CMX1_white_Header

MASTER SOFTWARE AND SERVICES TERMS

These Master Software and Services Terms (these “Terms”) are entered into as of the date of the later of the two signatures below (the “Effective Date”) and govern the Services (as defined below) identified in a proposal, quote, online registration or ordering process, order, or similar document incorporating these Terms by reference (each, an “Order”) to be provided by or on behalf of ComplianceMetrix, Inc. (“ComplianceMetrix” or “CMX”) to [CUSTOMER ENTITY NAME] (“you” or “your”) through one or more of the ComplianceMetrix websites located at https://www.cmx1.com/ and https://www.ComplianceMetrix.com/ (each, the Site”) or the ComplianceMetrix online application suite (together with the Site, the “CMX1 Platform”), or that ComplianceMetrix otherwise provides or makes available to you. These Terms and each Order are collectively referred to as this “Agreement”. In the event of a conflict between these Terms and the terms of an Order, these Terms will control unless the conflicting term of the applicable Order expressly states otherwise. 

  1. 1. DEFINITIONS. Capitalized terms used in this Agreement but not otherwise defined herein shall have the following meanings:
    1. 1.1 CMX Service” means the on-line service delivered by ComplianceMetrix to you using the Software hosted by ComplianceMetrix and as made available by ComplianceMetrix through the access methods described in this Agreement. The CMX Service shall also include the use of Standard Modules, the Offline Module, and certain Non-Standard Modules (if applicable). The term CMX Service does not include Professional Services.
    2. 1.2 Documentation” means the specifications and functional requirements published by ComplianceMetrix for the Services (as defined below) and provided to you in either electronic, online help files or hard-copy format. Marketing materials shall not be considered Documentation hereunder.
    3. 1.3 Module” means an independent module of Software that enables specific functionality.
    4. 1.4 Non-Standard Module” means either new Modules, customized Modules, enhanced Modules, or updated Modules created by ComplianceMetrix as part of the provision of Professional Services under a Statement of Work, and, subject to payment of additional Fees (as defined below), made available to you as part of the CMX Service.
    5. 1.5 Offline Module” means a local, non-hosted Module of the Software that can “sync” with the CMX Service for data transmission. 
    6. 1.6 Professional Services” means any consulting, development, training, integration, implementation, quality assurance testing, or other professional services that ComplianceMetrix may perform for you during the Term (as defined below) as described in one or more statements of work signed by both parties, each of which are substantially similar to one of the forms in Exhibit D attached hereto (each, a “Statement of Work”).
    7. 1.7 Software” means ComplianceMetrix’s proprietary computer software programs described in the applicable Order, including any Modules and updates and new releases thereto, made available to you (and your Users) under this Agreement in connection with the CMX Service.
    8. 1.8 Standard Modules” means those Modules identified in the applicable Order that are made available to you as part of the CMX Service for no additional Fees.
    9. 1.9 Transaction” means a record of a unit of work based on Your Data (defined below) processed and stored by the CMX Service.
    10. 1.10 Users” means your employees, independent contractors, and other individuals who are authorized by you to use the Services (as defined below) on behalf of you and have been supplied user identifications and passwords by ComplianceMetrix for this purpose.
  2. 2. SERVICES.
    1. (a) all services, technology, data, information, programs, material, and other content (including, without limitation, the CMX Service, Module, Offline Module, and Software, as applicable) that ComplianceMetrix makes accessible to you through the CMX1 Platform, including on any desktop, mobile telephone, or handheld device (each, a “Device”) owned or controlled by you or your Users (collectively, “Subscription Services”); and
    2. (b) any other services that ComplianceMetrix otherwise provides to you; but the Services specifically exclude:
      1. i. Professional Services;
      2. ii. data or content of any type that you upload to the CMX1 Platform or that is otherwise provided by you (a) in the course of your access to, and use of, the CMX Service in accordance with this Agreement, (b) for ComplianceMetrix to perform Professional Services in accordance with this Agreement, or (c) in connection with the Services (“Your Data”);
      3. iii. Your Modifications (as defined in Section 8.1); and
      4. iv. shared materials created by ComplianceMetrix, you, Users, or other users of the Services that are published or made accessible through the CMX1 Platform, and may be available in a “Public Library” therein (“Shared Materials”).
    1. (a) rent, lease, distribute, license, sublicense, loan, sell, transfer, assign, distribute, or otherwise transfer or provide access to the Subscription Services to any third party;
    2. (b) reproduce, modify, adapt, alter, translate, or create derivative works of, the Subscription Services or remove or tamper with any disclaimers or other legal notices in the Subscription Services;
    3. (c) remove, alter, or obscure any proprietary notices (including copyright notices) of ComplianceMetrix or its licensors contained within the Documentation or displayed in connection with the Subscription Services; 
    4. (d) reverse engineer, disassemble, decompile, transfer, exchange or translate the Subscription Services, or otherwise attempt to obtain or derive the source code or API of the Subscription Services;
    5. (e) interfere in any manner with the operation of the Subscription Services; 
    6. (f) install and use older versions of the Offline Module; 
    7. (g) incorporate the Subscription Services into any service that you provide to a third party; 
    8. (h) use the Subscription Services to provide services, or to create a service that competes with the Subscription Services; or
    9. (i) otherwise use the Subscription Services except as expressly allowed under this Agreement.
    1. 2.1 Definition. The “Services” include:
    2. 2.2 Access. Subject to the terms and conditions of this Agreement, ComplianceMetrix grants to you, during the Term, a non-exclusive, non-transferable right to remotely access and use the CMX Service, and to install and use the then-current Offline Module, for the number of Users, Modules, and Transactions for which you have paid the applicable Fees, solely for the performance of your internal business purposes in accordance with the Documentation, the limitations set forth in the applicable Order (if any), and the other terms and conditions of this Agreement (including any browser or device requirements set forth in the Documentation or elsewhere). 
    3. 2.3 Support and Service Levels. As part of the CMX Service and subject to the terms and conditions of this Agreement, including, without limitation, your payment of all applicable Fees, ComplianceMetrix shall provide support for the CMX Service as specified in Exhibit B. ComplianceMetrix reserves the right to modify the support services in its reasonable discretion from time to time, which modifications shall become effective upon notice to you. You are solely responsible for providing, at your own expense, all network access to the CMX Service, including, without limitation, acquiring, installing, and maintaining all telecommunications equipment, hardware, software, and other equipment as may be necessary to connect to, access, and use the CMX Service.
    4. 2.4 Modifications. ComplianceMetrix reserves the right to make changes to the Subscription Services in its sole discretion from time to time, including the functionality, performance, user interface, usability, and the service description published on the CMX1 Platform or that ComplianceMetrix provides to you (“Service Description”), and you agree that this Agreement will apply to any changes or updates to the Subscription Services. ComplianceMetrix will notify you of any change to the Subscription Services (other than No-Charge Services, as defined below) that reduces its functionality or features in any material respect or if it discontinues any applicable Services which are not replaced by a substantially equivalent function or feature. If ComplianceMetrix has notified you under this Section 2.4, you may terminate the affected Services upon providing notice to ComplianceMetrix within 30 days after the date of such notice, and ComplianceMetrix will refund any prepaid, unused Fees in respect of any such terminated Subscription Services. Nothing in this Section 2.4 limits ComplianceMetrix’s ability to discontinue any Services (or portions thereof) or to make changes as required to comply with applicable law, address a material security risk, or avoid a substantial economic or technical burden.
    5. 2.5 Subscription Term. ComplianceMetrix will make the Subscription Services available to you and your Users solely for your internal business operations during the subscription period specified in the applicable Order (“Subscription Term”) and in accordance with any usage restrictions specified in the applicable Order, Documentation, or CMX1 Product Module (set out in Exhibit B attached hereto).
