Master software and services terms
MASTER SOFTWARE AND SERVICES TERMS
These Master Software and Services Terms (these “Terms”) are entered into as of the date of the later of the two signatures below (the “Effective Date”) and govern the Services (as defined below) identified in a proposal, quote, online registration or ordering process, order, or similar document incorporating these Terms by reference (each, an “Order”) to be provided by or on behalf of ComplianceMetrix, Inc. (“ComplianceMetrix” or “CMX1”) to [CUSTOMER ENTITY NAME] (“you” or “your”) through one or more of the ComplianceMetrix websites located at https://www.cmx1.com/ and https://www.ComplianceMetrix.com/ (each, the Site”) or the ComplianceMetrix online application suite (together with the Site, the “CMX1 Platform”), or that ComplianceMetrix otherwise provides or makes available to you. These Terms and each Order are collectively referred to as this “Agreement”. In the event of a conflict between these Terms and the terms of an Order, these Terms will control unless the conflicting term of the applicable Order expressly states otherwise.
- 1. DEFINITIONS. Capitalized terms used in this Agreement but not otherwise defined herein shall have the following meanings:
- 1.1 “CMX1 Service” means the on-line service delivered by ComplianceMetrix to you using the Software hosted by ComplianceMetrix and as made available by ComplianceMetrix through the access methods described in this Agreement. The CMX1 Service shall also include the use of Standard Modules, the Offline Module, and certain Non-Standard Modules (if applicable). The term CMX1 Service does not include Professional Services.
- 1.2 “Documentation” means the specifications and functional requirements published by ComplianceMetrix for the Services (as defined below) and provided to you in either electronic, online help files or hard-copy format. Marketing materials shall not be considered Documentation hereunder.
- 1.3 “Module” means an independent module of Software that enables specific functionality.
- 1.4 “Non-Standard Module” means either new Modules, customized Modules, enhanced Modules, or updated Modules created by ComplianceMetrix as part of the provision of Professional Services under a Statement of Work, and, subject to payment of additional Fees (as defined below), made available to you as part of the CMX1 Service.
- 1.5 “Offline Module” means a local, non-hosted Module of the Software that can “sync” with the CMX1 Service for data transmission.
- 1.6 “Professional Services” means any consulting, development, training, integration, implementation, quality assurance testing, or other professional services that ComplianceMetrix may perform for you during the Term (as defined below) as described in one or more statements of work signed by both parties, each of which are substantially similar to one of the forms in Exhibit D attached hereto (each, a “Statement of Work”).
- 1.7 “Software” means ComplianceMetrix’s proprietary computer software programs described in the applicable Order, including any Modules and updates and new releases thereto, made available to you (and your Users) under this Agreement in connection with the CMX1 Service.
- 1.8 “Standard Modules” means those Modules identified in the applicable Order that are made available to you as part of the CMX1 Service for no additional Fees.
- 1.9 “Transaction” means a record of a unit of work based on Your Data (defined below) processed and stored by the CMX1 Service.
- 1.10 “Users” means your employees, independent contractors, and other individuals who are authorized by you to use the Services (as defined below) on behalf of you and have been supplied user identifications and passwords by ComplianceMetrix for this purpose.
- 2. SERVICES.
- 2.1 Definition. The “Services” include:
- (a) all services, technology, data, information, programs, material, and other content (including, without limitation, the CMX1 Service, Module, Offline Module, and Software, as applicable) that ComplianceMetrix makes accessible to you through the CMX1 Platform, including on any desktop, mobile telephone, or handheld device (each, a “Device”) owned or controlled by you or your Users (collectively, “Subscription Services”); and
- (b) any other services that ComplianceMetrix otherwise provides to you; but the Services specifically exclude:
- i. Professional Services;
- ii. data or content of any type that you upload to the CMX1 Platform or that is otherwise provided by you (a) in the course of your access to, and use of, the CMX1 Service in accordance with this Agreement, (b) for ComplianceMetrix to perform Professional Services in accordance with this Agreement, or (c) in connection with the Services (“Your Data”);
- iii. Your Modifications (as defined in Section 8.1); and
- iv. shared materials created by ComplianceMetrix, you, Users, or other users of the Services that are published or made accessible through the CMX1 Platform, and may be available in a “Public Library” therein (“Shared Materials”).
- 2.2 Access. Subject to the terms and conditions of this Agreement, ComplianceMetrix grants to you, during the Term, a non-exclusive, non-transferable right to remotely access and use the CMX1 Service, and to install and use the then-current Offline Module, for the number of Users, Modules, and Transactions for which you have paid the applicable Fees, solely for the performance of your internal business purposes in accordance with the Documentation, the limitations set forth in the applicable Order (if any), and the other terms and conditions of this Agreement (including any browser or device requirements set forth in the Documentation or elsewhere).
- 2.3 Support and Service Levels. As part of the CMX1 Service and subject to the terms and conditions of this Agreement, including, without limitation, your payment of all applicable Fees, ComplianceMetrix shall provide support for the CMX1 Service as specified in Exhibit B. ComplianceMetrix reserves the right to modify the support services in its reasonable discretion from time to time, which modifications shall become effective upon notice to you. You are solely responsible for providing, at your own expense, all network access to the CMX1 Service, including, without limitation, acquiring, installing, and maintaining all telecommunications equipment, hardware, software, and other equipment as may be necessary to connect to, access, and use the CMX1 Service.
- 2.4 Modifications. ComplianceMetrix reserves the right to make changes to the Subscription Services in its sole discretion from time to time, including the functionality, performance, user interface, usability, and the service description published on the CMX1 Platform or that ComplianceMetrix provides to you (“Service Description”), and you agree that this Agreement will apply to any changes or updates to the Subscription Services. ComplianceMetrix will notify you of any change to the Subscription Services (other than No-Charge Services, as defined below) that reduces its functionality or features in any material respect or if it discontinues any applicable Services which are not replaced by a substantially equivalent function or feature. If ComplianceMetrix has notified you under this Section 2.4, you may terminate the affected Services upon providing notice to ComplianceMetrix within 30 days after the date of such notice, and ComplianceMetrix will refund any prepaid, unused Fees in respect of any such terminated Subscription Services. Nothing in this Section 2.4 limits ComplianceMetrix’s ability to discontinue any Services (or portions thereof) or to make changes as required to comply with applicable law, address a material security risk, or avoid a substantial economic or technical burden.
- 2.5 Subscription Term. ComplianceMetrix will make the Subscription Services available to you and your Users solely for your internal business operations during the subscription period specified in the applicable Order (“Subscription Term”) and in accordance with any usage restrictions specified in the applicable Order, Documentation, or CMX1 Product Module (set out in Exhibit B attached hereto).
- 2.6 Restrictions. You are responsible for all activities that occur under Your Accounts (as defined below) and will limit access to and use of the Subscription Services to authorized Users. Unless permitted by applicable law or except as otherwise expressly permitted in this Agreement or as otherwise authorized by ComplianceMetrix in writing, you must not (nor may you authorize any third party to):
- (a) rent, lease, distribute, license, sublicense, loan, sell, transfer, assign, distribute, or otherwise transfer or provide access to the Subscription Services to any third party;
- (b) reproduce, modify, adapt, alter, translate, or create derivative works of, the Subscription Services or remove or tamper with any disclaimers or other legal notices in the Subscription Services;
- (c) remove, alter, or obscure any proprietary notices (including copyright notices) of ComplianceMetrix or its licensors contained within the Documentation or displayed in connection with the Subscription Services;
- (d) reverse engineer, disassemble, decompile, transfer, exchange or translate the Subscription Services, or otherwise attempt to obtain or derive the source code or API of the Subscription Services;
- (e) interfere in any manner with the operation of the Subscription Services;
- (f) install and use older versions of the Offline Module;
- (g) incorporate the Subscription Services into any service that you provide to a third party;
- (h) use the Subscription Services to provide services, or to create a service that competes with the Subscription Services; or
- (i) otherwise use the Subscription Services except as expressly allowed under this Agreement.
- 2.1 Definition. The “Services” include:
- You must promptly notify ComplianceMetrix in writing of any breach of the above conditions of use. You are solely responsible for ensuring that your Devices and systems are compatible with the Subscription Services and meet any minimum requirements specified on the CMX1 Platform.
- 3. PROFESSIONAL SERVICES. Subject to the terms and conditions of this Agreement and the Professional Services Schedule attached hereto as Exhibit A, including the payment by you of the Professional Service Fees set forth in a Statement of Work, ComplianceMetrix shall provide to you the Professional Services.
