SOFTWARE AS A SERVICE AGREEMENT
This SOFTWARE AS A SERVICE AGREEMENT (this “SSA”) is entered into between Awardco, Inc., a Delaware corporation (“Awardco”), and the entity listed on the Order Form purchasing the Awardco Services (“Customer”). Awardco and Customer may be referred to collectively as the “Parties” and each individually as a “Party”.
1.1 “Affiliate” means a legal entity that controls, is controlled by, or is under common control with a Party, where “control” means possessing the power to direct the management, policies or operations of an entity, directly or indirectly, whether through ownership of voting securities, by contract, or otherwise.
1.2 “Agreement” means, collectively, this SSA, each Exhibit hereto, and each Order Form.
1.3 “Authorized User” means an individual who is an employee or contractor of Customer or its Affiliates and to whom Customer grants access authorization to use the Awardco Services.
1.4 “Awardco Services” means the subscription(s) to Awardco’s cloud-based web platform delivered and accessible through www.awardco.com as well as any related professional services, in each case ordered by Customer under an Order Form.
1.5 “Confidential Information” means any technical, business, or financial information disclosed by one Party to the other Party that the disclosing Party identifies as confidential or proprietary at the time of disclosure, or that a person exercising reasonable business judgment would understand to be confidential or proprietary given the nature of the information and the circumstances surrounding its disclosure. For the avoidance of doubt, Confidential Information of Customer includes Customer Data, and Confidential Information of Awardco includes its policies and procedures, product roadmaps, and pricing.
1.6 “Customer Data” means any data, content, materials, or information, in each case including Personal Data, that Authorized Users, Customer, and/or Customer’s Affiliates input or upload into Awardco’s cloud-based web platform or otherwise provide to Awardco.
1.7 “Documentation” means Awardco’s then-current technical and functional documentation for the Awardco Services as generally made available by Awardco.
1.8 “Funding Account” means a retainer account into which Customer’s funds are deposited and used to process and pay for Redemptions.
1.9 "Intellectual Property Rights" means copyrights, trademarks, trade secrets, moral rights, know-how, patent rights, and any other intellectual property rights recognized in any country or jurisdiction in the world.
1.10 "Marketplace Partners” means the various third-party partners of Awardco (such as Amazon.com) who collectively make up an online marketplace of Redemption options for Authorized Users and who may also provide fulfillment and related services with respect to such Redemptions.
1.11 “Order Form” means any Awardco order form, ordering documentation, online sign-up, or subscription flow that references this SSA, sets forth pricing (if applicable) and the Awardco Services selected by Customer, and is accepted and agreed to by the Parties, in each case including any addenda, schedules, supplements, or statements of work thereto.
1.12 “Personal Data” means any information that is considered “personal information,” “personal data,” or “personally identifiable information,” or any functional equivalent of these terms under any applicable laws relating to data privacy, data protection, or cybersecurity.
1.13 “Redemptions” means all products and services redeemed through the Awardco Services under Authorized Users’ accounts.
1.14 “Third-Party Product” means any content, documentation, applications, integrations, software, code, online services, systems, or other products not developed by Awardco.
2.1 Grant of Rights. Subject to the terms and conditions of the Agreement, Awardco grants Customer a non-exclusive, non-transferable, non-sublicensable right during the applicable Order Form Term (defined below) to access and use: (a) the Awardco Services identified on the applicable Order Form; and (b) the Documentation, in each case solely for Customer’s internal business purposes.
2.2 Authorized Users. Each Authorized User must be identified by a unique email address or unique user identification and two or more individuals may not use the Awardco Services as the same Authorized User. Customer will keep its credentials and Authorized Users’ credentials for the Awardco Services strictly confidential and will be responsible for all actions taken by an Authorized User or under an Authorized User’s account. Customer will promptly notify Awardco of any known violation of the Agreement by an Authorized User and of any known breach of security or unauthorized use of its or an Authorized User’s account.
2.3 Acceptable Use Policy. Customer will not permit anyone other than Authorized Users to access or use the Awardco Services. Customer will comply with all applicable laws, rules, and regulations in connection with its use of the Awardco Services. Customer will not, and Customer will not permit Authorized Users or others under its control to: (a) rent, lease, resell or otherwise use the Awardco Services for the benefit of a third party; (b) reverse engineer, disassemble, decompile, copy, or make derivative works of the Awardco Services; (c) input or upload to the Awardco Services or transmit via the Awardco Services any data, content, or material that is unlawful or infringes upon the rights of a third party; (d) circumvent or endanger the operation or security of the Awardco Services; or (e) develop a competitive product or service to the Awardco Services or copy its features, functionality, or user interface.
2.4 Suspension Generally. Awardco may suspend or limit any access or use of the Awardco Services or remove or disable any individual account or content that Awardco reasonably and in good faith believes violates the Agreement or may result in material harm to the Awardco Services or its users. Awardco will promptly notify Customer of any such action. Awardco will limit a suspension or limitation as narrow in time and scope as reasonably possible under the circumstances.
3.1 Implementation. If an Order Form provides that Awardco will conduct implementation services (the “Implementation Services”), Awardco will assign to Customer a dedicated implementation specialist with the skills and experience required to successfully complete such Implementation Services, and Customer will assign a primary point of contact to coordinate communication and make decisions on behalf of Customer during the implementation process. Awardco will provide the Implementation Services remotely. Awardco’s ability to complete the Implementation Services, and to do so within the timeframe specified in the applicable Order Form, requires Customer’s timely and effective cooperation and collaboration. Awardco will not be responsible for any delay in the Implementation Services to the extent caused by the actions or inactions of Customer.
3.2 Additional Orders. If at any time during the Term Customer desires configurations, support, trainings, subscriptions, or services of any kind outside the scope of the Order Form(s) then in effect, and Awardco agrees to provide the same to Customer, then the Parties will enter into an additional Order Form for Customer to order such items.
