This Agreement sets forth the terms and conditions under which RiskRecon will make its Hosted Service available and under which Subscriber will access the Hosted Service, as more fully described in a Order(s) executed pursuant to this Agreement, all of which will be subject to the terms and conditions of this Agreement.
1 DEFINITIONS. The following definitions shall be used for purposes of this Agreement.
1.1 “Error” means a material failure of the Hosted Services to conform to its functional specifications, excluding failures resulting from Subscriber’s negligence or improper use of the Hosted Services.
1.2 “Hosted Service(s)” means software, data, and services and updates thereto developed and owned by RiskRecon and made available to Subscriber over a network and further described in a quotation.
1.3 “Report(s)” means output resulting from the Hosted Service data which is available online for viewing via the Hosted Service and downloadable in electronic format such as .pdf.
1.4 “Subscription Quantity(ies)” means the quantity of subscription licenses purchased as described in purchase Order(s).
1.5 “User(s)” means individuals who are authorized by Subscriber to use the Hosted Service, for whom subscriptions to the Hosted Service have been purchased, and who have been supplied user identifications and passwords by Subscriber (or by RiskRecon at Subscriber's request). Users may include but are not limited to employees, consultants, contractors and agents of Subscriber.
1.6 “Vendor(s)” means third party technology provider or service provider Subscriber monitors or intends to monitor via the Hosted Service.
2 LICENSE AND ACCESS RIGHTS.
2.1 As set forth in the applicable Order associated with this Agreement, RiskRecon grants to Subscriber a non-exclusive, nontransferable, revocable license to access the Hosted Services.
2.2 Restrictions. With regard to the Hosted Services, and any component thereof, Subscriber will not (i) reverse assemble, reverse engineer, decompile or otherwise attempt to derive source code or any component thereof; (ii) modify or prepare derivative works, (iii) assign, copy, reproduce, modify, sell, lease, pledge, transfer to or share with any third party, sublicense, market, commercially exploit, or otherwise dispose of in any way, on temporary or permanent basis (iv) use in any manner that infringes the intellectual property or other rights of RiskRecon or another party; (v) distribute or re-distribute; (vi) use to provide service-bureau, software rental, time sharing or any data services to any third party; (vii) bundle, integrate, or attempt to integrate with any third-party software or solution; or (viii) use in any way not specifically licensed pursuant to this Agreement or not in accordance with provided related documentation.
Subscriber will not cause or permit any third party to do any of the foregoing restrictions as specified in this Section 2.
3 HOSTED SERVICES.
3.1 Provision of the Hosted Services
RiskRecon shall make the Hosted Service available to Subscriber and its Users pursuant to this Agreement and during the term. Subscriber agrees that its purchase of subscriptions is neither contingent upon the delivery of any future functionality or features nor dependent upon any oral or written public comments made by RiskRecon with respect to future functionality or features.
3.2 Use of the Hosted Services
3.2.1 RiskRecon Responsibilities. RiskRecon shall: (i) provide basic support to Users; and (ii) use commercially reasonable efforts to make the Service available 24 hours a day, 7 days a week, except for: (a) planned downtime (of which RiskRecon shall give at least 72 hours notice via the Hosted Service); or (b) any unavailability caused by circumstances beyond RiskRecon 's reasonable control, including without limitation, acts of Nature, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems (other than those involving RiskRecon employees), computer, telecommunications, Internet service provider or hosting facility failures or delays involving hardware, software or power systems not within RiskRecon 's possession or reasonable control, and denial of service attacks.
3.2.2 Subscriber Responsibilities. Subscriber is responsible for all activities that occur in User accounts and for Users' compliance with this Agreement. Subscriber shall: (i) use commercially reasonable efforts to prevent unauthorized access to, or use of, the Hosted Service, and notify RiskRecon promptly of any such unauthorized access or use; and (ii) comply with all applicable local, state, federal and foreign laws in using the Hosted Service
3.2.3 Use Guidelines. Subscriber shall use the Hosted Service solely for its internal business purposes as contemplated by this Agreement and shall not: (i) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share or otherwise commercially exploit or make the Hosted Service available to any third party, other than to Users or as otherwise contemplated by this Agreement; (ii) interfere with or disrupt the integrity or performance of the Hosted Service or the data contained therein; or (iii) attempt to gain unauthorized access to the Hosted Service or its related systems or networks.