- 4. NO-CHARGE SERVICES. ComplianceMetrix may offer certain Services to you at no charge, including free accounts, trial use, and access to pre-release and beta products (“No-Charge Services”). Your use of No-Charge Services is subject to any additional terms that ComplianceMetrix specifies from time to time and is only permitted for the period designated by ComplianceMetrix, or if no such period is designated, 30 days. ComplianceMetrix may terminate your right to use No-Charge Services at any time and for any reason in ComplianceMetrix’s sole discretion, without liability to you.
- 5. YOUR ACCOUNTS.
- 5.1 You must register for an account in order to use, access, or receive the Subscription Services and to receive notices and information from ComplianceMetrix (“Customer Account”).
- 5.2 All Users must establish a named account on the CMX1 Platform (“User Account”). Each User will be assigned a unique user identification name and password (“User ID”) for access to and use of the Subscription Services. You shall be responsible for ensuring the security and confidentiality of your User IDs. User IDs may not be shared within your organization. Your access to and use of the Subscription Services will be limited to the number of Users, Modules, or Transactions (as the case may be) for which you have paid the applicable Fees. You will use commercially reasonable efforts to prevent unauthorized access to, or use of, the Subscription Services, and notify ComplianceMetrix promptly of any such unauthorized use. If you wish to add additional Users, Modules, or Transactions, you will follow the procedure(s) specified by ComplianceMetrix which may include your use of a user administration interface, an automated data feed/web service, or a written/email request to ComplianceMetrix. ComplianceMetrix reserves the right to require any person who shall have access to the Subscription Services to execute an end-user agreement pursuant to which such person agrees to comply with terms and conditions consistent with this Agreement.
- 5.3 You may specify one or more administrators who may elect to have password protected rights to access administrative account(s) (“Admin Account(s)”) to administer the Subscription Services and User Accounts.
- 5.4 You are responsible for all actions taken through your Customer Account and all User Accounts and Admin Accounts under your Customer Account (together, “Your Accounts”) and all User IDs associated therewith. At a minimum, you shall:
- (a) maintain the confidentiality of the User IDs associated with each of Your Accounts;
- (b) ensure that only those individuals authorized by you have access to Your Accounts; and
- (c) ensure that all activities that occur in connection with Your Accounts comply with this Agreement.
- 6. INTELLECTUAL PROPERTY RIGHTS.
- 6.1 ComplianceMetrix and its licensors own and retain all rights, title, and interest, in, to, and associated with the CMX1 Service, Software, Documentation, and any other Services (and all improvements and modifications thereto and all derivatives thereof) including all worldwide intellectual property rights therein, including, without limitation, all copyright, trade or service marks, designs, know how, inventions, patents, patent applications, rights in circuit layouts, domain names, trade names, moral rights, and other proprietary rights, whether registered or unregistered (“Intellectual Property Rights”). All rights in and to the CMX1 Service, Software, and Services not expressly granted to you in this Agreement are reserved by ComplianceMetrix and its licensors
- 6.2 Subject to the rights granted in this Agreement, as between the parties you retain all right, title, and interest in and to Your Data, and ComplianceMetrix acknowledges that it neither owns nor acquires any additional rights in and to Your Data not expressly granted by this Agreement. You are solely responsible for the accuracy, content, and legality of all Your Data.
- 7. INTEGRATION WITH THIRD PARTY PRODUCTS.
- 7.1 You may choose, in your sole discretion, to integrate the Services with third party products or services (“Third Party Products”). If you choose to use any Third Party Products in connection with the Services, ComplianceMetrix may provide such third parties access to or use of Your Data to the extent required for the interoperation of the Services with the applicable Third Party Product. Your use of any Third Party Product will be subject to the applicable agreement between you and the relevant third party provider. ComplianceMetrix is not responsible for any access to or use of Your Data by such third party providers. COMPLIANCEMETRIX DISCLAIMS ALL LIABILITY FOR ANY THIRD PARTY PRODUCTS AND FOR THE ACTS OR OMISSIONS OF ANY THIRD PARTY PROVIDERS OF THIRD PARTY PRODUCTS.
- 8. YOUR DATA AND YOUR MODIFICATIONS.
- 8.1 You hereby grant to ComplianceMetrix a non-exclusive, non-transferable right and license to use Your Data during the Term for the limited purposes of performing ComplianceMetrix's obligations and exercising its rights hereunder. ComplianceMetrix shall not use Your Data for the benefit of any other customer of ComplianceMetrix, or for any other purpose other than those set forth in this Agreement, without your prior approval; provided, however, ComplianceMetrix may use Your Data in a sufficiently redacted, anonymized, or scrambled format for purposes of benchmarking, testing, demonstration, or improving the Services; and provided further that ComplianceMetrix may use Your Data to generate aggregated data sets, reports, and analysis relating to technical data about customer use of the Services in a form that is anonymized and does not identify you or any individual (“Aggregated Data”). You acknowledge and agree that ComplianceMetrix will own all Intellectual Property Rights in Aggregated Data. ComplianceMetrix may use Aggregated Data to analyze, improve, support, and operate the Services and for related internal business purposes.
- 8.2 You represent and warrant that you (a) will comply, and will cause your Users to comply, with all applicable laws, rules, and regulations in your and your Users’ use of the Services, and (b) have made all necessary disclosures and obtained or otherwise possess all consents, permissions, and other rights required or necessary to (i) collect, share, and use Your Data as contemplated in this Agreement, and (ii) provide Your Data to ComplianceMetrix and for ComplianceMetrix to use Your Data pursuant to this Agreement.
- 8.3 To the extent permitted by the functionality provided by the Subscription Services, you may modify a template, an activity, a standard, a specification, or a workflow in the Subscription Services for the purposes of developing customizations and additional features of a template, training course, or incident workflow (“Your Modifications”).
- 8.4 If you elect to publicly share any of Your Data or Your Modifications with ComplianceMetrix or other users through the functionality provided by the Subscription Services (“Your Shared Materials”), you hereby grant ComplianceMetrix and each other user that downloads Your Shared Materials a non-exclusive, worldwide, perpetual, irrevocable, royalty-free license (including the right to sublicense) to use, develop, modify, reformat, publish, distribute to third parties, and exercise any other Intellectual Property Rights you have in Your Shared Materials.
- 8.5 You represent and warrant that Your Data and Your Modifications (including any of Your Shared Materials):
- (a) are not unlawful, defamatory, offensive, obscene, harmful, of bad taste, or inappropriate;
- (b) comply with the ComplianceMetrix policies provided to you during the Term, as may be updated from time to time (“ComplianceMetrix Policies”);
- (c) are not false, misleading, or inaccurate;
- (d) do not infringe, misappropriate, or violate any third party’s rights (including, without limitation, Intellectual Property Rights);
- (e) comply with all applicable laws, rules, and regulations; and
- (f) are not infected with viruses or any other malicious computer code, files, or programs.
- 8.6 You acknowledge and agree that ComplianceMetrix may remove, delete, or modify any of Your Data or Your Modifications (including any of Your Shared Materials) from the Services and CMX1 Platform if ComplianceMetrix suspects (acting in good faith) that any of the representations and warranties set out in Section 8.5 are, or are likely to be, untrue.
- 8.7 You acknowledge and agree that you are responsible for preparing and maintaining backups of Your Data and Your Modifications.
- 8.8 You shall indemnify, defend, and hold ComplianceMetrix and its affiliates, service providers, officers, employees, contractors, agents, representatives, and customers (“those indemnified”) harmless from and against any and all claims, costs, damages, losses, liabilities, and expenses (including reasonable attorneys’ fees) arising out of or in connection with ComplianceMetrix's use of Your Data as permitted hereunder or any claim brought against those indemnified by a third party relating to Your Data or Your Modifications (including any of Your Shared Material), including but not limited to any claim relating to infringement of the rights of a third party (including Intellectual Property Rights), or any representations or warranties that you make about Your Data, Your Modifications, or the Services. ComplianceMetrix agrees to provide: (i) prompt written notice to you of any such claim (except that failure to timely provide such notice will relieve you of your obligations only to the extent you are materially prejudiced as a direct result of such delay); (ii) the right to control and direct the investigation, defense, or settlement of such claim; and (iii) all reasonably necessary cooperation of ComplianceMetrix at your expense. Notwithstanding the foregoing, ComplianceMetrix may participate at its own expense in the defense and any settlement discussions, and will have the right to approve any settlement agreement that involves an admission of fault by ComplianceMetrix or imposes non-monetary obligations on ComplianceMetrix; provided, however, that such approval will not be unreasonably withheld.
- 9. DOWNLOADING SHARED MATERIALS.