4.1 Information Security. Awardco has implemented and will maintain commercially reasonable technical and organizational measures designed to preserve the security, integrity, and confidentiality of Customer Data and protect against the occurrence of accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of or access to Customer Data (any such occurrence, a “Security Incident”). Awardco is committed to the protection and reliability of Customer Data and upon request will provide Customer with a copy of Awardco’s then-most recent SOC 2 Type II report and other relevant third-party assessments as well as Awardco’s policies and procedures applicable to information security, in each case as reasonably requested by Customer. All information provided to Customer pursuant to this Section 4.1 is deemed Confidential Information of Awardco.
4.2 Customer Data. Customer is solely responsible for obtaining all necessary rights and licenses to access, use, and disclose to Awardco all Customer Data. Customer authorizes Awardco (including its Affiliates, Marketplace Partners, and subcontractors) to access, process, and use all Customer Data as necessary to perform and fulfill its obligations under the Agreement. To the extent Customer requires Awardco to process any Personal Data that is subject to the General Data Protection Regulation 2016/679, California Consumer Privacy Act of 2018, California Privacy Rights Act of 2020, or any other data protection or privacy law that requires a data processing or similar agreement between the Parties concerning such Personal Data, the Data Processing Agreement available at https://award.co/legal#dpa will be deemed to form a part of and be incorporated into the Agreement by this reference.
4.3 Analytics Data. Awardco may access, collect, analyze, and use the data, information, or insights generated or derived from the provision, use and performance of the Awardco Services and related software, systems, programs, and technologies (“Analytics Data”) for its own business purposes, such as improving its products and services, analytics, and industry analysis. Analytics Data is not Customer Data. Awardco will not publicly publish, distribute or display Analytics Data except in anonymized and aggregated form that does not in any manner reveal the identity, whether directly or indirectly, of Customer or its Affiliates or Authorized Users and would not permit a third party to identify the Customer or its Affiliates or Authorized Users.
5.1 Fees. Customer will pay all fees specified in each Order Form (“Fees”) in accordance with the terms set forth in such Order Form and this SSA. Except as expressly provided in the Agreement, payments are non-refundable and non-creditable, payment obligations are non-cancellable, and the Fees for all subscriptions under an Order Form are a continuous and non-divisible commitment for the full duration of the subscription period specified in the applicable Order Form regardless of any billing frequency. All Fees are exclusive of all taxes and similar assessments, including sales and use tax, value-added tax (VAT), goods and services tax (GST), excise, withholding, or similar taxes or levies, whether domestic or foreign, other than taxes based on Awardco’s income or payroll (“Taxes”). Customer is solely responsible to pay for all applicable Taxes. If Awardco has the legal obligation to pay or collect Taxes for which Customer is responsible, the appropriate amount will be invoiced to and paid by Customer unless Customer provides Awardco with a valid tax exemption certificate authorized by the appropriate taxing authority. If Customer is overdue on any payment of any invoice for Fees that are not subject to a good faith dispute under Section 5.5 (Payment Disputes) and fails to pay within thirty (30) days of written notice, then Awardco may assess, and Customer agrees to pay, a late fee that is lesser of 1.5% of the amount due per month or the maximum amount allowable by applicable law.
5.2 Redemptions; Funding Account. Customer must pay for all Redemptions. Except as otherwise set forth in the applicable Order Form, if at any time during the Term Customer’s balance in the Funding Account is zero or negative, Awardco may in its sole discretion temporarily suspend any or all Redemptions until Customer’s balance in the Funding Account is positive. Customer may at any time request any or all of its unused funds in the Funding Account to be returned to Customer and Awardco will promptly return such funds, subject to Awardco’s rights under Section 6.3(b) (Effect of Termination). Customer is responsible for any product sales tax and any shipping costs for Redemptions. Certain Redemptions may be subject to additional terms of the corresponding Marketplace Partner for such Redemption (such as prepaid cards or gift cards), and Awardco will provide Authorized Users a link to or disclosure of any such terms prior to Redemption.
5.3 General Terms. All invoices under Section 5.1 (Fees) will be separate and distinct from Funding Account invoices under Section 5.2 (Redemptions). Except for payments in dispute per Section 5.5 below, Customer cannot withhold, reduce or set-off amounts owed under this Section 5. All amounts will be due and payable to Awardco in the currency listed on the applicable Order Form. If at any time during the applicable Order Form Term (defined below) the actual number of Authorized Users exceeds the total quantity then-permitted under the applicable Order Form (such excess, “Additional Authorized Users”), then (a) if the underlying subscription is invoiced on a flat fee basis, Awardco may suspend or limit any access to or use of the Awardco Services, otherwise (b) Awardco may issue an invoice under Section 5.1 (Fees) and Customer will pay an additional fee for each such Additional Authorized User at the unit price per Authorized User then in effect under the applicable Order Form. Customer is not entitled to any refund or credit if the total Authorized Users is at any time less than the total quantity of Authorized Users then-permitted.
5.4 Purchase Orders. If Customer issues a purchase order for the Awardco Services, it must be for no less than the full amount set forth in the applicable Order Form, and Awardco hereby rejects any additional or conflicting terms appearing in a purchase order or any other ordering materials submitted by Customer. Upon Customer’s request, Awardco will reference Customer’s purchase order number on the applicable invoice; provided, that Customer provides such purchase order number to Awardco upon entering into the corresponding Order Form. Customer’s failure to provide Awardco with its purchase order number will not relieve Customer of its obligations to provide payment to Awardco pursuant to this Section 5.