3.3 Uptime Guaranty. If during a calendar year, the Uptime Percentage is below 99% for 2 consecutive months and during that 2 month period RiskRecon is unable to provide access to Reports via alternative mechanism, then Subscriber will have 30 days to notify RiskRecon of desire for remediation. Upon this notification, RiskRecon and Subscriber agree to review Uptime Percentage for the next full calendar month. If Uptime percentage remains below 99% and Risk Recon is unable to provide access to Reports via alternative mechanism during that calendar month, then RiskRecon will provide 25% pro-rata credit of 1 month’s billing fees for the particular RiskRecon licenses(s) affected by downtime. For each of the next 2 consecutive months if these downtime remains below 99% and RiskRecon is unable to provide access to Reports via alternative mechanism during that calendar month, then the same pro rata credit will be provided. If after 6 consecutive months downtime performance remains below 99% and RiskRecon is unable to provide satisfactory remediation plan, then RiskRecon shall be considered to be in material breach of this Agreement pursuant to Section 10.3 below.
4 DELIVERY, INSTALLATION, AND SUPPORT.
4.1 As soon as practicable after each Order Effective Date, RiskRecon shall electronically deliver to Subscriber: (i) login credentials to the Hosted Services and (ii) relevant website links to access the licensed Hosted Services.
4.2 RiskRecon shall provide support services by email or by telephone to Subscriber’s technical personnel to assist Subscriber in using the Hosted Services, as specified on the Order(s), and will provide a telephone number for afterhours emergencies.
5 OWNERSHIP.
RiskRecon shall retain and own all right, title and interest and all intellectual property rights (including but not limited to copyrights, trade secrets, trademarks and patent rights) in and to the Hosted Services, any related documentation, modification, derivation, improvement or development thereof, and all copies thereof. Subscriber will not take any action that jeopardizes the above specified RiskRecon’s proprietary rights or the Confidential Information, as defined in Section 7 below.
6 CONFIDENTIAL INFORMATION.
Each party will regard any information provided to it by the other party and designated in writing as proprietary or confidential to be confidential (“Confidential Information”). Confidential Information shall also include information which, to a reasonable person familiar with the disclosing party’s business and the industry in which it operates, is of a confidential or proprietary nature regardless of whether designated as such in writing. A party will not disclose the other party’s Confidential Information to any third party unless required for the license of Products hereunder, provided that such third party shall be informed by the party disclosing information of the confidential nature of such Confidential Information and shall be under a duty of confidentiality to such party that is no less restrictive than the terms hereof. Neither party shall make use of any of the other party’s Confidential Information except in its performance under this Agreement. Each party accepts responsibility for the actions of its agents or employees and shall protect the other party’s Confidential Information in the same manner as it protects its own valuable confidential information, but in no event shall less than reasonable care be used. The parties expressly agree that the Products and the terms and pricing herein are the Confidential Information of RiskRecon. Subscriber will not remove or destroy any proprietary markings or restrictive legends placed upon or contained in the Products. A receiving party shall promptly notify the disclosing party upon becoming aware of a breach or threatened breach hereunder, and shall cooperate with any reasonable request of the disclosing party in enforcing its rights. Information will not be deemed Confidential Information hereunder if such information: (i) is known prior to receipt from the disclosing party, without any obligation of confidentiality; (ii) becomes known to the receiving party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing party; (iii) becomes publicly known or otherwise publicly available, except through a breach of this Agreement; or (iv) is independently developed by the receiving party. The receiving party may disclose Confidential Information pursuant to the requirements of applicable law, legal process or government regulation, provided that it gives the disclosing party reasonable prior written notice to permit the disclosing party to contest such disclosure, and such disclosure is otherwise limited to the required disclosure.