- 9.1 If you download Shared Materials, to the extent permitted by law:
- (a) your use of Shared Materials is at your own risk;
- (b) ComplianceMetrix has no, and expressly disclaims all, liability to you and any third party in respect of your use of Shared Materials; and
- (c) it is your responsibility to assess (and if necessary, obtain professional advice on) the suitability of Shared Materials for your purposes and any modifications required to meet those purposes.
- 9.1 If you download Shared Materials, to the extent permitted by law:
- 10. CONFIDENTIALITY.
- 10.1 In this Agreement, “Confidential Information” of a party means all information of a confidential or proprietary nature including, without limitation, information about its business, operations, strategy, administration, technology, affairs, clients, customers, employees, contractors, or suppliers, but does not include any Shared Materials. Confidential Information includes information that is marked or identified as confidential and, if not marked or identified as confidential, information that should reasonably have been understood by the receiving party (“Recipient”) to be proprietary or confidential to the disclosing party (“Discloser”) or to a third party, because of legends or other markings, the circumstances of disclosure, or the nature of the information itself. The Software and Documentation shall be considered ComplianceMetrix's Confidential Information, notwithstanding any failure to mark or identify it as such, and Your Data shall be considered your Confidential Information, notwithstanding any failure to mark or identify it as such.
- 10.2 Recipient shall keep confidential and not disclose to any third party Confidential Information of Discloser, with the exception that a Recipient may disclose such Confidential Information:
- (a) to:
- i. a third party with the prior written consent of Discloser (in each case); and
- ii. Recipient’s, or Recipient’s affiliates’ or subsidiaries’, officers, agents, professional advisers, employees, contractors, subcontractors, auditors and insurers (collectively, “Representatives”); and
- (b) provided that such each such recipient has a need to know such Confidential Information for purposes of this Agreement and is subject to confidentiality obligations no less stringent than those contained this Agreement with respect to that Confidential Information; and
- (c) where the Recipient is legally compelled to do so by any government or any governmental, administrative, regulatory, or judicial body, authority, tribunal, or agency, provided that Recipient (i) gives Discloser written notice prior to making such disclosure, if permitted by law, (ii) cooperates with the Discloser, at the Discloser’s reasonable request and expense, in any lawful action to contest or limit the scope of such required disclosure, and (iii) limits the disclosure to the extent legally compelled.
- (a) to:
- 10.3 Recipient may only use Confidential Information of Discloser for the purposes expressly permitted by this Agreement. Recipient will protect the Discloser’s Confidential Information from unauthorized use, access, or disclosure in the same manner as Recipient protects its own confidential or proprietary information of a similar nature and with no less than reasonable care. Recipient shall be responsible and liable for all actions and omissions of its Representatives with respect to the subject matter of this Section 10 as if they were those actions and omissions of Recipient.
- 10.4 Recipient’s obligations under this Section with respect to any Confidential Information of Discloser will terminate if and when the Recipient can document that such information: (a) was already lawfully known to Recipient at the time of disclosure by Discloser; (b) is disclosed to Recipient by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of Recipient has become, generally available to the public; or (d) is independently developed by Recipient without access to, or use of, Discloser’s Confidential Information.
- 10.5 Except as otherwise expressly provided in this Agreement, Recipient will return to Discloser or destroy all Confidential Information of Discloser in Recipient’s possession or control and permanently erase all electronic copies of such Confidential Information promptly upon the written request of Discloser or upon the expiration or termination of this Agreement (except for any computer records or files that have been created pursuant to Recipient’s automatic archiving and back-up procedures and the removal of which is not technically reasonable); provided, however, Recipient may retain one archival copy for record retention purposes and compliance with applicable law. Upon the request of Discloser, Recipient will certify in a writing signed by an officer of the Recipient that it has fully complied with its obligations under this Section 10.5.
- 10.6 Each party acknowledges that a breach or threatened breach of this Section 10 would cause irreparable harm to the non-breaching party, the extent of which would be difficult to ascertain. Accordingly, each party agrees that, in addition to any other remedies to which a party may be legally entitled, the non-breaching party shall have the right to seek immediate injunctive or other equitable relief in the event of a breach of this Section 10 by the other party or any of its Representatives.
- 11. PERSONAL DATA.
- 11.1 You specifically agree not to use the Services to collect, store, process, or transmit any Sensitive Data (as hereinafter defined). You acknowledge that ComplianceMetrix is not a Business Associate or subcontractor (as those terms are defined in HIPAA) or a payment card processor and that the Services are not compliant with HIPAA or PCI-DSS. ComplianceMetrix shall have no liability under this Agreement for Sensitive Data, notwithstanding anything to the contrary herein. “Sensitive Data” means any of the following: (i) patient, medical, health insurance, or other protected health information regulated by the Health Insurance Portability and Accountability Act (“HIPAA”) or similar state, federal, or industry laws; (ii) credit, debit, or other payment card data subject to the Payment Card Industry Data Security Standards (“PCI DSS”) (iii) social security numbers, driver’s license numbers, or other government ID numbers; (iv) any information deemed to be special categories of data as set forth in Article 9 of the EU General Data Protection Regulation or similar laws; or (v) other personal or sensitive information subject to regulation or protection under the Gramm-Leach-Bliley Act, the Children’s Online Privacy Protection Act, or similar foreign or domestic laws.
- 11.2 The terms of the Data Processing Addendum located at https://www.cmx1.com/data-processing-addendum (“DPA") is hereby incorporated by reference and will apply to the extent any Your Data includes Personal Data (as defined in the DPA).
- 11.3 Other than as expressly noted in this Section 11, you acknowledge that:
- (a) the Services have not been designed to meet the requirements of laws or standards that may apply to you in respect of Your Data, including, without limitation, HIPPA, PCI DSS, or any other law or standard applicable to the handling, storage, processing, transfer, security, or location of Your Data in any jurisdiction; and
- (b) it is your responsibility to satisfy yourself that your use of the Services will allow you to meet any legal obligations applicable to you in respect of Your Data, and ComplianceMetrix disclaims all liability for your non-compliance with any such laws or standards arising from your use of the Services.
- 12. ORDERS.
- 12.1 To use the Services you must complete an Order by either:
- (a) completing the online Order page located on the CMX1 Platform which contains details of:
- i. the Services being ordered;
- ii. the applicable Fees (as defined below);
- iii. the number of paid User Accounts that will form part of your organization in respect of Subscription Services (if applicable);
- iv. the Subscription Term applicable to any Subscription Services;
- v. the applicable billing details, and the currency in which you will be billed; and
- vi. if applicable, details of any other products made available by ComplianceMetrix in the future you wish to order; or
- (b) executing a paper-based Order provided by ComplianceMetrix in a substantially similar form as Exhibit C attached hereto and which sets out the relevant information in Section 12.1(a).
- (a) completing the online Order page located on the CMX1 Platform which contains details of:
- 12.1 To use the Services you must complete an Order by either:
- 13. FEES AND PAYMENT.
- 13.1 You shall pay to ComplianceMetrix (a) all fees for the Services in accordance with the rates and currency set out in each applicable Order (the “Subscription Services Fees”) and (b) all fees for Professional Services set forth in and in accordance with the applicable Statement of Work (the “Professional Services Fees” and together with the Subscription Services Fees, the “Fees”). Notwithstanding anything contained herein to the contrary, the CMX1 Service Fees are not conditioned upon or subject to the performance of any Professional Services, and other than where expressly provided for under this Agreement, all Fees are non-refundable, non-cancellable, and non-creditable.
- 13.2 You will be billed the Subscription Services Fees in accordance with the applicable Order as follows:
- i. for Subscription Services, you will be billed the applicable Fees annually in advance;
- (b) for Services other than Subscription Services, you will be billed the applicable Fees in accordance with the payment milestones specified in your Order, or if none are specified, in advance upon submitting the relevant Order. Services other than Subscription Services may be charged on a “fixed-fee” or “time and materials” basis, as specified in the relevant Order.
- 13.3 ComplianceMetrix will invoice you for Professional Services Fees, costs, and expenses pursuant to the applicable Statement of Work.
- 13.4 Your Fees, and any other amounts owing to ComplianceMetrix hereunder, will be billed using one of the following methods (as specified in the applicable Order or Statement of Work):
- (a) by direct debit of your credit card or debit card, in which case you authorize ComplianceMetrix to debit you in the month prior to the commencement of the applicable billing cycle;
- (b) by issuing an invoice in accordance with the billing cycle or payment milestones specified in the applicable Order or Statement of Work; or
- (c) by such other forms of payment that ComplianceMetrix makes available on the CMX1 Platform, which may be subject to additional terms and conditions.