5.5 Payment Disputes. Customer may withhold from payment any charge or amount disputed by Customer reasonably and in good faith pending resolution of such dispute, provided that Customer: (a) notifies Awardco of the dispute within thirty (30) days of the applicable invoice date, specifying in such notice (i) the amount in dispute, and (ii) the reason for the dispute set out in sufficient detail to facilitate investigation by Awardco and resolution by the Parties; (b) makes timely payment of all undisputed charges and amounts; (c) works diligently with Awardco to resolve the dispute promptly; and (d) pays all amounts that are determined to be payable by resolution of the dispute (by adversarial proceedings, agreement or otherwise) within fifteen (15) days following such resolution. For clarity, any undisputed amounts must be paid in full in accordance with this Section 5. Awardco reserves all rights and remedies with respect to any payment dispute that is not resolved within thirty (30) days of the initial Customer notice thereof.
5.6 Suspension for Non-Payment. Awardco may suspend or limit any access or use of the Awardco Services if payment under the Agreement is overdue and Customer fails to pay amounts due within ten (10) days of notice by Awardco, subject to Section 5.5 (Payment Disputes).
6.1 Term. This SSA will begin on the date the Parties entered the initial Order Form and continue in effect until the expiration or termination of the last Order Form Term hereunder, unless terminated sooner as provided herein (the “Term”). Multiple Order Forms may be in effect at any given time during the Term per Section 3.2 (Additional Orders). The term of each Order Form (including any renewals thereto, the “Order Form Term”) will begin on the effective date of such Order Form and, unless terminated sooner as provided in the Agreement, will continue until the later of: (a) the completion of all professional services purchased under such Order Form, and (b) the expiration of all subscription periods under such Order Form. Termination or expiration of any Order Form will leave other Order Forms unaffected. Customer cannot terminate the Agreement prior to its expiration, including any Order Form, except as expressly permitted by Section 6.2 (Termination for Cause).
6.2 Termination for Cause. Either Party may terminate the Agreement, or any Order Form, upon written notice to the other Party if the other Party: (a) commits a material breach or default in the performance of any of its obligations (including a failure to pay any amount due) under the Agreement or applicable Order Form and such breach or default, if curable, remains uncured thirty (30) days after its receipt of written notice of such breach or default; (b) ceases operation without a successor; or (c) becomes the subject of a petition in bankruptcy or any proceeding related to its insolvency, receivership or liquidation, in any jurisdiction, that is not dismissed within sixty (60) days of its commencement, or makes an assignment for the benefit of creditors.
6.3 Effect of Termination. If the Agreement or any Order Form expires or terminates for any reason, the rights granted to Customer herein and thereunder terminate, and upon such termination: (a) Customer must promptly (i) stop using the applicable Awardco Services and Documentation, and (ii) delete (or, at Awardco’s request, return) any Documentation and any Awardco Confidential Information in Customer’s possession, custody, or control; and (b) Awardco will refund to Customer its remaining balance (if any) in the Funding Account, less any amounts that have accrued before, and remain unpaid as of, the effective date of such expiration or termination, provided that nothing in this clause (b) will be construed to relieve Customer of its payment obligations if Customer’s remaining balance in the Funding Account is insufficient to cover such unpaid amounts. If Customer terminates the Agreement or any Order Form for cause pursuant to Section 6.2 (Termination for Cause), Customer will receive a pro-rata refund in the amount of any Fees it has pre-paid for the terminated portion of the applicable Order Form Term. Except where the Agreement specifies an exclusive remedy, all remedies under the Agreement, including termination or suspension, are cumulative and not exclusive of any other rights or remedies that may be available to a Party.
7.1 Confidentiality. Except as permitted by the Agreement, each Party (as the receiving Party) must keep, hold, and protect the other Party’s (as the disclosing Party) Confidential Information as strictly confidential to the same extent it protects its own Confidential Information, and not less than a reasonable standard of care. Each Party must not disclose any Confidential Information of the other Party to any person or entity other than its employees, contractors, agents, or representatives having a legitimate need to know (which, for Awardco, includes its subcontractors and Marketplace Partners), provided that the receiving Party remains responsible for its recipient’s compliance with the terms of this Section 7 and liable for any breach thereof and that such recipients are bound to confidentiality obligations no less protective than this Section 7. Further, each Party shall only use the Confidential Information of the other Party as expressly permitted under the Agreement. Confidential Information of Awardco disclosed prior to execution of the Agreement will be subject to this Section 7. The provisions of this Section 7 will remain in effect during the Term and for a period of five (5) years after the expiration or termination thereof, except with regard to trade secrets of the disclosing Party, which will be held in confidence for as long as such information remains a trade secret.
7.2 Exclusions. The restrictions on use and disclosure of Confidential Information do not apply to any information of the disclosing Party that: (a) is or becomes generally available to the public through no fault of the receiving Party; (b) was known by the receiving Party free of confidentiality restrictions before it received the Confidential Information; (c) is rightfully obtained by the receiving Party from a third party without breach of any confidentiality obligation; (d) is independently developed by the receiving Party without reference to or use of the disclosing Party’s Confidential Information; or (e) the disclosing Party agrees in writing is free of confidentiality restrictions.
7.3 Permitted Disclosure. A Party may disclose the other Party’s Confidential Information to the extent required by: (a) law or court order, provided it gives advanced notice (if permitted by law) to the other Party to enable it to contest such order or requirement or limit the scope of such request, and reasonably cooperates in any such effort by the other Party; or (b) applicable securities regulations.
7.4 Remedies. The Parties acknowledge and agree that the receiving Party’s breach of this Section 7 may cause the disclosing Party substantial harm for which damages alone may be an insufficient remedy, and therefore on breach or threatened breach of this Section 7 the disclosing Party is entitled to seek appropriate equitable relief in addition to any other remedies it may have available hereunder or at law.
8.1 Customer. Customer owns and retains: (a) Customer Data; (b) Customer’s name, logo, and other trademarks; (c) Customer’s Confidential Information; and (d) all Intellectual Property Rights of Customer in and to any of the foregoing.