7 INTELLECTUAL PROPERTY PROTECTION.
RiskRecon, at its own expense, will defend, indemnify or at its sole option, settle, any action brought by a third party against Subscriber or its officers, directors, employees or agents based on a claim that the Hosted Services when used within the scope of this Agreement, infringes any United States patent, copyright, or trademark of a third party (a “Claim”). RiskRecon’s obligations to indemnification are subject to Subscriber: (a) notifying RiskRecon of any such Claim promptly after it obtains knowledge of such Claim; (b) providing RiskRecon with reasonable assistance, information and cooperation in defending the lawsuit or proceeding; and (c) giving RiskRecon full control and sole authority over the defense and settlement of such claim, provided settlement fully releases Subscriber and is solely for monetary damages and does not admit any liability on behalf of Subscriber.
RiskRecon shall have no obligation to indemnify, defend or hold harmless hereunder to the extent that a Claim is caused by or results from any (i) use of the Hosted Services not in accordance with this Agreement or for purposes not intended by RiskRecon and not specifically licensed pursuant to this Agreement; or (ii) use of the Hosted Services other than the latest unaltered and unmodified version of the Hosted Services as made available by RiskRecon to Subscriber as an update or upgrade.
Following notice of a Claim or upon any facts which in RiskRecon’s sole opinion are likely to give rise to such Claim, RiskRecon shall in its sole discretion and at its sole option, elect to (A) procure for Subscriber the right to continue to use the Hosted Services, at no additional cost to Subscriber, (B) replace the Hosted Services so that it becomes non-infringing, but functionally equivalent, (C) modify the Hosted Services to avoid the alleged infringement but in a manner so that it remains functionally equivalent, (D) terminate the applicable Order and provide a refund to Subscriber for the pro-rata amount of prepaid Fees by Subscriber to RiskRecon for the remainder of the Order Term, or (E) terminate this Agreement and provide a refund to Subscriber for the pro-rata amount of prepaid Fees by Subscriber to RiskRecon for the remainder of the Term.
8 LIMITED WARRANTY; DISCLAIMER OF LIABILITY.
8.1 During the applicable Order Term, RiskRecon warrants that the Hosted Services will function in material accordance with their specifications pursuant to the Functional Specifications attached to a quotation.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, RISKRECON AND ITS SUPPLIERS DISCLAIM ALL OTHER REPRESENTATIONS, WARRANTIES, TERMS AND CONDITIONS, WHETHER EXPRESS OR IMPLIED, REGARDING THE HOSTED SERVICES, RELATED DOCUMENTATION OR INFORMATION, AND OTHER MATERIALS AND SERVICES, AND SPECIFICALLY DISCLAIM THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, MERCHANTABLE QUALITY, NONINFRINGEMENT AND THOSE ARISING FROM COURSE OF PERFORMANCE, DEALING, USAGE OR TRADE. RiskRecon does not warrant that the functions or information contained in the Hosted Services or in any update will meet the requirements of Subscriber or that the operation of the Hosted Services will be uninterrupted or error free or free from Errors or other program limitations. The information may contain technical or typographical errors. RiskRecon does not guarantee its accuracy or completeness. All information provided by RiskRecon is provided for information purposes only.
8.2 RiskRecon provides no warranty regarding any use of the Hosted Services (i) not in accordance with this Agreement or for purposes not intended by RiskRecon and not specifically licensed pursuant to this Agreement; or (ii) other than the latest unaltered and unmodified version of the Hosted Services as made available by RiskRecon to Subscriber as an update or upgrade.