- 13.5 Unless otherwise agreed upon by ComplianceMetrix, you shall pay all invoices hereunder within 30 days after receipt of the applicable invoice. Upon 10 days’ prior written notice and your failure to cure, ComplianceMetrix reserves the right (in addition to any other rights or remedies ComplianceMetrix may have) to discontinue the Subscription Services and suspend all User ID’s and your access to the Subscription Services if any Subscription Services Fees are more than 30 days overdue until such amounts are paid in full. All payments must be made in U.S. dollars. Outstanding balances shall accrue interest at a rate equal to the lesser of 1.5% per month and the maximum rate permitted by applicable law, from due date until paid, plus ComplianceMetrix’s reasonable costs of collection.
- 13.6 If you dispute any invoice or charge for which ComplianceMetrix has billed you (acting reasonably and in good faith) you must notify ComplianceMetrix of the dispute without unreasonable delay.
- 13.7 You are responsible for, and shall pay, any duties, customs fees, export or import fees, taxes (other than ComplianceMetrix’s income tax), and similar charges associated with transactions contemplated by this Agreement or the supply of the Services, Professional Services, or any other goods or services provided by ComplianceMetrix to you, including, without limitation, any VAT, GST, or other applicable sales or use taxes, and any related penalties or interest (collectively, “Taxes”), and you will pay ComplianceMetrix all Fees without any withholding for Taxes. If ComplianceMetrix is required to collect or pay Taxes, the Taxes will be invoiced to you. You shall provide ComplianceMetrix with any information ComplianceMetrix reasonably requests to determine whether ComplianceMetrix is obligated to collect Taxes from you, including, without limitation, your relevant Tax identification number.
- 14. WARRANTIES.
- 14.1 Services Warranty.
- (a) During the Term, ComplianceMetrix warrants that:
- i. Subscription Services (other than No-Charge Services), when used as permitted by ComplianceMetrix and in accordance with the instructions in the Documentation with an Approved Browser (as defined in Exhibit B), will conform in all material respects with the applicable Service Description or Documentation for the duration of the Subscription Term; and
- ii. ComplianceMetrix will use commercially reasonable efforts to prevent introduction of viruses, Trojan horses, or similar harmful materials (“Malicious Code”) into the Subscription Services. For the avoidance of doubt, ComplianceMetrix is not responsible for any Malicious Code introduced by third parties, or by you or your Users.
- (b) During the Term, ComplianceMetrix will, at its own expense and as its sole obligation and your exclusive remedy for any breach of the foregoing warranty, correct any reproducible error in the Subscription Services reported to ComplianceMetrix by you in writing during the Subscription Term. ComplianceMetrix does not warrant your use of the Services (including Subscription Services) will be error-free or uninterrupted, and ComplianceMetrix does not warrant any sensors, instruments, equipment, or other items that are not manufactured by ComplianceMetrix and which may operate or integrate with the Services, including without limitation, the accuracy of any data collected or reported by such third-party manufactured items.
- (a) During the Term, ComplianceMetrix warrants that:
- 14.2 Professional Services Warranty. ComplianceMetrix warrants to you that the Professional Services will be performed in a professional manner consistent with the applicable Statement of Work. ComplianceMetrix shall, as its sole obligation and your sole and exclusive remedy for any breach of the warranty set forth in this Section 14.2, re-perform the Professional Services which gave rise to the breach or, at ComplianceMetrix's option, refund the Professional Services Fees paid by you for the Professional Services which gave rise to the breach; provided that you shall notify ComplianceMetrix in writing of the breach within 30 days following performance of the defective Professional Services, specifying the breach in reasonable detail.
- 14.3 Disclaimer. The express warranties in Sections 14.1 and 14.2 are in lieu of, and ComplianceMetrix hereby disclaims, all other warranties, express, implied, or statutory regarding the Services, Professional Services, and any other goods or services provided by ComplianceMetrix to you, including, without limitation, any warranties of merchantability, title, non-infringement, fitness for a particular purpose, that operation of the Services will be uninterrupted or error free, that all defects will be corrected, and any warranties arising from course of dealing or course of performance. Except for the express warranties stated in Sections 14.1 and 14.2, access to the Services is provided “as is” with all faults.
- 14.1 Services Warranty.
- 15. LIMITATION OF LIABILITY.
- 15.1 To the maximum extent permitted by law, in no event will ComplianceMetrix be liable to you or any third party in connection with this Agreement, the Services, or the Professional Services, whether in contract, tort, or otherwise for:
- (a) your misuse of the Services, acts, or omissions of your Representatives;
- (b) Service outage or interruption, or any damage or losses, arising from networks or websites outside of ComplianceMetrix’s control;
- (c) any injury, damage to property, or loss to any person in relation to your use of the Services;
- (d) subject to Section 11, breach of any law applicable to your business activities, including, but not limited to, any work health and safety or food safety law, in connection with your use of the Services; or
- (e) any loss of profits, loss of revenue, loss of anticipated savings, loss of use, loss or corruption of data, costs of delay or procurement of substitute or replacement goods and services, business interruption, failure of security mechanisms, loss of goodwill, or any form of indirect, incidental, special, consequential, or punitive damages. The foregoing limitations will apply even if ComplianceMetrix has been advised of the possibility of such damages.
- 15.2 To the maximum extent permitted by law, in no event will either party’s total aggregate liability in connection with this Agreement, the Services, or the Professional Services, exceed the total Fees actually paid to ComplianceMetrix under this Agreement during the 12-month period immediately prior to the event giving rise to the liability.
- 15.3 The foregoing limitations of liability in Sections 15.1 and 15.2 will not apply to any breach of Sections 2.6, 5, or 10 or the indemnity obligations under Sections 8.8 or 16.
- 15.1 To the maximum extent permitted by law, in no event will ComplianceMetrix be liable to you or any third party in connection with this Agreement, the Services, or the Professional Services, whether in contract, tort, or otherwise for:
- 16. INDEMNIFICATION.
- 16.1 Subject to Section 16.3, ComplianceMetrix will defend you against any third party claim alleging that the Subscription Services or CMX1 Property (as defined in Exhibit A) infringe any U.S. copyrights or any U.S. patents or misappropriate any trade secrets of a third party (a “Claim”), and will indemnify you against any damages and costs finally awarded against you by a court of competent jurisdiction that are specifically attributable to such Claim or those damages and costs agreed to in writing by ComplianceMetrix in a monetary settlement of such Claim. The foregoing obligations are conditioned on you:
- (a) promptly providing written notice of any such Claim to ComplianceMetrix;
- (b) giving ComplianceMetrix the exclusive right to control and direct the investigation, defense, or settlement of such Claim; and
- (c) providing all reasonably necessary cooperation and assistance to ComplianceMetrix in the defense, investigation, and settlement negotiations of the Claim at ComplianceMetrix’s request and expense.
- 16.2 In the event the Subscription Services (or any portion thereof) or CMX1 Property becomes, or in ComplianceMetrix’s opinion is likely to become, the subject of an infringement claim, ComplianceMetrix may, in its sole discretion at its expense:
- (a) procure the right for your continued use of the Subscription Services or CMX1 Property (as the case may be) in accordance with this Agreement;
- (b) replace or modify the Subscription Services or CMX1 Property (as the case may be) so that it becomes non-infringing; or
- (c) terminate this Agreement upon written notice to you and refund you the Fees paid for the applicable Subscription Services or Professional Services during the 12-month period preceding the effective date of termination.
- 16.3 Notwithstanding the foregoing, ComplianceMetrix will have no obligation under this Section 16 or otherwise with respect to any infringement claim based upon:
- (a) or in connection with your use of No-Charge Services;
- (b) any use of the Services or CMX1 Property not in accordance with this Agreement or the Documentation or for purposes not intended by ComplianceMetrix (including, without limitation, as a result of misuse of the Subscription Service or use of the Subscription Service with any third party data (including any Shared Materials)),
- (c) any use of the Services or CMX1 Property in combination with other products, equipment, or software not intended by ComplianceMetrix to be used with the Services or CMX1 Property (as the case may be) (including, without limitation, in combination with any Third Party Products other than that for which the Subscription Services were designed or provided);
- (d) any of Your Data;
- (e) any modification to the Services or CMX1 Property made by any party or third party other than ComplianceMetrix or its authorized agents subcontractors; or
- (f) in connection with circumstances covered by your indemnification obligations under Section 8.8.
- 16.4 THIS SECTION 16 CONSTITUTES YOUR EXCLUSIVE REMEDY AND COMPLIANCEMETRIX’S ENTIRE LIABILITY, FOR ANY INFRINGEMENT CLAIMS AND ACTIONS.