8.2 Awardco. The Agreement is a term-limited agreement for access to and use of the Awardco Services. Customer acknowledges and agrees that under the Agreement it and its Affiliates and Authorized Users are obtaining only a limited right to access and use the Awardco Services and no ownership rights thereof are transferred to Customer or its Affiliates or Authorized Users. Awardco, its Affiliates, or its licensors or suppliers, as applicable, own and retain: (a) the Awardco Services, the Documentation, and all other software, applications, equipment, infrastructure, inventions, know-how, concepts, and techniques related to the Awardco Services or developed or conceived by Awardco in connection with providing the Awardco Services, as well as all improvements, enhancements, modifications, updates, and contributions thereto and any derivative works of any of the foregoing; (b) the Analytics Data; (c) Awardco’s name, logo, and other trademarks; (d) Awardco’s Confidential Information; and (e) all Intellectual Property Rights in and to any of the foregoing. Awardco reserves all rights and licenses not specifically granted in the Agreement. Customer and its Affiliates and Authorized Users are free to provide any comments, suggestions for enhancements or functionality, or other feedback to Awardco with respect to the Awardco Services, provided that if any of them elect to do so Awardco will have the full, free, irrevocable and unencumbered right to use and exploit the same in connection with the Awardco Services and its business, although Awardco is under no obligation to do so. The Awardco Services are offered as an online, hosted product, and therefore Customer has no right to obtain a copy of the software behind or connected to any Awardco Services.
9.1 Performance Warranty. During the Term, Awardco warrants, for Customer’s benefit only, that the Awardco Services identified on Customer’s Order Form(s): (a) when used as authorized under the Agreement, will operate in substantial conformity with the descriptions set forth in the applicable Order Form; and (b) will be provided in a professional and workmanlike manner in accordance with generally accepted industry standards for similar services (collectively, the “Performance Warranty”). Customer must notify Awardco in writing within thirty (30) days of discovery of a breach of the Performance Warranty and include a detailed description. If Awardco receives a valid warranty claim within this period, it will use commercially reasonable efforts in its discretion to repair the affected portion of the Awardco Services or re-perform the services (as applicable), or if Awardco determines this remedy is not commercially reasonable, either Party may terminate the applicable Order Form upon written notice to the other Party. Upon such termination, Customer will receive a pro-rata refund in the amount of any Fees it has pre-paid for the terminated portion of the applicable Order Form Term. The remedy in this Section 9.1 will be Customer’s sole and exclusive remedy, and Awardco’s sole liability, for any breaches of the Performance Warranty. Notwithstanding the foregoing, the Performance Warranty does not apply to or cover and Awardco will not be responsible for: (a) errors in or resulting from Third-Party Products or Customer Data; (b) Customer’s misuse or failure to comply with the Documentation; (c) modifications to the Awardco Services by anyone other than Awardco or services provided by anyone other than Awardco or its subcontractors or Marketplace Partners; or (d) Customer’s or any Authorized User’s breach or default in the performance of any of Customer’s obligations (including a failure to pay fees) under the Agreement or any Order Form.
9.2 Disclaimers. EXCEPT FOR THE PERFORMANCE WARRANTY AS EXPRESSLY SET FORTH ABOVE IN THIS SSA, THE AWARDCO SERVICES ARE PROVIDED “AS-IS”, “AS-AVAILABLE” AND WITH “ALL FAULTS”, AND NEITHER AWARDCO, ITS AFFILIATES, SUBCONTRACTORS, MARKETPLACE PARTNERS NOR ITS SUPPLIERS MAKE ANY REPRESENTATIONS, WARRANTIES, OR GUARANTEES OF ANY KIND WHATSOEVER, WHETHER EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, AND SPECIFICALLY DISCLAIM ANY AND ALL IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, ACCURACY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, AND ANY AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, PERFORMANCE, OR USAGE OF TRADE. THE DISCLAIMERS IN THIS SECTION WILL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE AGREEMENT.
10.1 Indemnification by Awardco. Awardco will defend Customer and its Affiliates and its/their officers, directors, employees, agents, successors and permitted assigns (“Customer Indemnitees”) from and against any claim, suit, action, or proceeding brought by a third party against any Customer Indemnitee alleging that the Awardco Services, as provided by Awardco and when used as authorized under the Agreement, infringes or violates any Intellectual Property Rights of such third party (“IP Claim”). In addition, Awardco will indemnify Customer Indemnitees against any damages, expenses, penalties, fees (including reasonable attorneys’ fees) and costs finally awarded against any Customer Indemnitee or agreed to in settlement by Awardco resulting from such third-party claims. In response to any actual or potential IP Claim, if required by settlement or injunction, or if Awardco determines these actions are reasonably necessary, Awardco may at its option: (a) procure a license for the affected portion of the Awardco Services; (b) replace or modify the Awardco Services so as to avoid infringement or violation but be materially equivalent; or (c) terminate the Order Form for the affected Awardco Services and issue to Customer a pro-rata refund in the amount of any Fees it has pre-paid for the terminated portion of the applicable Order Form. Notwithstanding the foregoing, Awardco’s obligations under this Section 10.1 do not apply if the claim results from: (i) Customer’s breach of the Agreement, including Section 2 (Awardco Services); (ii) Customer Data or other content, information or materials provided by Customer; (iii) modification of the Awardco Services by anyone other than Awardco, its subcontractors, or Marketplace Partners; or (iv) Third-Party Products. This Section 10.1 states the sole and exclusive remedy of Customer and the entire liability of Awardco or any of its suppliers, officers, directors, employees, shareholders, contractors, subcontractors, Marketplace Partners, or representatives, with respect to any IP Claim.
10.2 Indemnification by Customer. Customer will defend Awardco, its Affiliates, its subcontractors, and its Marketplace Partners and its/their officers, directors, employees, agents, successors and permitted assigns (“Awardco Indemnitees”) from and against any claim, suit, action, or proceeding brought by a third party against any Awardco Indemnitee alleging that any Customer Data infringes or violates any Intellectual Property Rights of a third party, or arising from Customer’s breach of its obligation under Section 4.2 (Customer Data) to obtain all necessary rights and licenses to access, use, and disclose to Awardco all Customer Data. In addition, Customer will indemnify Awardco Indemnitees against any damages, expenses, penalties, fees (including reasonable attorneys’ fees) and costs finally awarded against any Awardco Indemnitee or agreed to in settlement by Customer that result from such third-party claims.