8.3 To the maximum extent permitted by applicable law, RiskRecon’s sole obligation and Subscriber’s sole remedy for any failure of the Hosted Services and Breach of Warranty in Section 8.1 is limited to the correction, adjustment or replacement of the failed Hosted Services which examination indicates, to RiskRecon’s satisfaction, to be defective or, at RiskRecon’s sole option, termination of license and access rights to the Hosted Services and refund of any fees paid by Subscriber for the failed Hosted Services during the then-prior twelve (12) months preceding failure.
8.4 IN NO EVENT, SHALL EITHER PARTY BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES, OR ANY PENALTIES, CLAIMS FOR LOST DATA, REVENUE, PROFITS, COSTS OF PROCUREMENT OR SUBSTITUTE GOODS OR SERVICES OR BUSINESS OPPORTUNITIES, ARISING OUT OF THIS AGREEMENT, OR ANY ORDERS, EXHIBITS, OR ADDENDA THERETO, UNDER ANY CAUSE OF ACTION OR THEORY OF LIABILITY, WHETHER IN CONTRACT OR IN TORT INCLUDING NEGLIGENCE, EVEN IF RISKRECON OR SUBSCRIBER HAD BEEN ADVISED OF SUCH DAMAGES.
8.5 EXCEPT AS EXPRESSLY STATED IN THIS PARAGRAPH, AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY HEREUNDER FOR ANY CAUSE OF ACTION OR THEORY OF LIABILITY EXCEED THE AMOUNTS PAID BY SUBSCRIBER TO RISKRECON PURSUANT TO THE APPLICABLE ORDER FOR WHICH THE CAUSE OF ACTION AROSE, DURING THE PRECEDING TWELVE (12) MONTH PERIOD PRIOR TO THE DATE THE CAUSE OF ACTION AROSE. THIS LIMIT ALSO APPLIES TO ANY OF SUCH PARTY’S AFFILIATES, SOFTWARE DEVELOPERS AND SUPPLIERS. IT IS THE MAXIMUM FOR WHICH SUCH PARTY AND ITS AFFILIATES, SOFTWARE DEVELOPERS, AND SUPPLIERS ARE COLLECTIVELY RESPONSIBLE. Nothing in this 8.5 shall exclude or limit liability for death or personal injury resulting from the gross negligence of a party or their servants, agents or employees or the breach of the other party’s intellectual property rights as set forth herein.
9 TERM AND TERMINATION.
9.1 Term of the Agreement. The term of this Agreement shall commence on the Effective Date and shall expire when all of the Orders have terminated or expired, unless the parties mutually agree in writing to extend it (“Term”).
9.2 Term of Orders. Each Order shall have an initial term as set out in the Order.
9.3 Events of Termination. If either party is in material breach of this Agreement, the other party must notify the breaching party in writing. The breaching party shall then have thirty (30) days to acknowledge in writing their receipt of said written notice. Upon acknowledgement, the breaching party will then have thirty (30) days to respond to the breach notice with written description of proposed cure. If proposed cure does not satisfy the party giving notice, then that party may give written notice of termination of the applicable Order(s) or request initiation of dispute resolution procedure described in Section 10.3.
9.4 Effect of Termination. Expiration of the Term or termination of the Agreement shall terminate all licenses and access rights granted in this Agreement. Except to the extent agreed to in writing by the parties: (i) subscriber shall pay forthwith all amounts due and owing under this Agreement on the date of termination, which, for the avoidance of any doubt, is the total amount due over Term until the effective date of termination as specified in Order(s); (ii) Subscriber shall cease all use of the Hosted Services, and if applicable, shall delete all copies in its possession or control, and (iii) all Subscriber’s rights to any deliverables pursuant to this Agreement shall be revoked.
Notwithstanding the foregoing, in the event of expiration or termination of any Order and not this Agreement, the terms and conditions of this Section 9.4 shall apply only with respect to the terminated Order, except to the extent necessary for the continued performance of the parties of their respective obligations under this Agreement or any other surviving Order.
9.5 Survival. Sections: 1, 5, 6, 7, 8, 9, and 10 shall survive expiration or termination of this Agreement according to their terms.