- 16.1 Subject to Section 16.3, ComplianceMetrix will defend you against any third party claim alleging that the Subscription Services or CMX1 Property (as defined in Exhibit A) infringe any U.S. copyrights or any U.S. patents or misappropriate any trade secrets of a third party (a “Claim”), and will indemnify you against any damages and costs finally awarded against you by a court of competent jurisdiction that are specifically attributable to such Claim or those damages and costs agreed to in writing by ComplianceMetrix in a monetary settlement of such Claim. The foregoing obligations are conditioned on you:
- 17. TERM.
- 17.1 This Agreement commences on the Effective Date and will continue in effect so long as any Subscription Terms, Orders, or Statements of Work remain in effect, unless otherwise terminated in accordance with this Agreement (“Term”).
- 17.2 Unless otherwise set out in the relevant Order, each Subscription Term will automatically renew for periods equal to the initial Subscription Term at the then-current rates unless either party elects not to renew the Subscription Term by providing written notice to the other party at least 90 days prior to the expiration of the then-current Subscription Term, in which case your subscription will expire at the end of the then-current Subscription Term. Notwithstanding the foregoing, the term of each Statement of Work shall be set forth in such Statement of Work.
- 18. TERMINATION AND SUSPENSION.
- 18.1 You may terminate Subscription Services at any time by written notice or by following the online process specified on the CMX1 Platform for cancelling your Subscription Term. If you choose to terminate this Agreement in accordance with this Section 18.1, you will not be entitled to any credits or refunds as a result of such termination.
- 18.2 Either party may terminate this Agreement, or any particular Order(s) or Statement(s) of Work, immediately upon providing notice to the other party if:
- (a) the other party is in material breach of this Agreement and does not cure the breach within 30 days after written notice of the breach (10 days for nonpayment of any amounts past due); or
- (b) if the other party ceases to operate, has an administrator appointed, enters a deed of company arrangement, or other form of administration involving one or more of its creditors, is subject to an order that it be wound up, declared bankrupt, or that a liquidator or receiver be appointed, or otherwise becomes insolvent or is unable to meet its financial obligations.
- 18.3 ComplianceMetrix may suspend the Services (including any of Your Accounts) immediately, or terminate this Agreement in whole or part, including any particular Order(s) or Statement(s) of Work, if:
- (a) you are in material breach of this Agreement more than two times during the Term notwithstanding any cure of such breaches;
- (b) you have failed to pay any Fees within 30 days after the relevant due date;
- (c) you infringe ComplianceMetrix’s Intellectual Property Rights; or
- (d) your use of the Services or Professional Services breaches any applicable law or any of the ComplianceMetrix Policies.
- 18.4 ComplianceMetrix will notify you of any suspension or termination under Section 18.3 (where practicable).
- 18.5 If ComplianceMetrix suspends your use of the Services pursuant to its rights under this Agreement:
- (a) ComplianceMetrix will continue to charge you Fees during the suspension period and you must pay any outstanding Fees prior to ComplianceMetrix resuming the provision of the Services; and
- (b) ComplianceMetrix will only resume the provision of the Services once you have cured (to ComplianceMetrix’s reasonable satisfaction) the matter that caused the suspension.
- 19. EFFECT OF TERMINATION.
- 19.1 Upon the date that this Agreement expires or is terminated, then:
- (a) subject to any further access to the Subscription Services granted by ComplianceMetrix under Section 19.2(b), all rights granted by ComplianceMetrix to you in this Agreement will immediately cease to exist and you and your Users must cease all access to and use of the relevant Services, Your Modifications, and any Shared Materials;
- (b) if the Agreement or any Order or Statement of Work is terminated in accordance with Section 18.2:
- i. by you for ComplianceMetrix’s breach, then ComplianceMetrix will refund any prepaid, unused Fees that relate to the terminated Subscription Services; or
- ii. by ComplianceMetrix for your breach, then you must pay to ComplianceMetrix any and all outstanding Subscription Services Fees due for the remaining duration of any Subscription Term, and any Professional Services Fees that have accrued as of the effective date of termination, in each case, which will become immediately due and payable upon termination;
- (c) subject to Section 19.1(d), you shall delete any software or other materials that ComplianceMetrix has provided to you, or made accessible for download by you, for use in connection with the Services (including any Shared Materials) and Professional Services from any Devices; and
- (d) you shall return, or if requested by ComplianceMetrix, destroy all copies of the Offline Module, Documentation, and all of ComplianceMetrix’s Confidential Information in your possession or control and provide written certification to ComplianceMetrix that you have done so.
- 19.2 Within the 30-day period following the effective date of expiration or termination of this Agreement (the “Transition Period”), you shall notify ComplianceMetrix if you would like Your Data returned to you or deleted. If you notify ComplianceMetrix that you elect to have Your Data:
- (a) deleted (or fail to provide ComplianceMetrix notice of your election), then ComplianceMetrix will delete Your Data by removing pointers to it on ComplianceMetrix’s active and replication servers and overwriting it over time; or
- (b) returned, ComplianceMetrix will, at your election, and at no additional charge, transfer any of Your Data (in ComplianceMetrix's then-current standard XML format) to any of your designated and owned Amazon AWS S3 Bucket, or SFTP site with adequate storage space. Any other transfer of Your Data shall be subject to your payment of ComplianceMetrix's then-current applicable Fees. If you do not opt for the above transfer method, ComplianceMetrix will provide you with access to the relevant Subscription Service (other than a No-Charge Service) to access Your Data during the Transition Period provided that you continue to pay ComplianceMetrix the then-current rates for the applicable Subscription Services in respect of that period. ComplianceMetrix reserves the right, without providing any notice to you, to delete any and all of Your Data following the Transition Period
- 19.3 The following provisions will survive any termination or expiration of this Agreement: Sections 1, 2.6, 6, 7, 8, 9, 10, 13, 14.3, 15, 19, 20, 22, and any other Sections which by intent or meaning have validity beyond termination or expiration of this Agreement, together with any accrued payment obligations.
- 19.1 Upon the date that this Agreement expires or is terminated, then:
- 20. NON-SOLICITATION. During the Term of this Agreement and for 6 months thereafter, neither party may directly solicit for hire as an employee, any of the other party’s personnel (including, but not limited to, employees and independent contractors) who have had material direct involvement with the business relationship between the parties. Should either party wish to employ a person covered by this Section, they may only do so with the other party’s express written consent. Any violation of this provision shall constitute a material breach of this Agreement, and upon any such breach, the breaching party shall pay to the other party, liquidated damages consisting of the amount of all compensation (e.g., salary, bonuses, fees, etc.) paid or to be paid by the breaching party to the person during the first 12 months after such person was hired/retained by the breaching party. Each party acknowledges and agrees that the amount of liquidated damages stated herein is a good faith estimate of the training and personnel related investment costs the non-breaching party will lose if its employee or independent contractor is hired or retained by the breaching party. In the event this Section is deemed unenforceable for any reason, each party shall nevertheless be entitled to recover its actual damages resulting from the other party’s breach.
- 21. AMENDMENTS. ComplianceMetrix may update or modify the terms of the ComplianceMetrix Policies and any other documents referenced in this Agreement (including the Service Descriptions or Documentation) to respond to changes in ComplianceMetrix’s products, services, business, or as required by law, by giving notice to you.
- 22. GENERAL.
- 22.1 This Agreement shall not be construed to limit or prohibit ComplianceMetrix in any manner or fashion in providing products or services of any type of nature including those identical to the Services to any other customer in its sole discretion.
- 22.2 The relationship of the parties established under this Agreement is that of independent contractors and neither party is a partner, employee, agent, or joint venture partner of or with the other, and neither party has the right or authority to assume or create any obligation on behalf of the other party.
- 22.3 This Agreement will be governed by and interpreted in accordance with the laws of California, without reference to its choice of laws rules. The United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement. Any action or proceeding arising from or relating to this Agreement shall be brought in a federal or state court in San Diego, California, and each party irrevocably submits to the jurisdiction and venue of any such court in any such action or proceeding.
- 22.4 If any provision of this Agreement is held to be invalid, illegal, or unenforceable that provision shall be changed and interpreted to accomplish the objectives of such provision to the greatest extent possible under applicable law and the remainder of this Agreement shall continue in full force and effect and shall be construed in a manner as to give greatest effect to the original intention of this Agreement.
- 22.5 All waivers must be in writing. The failure of either party to exercise any right provided in this Agreement in any instance will not be deemed to be a waiver of such right.