10.3 Procedures. Each indemnifying Party’s defense and indemnification obligations in this Section 10 are subject to the indemnifying Party receiving: (a) prompt written notice of the claim from the indemnitee; (b) the exclusive right to control and direct the investigation and defense of such claim; and (c) all reasonably necessary cooperation of the indemnitee at the indemnifying Party’s expense (as to reasonable out-of-pocket costs). Any settlement of any such claim by the indemnifying Party must not include a financial or specific performance obligation on, or admission of liability by, the indemnitee without the prior written consent of such indemnitee. The indemnitee may participate in such claim through legal counsel of its own choosing at its own expense. The indemnifying Party shall have no obligation or liability under this Section 10 for or with respect to any settlement of such claim entered into by the indemnitee without the express prior written consent of the indemnifying Party.
11.1 Waiver of Certain Damages. To the fullest extent permitted by applicable law, except for Excluded Claims (as defined below), neither Party (nor its respective Affiliates or Awardco’s subcontractors or Marketplace Partners) will be liable under or in connection with the Agreement for any indirect, incidental, consequential, special, exemplary, or punitive damages whatsoever, including, without limitation, for loss of production, use, business profits, revenues, or goodwill.
11.2 Liability Cap. To the fullest extent permitted by applicable law, except for Excluded Claims (as defined below and for which there is no liability cap), the maximum liability of either Party (or its respective Affiliates or Awardco’s subcontractors or Marketplace Partners) under or in connection with the Agreement shall not exceed in the aggregate the total Fees paid by Customer to Awardco for the Awardco Services in the twelve (12) month period immediately preceding the first event giving rise to the claim.
11.3 Excluded Claims. Notwithstanding the foregoing in this Section 11, nothing herein will waive any specific type of damages or limit liability for any Excluded Claims. The term “Excluded Claim” means: (a) any amounts payable by Awardco pursuant to its indemnification obligations for IP Claims under Section 10.1 (Indemnification by Awardco); (b) any amounts payable by Customer pursuant to its indemnification obligations under Section 10.2 (Indemnification by Customer); (c) any failure by Customer to pay any amounts due under the Agreement, and (d) Customer’s breach of Section 2.3 (Acceptable Use Policy).
11.4 Risk Allocation. Each Party acknowledges and agrees that this entire Section 11 is a fundamental basis of the bargain and a reasonable allocation of risk between the Parties and will survive and apply to any claims arising out of or related to the Agreement and any Awardco Services, regardless of the theory of liability (whether in contract, tort, strict liability or otherwise), even if any limited liability remedy in the Agreement is found to have failed its essential purpose.
12.1 Relationship of the Parties. The Parties are independent contractors. The Agreement does not create a partnership, joint venture, employment, franchise, or agency relationship between the Parties. Neither Party has the power to bind the other or incur obligations on the other Party’s behalf without the other Party’s prior written consent. Nothing in the Agreement confers on any third party the right to enforce any provision of the Agreement.
12.2 Subcontractors; Marketplace Partners. Awardco may subcontract aspects of the Awardco Services to third parties and may permit its subcontractors to exercise the rights granted to Awardco under the Agreement in order to provide the Awardco Services; provided, that Awardco will remain responsible for: (a) compliance of its subcontractors with the terms of the Agreement; and (b) the overall performance of the Awardco Services as required under the Agreement. In addition, Awardco may utilize Marketplace Partners in connection with the Awardco Services and the provision of Redemptions to Authorized Users. Marketplace Partners will not be considered subcontractors of Awardco under the Agreement. Awardco may add or remove Marketplace Partners in connection with the Awardco Services at any time in its sole and reasonable discretion. Awardco will work diligently with Customer to promptly address any issues or failures caused by a Marketplace Partner in connection with an Authorized User’s proper use of the Awardco Services.
12.3 Assignment. The Agreement will bind and inure to the benefit of each Party’s permitted successors and assigns. Neither Party may assign the Agreement without the other Party’s advanced written consent, except that: (a) Awardco may assign the Agreement to its Affiliate; and (b) each Party may assign the Agreement in connection with a merger, reorganization, acquisition, or other transfer of all or substantially all of its assets or voting securities, provided that the assignee (i) is not insolvent or otherwise unable to pay its debts as they become due, and (ii) is bound hereby. Any attempt to transfer or assign the Agreement (including any Order Form) except as authorized under this Section 12.3 will be void.
12.4 Notices. All notices or communications under the Agreement must be in writing. Customer must send any notices under the Agreement (including breach notices and warranty and indemnity claims) to Awardco, in English to firstname.lastname@example.org with a physical copy sent to Awardco, Inc. at 2080 W 400 N, Lindon, UT 84042, Attn: Legal Department. Awardco may send notices to the email address for Customer’s designated representative(s) or, at Awardco’s option, to Customer’s last-known postal address. Neither Party is responsible for any automatic filtering that it or its network provider may apply to email notifications. Any notice delivered or made by messenger, electronic mail or postal mail will be deemed to be given on the date of actual delivery as shown by messenger receipt, or other verifiable electronic receipt, or the registry or certification receipt.
12.5 Publicity. Neither Party will use the other Party’s name or logo, or refer to the identity of the other Party in promotional material, publications, or press releases or other forms of publicity relating to the Awardco Services, unless the prior written consent of the other Party has been obtained; provided, however, that during the Term: (a) Awardco may use Customer’s name and logo for the limited purpose of identifying Customer as a customer of the Awardco Services; and (b) Customer may use Awardco’s name and logo for the limited purpose of identifying Awardco as the provider of the Awardco Services to Customer.