    6. 2.6 Restrictions. You are responsible for all activities that occur under Your Accounts (as defined below) and will limit access to and use of the Subscription Services to authorized Users. Unless permitted by applicable law or except as otherwise expressly permitted in this Agreement or as otherwise authorized by ComplianceMetrix in writing, you must not (nor may you authorize any third party to):
  3. You must promptly notify ComplianceMetrix in writing of any breach of the above conditions of use. You are solely responsible for ensuring that your Devices and systems are compatible with the Subscription Services and meet any minimum requirements specified on the CMX1 Platform.
  4. 3. PROFESSIONAL SERVICES. Subject to the terms and conditions of this Agreement and the Professional Services Schedule attached hereto as Exhibit A, including the payment by you of the Professional Service Fees set forth in a Statement of Work, ComplianceMetrix shall provide to you the Professional Services.
  5. 4. NO-CHARGE SERVICES. ComplianceMetrix may offer certain Services to you at no charge, including free accounts, trial use, and access to pre-release and beta products (“No-Charge Services”). Your use of No-Charge Services is subject to any additional terms that ComplianceMetrix specifies from time to time and is only permitted for the period designated by ComplianceMetrix, or if no such period is designated, 30 days. ComplianceMetrix may terminate your right to use No-Charge Services at any time and for any reason in ComplianceMetrix’s sole discretion, without liability to you.
  6. 5. YOUR ACCOUNTS.
    1. (a) maintain the confidentiality of the User IDs associated with each of Your Accounts;
    2. (b) ensure that only those individuals authorized by you have access to Your Accounts; and
    3. (c) ensure that all activities that occur in connection with Your Accounts comply with this Agreement.
    1. 5.1 You must register for an account in order to use, access, or receive the Subscription Services and to receive notices and information from ComplianceMetrix (“Customer Account”).
    2. 5.2 All Users must establish a named account on the CMX1 Platform (“User Account”). Each User will be assigned a unique user identification name and password (“User ID”) for access to and use of the Subscription Services. You shall be responsible for ensuring the security and confidentiality of your User IDs. User IDs may not be shared within your organization. Your access to and use of the Subscription Services will be limited to the number of Users, Modules, or Transactions (as the case may be) for which you have paid the applicable Fees. You will use commercially reasonable efforts to prevent unauthorized access to, or use of, the Subscription Services, and notify ComplianceMetrix promptly of any such unauthorized use. If you wish to add additional Users, Modules, or Transactions, you will follow the procedure(s) specified by ComplianceMetrix which may include your use of a user administration interface, an automated data feed/web service, or a written/email request to ComplianceMetrix. ComplianceMetrix reserves the right to require any person who shall have access to the Subscription Services to execute an end-user agreement pursuant to which such person agrees to comply with terms and conditions consistent with this Agreement.
    3. 5.3 You may specify one or more administrators who may elect to have password protected rights to access administrative account(s) (“Admin Account(s)”) to administer the Subscription Services and User Accounts.
    4. 5.4 You are responsible for all actions taken through your Customer Account and all User Accounts and Admin Accounts under your Customer Account (together, “Your Accounts”) and all User IDs associated therewith. At a minimum, you shall:
  7. 6. INTELLECTUAL PROPERTY RIGHTS.
    1. 6.1 ComplianceMetrix and its licensors own and retain all rights, title, and interest, in, to, and associated with the CMX Service, Software, Documentation, and any other Services (and all improvements and modifications thereto and all derivatives thereof) including all worldwide intellectual property rights therein, including, without limitation, all copyright, trade or service marks, designs, know how, inventions, patents, patent applications, rights in circuit layouts, domain names, trade names, moral rights, and other proprietary rights, whether registered or unregistered (“Intellectual Property Rights”). All rights in and to the CMX Service, Software, and Services not expressly granted to you in this Agreement are reserved by ComplianceMetrix and its licensors
    2. 6.2 Subject to the rights granted in this Agreement, as between the parties you retain all right, title, and interest in and to Your Data, and ComplianceMetrix acknowledges that it neither owns nor acquires any additional rights in and to Your Data not expressly granted by this Agreement. You are solely responsible for the accuracy, content, and legality of all Your Data. 
  8. 7. INTEGRATION WITH THIRD PARTY PRODUCTS.
    1. 7.1 You may choose, in your sole discretion, to integrate the Services with third party products or services (“Third Party Products”). If you choose to use any Third Party Products in connection with the Services, ComplianceMetrix may provide such third parties access to or use of Your Data to the extent required for the interoperation of the Services with the applicable Third Party Product. Your use of any Third Party Product will be subject to the applicable agreement between you and the relevant third party provider. ComplianceMetrix is not responsible for any access to or use of Your Data by such third party providers. COMPLIANCEMETRIX DISCLAIMS ALL LIABILITY FOR ANY THIRD PARTY PRODUCTS AND FOR THE ACTS OR OMISSIONS OF ANY THIRD PARTY PROVIDERS OF THIRD PARTY PRODUCTS.
  9. 8. YOUR DATA AND YOUR MODIFICATIONS.
    1. (a) are not unlawful, defamatory, offensive, obscene, harmful, of bad taste, or inappropriate;
    2. (b) comply with the ComplianceMetrix policies provided to you during the Term, as may be updated from time to time (“ComplianceMetrix Policies”);
    3. (c) are not false, misleading, or inaccurate;
    4. (d) do not infringe, misappropriate, or violate any third party’s rights (including, without limitation, Intellectual Property Rights);
    5. (e) comply with all applicable laws, rules, and regulations; and
    6. (f) are not infected with viruses or any other malicious computer code, files, or programs.
    1. 8.1 You hereby grants to ComplianceMetrix a non-exclusive, non-transferable right and license to use Your Data during the Term for the limited purposes of performing ComplianceMetrix's obligations and exercising its rights hereunder. ComplianceMetrix shall not use Your Data for the benefit of any other customer of ComplianceMetrix, or for any other purpose other than those set forth in this Agreement, without your prior approval; provided, however, ComplianceMetrix may use Your Data in a sufficiently redacted, anonymized, or scrambled format for purposes of benchmarking, testing, demonstration, or improving the Services; and provided further that ComplianceMetrix may use Your Data to generate aggregated data sets, reports, and analysis relating to technical data about customer use of the Services in a form that is anonymized and does not identify you or any individual (“Aggregated Data”). You acknowledge and agree that ComplianceMetrix will own all Intellectual Property Rights in Aggregated Data. ComplianceMetrix may use Aggregated Data to analyze, improve, support, and operate the Services and for related internal business purposes.
    2. 8.2 You represent and warrant that you (a) will comply, and will cause your Users to comply, with all applicable laws, rules, and regulations in your and your Users’ use of the Services, and (b) have made all necessary disclosures and obtained or otherwise possess all consents, permissions, and other rights required or necessary to (i) collect, share, and use Your Data as contemplated in this Agreement, and (ii) provide Your Data to ComplianceMetrix and for ComplianceMetrix to use Your Data pursuant to this Agreement. 
    3. 8.3 To the extent permitted by the functionality provided by the Subscription Services, you may modify a template, an activity, a standard, a specification, or a workflow in the Subscription Services for the purposes of developing customizations and additional features of a template, training course, or incident workflow (“Your Modifications”).
    4. 8.4 If you elect to publicly share any of Your Data or Your Modifications with ComplianceMetrix or other users through the functionality provided by the Subscription Services (“Your Shared Materials”), you hereby grant ComplianceMetrix and each other user that downloads Your Shared Materials a non-exclusive, worldwide, perpetual, irrevocable, royalty-free license (including the right to sublicense) to use, develop, modify, reformat, publish, distribute to third parties, and exercise any other Intellectual Property Rights you have in Your Shared Materials.
    5. 8.5 You represent and warrant that Your Data and Your Modifications (including any of Your Shared Materials):