10 GENERAL PROVISIONS.
10.1 Successors and Assigns. This Agreement shall bind and inure to the benefit of each party’s permitted successors and assigns. Either party may assign any of its rights or obligations without prior written consent of the other party to a parent, other affiliate, or successor entity, including by way of merger, consolidation, asset or stock sale. RiskRecon may assign its rights to payments under this Agreement without obtaining Subscriber’s consent. Assignment by RiskRecon in conjunction with the sale of the portion of RiskRecon’s business that includes the Hosted Services is not restricted. Any attempt to assign this Agreement in any other event without prior written consent of the other party will be null and void. In the event of an assignment by Subscriber, and notwithstanding the above, Subscriber may assign this Agreement, provided it pays RiskRecon any additional agreed professional services fees, one-time deployment fees, or other reasonable costs incurred in connection with the migration of the Hosted Services to the assignee. The parties will negotiate in good faith the scope and the payment terms of any such additional fees by entering into a new Order to be signed by both parties.
10.2 Governing Law; Arbitration and Venue. This Agreement shall be governed solely by the laws of the State of New York, without regard to its principles of conflicts of law. The application of the United Nations Convention of Contracts for the International Sale of Goods or other international laws is expressly excluded. The parties consent to the personal and exclusive jurisdiction of the federal and state courts of the State of New York.
10.3 Dispute Resolution and Attorney Fees. Any disputes arising under this Agreement will be resolved as follows: (a) the senior management of both parties will meet (in person or via teleconference) to attempt to resolve the dispute; (b) if senior management cannot resolve the dispute, either Party may make a written request for formal resolution of the dispute. The written request will specify the scope of the dispute; (c) within 30 days after such written request, the parties will meet for one day and consider dispute resolution alternatives other than litigation; and (d) if an alternative method of dispute resolution is not agreed upon within thirty (30) days of the meeting, either Party may pursue litigation proceedings.
This Section 10.3 will not apply to disputes arising under Sections 6 (Confidential Information) and 7 (Intellectual Property Protection), either party’s right to protect its intellectual property rights or to any dispute involving an application for a temporary restraining order or other form of injunctive relief.
10.4 Force Majeure. With the exception of payment obligations, neither party shall be liable to the other party for any delay or failure in performance, to the extent such delay or failure is due to causes beyond its control.
10.5 Severability and Waiver. If any provision of this Agreement is found invalid or unenforceable, that provision will be enforced to the maximum extent permissible so as to effect the intent of the parties and the remainder of this Agreement will remain in full force and effect. Neither party will be deemed to have waived any of its rights under this Agreement by lapse of time or by any statement or representation other than by an explicit written waiver. No waiver of a breach of this Agreement will constitute a waiver of any prior or subsequent breach of this Agreement.
10.6 Construction; Integration; and Modification. This Agreement will not be construed in favor of or against either party by reason of authorship. This Agreement, including all Orders, attachments, exhibits, constitutes the entire agreement between the parties, and supersedes and replaces all prior or contemporaneous understandings or agreements, written or oral, regarding such subject matter. This Agreement or any Order may be modified, amended, or supplemented by any addendum thereto, only in writing and only by the duly authorized representatives of both parties.
10.7 Counterparts. This Agreement may be executed in counterparts, each of which shall be deemed an original, but all of which together shall constitute a single instrument.
10.8 Reserved.
10.9 Export/Import Laws. The parties agree to comply with all applicable export and import laws and regulations, including U.S. embargo and sanctions regulations and prohibitions on export, re-export or transfer of software provided under this Agreement for certain end uses or to certain users.
Subscriber represents and warrants that Subscriber is neither a Prohibited Person nor owned or controlled by a Prohibited Person. “Prohibited Persons” shall mean a person or entity appearing on the lists published by the U.S. government as amended from time to time, that is prohibited from acquiring ownership or control of items under this Agreement, or with which Subscriber is prohibited from doing business. For reference, a consolidated list is available at http://export.gov/ecr/eg_main_023148.asp.