12.6 Force Majeure. Any delay in performance (other than for the payment of amounts due) under the Agreement due to causes beyond the reasonable control of the performing Party, such as a strike, blockade, war, act of terrorism, riot, natural disaster, epidemic, pandemic, failure or reduction of power or telecommunications or data networks or services, or government act, is not a breach of the Agreement. The time for performance will be extended for a period equal to the duration of the conditions preventing performance.
12.7 Export Control. Each Party will comply with all applicable export control laws. Customer represents and warrants that it is not on any government list of prohibited or restricted parties or located in (or a national of) a country subject to a government embargo or that has been designated by the government as a “terrorist supporting” country.
12.8 Severability. If any provision of the Agreement is found by any court of competent jurisdiction to be illegal, unenforceable, or invalid, that provision will be limited to the minimum extent necessary so that the Agreement may otherwise remain in full force and effect.
12.9 Waiver. No waiver of any provision of the Agreement will be effective unless in writing and executed by an authorized representative of the waiving Party. Waiver by either Party of any breach or default of the Agreement is not deemed a waiver of any other breach or default.
12.10 Survival. The following sections of this SSA survive any expiration or termination of the Agreement: Section 1 (Definitions); Section 4.3 (Analytics Data); Section 5 (Payment of Fees and Redemptions); Sections 6.3 (Effect of Termination); Section 6.4 (Survival); Section 7 (Confidential Information); Section 8 (Intellectual Property Rights); Section 9.2 (Disclaimers); Section 10 (Indemnification); Section 11 (Limitations of Liability); Section 12 (General); and any other section or provision that by its nature is intended to survive any expiration or termination of the Agreement.
12.11 Governing Law. The Agreement and any claims related to its subject matter will be governed by the laws of the State of Utah, without references to its conflicts or choice of law principles. Any legal action or proceeding between the Parties relating to the Agreement will be brought exclusively in the United States District Court for the District of Utah or the state courts located in Salt Lake City, Utah, and both Parties submit to the personal jurisdiction of, and agree that venue is proper in, these courts. The Uniform Computer Information Transaction Act (where enacted) and the United Nations Convention on Contracts for the Sale of Goods do not apply to the Agreement.
12.12 Entire Agreement. The Agreement constitutes the complete and exclusive agreement between the Parties concerning its subject matter. The Agreement supersedes all prior or contemporaneous oral or written communications, slide decks, proposals, presentations, comments, statements, and representations with respect to the Awardco Services or any other subject matter covered by the Agreement. The Agreement, including any Order Form, may be changed only by a written agreement signed by an authorized representative of both Parties. In the event of a conflict between this SSA and an Order Form, this SSA will control unless there is a “Special Terms” section in the applicable Order Form that clearly specifies that the text in such section modifies this SSA.
DATA PROCESSING AGREEMENT
This Data Processing Agreement (“DPA”) may be incorporated by reference into a Software as a Service Agreement (the “SSA”) between Awardco, Inc. (“Processor”) and a customer of Awardco (such customer and, to the extent required under Applicable Data Protection Laws, its Authorized Affiliates, collectively “Controller”). Processor and Controller may be referred to collectively as the “Parties” and each individually as a “Party”. All capitalized terms contained but not defined in this DPA have the meaning given to them in the SSA.
Processor provides certain Awardco Services to Controller pursuant to the SSA, and in the course of providing such Awardco Services Processor may Process Personal Data on behalf of Controller. To ensure adequate safeguards with respect to the Processing of Personal Data provided by Controller to Processor, the Parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
“Applicable Data Protection Laws” means all applicable laws, regulations, regulatory guidance, or requirements in any jurisdiction relating to data protection, privacy, or confidentiality of Personal Data including but not limited to (a) the GDPR together with any transposing, implementing or supplemental legislation, and (b) the CCPA.
“Authorized Affiliate” means any of Controller’s Affiliates which (a) are subject to Applicable Data Protection Laws, and (b) are permitted to use Processor for Processing pursuant to the SSA.
“CCPA” means the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., and its implementing regulations, as amended from time to time.
“Controller” means the entity which determines the purposes and means of the Processing of Personal Data. For the avoidance of doubt, the Party identified as “Controller” above is the Controller under this DPA.
“Data Breach” means a breach of security leading to the accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure of, access to, or other Processing of Personal Data transmitted, stored, or otherwise Processed.
“Data Protection Authority” means any representative or agent of a government entity or agency who has the authority to enforce Applicable Data Protection Laws.
“Data Subject” means a natural person to whom Personal Data relates.
“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
“Personal Data” means any information that is considered “personal information,” “personal data,” or “personally identifiable information,” or any functional equivalent of these terms under any applicable laws relating to data privacy, data protection, or cybersecurity.
“Process” shall mean any operation or set of operations which is performed upon Personal Data by the or in connection with and for the purposes of the provision of the Awardco Services, whether or not accomplished by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction; and as otherwise defined by Applicable Data Protection Laws.
“Processor” means the entity which Processes Personal Data on behalf of Controller. For the avoidance of doubt, the Party identified as “Processor” above is the Processor under this DPA.
“Service Provider” means a sole proprietorship, partnership, limited liability company, corporation, association, or other legal entity that is organized or operated for the profit or financial benefit of its shareholders or other owners, that process information on behalf of a Data Controller and to which the Data Controller discloses a Data Subject’s Personal Data for a Business Purpose pursuant to a written contract, provided that the contract prohibits the Service Provider from retaining, using, or disclosing the Personal Data for any purpose other than for the specific purpose of performing the services specified in the contract, or as otherwise permitted by the CCPA, including retaining, using, or disclosing the Personal Data for a Commercial Purpose other than providing the services specified in the contract with the Data Controller. The terms “Business Purpose” and “Commercial Purpose” have the same meaning as those terms are used in the CCPA. For the avoidance of doubt, Processor is a Service Provider.
“Sub-processor” means any entity which Processes Personal Data on behalf of Processor.
