the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;
    • the laws and practices of the third country of destination– including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards;
    • any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.
  • The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.
  • The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.
  • The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a).
  • Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.

Clause 15

Obligations of the data importer in case of access by public authorities

 

MODULE TWO: Transfer controller to processor

15.1       Notification

  • The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it:
    • receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or
    • becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.
  • If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.
  • Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.).
  • The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.
  • Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.

15.2       Review of legality and data minimisation

  • The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).
  • The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.
  • The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.

 

SECTION IV – FINAL PROVISIONS

Clause 16

Non-compliance with the Clauses and termination

  • The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.
  • In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).
  • The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:
    • the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;
    • the data importer is in substantial or persistent breach of these Clauses; or
    • the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.

In these cases, it shall inform the competent supervisory authority of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.

  • Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
  • Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.

Clause 17

Governing law

MODULE TWO: Transfer controller to processor

 

These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this shall be the law of ______________ (specify Member State).

Clause 18

Choice of forum and jurisdiction

MODULE TWO: Transfer controller to processor

  • Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.
  • The Parties agree that those shall be the courts of ______________________ (specify Member State).
  • A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence.
  • The Parties agree to submit themselves to the jurisdiction of such courts.

 

 

 

APPENDIX

EXPLANATORY NOTE:

It must be possible to clearly distinguish the information applicable to each transfer or category of transfers and, in this regard, to determine the respective role(s) of the Parties as data exporter(s) and/or data importer(s). This does not necessarily require completing and signing separate appendices for each transfer/category of transfers and/or contractual relationship, where this transparency can achieved through one appendix. However, where necessary to ensure sufficient clarity, separate appendices should be used.

ANNEX I

  1. LIST OF PARTIES

MODULE TWO: Transfer controller to processor

 

Data exporter(s):

 

 

 

 

 

 

 

Data importer(s): [Identity and contact details of the data importer(s), including any contact person with responsibility for data protection]

  1. Name: Precog Data Inc., a Delaware corporation

Address: 2101 Pearl Street, Boulder Colorado 80302 USA

Contact person’s name, position and contact details: Michael Corbisiero, [email protected]

 

Activities relevant to the data transferred under these Clauses: Providing database integration software and services.

Signature and date: ______________________

Role (controller/processor): Processor

 

  1. DESCRIPTION OF TRANSFER

MODULE TWO: Transfer controller to processor

 

Categories of data subjects whose personal data is transferred: See Addendum B

………………………..

Categories of personal data transferred: See Addendum B

………………………..

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures: See chart in Addendum A

………………………..

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis). Daily

…………………………

Nature of the processing: Processor provides enterprise database management and integration software and services.

…………………………

Purpose(s) of the data transfer and further processing: For Processor to fulfill its obligations under the Principal Agreement.

 

………………………..

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: the duration of the Principal Agreement

……………………..

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing:

……………………..