- 22.6 Except where an exclusive remedy is expressly specified in this Agreement, the parties’ rights and remedies under this Agreement are cumulative and the exercise by either party of any remedy, including termination, will be without prejudice to any other remedies it may have under this Agreement, by law, or otherwise. If any legal action is brought by a party to enforce this Agreement, the prevailing party will be entitled to receive its attorneys’ fees, court costs, and other collection expenses, in addition to any other relief it may receive.
- 22.7 Except for any payment obligations, neither party will be liable hereunder by reason of any failure or delay in the performance of its obligations hereunder for any cause which is beyond the reasonable control of such party (for example, natural disaster, act of war or terrorism, pandemic, riot, labor condition, governmental action, power interruption, telecommunication, data, and internet disturbance) (“Force Majeure Event”).
- 22.8 Your use of any website or software that is not provided by ComplianceMetrix to access or download the Services will be governed by the terms and conditions applicable to that website or software. ComplianceMetrix is not responsible for any consequences resulting from the use of such website or software, including but not limited to any damage to your property, including your Device, or the transfer of any computer virus or similar malicious code, except to the extent such consequences are caused by the Services.
- 22.9 Any notices to you may either be posted on the CMX1 Platform, or given in writing (which may be by email) to the address last notified by you to ComplianceMetrix. Any notices, consents, and approvals for ComplianceMetrix hereunder must be delivered in writing by courier or nationally/internationally recognized overnight delivery service or by certified or registered mail (postage prepaid and return receipt requested) to: ComplianceMetrix, Inc., Attention: Legal Department, 4180 La Jolla Village Drive, Suite 570, La Jolla, CA 92037; and any questions, concerns, or complaints relating to the Services must be in writing and addressed to:
- (a) privacy@cmx1.com, if the inquiry is related to privacy or your Personal Information;
- (b) support@cmx1.com, if the inquiry is related to support or billing; or
- (c) legal@cmx1.com for all other inquiries.
- Either party may change its address by giving notice of the new address to the other party.
- 22.10 Each party agrees to use commercially reasonable efforts to resolve any dispute arising out of or relating to this Agreement with the other party prior to resorting to any external dispute resolution process or court proceedings.
- 22.11 This Agreement, and any rights or obligations hereunder, may not be transferred or assigned by either party without the prior express written consent of the other party (which consent shall not be unreasonably withheld or delayed) except that ComplianceMetrix may assign its rights and obligations under this Agreement to a parent, affiliate, or subsidiary, or to a successor, whether by way of merger, sale of all or substantially all of its assets, or otherwise. Any attempted assignment of this Agreement not in accordance with this subsection shall be null and void.
- 22.12 This Agreement (including all exhibits and attachments) contains the entire understanding between the parties regarding the subject matter of this Agreement and supersedes all prior or contemporaneous agreements, understandings, and communication, whether written or oral regarding such subject matter. For the avoidance of doubt, resellers (if any) of the Services are not authorized to modify the terms of this Agreement or make any representations, undertakings, or other legally binding commitments on behalf of ComplianceMetrix. This Agreement may be amended only by a written document signed by both parties.
- 22.13 If this Agreement is translated into any language other than English, the English text will govern unless expressly stated otherwise in the translation.
- [Signature Page Follows]
- In Witness Whereof, the parties have caused their duly authorized representatives to execute these Terms.
-
ComplianceMetrix, Inc.
By:
Name:
Title:
Date:
[Customer Entity Name]
By:
Name:
Title:
Date:
- Exhibit A - Professional Services Schedule
- Standard Terms and Conditions
- 1. Professional Services.
- 1.1 Statement of Work. Subject to the terms and conditions of this Agreement to which this Exhibit A is attached and incorporated therein and this Professional Services Schedule (including payment of the applicable Professional Services Fees), ComplianceMetrix shall provide the Professional Services in accordance with the terms and conditions set forth below. ComplianceMetrix shall determine the manner and means of performing the Professional Services and shall use commercially reasonable efforts to perform the Professional Services in accordance with the schedule set forth in the applicable Statement of Work. Notwithstanding the foregoing, you acknowledge and agree that the schedule set forth in any Statement of Work is an estimate only and is subject to change as the Professional Services proceed.
- 1.2 Change Orders; Conflicts. In the event either party requires a material change to a Statement of Work, such party will provide a written change order to the other for approval, specifying the change required (each a “Change Order”). Each party agrees that a Change Order may necessitate a change in the delivery schedule and applicable Fees due under the applicable Statement of Work. No Change Order will be binding upon either party until it is signed by the authorized representatives of both parties. Each Statement of Work and Change Order will be governed by the terms of this Agreement. In the event of a conflict between the terms and conditions of this Agreement and those of a Statement of Work or Change Order, the terms and conditions of this Agreement will control, unless specifically stated otherwise in the Statement of Work or Change Order.
- 1.3 Your Assistance. You shall provide ComplianceMetrix with such resources, materials, information, and assistance as ComplianceMetrix may reasonably request in connection with the performance of the Professional Services. You acknowledge and agree that ComplianceMetrix’s ability to successfully perform the Professional Services in a timely manner is contingent upon its receipt from you of the information, resources, and assistance requested. ComplianceMetrix shall have no liability for deficiencies in the Professional Services resulting from the acts or omissions of you or your Representatives.
- 2. Fees and Payment.
- 2.1 Fees. In consideration of Professional Services provided by ComplianceMetrix hereunder, you shall pay ComplianceMetrix all Fees, costs, and expenses due pursuant to Statements of Work entered into hereunder, as set forth in this Section 2. Unless expressly specified otherwise in a Statement of Work, all Professional Services shall be performed at ComplianceMetrix’s then-current time and materials rates and nothing in this Agreement shall be deemed to imply an agreement for the completion of Professional Services for a fixed price. ComplianceMetrix will earn and be paid by you for actual time worked and expenses incurred in connection with the performance of Professional Services. All Fees generated from Professional Services performed by ComplianceMetrix shall be considered earned as work is performed. All Fees due hereunder are non-refundable and are not contingent on any additional services or products to be provided.
- 2.2 Costs and Expenses. You shall reimburse ComplianceMetrix for reasonable travel, lodging and meal expenses, and such other costs and expenses as ComplianceMetrix may incur in connection with the performance of Professional Services. ComplianceMetrix will provide documentation related to expenses exceeding two hundred dollars ($200), upon your written request therefor.
- 2.3 Payment Terms. ComplianceMetrix will invoice you on a periodic basis as set forth herein or in a Statement of Work.
- 3. Ownership; Right to Use.
- 3.1 Ownership. ComplianceMetrix shall retain all right, title, and interest in and to (a) all software, tools, routines, programs, designs, technology, ideas, know-how, processes, techniques, and inventions that ComplianceMetrix makes, develops, conceives, or reduces to practice, whether alone or jointly with others, in the course of performing the Professional Services, (b) all enhancements, modifications, improvements, and derivative works of each and any of the foregoing, and (c) all Intellectual Property Rights related to each and any of the foregoing (collectively, the “CMX1 Property”); provided, however, CMX1 Property shall not include any of Your Data and you retain all right, title, and interest in and to such of Your Data. All Non-Standard Modules are and shall be CMX1 Property unless otherwise expressly agreed to by the parties in the applicable Statement of Work.
- 3.2 Right to Use. Provided you have paid to ComplianceMetrix all amounts due and owing hereunder, ComplianceMetrix grants you a non-exclusive, non-transferable right to use the CMX1 Property (a) as part of the ComplianceMetrix Service or (b) that is otherwise incorporated into deliverables delivered pursuant to a Statement of Work (each, a “Deliverable”), solely for your own internal business purposes in connection with the use of the Deliverable.
- 4. Term and Termination.
- 4.1 Term. The term of any Statement of Work shall commence on effective date of such Statement of Work and shall continue as set forth in the Statement of Work unless terminated earlier as set forth herein or therein.
- 4.2 Termination. In addition to the termination rights set forth herein or in the applicable Statement of Work, either party may terminate any uncompleted Statement of Work (a) upon at least 60 days’ prior written notice or (b) by written notice in the event the other party is in material breach of any obligation under such Statement of Work, which default is incapable of cure or which, being capable of cure, has not been cured within 30 days after receipt of notice of such default. The termination or expiration of a single Statement of Work shall not cause the automatic termination of any other Statement of Work.
- Exhibit B - CMX1 Product Module and Support
- PART I: CMX1 SERVICES
- ● General
- ○ The terms of this CMX1 Product Module apply to CMX1 Services.
- ○ “CMX1 Services” means the provision of the online Subscription Services known as “CMX1” available through the CMX1 Platform, as further described in the Service Description at https://www.cmx1.com/solutions.