2.1 Roles of the Parties. The parties acknowledge and agree that with respect to the Processing of Personal Data, customer is the Controller and Awardco, Inc. is the Processor or Service Provider. The subject matter, duration, purpose of the Processing, and the types of Personal Data and categories of Data Subjects Processed under this DPA are further specified in Schedule 1 below.
2.2 Controller’s Obligations. Controller’s instructions for the Processing of Personal Data shall comply with Applicable Data Protection Laws. Controller shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Controller acquires Personal Data and provides it to Processor.
2.3 Processor’s Obligations. All Personal Data Processed by Processor pursuant to the SSA is Confidential Information and Processor will Process Personal Data only in accordance with Controller’s documented instructions set forth in Schedule 1 or as otherwise provided by Controller in writing. Processor will not sell the Personal Data Processed under this DPA and will not retain, use, or disclose Personal Data outside of the direct business relationship between Processor and Controller. Processor shall comply with all Applicable Data Protection Laws with regard to Processing Personal Data. Processor will not combine Personal Data provided by Controller with Personal Data that it receives from other sources. In the event Processor believes that compliance with any instructions by Controller would result in a violation of any Applicable Data Protection Law, Processor shall notify Controller thereof in writing without delay. Processor shall make available to Controller all information necessary to demonstrate Processor’s compliance with its obligations under this DPA.
2.4 Assistance Requirements. Processor shall assist Controller with the following: compliance with Applicable Data Protection Laws when required by Applicable Data Protection Laws; suspected and relevant Data Breaches; notifications to, or inquiries from a Data Protection Authority; notifications to, and inquiries from, Data Subjects; and Controller’s obligation to carry out data protection impact assessments and prior consultations with a Data Protection Authority.
3.1 Processor’s Notification Obligations. Processor shall immediately notify Controller, in writing, of the following:
3.1.1 A Data Subject’s request to exercise their privacy rights such as accessing, rectifying, erasing, transporting, objecting to, or restricting their Personal Data;
3.1.2 Any request or complaint received from Controller’s customers or employees;
3.1.3 Any question, complaint, investigation, or other inquiry from a Data Protection Authority;
3.1.4 Any request for disclosure of Personal Data that is related in any way to Processor’s Processing of Personal Data under this DPA;
3.1.5 A Data Breach pursuant to the notification obligations set forth in Section 7.1; and
3.1.6 Where the Personal Data becomes subject to search and seizure, an attachment order, confiscation during bankruptcy or insolvency proceedings, or similar events or measures by third parties while being Processed.
Processor will assist Controller in fulfilling Controller’s obligations to respond to requests relating to Sections 3.1.1 through 3.1.6 above and will not respond to such requests without Controller’s prior written consent unless Processor is required to respond by applicable law.
4.1 Confidential Information. All Personal Data provided to Processor pursuant to the SSA is Confidential Information.
4.2 Processor’s Personnel. Processor shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities, and have executed written confidentiality agreements, and further that such confidentiality obligations survive the termination of their respective employment relationship with such individuals.
4.3 Limitation of Access. Processor shall ensure that Processor’s access to Personal Data is limited to those personnel performing the Awardco Services in accordance with the SSA.
5.1 Appointment of Sub-processors. Controller acknowledges and agrees that Processor and Processor’s Affiliates may engage third-party Sub-processors in connection with the provision of the Awardco Services. Processor or Processor’s Affiliate shall enter into a written agreement with each Sub-processor containing data protection obligations not less protective than those in this DPA to the extent applicable to the nature of the services provided by such Sub-processor.
5.2 Notification of Changes to Sub-processors. Processor will notify Controller in writing of any intended changes concerning the addition or replacement of Sub-processors at least thirty (30) days prior to its use of such new Sub-processor.
5.3 Objection Right for New Sub-processors. Controller may object to Processor’s use of a new Sub-processor by notifying Processor promptly in writing within fourteen (14) days after receipt of Processor’s notice under Section 5.2. In the event Controller objects to a new Sub-processor, Processor will use reasonable efforts to make available to Controller a change in the Awardco Services to avoid Processing of Personal Data by the objected-to new Sub-processor. If Processor is unable to make available such change, Controller may terminate the SSA with respect to those Awardco Services which cannot be provided by Processor without the use of the objected-to new Sub-processor.
5.4 Liability for Acts of Sub-Processors. Processor shall be liable for the acts and omissions of its Sub-processors to the same extent Processor would be liable if performing the services of each Sub-processor directly under the terms of this DPA.
6.1 Protection of Personal Data. Processor shall maintain appropriate technical and organizational measures for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Personal Data), confidentiality and integrity of Personal Data taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
6.2 Audit Rights. Controller, or Controller’s designee, has the right to audit and inspect, at Controller’s sole cost and expense, Processor’s premises, policies, procedures, and computer systems to make sure Processor complies with the requirements in this DPA. Such audit and inspection shall be commercially reasonable in scope and nature and will be subject to Processor’s confidentiality obligations with Processor’s other clients. Controller, or Controller’s designee, will provide at least 72 hours written notice before conducting an audit, unless, under applicable law, such audit is required due to a Data Breach involving Processor.
7.1 Data Breach Notification. Processor shall notify Controller in writing without undue delay after becoming aware of a Data Breach.
7.2 Data Breach Management. Processor shall make reasonable efforts to identify the cause of such Data Breach and take those steps as Processor deems necessary and reasonable to remediate the cause of such a Data Breach to the extent the remediation is within Processors reasonable control.
8.1 Termination. This DPA shall terminate automatically upon the later of (a) the termination or expiration of the SSA, or (b) Processor’s deletion or return of Personal Data. Controller shall further be entitled to terminate this DPA for cause if Processor is in material or persistent breach of this DPA which, in the case of a breach capable of remedy, shall not have been remedied within thirty (30) days from the date of receipt by Processor of a notice from Controller identifying the breach and requesting its remedy.