    6. 8.6 You acknowledge and agree that ComplianceMetrix may remove, delete, or modify any of Your Data or Your Modifications (including any of Your Shared Materials) from the Services and CMX1 Platform if ComplianceMetrix suspects (acting in good faith) that any of the representations and warranties set out in Section 8.5 are, or are likely to be, untrue.
    7. 8.7 You acknowledge and agree that you are responsible for preparing and maintaining backups of Your Data and Your Modifications.
    8. 8.8 You shall indemnify, defend, and hold ComplianceMetrix and its affiliates, service providers, officers, employees, contractors, agents, representatives, and customers (“those indemnified”) harmless from and against any and all claims, costs, damages, losses, liabilities, and expenses (including reasonable attorneys’ fees) arising out of or in connection with ComplianceMetrix's use of Your Data as permitted hereunder or any claim brought against those indemnified by a third party relating to Your Data or Your Modifications (including any of Your Shared Material), including but not limited to any claim relating to infringement of the rights of a third party (including Intellectual Property Rights), or any representations or warranties that you make about Your Data, Your Modifications, or the Services. ComplianceMetrix agrees to provide: (i) prompt written notice to you of any such claim (except that failure to timely provide such notice will relieve you of your obligations only to the extent you are materially prejudiced as a direct result of such delay); (ii) the right to control and direct the investigation, defense, or settlement of such claim; and (iii) all reasonably necessary cooperation of ComplianceMetrix at your expense. Notwithstanding the foregoing, ComplianceMetrix may participate at its own expense in the defense and any settlement discussions, and will have the right to approve any settlement agreement that involves an admission of fault by ComplianceMetrix or imposes non-monetary obligations on ComplianceMetrix; provided, however, that such approval will not be unreasonably withheld.
  10. 9. DOWNLOADING SHARED MATERIALS.
    1. (a) your use of Shared Materials is at your own risk;
    2. (b) ComplianceMetrix has no, and expressly disclaims all, liability to you and any third party in respect of your use of Shared Materials; and
    3. (c) it is your responsibility to assess (and if necessary, obtain professional advice on) the suitability of Shared Materials for your purposes and any modifications required to meet those purposes.
    1. 9.1 If you download Shared Materials, to the extent permitted by law:
  11. 10. CONFIDENTIALITY.
    1. (a) to:
      1. i. a third party with the prior written consent of Discloser (in each case); and
      2. ii. Recipient’s, or Recipient’s affiliates’ or subsidiaries’, officers, agents, professional advisers, employees, contractors, subcontractors, auditors and insurers (collectively, “Representatives”); and
    2. (b) provided that such each such recipient has a need to know such Confidential Information for purposes of this Agreement and is subject to confidentiality obligations no less stringent than those contained this Agreement with respect to that Confidential Information; and
    3. (c) where the Recipient is legally compelled to do so by any government or any governmental, administrative, regulatory, or judicial body, authority, tribunal, or agency, provided that Recipient (i) gives Discloser written notice prior to making such disclosure, if permitted by law, (ii) cooperates with the Discloser, at the Discloser’s reasonable request and expense, in any lawful action to contest or limit the scope of such required disclosure, and (iii) limits the disclosure to the extent legally compelled.
    1. 10.1 In this Agreement, “Confidential Information” of a party means all information of a confidential or proprietary nature including, without limitation, information about its business, operations, strategy, administration, technology, affairs, clients, customers, employees, contractors, or suppliers, but does not include any Shared Materials. Confidential Information includes information that is marked or identified as confidential and, if not marked or identified as confidential, information that should reasonably have been understood by the receiving party (“Recipient”) to be proprietary or confidential to the disclosing party (“Discloser”) or to a third party, because of legends or other markings, the circumstances of disclosure, or the nature of the information itself. The Software and Documentation shall be considered ComplianceMetrix's Confidential Information, notwithstanding any failure to mark or identify it as such, and Your Data shall be considered your Confidential Information, notwithstanding any failure to mark or identify it as such.
    2. 10.2 Recipient shall keep confidential and not disclose to any third party Confidential Information of Discloser, with the exception that a Recipient may disclose such Confidential Information:
    3. 10.3 Recipient may only use Confidential Information of Discloser for the purposes expressly permitted by this Agreement. Recipient will protect the Discloser’s Confidential Information from unauthorized use, access, or disclosure in the same manner as Recipient protects its own confidential or proprietary information of a similar nature and with no less than reasonable care. Recipient shall be responsible and liable for all actions and omissions of its Representatives with respect to the subject matter of this Section 10 as if they were those actions and omissions of Recipient. 
    4. 10.4 Recipient’s obligations under this Section with respect to any Confidential Information of Discloser will terminate if and when the Recipient can document that such information: (a) was already lawfully known to Recipient at the time of disclosure by Discloser; (b) is disclosed to Recipient by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of Recipient has become, generally available to the public; or (d) is independently developed by Recipient without access to, or use of, Discloser’s Confidential Information. 
    5. 10.5 Except as otherwise expressly provided in this Agreement, Recipient will return to Discloser or destroy all Confidential Information of Discloser in Recipient’s possession or control and permanently erase all electronic copies of such Confidential Information promptly upon the written request of Discloser or upon the expiration or termination of this Agreement (except for any computer records or files that have been created pursuant to Recipient’s automatic archiving and back-up procedures and the removal of which is not technically reasonable); provided, however, Recipient may retain one archival copy for record retention purposes and compliance with applicable law. Upon the request of Discloser, Recipient will certify in a writing signed by an officer of the Recipient that it has fully complied with its obligations under this Section 10.5.
    6. 10.6 Each party acknowledges that a breach or threatened breach of this Section 10 would cause irreparable harm to the non-breaching party, the extent of which would be difficult to ascertain. Accordingly, each party agrees that, in addition to any other remedies to which a party may be legally entitled, the non-breaching party shall have the right to seek immediate injunctive or other equitable relief in the event of a breach of this Section 10 by the other party or any of its Representatives.
  12. 11. PRIVACY.
    1. (a) the Services have not been designed to meet the requirements of laws or standards that may apply to you in respect of Your Data, including, without limitation, HIPPA, PCI DSS, or any other law or standard applicable to the handling, storage, processing, transfer, security, or location of Your Data in any jurisdiction; and
    2. (b) it is your responsibility to satisfy yourself that your use of the Services will allow you to meet any legal obligations applicable to you in respect of Your Data, and ComplianceMetrix disclaims all liability for your non-compliance with any such laws or standards arising from your use of the Services.
    1. 11.1 ComplianceMetrix will take reasonable steps to ensure that Personal Information within Your Data is secure from unauthorized access, use, or disclosure and will treat any Personal Information collected from you in accordance with the ComplianceMetrix Privacy Policy located at https://www.cmx1.com/privacy (“Privacy Policy”). “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
    2. 11.2 You will comply with all applicable privacy and data protection laws and are responsible for ensuring that you have obtained all individual consents required for ComplianceMetrix to provide the Services in respect of any Personal Information contained within Your Data, including from your Users.