- ● CMX1 Services
- ComplianceMetrix will make CMX1 Services available to you on Devices owned or controlled by you or your Users during the Subscription Term.
- ● CMX1 Disclaimer
You acknowledge and agree that:- ○ you are using the CMX1 Services at your own risk;
- ○ the CMX1 Services are not a substitute for professional advice; and
- ○ you are solely responsible for the use of the CMX1 Services and agree that any safety audits, training courses, or incidents conducted using the CMX1 Services are only part of establishing a safe system of work, which would typically require you to undertake additional and comprehensive gap analysis and risk assessments along with specific safe work method statements and safety training.
- PART II: SUPPORT
- As part of the support services for the CMX1 Services, ComplianceMetrix will use commercially reasonable efforts to: (a) ensure that the Software is accessible through the Site over normal network connections, excepting downtime due to necessary maintenance and troubleshooting; (b) maintain the security of the CMX1 Services; (c) provide telephone, e-mail and web-based support services during ComplianceMetrix’s regular business hours for Software related questions and (d) make available Updates in accordance with ComplianceMetrix’s schedule but in no case later than general availability provided to ComplianceMetrix’s other customers. “Update” means subsequent maintenance releases of the Software and bug fixes and patches that ComplianceMetrix generally makes available to other customers of the CMX1 Services for no additional fee. Updates shall not include any Module, release, option, or future product which ComplianceMetrix makes available as part of the CMX1 Services for an additional fee.
- Without limiting the foregoing, ComplianceMetrix shall use commercially reasonable efforts to meet the following service levels. In the event that ComplianceMetrix fails to achieve the applicable service level, you will be entitled, as your sole and exclusive remedy, to a credit in accordance with the terms set forth in this Exhibit B. ComplianceMetrix’s system logs and other records shall be used for calculating any service level events.
- Service Levels:
-
Service Level
Description and Measurement Method
Target Service Levels
Minimum Service Levels
System Availability
The percentage of time that the CMX1 Services are in service and fully available for access and data input by Users
100%
99%
Support Response Times (24-hour)
The amount of time it takes for ComplianceMetrix to initially respond to a submitted support ticket
1 hour
1 hour for Severity 1 Problems; 24 hours for Severity 2 problems; 72 hours for all other problems
Help Desk Response Times (9 am – 6pm, EST)
The amount of time it takes for ComplianceMetrix to initially respond to a submitted support ticket
1 hour
1 hour for Severity 1 Problems; 24 hours for Severity 2 problems; 72 hours for all other problems
- Classification of Problems or Support Calls:
- (1) Severity 1 (“Fatal”) – A problem for which there is no known Workaround and which (a) prevents the execution of a Primary Function for a majority of Users, or (b) results in data corruption or crash.
- (2) Severity 2 (“Critical”) – A problem which (a) causes difficulty in execution of a Primary Function or (b) prevents the execution of a Secondary Function, and as to any of the preceding, for which there is no known Workaround.
- (3) Severity 3 (“Serious”) – A problem which causes difficulty in execution of a Secondary Function, but for which there is a Workaround, although with significant User inconvenience.
- (4) Severity 4 (“Minor”) – A problem which causes inconvenience, but for which there is an acceptable Workaround.
- Definitions:
- ● “Excused Delay” means any failure or delay which is beyond the reasonable control of ComplianceMetrix, including, without limitation, acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems, telecommunications failures or delays, computer failures involving hardware or software not within CMX1’s possession or reasonable control, and acts of vandalism (including network intrusions and denial of service attacks), but only if such unavailability results notwithstanding the exercise of reasonable care and diligence to avoid or mitigate the same in anticipation of or in response to such causes. Excused Delay shall also include downtime due to necessary maintenance and troubleshooting.
- ● “Primary Function” means a function that is essential and represents a significant amount of your utility gains from the CMX1 Services, which if not supported, would have a serious detrimental impact.
- ● “Secondary Function” means a function that is not frequently used or does not represent an essential function of the CMX1 Services.
- ● “Workaround” means a feasible change in operating procedures whereby a User can avoid the deleterious effects of a non-conformance without material inconvenience.
- Exclusive Remedy:
- If ComplianceMetrix fails to meet any of the above “Minimum Service Levels” during any calendar month, and such failure is not excused due to any Excused Delay, you shall promptly notify ComplianceMetrix in writing of such failure, but in any event within 15 days following the end of the applicable month, and you may choose to request a service credit to be applied against future payments that become due from you to ComplianceMetrix under this Agreement. Such service credit shall be computed as follows:
- ● For System Availability: The ratio of unavailable minutes to total potentially available minutes (net of Excused Delays) in the applicable calendar month during which the Minimum Service Level was not met multiplied by the monthly fees due for such month; provided, however, in no event will the service credit due exceed 10% of the applicable monthly fees.
- ● For Support and Help Desk Response Times: 1% for each full hour during any calendar month that the Minimum Service Level was not met multiplied by the monthly fees due for such month; provided, however, in no event will the service credit due exceed 10% of the applicable monthly fees.
- Notwithstanding anything to the contrary, the foregoing credits will be your sole and exclusive remedy with respect to any unscheduled downtime or any failure by ComplianceMetrix to meet any Minimum Service Level and in no event will the cumulative service credits for any calendar month exceed 10% of the applicable monthly fees.
- Approved Browsers:
- To maximize the ComplianceMetrix’s ability to adequately support your needs, ComplianceMetrix uses statistical data from web visitors and registered users to identify the web browsers used by ComplianceMetrix’s target audience. ComplianceMetrix regularly reviews this data to determine which browsers are eligible for support. Due to their wide applicability across a vast number of technologies, browsers are continuously evolving. In order to maintain parity with industry standards, ComplianceMetrix maintains compatibility with a limited number of browser technologies and versions. Additionally, to safeguard Your Data, only browsers which receive security updates from the browser manufacturer are considered for support. Below is a list of the desktop browsers supported by ComplianceMetrix (“Approved Browsers”).
- Current Active Support (Desktop Browsers)
-
Edge
Chrome
Firefox
Safari
(Current - 1) or Current
(Current - 1) or Current
(Current - 1) or Current
(Current - 1) or Current
- “(Current - 1) or Current” denotes that we support the current stable version of the Approved Browser and the version that preceded it. For example, if the current version of an Approved Browser is 24.x, supports the 24.x and 23.x versions.
- Any problem with the CMX1 Services when utilizing Approved Browsers that meet this criteria shall be considered a bug and you shall report such bug to ComplianceMetrix.
- Unsupported Browsers
- You may install and operate the CMX1 Services on versions of browsers that do not meet the Approved Browser criteria. If you use any browser other than an Approved Browser in connection with the CMX1 Services (i) ComplianceMetrix shall not be responsible for meeting the service level commitments set forth herein, and (ii) you assume all responsibility for any performance issues, loss or corruption of data, and any other damages caused as a direct or indirect consequence of such usage.
- Native App / Device Specification:
- Operating systems and devices are subject to frequent change, due to their wide applicability across a vast number of technologies and commercial use cases. Given the vast combinations of operating systems and devices, ComplianceMetrix maintains compatibility with a limited number of operating systems (each an “Approved Operating System”) and devices (each an “Approved Device”) for use with the Offline Module. Further, in order to ensure compatibility between the CMX1 Services and the Offline Module, ComplianceMetrix performs extensive testing of the CMX1 Services on combinations of Approved Operating Systems and Approved Devices, which it deems suitable for the intended use. The testing is performed in a controlled technical environment and requires (i) an Approved Device certified and approved by ComplianceMetrix, (ii) an Approved Operating System approved and certified by ComplianceMetrix, (iii) installation of an Approved Operating System on an Approved Device, (iv) installation of approved version of the CMX1 Services on an Approved Device, and (v) no additional third-party applications installed on the Approved Device. When ComplianceMetrix has verified the satisfactory performance of the CMX1 Services through an Offline Module in the aforementioned technical environment, items (i) – (v) will be considered a supported “Native App / Device Specification.”
- To clarify, a supported Native App / Device Specification means the following conditions are in place:
- • Approved Operating System
- • Approved Device
- • No third-party software installed on such Approved Device
- • Approved version of CMX1 Services installed on such Approved Device
- ComplianceMetrix will furnish a then-current list of supported Native App / Device Specifications upon request from you at any time. If you use the Offline Module on un-supported Native App / Device Specifications (i) ComplianceMetrix shall not be responsible for meeting the service level commitments set forth herein, and (ii) you assume all responsibility for any performance issues, loss or corruption of data, and any other damages caused as a direct or indirect consequence of such usage.