8.2 Return or Deletion of Data. Upon termination of this DPA, Processor will delete or return all existing copies of Personal Data unless applicable law requires continued retention of the Personal Data. Upon the request of Controller, Processor shall confirm compliance with such obligations in writing and delete all existing copies. In instances where applicable law requires Processor to retain Personal Data, Processor will protect the confidentiality, integrity, and accessibility of the Personal Data; will not actively Process the Personal Data; and will continue to comply with the terms of this DPA.
9. MECHANISMS FOR INTERNATIONAL TRANSFERS.
9.1 Transfers Outside of the EU. During the provision of the Awardco Services, it may be necessary for Controller to transfer Personal Data from the European Union, the European Economic Area and/or their member states, the United Kingdom, or Switzerland to Processor in a country that does not have an adequacy decision from the European Commission or is not located in the European Economic Area. In the event of such a transfer, the Standard Contractual Clauses apply as follows:
9.1.1. In relation to Personal Data that is subject to the GDPR (i) Processor will be deemed the “data importer” and Controller is the “data exporter”; (ii) the Module Two terms shall apply where Controller is a Data Controller and where Processor is a Data Processor; (iii) in Clause 7, the optional docking clause shall be deleted; (iv) in Clause 9 of Module Two, Option 2 shall apply and the list of Sub-processors and time period for notice of changes shall be as agreed under Section 5 of this DPA; (v) in Clause 11, the optional language shall be deleted; (vi) in Clause 17, Option 1 shall apply and the Standard Contractual Clauses shall be governed by the member state where Controller is domiciled; (vii) in Clause 18(b), disputes shall be resolved before the courts of the member state where Controller is domiciled; (viii) Annex I and Annex II shall be deemed completed with the information set out in Schedule 1 of this DPA respectively; and (ix) if and to the extent the Standard Contractual Clauses conflict with any provision of the SSA (including this DPA) the Standard Contractual Clauses shall prevail to the extent of such conflict. For this section, the Standard Contractual Clauses from the Commission Implementing Decision (EU) 2021/914 are incorporated by reference and available here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en.
9.1.2. In relation to Personal Data that is subject to UK Data Protection Laws, the International Data Transfer Agreement (“IDTA”) shall apply with the following modifications: (i) the contact information about the parties to the SSA is the contact information for the IDTA; (ii) Controller is the data exporter and Processor is the data importer; (iii) the laws that govern the IDTA and the location where legal claims can be made is England and Wales; (iv) the UK GDPR does not apply to the data importer’s processing of transferred data; (v) the Parties do not use the additional security or commercial clauses from the IDTA; and (vi) the information in this DPA and Schedule 1 can be used for Tables 1-4. For this section, the Standard Contractual Clauses from the Information Commissioner’s Office are incorporated by reference and available here: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/.
9.1.3. In relation to Personal Data that is subject to the Swiss DPA, the Standard Contractual Clauses referenced in Section 9.1.1 shall apply with the following modifications (i) references to "Regulation (EU) 2016/679" shall be interpreted as references to the Swiss DPA; (ii) references to "EU", "Union" and "Member State law" shall be interpreted as references to Swiss law; and (iii) references to the "competent supervisory authority" and "competent courts" shall be replaced with the "the Swiss Federal Data Protection and Information Commissioner " and the "relevant courts in Switzerland".
9.2. Alternative Data Transfer Mechanisms. The Parties acknowledge that the laws, rules and regulations relating to international data transfers are rapidly evolving. In the event that Controller adopts another mechanism authorized by applicable laws, rules or regulations to transfer Personal Data (each an “Alternative Data Transfer Mechanism”), the Parties agree to work together in good faith to implement any amendments to this DPA necessary to implement the Alternative Data Transfer Mechanism.
10.1. Amendments. This DPA may not be amended or supplemented, nor shall any of its provisions be deemed to be waived or otherwise modified, except through a writing duly executed by authorized representatives of both Parties.
10.2 Governing Law. This DPA shall be governed by the governing law set forth in the SSA.
SCHEDULE 1 to DPA
Description of Processing
For Processor: 2080 W 400 N, Lindon, UT 84042 Data Privacy Officer, email@example.com
For Controller: The individual address, and email set forth in the applicable Order Form under the SSA
The subject matter of Processing is the Awardco Services pursuant to the SSA.
The duration of Processing is as set forth in the SSA.
Extent, Type and Purpose of the Processing
The extent, type and purpose of the Processing is as set forth in the SSA.
Frequency of Transfer
The frequency of transfer is continuous.
Personal Data Processing may relate to Controller’s employees.
A table that sets forth Processor’s list of Sub-processors that will receive Personal Data, the subject matter for those transfers, how that information will be processed, and the duration of processing is available to Controller upon written request to firstname.lastname@example.org.
Categories of Data
The Personal Data Processed may concern the following categories of data:
· Identifying Information
· Social and Contact Information
· Tracking Data
Technical and Organizational Measures to Secure Data
Technical security measures: Processor employs endpoint protection, anti-malware and EDR on all machines. All endpoints are encrypted. MFA and SSO are required to log into Processor systems. All corporate endpoints are managed with the capability to wipe the machines. No employees have admin access to their machines. Processor production environment utilizes several next gen firewalls and load balancers to only allow approved traffic into the environment. Corporate, development, and production environments are all segmented and cannot access each other. All data at rest is encrypted using AES256. All data in transit is encrypted using TLS 1.2. Processor backs up the data every five minutes. Processor has a DR site that is ready to take traffic at any moment should the need arise. Processor utilizes a SOC to monitor the environment 24/7. Processor also monitors the production environment with Microsoft Security Center. Processor uses a DLP system to prevent private data from being moved, copied or stolen.
Organizational measures: Only select authorized individuals have access to the production environment. Processor uses role-based access with least privilege. Processor provides annual security and privacy training to all employees. The same training is given to all new hires. Policies and procedures are written and accessible to all employees.