    3. 11.3 You specifically agree not to use the Services to collect, store, process, or transmit any Sensitive Data (as hereinafter defined). You acknowledge that ComplianceMetrix is not a Business Associate or subcontractor (as those terms are defined in HIPAA) or a payment card processor and that the Services are not compliant with HIPAA or PCI-DSS. ComplianceMetrix shall have no liability under this Agreement for Sensitive Data, notwithstanding anything to the contrary herein. “Sensitive Data” means any of the following: (i) patient, medical, health insurance, or other protected health information regulated by the Health Insurance Portability and Accountability Act (“HIPAA”) or similar state, federal, or industry laws; (ii) credit, debit, or other payment card data subject to the Payment Card Industry Data Security Standards (“PCI DSS”) (iii) social security numbers, driver’s license numbers, or other government ID numbers; (iv) any information deemed to be special categories of data as set forth in Article 9 of the EU General Data Protection Regulation or similar laws; or (v) other personal or sensitive information subject to regulation or protection under the Gramm-Leach-Bliley Act, the Children’s Online Privacy Protection Act, or similar foreign or domestic laws.
    4. 11.4 The parties agree to comply with the terms of the Data Processing Addendum located at https://www.cmx1.com/data-processing-addendum.
    5. 11.5 Other than as expressly noted in this Section 11, you acknowledge that:
  13. 12. ORDERS.
    1. (a) completing the online Order page located on the CMX1 Platform which contains details of:
      1. i. the Services being ordered;
      2. ii. the applicable Fees (as defined below);
      3. iii. the number of paid User Accounts that will form part of your organization in respect of Subscription Services (if applicable);
      4. iv. the Subscription Term applicable to any Subscription Services;
      5. v. the applicable billing details, and the currency in which you will be billed; and
      6. vi. if applicable, details of any other products made available by ComplianceMetrix in the future you wish to order; or
    2. (b) executing a paper-based Order provided by ComplianceMetrix in a substantially similar form as Exhibit C attached hereto and which sets out the relevant information in Section 12.1(a).
    1. 12.1 To use the Services you must complete an Order by either:
  14. 13. FEES AND PAYMENT.
    1. (a) for Subscription Services, you must elect one of the following billing cycle options:
      1. i. an Annual Plan, in which case you will be billed the applicable Fees annually in advance; or
    2. (b) for Services other than Subscription Services, you will be billed the applicable Fees in accordance with the payment milestones specified in your Order, or if none are specified, in advance upon submitting the relevant Order. Services other than Subscription Services may be charged on a “fixed-fee” or “time and materials” basis, as specified in the relevant Order.
    1. (a) by direct debit of your credit card or debit card, in which case you authorize ComplianceMetrix to debit you in the month prior to the commencement of the annual or monthly billing cycle (as applicable);
    2. (b) by issuing an invoice in accordance with the billing cycle or payment milestones specified in the applicable Order or Statement of Work; or
    3. (c) by such other forms of payment that ComplianceMetrix makes available on the CMX1 Platform, which may be subject to additional terms and conditions.
    1. 13.1 You shall pay to ComplianceMetrix (a) all fees for the Services in accordance with the rates and currency set out in each applicable Order (the “Subscription Services Fees”) and (b) all fees for Professional Services set forth in and in accordance with the applicable Statement of Work (the “Professional Services Fees” and together with the Subscription Services Fees, the “Fees”). Notwithstanding anything contained herein to the contrary, the CMX Service Fees are not conditioned upon or subject to the performance of any Professional Services, and other than where expressly provided for under this Agreement, all Fees are non-refundable, non-cancellable, and non-creditable.
    2. 13.2 You will be billed the Subscription Services Fees in accordance with the applicable Order as follows:
    3. 13.3 ComplianceMetrix will invoice you for Professional Services Fees, costs, and expenses pursuant to the applicable Statement of Work. 
    4. 13.4 Your Fees, and any other amounts owing to ComplianceMetrix hereunder, will be billed using one of the following methods (as specified in the applicable Order or Statement of Work):
    5. 13.5 Unless otherwise agreed upon by ComplianceMetrix, you shall pay all invoices hereunder within 30 days after receipt of the applicable invoice. Upon 10 days’ prior written notice and your failure to cure, ComplianceMetrix reserves the right (in addition to any other rights or remedies ComplianceMetrix may have) to discontinue the Subscription Services and suspend all User ID’s and your access to the Subscription Services if any Subscription Services Fees are more than 30 days overdue until such amounts are paid in full. All payments must be made in U.S. dollars. Outstanding balances shall accrue interest at a rate equal to the lesser of 1.5% per month and the maximum rate permitted by applicable law, from due date until paid, plus ComplianceMetrix’s reasonable costs of collection. 
    6. 13.6 If you dispute any invoice or charge for which ComplianceMetrix has billed you (acting reasonably and in good faith) you must notify ComplianceMetrix of the dispute without unreasonable delay.
    7. 13.7 You are responsible for, and shall pay, any duties, customs fees, export or import fees, taxes (other than ComplianceMetrix’s income tax), and similar charges associated with transactions contemplated by this Agreement or the supply of the Services, Professional Services, or any other goods or services provided by ComplianceMetrix to you, including, without limitation, any VAT, GST, or other applicable sales or use taxes, and any related penalties or interest (collectively, “Taxes”), and you will pay ComplianceMetrix all Fees without any withholding for Taxes. If ComplianceMetrix is required to collect or pay Taxes, the Taxes will be invoiced to you. You shall provide ComplianceMetrix with any information ComplianceMetrix reasonably requests to determine whether ComplianceMetrix is obligated to collect Taxes from you, including, without limitation, your relevant Tax identification number.
  15. 14. WARRANTIES.
    1. (a) During the Term, ComplianceMetrix warrants that:
      1. i. Subscription Services (other than No-Charge Services), when used as permitted by ComplianceMetrix and in accordance with the instructions in the Documentation with an Approved Browser (as defined in Exhibit B), will conform in all material respects with the applicable Service Description or Documentation for the duration of the Subscription Term; and
      2. ii. ComplianceMetrix will use commercially reasonable efforts to prevent introduction of viruses, Trojan horses, or similar harmful materials (“Malicious Code”) into the Subscription Services. For the avoidance of doubt, ComplianceMetrix is not responsible for any Malicious Code introduced by third parties, or by you or your Users.
    2. (b) During the Term, ComplianceMetrix will, at its own expense and as its sole obligation and your exclusive remedy for any breach of the foregoing warranty, correct any reproducible error in the Subscription Services reported to ComplianceMetrix by you in writing during the Subscription Term. ComplianceMetrix does not warrant your use of the Services (including Subscription Services) will be error-free or uninterrupted, and ComplianceMetrix does not warrant any sensors, instruments, equipment, or other items that are not manufactured by ComplianceMetrix and which may operate or integrate with the Services, including without limitation, the accuracy of any data collected or reported by such third-party manufactured items. 
    1. 14.1 Services Warranty. 
    2. 14.2 Professional Services Warranty. ComplianceMetrix warrants to you that the Professional Services will be performed in a professional manner consistent with the applicable Statement of Work. ComplianceMetrix shall, as its sole obligation and your sole and exclusive remedy for any breach of the warranty set forth in this Section 14.2, re-perform the Professional Services which gave rise to the breach or, at ComplianceMetrix's option, refund the Professional Services Fees paid by you for the Professional Services which gave rise to the breach; provided that you shall notify ComplianceMetrix in writing of the breach within 30 days following performance of the defective Professional Services, specifying the breach in reasonable detail.
    3. 14.3 Disclaimer. The express warranties in Sections 14.1 and 14.2 are in lieu of, and ComplianceMetrix hereby disclaims, all other warranties, express, implied, or statutory regarding the Services, Professional Services, and any other goods or services provided by ComplianceMetrix to you, including, without limitation, any warranties of merchantability, title, non-infringement, fitness for a particular purpose, that operation of the Services will be uninterrupted or error free, that all defects will be corrected, and any warranties arising from course of dealing or course of performance. Except for the express warranties stated in Sections 14.1 and 14.2, access to the Services is provided “as is” with all faults.
  16. 15. LIMITATION OF LIABILITY.
    1. (a) your misuse of the Services, acts, or omissions of your Representatives;
    2. (b) Service outage or interruption, or any damage or losses, arising from networks or websites outside of ComplianceMetrix’s control;
    3. (c) any injury, damage to property, or loss to any person in relation to your use of the Services;
    4. (d) subject to Section 11, breach of any law applicable to your business activities, including, but not limited to, any work health and safety or food safety law, in connection with your use of the Services; or
    5. (e) any loss of profits, loss of revenue, loss of anticipated savings, loss of use, loss or corruption of data, costs of delay or procurement of substitute or replacement goods and services, business interruption, failure of security mechanisms, loss of goodwill, or any form of indirect, incidental, special, consequential, or punitive damages. The foregoing limitations will apply even if ComplianceMetrix has been advised of the possibility of such damages.
    1. 15.1 To the maximum extent permitted by law, in no event will ComplianceMetrix be liable to you or any third party in connection with this Agreement, the Services, or the Professional Services, whether in contract, tort, or otherwise for:
    2. 15.2 To the maximum extent permitted by law, in no event will either party’s total aggregate liability in connection with this Agreement, the Services, or the Professional Services, exceed the total Fees actually paid to ComplianceMetrix under this Agreement during the 12-month period immediately prior to the event giving rise to the liability.
    3. 15.3 The foregoing limitations of liability in Sections 15.1 and 15.2 will not apply to any breach of Sections 2.6, 5, or 10 or the indemnity obligations under Sections 8.8 or 16.
  17. 16. INDEMNIFICATION.
    1. (a) promptly providing written notice of any such Claim to ComplianceMetrix;
    2. (b) giving ComplianceMetrix the exclusive right to control and direct the investigation, defense, or settlement of such Claim; and
    3. (c) providing all reasonably necessary cooperation and assistance to ComplianceMetrix in the defense, investigation, and settlement negotiations of the Claim at ComplianceMetrix’s request and expense.
    1. (a) procure the right for your continued use of the Subscription Services or CMX Property (as the case may be) in accordance with this Agreement;
    2. (b) replace or modify the Subscription Services or CMX Property (as the case may be) so that it becomes non-infringing; or
    3. (c) terminate this Agreement upon written notice to you and refund you the Fees paid for the applicable Subscription Services or Professional Services during the 12-month period preceding the effective date of termination.
    1. (a) or in connection with your use of No-Charge Services;
    2. (b) any use of the Services or CMX Property not in accordance with this Agreement or the Documentation or for purposes not intended by ComplianceMetrix (including, without limitation, as a result of misuse of the Subscription Service or use of the Subscription Service with any third party data (including any Shared Materials)), 
    3. (c) any use of the Services or CMX Property in combination with other products, equipment, or software not intended by ComplianceMetrix to be used with the Services or CMX Property (as the case may be) (including, without limitation, in combination with any Third Party Products other than that for which the Subscription Services were designed or provided);
    4. (d) any of Your Data;
    5. (e) any modification to the Services or CMX Property made by any party or third party other than ComplianceMetrix or its authorized agents subcontractors; or
    6. (f) in connection with circumstances covered by your indemnification obligations under Section 8.8.
    1. 16.1 Subject to Section 16.3, ComplianceMetrix will defend you against any third party claim alleging that the Subscription Services or CMX Property (as defined in Exhibit A) infringe any U.S. copyrights or any U.S. patents or misappropriate any trade secrets of a third party (a “Claim”), and will indemnify you against any damages and costs finally awarded against you by a court of competent jurisdiction that are specifically attributable to such Claim or those damages and costs agreed to in writing by ComplianceMetrix in a monetary settlement of such Claim. The foregoing obligations are conditioned on you:
    2. 16.2 In the event the Subscription Services (or any portion thereof) or CMX Property becomes, or in ComplianceMetrix’s opinion is likely to become, the subject of an infringement claim, ComplianceMetrix may, in its sole discretion at its expense:
    3. 16.3 Notwithstanding the foregoing, ComplianceMetrix will have no obligation under this Section 16 or otherwise with respect to any infringement claim based upon:
    4. 16.4 THIS SECTION 16 CONSTITUTES YOUR EXCLUSIVE REMEDY AND COMPLIANCEMETRIX’S ENTIRE LIABILITY, FOR ANY INFRINGEMENT CLAIMS AND ACTIONS.
  18. 17. TERM.
    1. 17.1 This Agreement commences on the Effective Date and will continue in effect so long as any Subscription Terms, Orders, or Statements of Work remain in effect, unless otherwise terminated in accordance with this Agreement (“Term”).
    2. 17.2 Unless otherwise set out in the relevant Order, each Subscription Term will automatically renew for periods equal to the initial Subscription Term at the then-current rates unless either party elects not to renew the Subscription Term by providing written notice to the other party at least 90 days prior to the expiration of the then-current Subscription Term, in which case your subscription will expire at the end of the then-current Subscription Term. Notwithstanding the foregoing, the term of each Statement of Work shall be set forth in such Statement of Work.
  19. 18. TERMINATION AND SUSPENSION.
    1. (a) the other party is in material breach of this Agreement and does not cure the breach within 30 days after written notice of the breach (10 days for nonpayment of any amounts past due); or
    2. (b) if the other party ceases to operate, has an administrator appointed, enters a deed of company arrangement, or other form of administration involving one or more of its creditors, is subject to an order that it be wound up, declared bankrupt, or that a liquidator or receiver be appointed, or otherwise becomes insolvent or is unable to meet its financial obligations.
    1. (a) you are in material breach of this Agreement more than two times during the Term notwithstanding any cure of such breaches;
    2. (b) you have failed to pay any Fees within 30 days after the relevant due date;
    3. (c) you infringe ComplianceMetrix’s Intellectual Property Rights; or
    4. (d) your use of the Services or Professional Services breaches any applicable law or any of the ComplianceMetrix Policies.
    1. (a) ComplianceMetrix will continue to charge you Fees during the suspension period and you must pay any outstanding Fees prior to ComplianceMetrix resuming the provision of the Services; and
    2. (b) ComplianceMetrix will only resume the provision of the Services once you have cured (to ComplianceMetrix’s reasonable satisfaction) the matter that caused the suspension.
    1. 18.1 You may terminate Subscription Services at any time by written notice or by following the online process specified on the CMX1 Platform for canceling your Subscription Term. If you choose to terminate this Agreement in accordance with this Section 18.1, you will not be entitled to any credits or refunds as a result of such termination.
    2. 18.2 Either party may terminate this Agreement, or any particular Order(s) or Statement(s) of Work, immediately upon providing notice to the other party if:
    3. 18.3 ComplianceMetrix may suspend the Services (including any of Your Accounts) immediately, or terminate this Agreement in whole or part, including any particular Order(s) or Statement(s) of Work, if:
    4. 18.4 ComplianceMetrix will notify you of any suspension or termination under Section 18.3 (where practicable).
    5. 18.5 If ComplianceMetrix suspends your use of the Services pursuant to its rights under this Agreement:
  20. 19. EFFECT OF TERMINATION.
    1. (a) subject to any further access to the Subscription Services granted by ComplianceMetrix under Section 19.2(b), all rights granted by ComplianceMetrix to you in this Agreement will immediately cease to exist and you and your Users must cease all access to and use of the relevant Services, Your Modifications, and any Shared Materials;
    2. (b) if the Agreement or any Order or Statement of Work is terminated in accordance with Section 18.2:
      1. i. by you for ComplianceMetrix’s breach, then ComplianceMetrix will refund any prepaid, unused Fees that relate to the terminated Subscription Services; or
      2. ii. by ComplianceMetrix for your breach, then you must pay to ComplianceMetrix any and all outstanding Subscription Services Fees due for the remaining duration of any Subscription Term, and any Professional Services Fees that have accrued as of the effective date of termination, in each case, which will become immediately due and payable upon termination;
    3. (c) subject to Section 19.1(d), you shall delete any software or other materials that ComplianceMetrix has provided to you, or made accessible for download by you, for use in connection with the Services (including any Shared Materials) and Professional Services from any Devices; and
    4. (d) you shall return, or if requested by ComplianceMetrix, destroy all copies of the Offline Module, Documentation, and all of ComplianceMetrix’s Confidential Information in your possession or control and provide written certification to ComplianceMetrix that you have done so.
    1. (a) deleted (or fail to provide ComplianceMetrix notice of your election), then ComplianceMetrix will delete Your Data by removing pointers to it on ComplianceMetrix’s active and replication servers and overwriting it over time; or
    2. (b) returned, ComplianceMetrix will, at your election, and at no additional charge, transfer any of Your Data (in ComplianceMetrix's then-current standard XML format) to any of your designated and owned Amazon AWS S3 Bucket, or SFTP site with adequate storage space. Any other transfer of Your Data shall be subject to your payment of ComplianceMetrix's then-current applicable Fees. If you do not opt for the above transfer method, ComplianceMetrix will provide you with access to the relevant Subscription Service (other than a No-Charge Service) to access Your Data during the Transition Period provided that you continue to pay ComplianceMetrix the then-current rates for the applicable Subscription Services in respect of that period. ComplianceMetrix reserves the right, without providing any notice to you, to delete any and all of Your Data following the Transition Period
    1. 19.1 Upon the date that this Agreement expires or is terminated, then:
    2. 19.2 Within the 30-day period following the effective date of expiration or termination of this Agreement (the “Transition Period”), you shall notify ComplianceMetrix if you would like Your Data returned to you or deleted. If you notify ComplianceMetrix that you elect to have Your Data:
    3. 19.3 The following provisions will survive any termination or expiration of this Agreement: Sections 1, 2.6, 6, 7, 8, 9, 10, 13, 14.3, 15, 19, 20, 22, and any other Sections which by intent or meaning have validity beyond termination or expiration of this Agreement, together with any accrued payment obligations.
  21. 20. NON-SOLICITATION. During the Term of this Agreement and for 6 months thereafter, neither party may directly solicit for hire as an employee, any of the other party’s personnel (including, but not limited to, employees and independent contractors) who have had material direct involvement with the business relationship between the parties. Should either party wish to employ a person covered by this Section, they may only do so with the other party’s express written consent. Any violation of this provision shall constitute a material breach of this Agreement, and upon any such breach, the breaching party shall pay to the other party, liquidated damages consisting of the amount of all compensation (e.g., salary, bonuses, fees, etc.) paid or to be paid by the breaching party to the person during the first 12 months after such person was hired/retained by the breaching party. Each party acknowledges and agrees that the amount of liquidated damages stated herein is a good faith estimate of the training and personnel related investment costs the non-breaching party will lose if its employee or independent contractor is hired or retained by the breaching party. In the event this Section is deemed unenforceable for any reason, each party shall nevertheless be entitled to recover its actual damages resulting from the other party’s breach.
  22. 21. AMENDMENTS. ComplianceMetrix may update or modify the terms of the ComplianceMetrix Policies and any other documents reference in this Agreement (including the Service Descriptions or Documentation) to respond to changes in ComplianceMetrix’s products, services, business, or as required by law, by giving notice to you. 
  23. 22. GENERAL.
    1. (a) privacy@cmx1.com, if the inquiry is related to privacy or your Personal Information;
    2. (b) support@cmx1.com, if the inquiry is related to support or billing; or
    3. (c) legal@cmx1.com for all other inquiries. 
    1. 22.1 This Agreement shall not be construed to limit or prohibit ComplianceMetrix in any manner or fashion in providing products or services of any type of nature including those identical to the Services to any other customer in its sole discretion.
    2. 22.2 The relationship of the parties established under this Agreement is that of independent contractors and neither party is a partner, employee, agent, or joint venture partner of or with the other, and neither party has the right or authority to assume or create any obligation on behalf of the other party.
    3. 22.3 This Agreement will be governed by and interpreted in accordance with the laws of California, without reference to its choice of laws rules. The United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement. Any action or proceeding arising from or relating to this Agreement shall be brought in a federal or state court in San Diego, California, and each party irrevocably submits to the jurisdiction and venue of any such court in any such action or proceeding.
    4. 22.4 If any provision of this Agreement is held to be invalid, illegal, or unenforceable that provision shall be changed and interpreted to accomplish the objectives of such provision to the greatest extent possible under applicable law and the remainder of this Agreement shall continue in full force and effect and shall be construed in a manner as to give greatest effect to the original intention of this Agreement.
    5. 22.5 All waivers must be in writing. The failure of either party to exercise any right provided in this Agreement in any instance will not be deemed to be a waiver of such right.
    6. 22.6 Except where an exclusive remedy is expressly specified in this Agreement, the parties’ rights and remedies under this Agreement are cumulative and the exercise by either party of any remedy, including termination, will be without prejudice to any other remedies it may have under this Agreement, by law, or otherwise. If any legal action is brought by a party to enforce this Agreement, the prevailing party will be entitled to receive its attorneys’ fees, court costs, and other collection expenses, in addition to any other relief it may receive.
    7. 22.7 Except for any payment obligations, neither party will be liable hereunder by reason of any failure or delay in the performance of its obligations hereunder for any cause which is beyond the reasonable control of such party (for example, natural disaster, act of war or terrorism, pandemic, riot, labor condition, governmental action, power interruption, telecommunication, data, and internet disturbance) (“Force Majeure Event”).
    8. 22.8 Your use of any website or software that is not provided by ComplianceMetrix to access or download the Services will be governed by the terms and conditions applicable to that website or software. ComplianceMetrix is not responsible for any consequences resulting from the use of such website or software, including but not limited to any damage to your property, including your Device, or the transfer of any computer virus or similar malicious code, except to the extent such consequences are caused by the Services.
    9. 22.9 Any notices to you may either be posted on the CMX1 Platform, or given in writing (which may be by email) to the address last notified by you to ComplianceMetrix. Any notices, consents, and approvals for ComplianceMetrix hereunder must be delivered in writing by courier or nationally/internationally recognized overnight delivery service or by certified or registered mail (postage prepaid and return receipt requested) to: ComplianceMetrix, Inc., Attention: Legal Department, 4180 La Jolla Village Drive, Suite 570, La Jolla, CA 92037; and any questions, concerns, or complaints relating to the Services must be in writing and addressed to:
  24. Either party may change its address by giving notice of the new address to the other party.
    1. 22.10 Each party agrees to use commercially reasonable efforts to resolve any dispute arising out of or relating to this Agreement with the other party prior to resorting to any external dispute resolution process or court proceedings.
    2. 22.11 This Agreement, and any rights or obligations hereunder, may not be transferred or assigned by either party without the prior express written consent of the other party (which consent shall not be unreasonably withheld or delayed) except that ComplianceMetrix may assign its rights and obligations under this Agreement to a parent, affiliate, or subsidiary, or to a successor, whether by way of merger, sale of all or substantially all of its assets, or otherwise. Any attempted assignment of this Agreement not in accordance with this subsection shall be null and void.
    3. 22.12 This Agreement (including all exhibits and attachments) contains the entire understanding between the parties regarding the subject matter of this Agreement and supersedes all prior or contemporaneous agreements, understandings, and communication, whether written or oral regarding such subject matter. For the avoidance of doubt, resellers (if any) of the Services are not authorized to modify the terms of this Agreement or make any representations, undertakings, or other legally binding commitments on behalf of ComplianceMetrix. This Agreement may be amended only by a written document signed by both parties. 
    4. 22.13 If this Agreement is translated into any language other than English, the English text will govern unless expressly stated otherwise in the translation.

 

Exhibit B - CMX1 Product Module and Support

 

PART I: CMX1 SERVICES

 

  • General
    • The terms of this CMX1 Product Module apply to CMX1 Services.
    • “CMX1 Services” means the provision of the online Subscription Services known as “CMX1” available through the CMX1 Platform, as further described in the Service Description at https://www.cmx1.com/solutions.
  •  
  • CMX1 Services
  • ComplianceMetrix will make CMX1 Services available to you on Devices owned or controlled by you or your Users during the Subscription Term.
  • CMX1 Disclaimer
     You acknowledge and agree that:
    • you are using the CMX1 Services at your own risk;
    • the CMX1 Services are not a substitute for professional advice; and
    • you are solely responsible for the use of the CMX1 Services and agree that any safety audits, training courses, or incidents conducted using the CMX1 Services are only part of establishing a safe system of work, which would typically require you to undertake additional and comprehensive gap analysis and risk assessments along with specific safe work method statements and safety training. 
  •  
  • PART II: SUPPORT
  •  
  • As part of the support services for the CMX1 Services, ComplianceMetrix will use commercially reasonable efforts to: (a) ensure that the Software is accessible through the Site over normal network connections, excepting downtime due to necessary maintenance and troubleshooting; (b) maintain the security of the CMX1 Services; (c) provide telephone, e-mail and web-based support services during ComplianceMetrix’s regular business hours for Software related questions and (d) make available Updates in accordance with ComplianceMetrix’s schedule but in no case later than general availability provided to ComplianceMetrix’s other customers.  “Update” means subsequent maintenance releases of the Software and bug fixes and patches that ComplianceMetrix generally makes available to other customers of the CMX1 Services for no additional fee. Updates shall not include any Module, release, option, or future product which ComplianceMetrix makes available as part of the CMX1 Services for an additional fee.
  • Without limiting the foregoing, ComplianceMetrix shall use commercially reasonable efforts to meet the following service levels. In the event that ComplianceMetrix fails to achieve the applicable service level, you will be entitled, as your sole and exclusive remedy, to a credit in accordance with the terms set forth in this Exhibit B. ComplianceMetrix’s system logs and other records shall be used for calculating any service level events.  
  • Service Levels:

    Service Level

    Description and Measurement Method

    Target Service Levels

    Minimum Service Levels

    System Availability

    The percentage of time that the CMX1 Services are in service and fully available for access and data input by Users

    100%

    99%


    Classification of Severity for Support Cases:

    Severity

    Description

    Service-Level Agreement (SLA)

    S1-Critical

    A problem for which there is no known Workaround and which (a) prevents the execution of a Primary Function for a majority of Users, or (b) results in data corruption or crash.

    Response: 15 Minutes
    Workaround: 10 Hours
    Status Update: 2 Hours
    Resolution: 24 Hours 90% of the time

    S2 - Urgent

    A problem which (a) causes difficulty in execution of a Primary Function or (b) prevents the execution of a Secondary Function, and as to any of the preceding, for which there is no known Workaround.

    Response: 30 Minutes
    Workaround: 24 Hours
    Status Update: 4 Hours
    Resolution: 3 Days 90% of the time

    S3 - High

    A problem which causes difficulty in execution of a Secondary Function, but for which there is a Workaround, although with significant User inconvenience

    Response: 24 Hours
    Workaround: 5 Days
    Status Update: 3 Days
    Resolution:  14 Days 80% of the time

    S4 - Medium

    A problem which causes inconvenience, but for which there is an acceptable Workaround. 

    Response: 96 Hours
    Workaround: 8 Days
    Status Update: 10 Days
    Resolution:  30 Days 80% of the time


    Definitions:

    • “Excused Delay” means any failure or delay which is beyond the reasonable control of ComplianceMetrix, including, without limitation, acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems, telecommunications failures or delays, computer failures involving hardware or software not within CMX’s possession or reasonable control, and acts of vandalism (including network intrusions and denial of service attacks), but only if such unavailability results notwithstanding the exercise of reasonable care and diligence to avoid or mitigate the same in anticipation of or in response to such causes. Excused Delay shall also include downtime due to necessary maintenance and troubleshooting.
    • “Primary Function” means a function that is essential and represents a significant amount of your utility gains from the CMX1 Services, which if not supported, would have a serious detrimental impact.
    • “Secondary Function” means a function that is not frequently used or does not represent an essential function of the CMX1 Services.
    • “Workaround” means a feasible change in operating procedures whereby a User can avoid the deleterious effects of a non-conformance without material inconvenience.
    • “Day” means a 24 period starting at the submission of case via the CMX support portal

    Defined Services:

    Service

    Description

    Tier 2 & Above Support for Core Product

    CMX will support Levels 2-3 as defined in section Exhibit B: CMX Support Tiers section. The scope of support is intended for core functionality for the CMX platform as well as any custom features delivered by CMX during the onboarding process

    Single point of entry from client

    CMX will provide a single point of entry for all support tickets. All tickets will be submitted via the CMX Support Desk and CMX's SLA's as defined in Exhibit B will apply to all tickets. Any communication done outside of the Support Desk will not guarantee the SLA's defined for the customer.

    Train, Do, Teach

    CMX training model is to provide training to our customers via online presentations demonstrating the proper way to use our products. The second phase is for the customer to perform the activities demonstrated and ask any questions necessary. The final phase is for the customer to start training and teaching their internal teams to use the CMX products.

    Access to KB

    Access to our knowledge base will be provided inside in the Help Center inside as part of the CMX Support Desk. Access to the knowledge base is unlimited and any questions that you are unable to find the answer for can be asked via our support systems.

    Customer Success

    CMX will assign Customer Success resources during the implementation process and turn over the customer engagement to CS upon delivery of products.




    CMX Support Tiers

    Tier 1 (Client)

    Tier 2 (CMX)

    Tier 3 (CMX)

    Help desk resolution and service desk delivery

    In-depth technical support

    Expert product and service support

    Support for basic customer issues such as solving usage problems and fulfilling service desk requests that need IT involvement.

     

    If no solution is available, tier 1 personnel escalate incidents to a higher tier.

    Experienced and knowledgeable technicians assess issues and provide solutions for problems that cannot be handled by tier 1.

     

    If no solution is available, tier 2 support escalates the incident to tier 3.

    Access to the highest technical resources available for problem resolution or new feature creation.

     

    Tier 3 technicians attempt to duplicate problems and define root causes, using product designs, code, or specifications.

     

    Once a cause is identified, the company decides whether to create a new fix, depending on the cause of the problem. New fixes are documented for use by Tier 1 and Tier 2 personnel.


    Scheduled Maintenance:


    All scheduled and emergency maintenance will be communicated via the CMX Status system located at: https://status.cmx1.com/. To receive updates please register any email addresses who would like to be informed of CMX updates.

    1. Scheduled “Routine” Maintenance: Scheduled, routine maintenance occurs nightly, and is required to ensure performance, availability, and recoverability of the system.  It includes (but is not limited to) activities such as (a) backups, (b) log-pruning, (c) database indexing and query optimization.  Maintenance under this category is architected to have minimal impact on any given client site and scheduled during hours to have no impact on customers Regular Business Hours.  
      1. Scheduled Routine Maintenance is performed daily, shall start no earlier than 8:00 pm PST and finish no later than 2:00 am PST and impact to clients, if any, will be “momentary.”  This activity is designed to go unnoticed by the client, but CMX does not provide this guarantee. 
      2. Scheduled Routine Maintenance performed each week on Saturday, is a higher-impact activity. It shall start no earlier than 8:00 pm PST and finish no later than 2:00 am PST, and may impact individual clients for up to 15 minutes. 
      3. Scheduled “Non-Routine” Maintenance: From time-time-time, CMX may be required to perform “Non-routine” Maintenance.  In the event that Non-Routine Maintenance is required, CMX shall notify Customer via out status page 2 business days in advance. The communication shall include: (a) why the maintenance is required, (b) the impact to clients, (c) the anticipated risk. Such maintenance shall not be counted against the Uptime SLA provisions, provided Customer agrees in writing. 
    2. Emergency Maintenance: If CMX needs to bring the system offline to conduct emergency maintenance, CMX will provide a detailed description of the change as well as the reason for the change and the impact if the change is not made. Such downtime will be counted towards the Uptime SLA unless it meets one or more of the Exceptions defined under the CREDIT WAIVERS AND EXCEPTIONS.

     


    Credits Waivers and Exceptions: 

    Waivers:  Customer may waive any obligation of CMX to pay any Credit, but no such waiver shall be binding or effective unless given in writing, and no such waiver shall constitute a continuing waiver of CMX obligation to pay Service Level Credits. 

    Exceptions: CMX shall not be responsible for a failure to meet any Service Level to the extent such failure is directly attributable to any of the following:

    • Customers acts, errors, omissions, or breaches of this Agreement;
    • Willful misconduct or violations of law by Customer or Other Suppliers;
    • service or resource reductions requested or approved by Customer and agreed to by the parties through operational change control procedures, provided that CMX has previously notified Customer in writing as a part of such operational change control procedures that the implementation of such request might result in a failure to meet Service Levels;
    • Failure of CMX to repair service that has been identified and agreed in writing by Customer to be unserviceable;
    • Execution of the Disaster Recovery Plan, the execution of which is in accordance with the Disaster Recovery Plan;
    • A Force Majeure Event; or failures or delays, computer failures involving hardware or software not within CMX’s possession or reasonable control, and acts of vandalism (including network intrusions and denial of service attacks), but only if such unavailability results notwithstanding the exercise of reasonable care and diligence to avoid or mitigate the same in anticipation of or in response to such causes.  Excused Delay shall also include downtime due to necessary maintenance and troubleshooting.
    • A failure for which Customer has given CMX a written exemption.


    Exclusive Remedy:

    If ComplianceMetrix fails to meet any of the above “Minimum Service Levels” during any calendar month, and such failure is not excused due to any Excused Delay, you shall promptly notify ComplianceMetrix in writing of such failure, but in any event within 15 days following the end of the applicable month, and you may choose to request a service credit to be applied against future payments that become due from you to ComplianceMetrix under this Agreement. Such service credit shall be computed as follows:

    • For System Availability:  The ratio of unavailable minutes to total potentially available minutes (net of Excused Delays) in the applicable calendar month during which the Minimum Service Level was not met multiplied by the monthly fees due for such month; provided, however, in no event will the service credit due exceed 10% of the applicable monthly fees.  
    • For Support and Help Desk Response Times:  1% for each full hour during any calendar month that the Minimum Service Level was not met multiplied by the monthly fees due for such month; provided, however, in no event will the service credit due exceed 10% of the applicable monthly fees.  

    Notwithstanding anything to the contrary, the foregoing credits will be your sole and exclusive remedy with respect to any unscheduled downtime or any failure by ComplianceMetrix to meet any Minimum Service Level and in no event will the cumulative service credits for any calendar month exceed 10% of the applicable monthly fees.  

    Approved Browsers:

    To maximize the ComplianceMetrix’s ability to adequately support your needs, ComplianceMetrix uses statistical data from web visitors and registered users to identify the web browsers used by ComplianceMetrix’s target audience. ComplianceMetrix regularly reviews this data to determine which browsers are eligible for support. Due to their wide applicability across a vast number of technologies, browsers are continuously evolving. In order to maintain parity with industry standards, ComplianceMetrix maintains compatibility with a limited number of browser technologies and versions. Additionally, to safeguard Your Data, only browsers which receive security updates from the browser manufacturer are considered for support. Below is a list of the desktop browsers supported by ComplianceMetrix (“Approved Browsers”).

    Current Active Support (Desktop Browsers)

    Edge

    Chrome

    Firefox

    Safari

    (Current - 1) or Current

    (Current - 1) or Current

    (Current - 1) or Current

    (Current - 1) or Current


    “(Current - 1) or Current” denotes that we support the current stable version of the Approved Browser and the version that preceded it. For example, if the current version of an Approved Browser is 24.x, supports the 24.x and 23.x versions.

    Any problem with the CMX1 Services when utilizing Approved Browsers that meet this criteria shall be considered a bug and you shall report such bug to ComplianceMetrix.

    Unsupported Browsers

    You may install and operate the CMX1 Services on versions of browsers that do not meet the Approved Browser criteria. If you use any browser other than an Approved Browser in connection with the CMX1 Services (i) ComplianceMetrix shall not be responsible for meeting the service level commitments set forth herein, and (ii) you assume all responsibility for any performance issues, loss or corruption of data, and any other damages caused as a direct or indirect consequence of such usage. 

    Native App / Device Specification:

    Operating systems and devices are subject to frequent change, due to their wide applicability across a vast number of technologies and commercial use cases. Given the vast combinations of operating systems and devices, ComplianceMetrix maintains compatibility with a limited number of operating systems (each an “Approved Operating System”) and devices (each an “Approved Device”) for use with the Offline Module. Further, in order to ensure compatibility between the CMX1 Services and the Offline Module, ComplianceMetrix performs extensive testing of the CMX1 Services on combinations of Approved Operating Systems and Approved Devices, which it deems suitable for the intended use. The testing is performed in a controlled technical environment and requires (i) an Approved Device certified and approved by ComplianceMetrix, (ii) an Approved Operating System approved and certified by ComplianceMetrix, (iii) installation of an Approved Operating System on an Approved Device, (iv) installation of approved version of the CMX1 Services on an Approved Device, and (v) no additional third-party applications installed on the Approved Device. When ComplianceMetrix has verified the satisfactory performance of the CMX1 Services through an Offline Module in the aforementioned technical environment, items (i) – (v) will be considered a supported “Native App / Device Specification.”

    To clarify, a supported Native App / Device Specification means the following conditions are in place:

    • Approved Operating System
    • Approved Device
    • No third-party software installed on such Approved Device
    • Approved version of CMX1 Services installed on such Approved Device

    ComplianceMetrix will furnish a then-current list of supported Native App / Device Specifications upon request from you at any time. If you use the Offline Module on un-supported Native App / Device Specifications (i) ComplianceMetrix shall not be responsible for meeting the service level commitments set forth herein, and (ii) you assume all responsibility for any performance issues, loss or corruption of data, and any other damages caused as a direct or indirect consequence of such usage