- Exhibit C - Form of Order Form
- Order Form
- This Order Form (the “Order”) is entered into on the Order Effective Date below between the following parties. This Order is entered into pursuant to and shall be governed by those certain Master Software and Services Terms between the parties dated [DATE] (the “Agreement”), which Agreement is incorporated herein by reference and is applicable to your purchase of all Services from ComplianceMetrix. All capitalized terms not defined in this Order have the meaning given to them in the Agreement.
- Parties:
-
“ComplianceMetrix” or “CMX1”:
ComplianceMetrix, Inc.
4180 La Jolla Village Drive, Suite 570
La Jolla, CA 92037
orders@compliancemetrix.com
“you” or “your”:
Contact Name:
Company Name:
Address:
Email:
- “Order Effective Date”: [DATE]
- Initial Order Term: This Order begins on Order Effective Date and continues for a period of five (5) years (the “Initial Order Term”). After the Initial Order Term, this Order will automatically renew for successive periods of one (1) year (each a “Renewal Order Term”, and together with the Initial Order Term, the “Order Term”) unless either party provides notice to the other party of its intent not to renew this Order at least ninety (90) days prior to the expiration of the then-current Order Term.
- Services:
- ● Software. The Software to which access will be provided under this Agreement will be the then-current release of ComplianceMetrix’s proprietary software to be accessed at the following Site: https://[CUSTOMER].compliancemetrix.com.
- ● Subscription Services. [DESCRIBE]
- ● [INSERT OTHER SERVICES TO BE PROVIDED UNDER THIS ORDER]
- Number of User Accounts for the Subscription Services: [#]
- Subscription Services Term (if different than Order Term): [INSERT SUBSCRIPTION TERM]
- Invoicing and Fees: ComplianceMetrix shall invoice you for the Subscription Services Fees on an annual basis in advance, and (b) for Services other than Subscription Services [in advance upon submitting this Order]/[in accordance with the payment milestones set forth herein]. All Subscription Services Fees are due in advance, unless otherwise expressly provided herein. If you require issuance of purchase orders, you shall promptly issue such purchase orders with respect to the Services ordered by you under this Order. The pricing sheet for the Services as of the Order Effective Date is set forth immediately below and incorporated herein by this reference. After the Initial Order Term, pricing may be updated by ComplianceMetrix upon thirty (30) days’ prior written notice.
- Pricing Sheet: [INSERT PRICE SHEET IN EFFECT AS OF ORDER EFFECTIVE DATE]
- Payment Milestones (if any): [INSERT ANY PAYMENT MILESTONES]
- Additional Terms: [INSERT ANY ADDITIONAL TERMS]
- In Witness Whereof, the parties have caused their duly authorized representatives to execute this Order.
-
ComplianceMetrix, Inc.
By:
Name:
Title:
Date:
[Customer Entity Name]
By:
Name:
Title:
Date:
- Exhibit D - Forms of Statement of Work
- STATEMENT OF WORK: NO. 1 – [CUSTOMER] SYSTEM IMPLEMENTATION
- This “Statement of Work” is attached to, and is made a part of, those certain Master Software and Services Terms between ComplianceMetrix, Inc. (“CMX1”) and the customer identified in the signature block below (“Customer”, “CUSTOMER”, or “Customer Co”) dated [DATE] (the “Agreement”). This Statement of Work is entered into between CMX1 and Customer as of [DATE]. Unless explicitly stated otherwise in this Statement of Work, any capitalized terms shall have the meaning given to them in the Agreement.
- 1. PROJECT DESCRIPTION. CMX1 shall work with Customer to configure its supply chain system on the CMX1 Platform. Henceforth, the system known as “SupplyChainMetrix System” shall be referred to as “SMX” or “Supply Chain System”. The major, discrete sets of end-user functionality (“Modules”) that CMX1 will implement for CUSTOMER in addition to the base solution, are outlined in the tables below, and include: (1) supplier onboarding, (2) product specifications, and (3) business intelligence (“BI”).
- 1.1 SUPPLY CHAIN SYSTEM. CMX1 will configure and operate the Supply Chain System consistent with the business requirements of CUSTOMER for a production implementation. The primary scope of this Statement of Work includes set-up of the Supply Chain System, creation of all infrastructure (e.g., the Modules) for the Supply Chain System, building and testing all data integration points of the Supply Chain System, developing and testing reporting, and provisioning the Supply Chain System environment(s).
- 1.2 CMX1 CUSTOMER COLLABORATION. The success of this project requires a high degree of engagement and cooperation between both parties. CUSTOMER acknowledges and agrees to provide CMX1 the appropriate technical and business knowledge as required; specifically in relation to form materials, documentation, processes, and reporting tools. Responsiveness and timely performance are essential by both parties and failure to do so may jeopardize CMX1’s ability to provide the services outlined herein or provide such services in a timely manner. Major responsibilities of both parties in relation to this Statement of Work are outlined in Sections 2 (CMX1 Responsibilities) and 3 (Customer Responsibilities) below. Sections 2 and 3 are intended to reflect the general expectations of each party based on the high-level understanding of the project scope and requirements at the time of this document creation. For clarification, Sections 2 and 3 are not intended to bind either party to any specific activity at this time but shall serve as a reference for determining specific obligations during the initial project kick-off meeting.
- In the event that there is a conflict between the documents related to this Statement of Work, the following order of precedence shall apply: (a) the Agreement, (b) this Statement of Work, and (c) other Statements of Work, in descending chronological order, beginning with the most recently executed Statement of Work. Notwithstanding the foregoing, if a Statement of Work specifically identifies changes to a preceding document and is signed by both parties, that portion of the Statement of Work shall prevail.
- 2. CMX1 RESPONSIBILITIES. CMX1 shall be responsible for the following in relation to this Statement of Work:
- ● General project management including the creation of the master supply chain playbook to govern all phases
- ● Orchestrate and run kick-off meeting
- ● Business analysis of existing Customer Co’s system(s), including all form elements, processes, and sub-processes
- ● Configuration of all Modules in Section 4
- ● Provide training on Modules being implemented
- ● Quality assurance (“QA”) testing of all Modules
- ● Provision development, QA, user acceptance testing (“UAT”), and production application environments
- ● Creation of quick-start guide(s) and frequently asked questions (“FAQs”) as-needed (English only)
- ● Zendesk support (trouble ticket submission) setup for level 2 support
- ● Provide level 2 support through Zendesk ticketing system to Customer program admin(s)
- 3. CUSTOMER RESPONSIBILITIES. CUSTOMER shall be responsible for the following in relation to this Statement of Work:
- ● General project management including participation in creation and management of the master supply chain playbook, and the tracking of all CUSTOMER deliverables and action items
- ● Identify and assign a subject matter expert (“SME”) with decision-making authority for each Module, and additionally, an overall final decision maker
- ● Prepare and return pre-kickoff material
- ● Attend and fully participate in the kick-off meeting
- ● Assign a CUSTOMER resource to act as program administrator
- ● Provide full, up-to-date requirements, to include (but not to be limited to) all form elements, processes, and sub-processes
- ● Provide administrative services for data entry into SMX
- ● Participate in, and sign-off on, configuration settings, including data flows in/out, roles/access rights, forms, processes, and sub-processes
- ● Fill out and submit in full, CMX1’s “Supply Chain Onboarding Checklist” during each phase of the implementation process
- ● Provide timely and continuous feedback, and UAT for all Modules developed in Section 4
- ● Provide feedback and final acceptance of quick-start guide(s) and FAQs
- 4. DELIVERABLES. CMX1 shall use commercially reasonable efforts to provide CUSTOMER with the deliverables set forth in this Statement of Work. Final dates (“Due Dates”), deliverables, and acceptance criteria will be established and ratified by both parties. Each party acknowledges that Due Dates may change as a result of one or more of the following conditions (a) change in scope, (b) unforeseen technical challenges, (c) inability of CUSTOMER or CUSTOMER’s 3rd-party partners to provide essential project materials, data, information, or feedback, or (d) change in CUSTOMER priorities. However, in all instances where Due Dates are changed, CMX1 will provide CUSTOMER with sufficient notice of said changes and will attempt in good faith to minimize the impact to the overall project timelines and negotiate new Due Dates in order to satisfy CUSTOMER business needs. Note: All deliverables not specified as “Customer” or [Customer] are CMX1 deliverables.
- In Witness Whereof, the parties have caused their duly authorized representatives to execute this Statement of Work.
-
Accepted and Agreed to:
Customer: [CUSTOMER]
Signature:
Print Name:
Title:
Date:
ComplianceMetrix, Inc.
Signature:
Print Name:
Title:
Date: