Live Webinar: Learn About Practical AI Applications in CRE Register
Last Updated on Jun 12, 2025
This Master Services Agreement (the “Agreement”), together with all Order Forms (as defined below), govern Customer’s access and use of the Services (defined below) offered by Dealpath Inc. (“Dealpath”) and Dealpath’s website located at www.dealpath.com and all subdomains thereof (the “Site”), unless Dealpath and Customer (as defined below) have entered into a separate written agreement governing Customer’s access and use of the Services. This Agreement commences on the Order Form Effective Date of the initial Order Form.
NOW, THEREFORE, the Parties hereby agree as follows:
1. DEFINITIONS
1.1 “Affiliate” means, with respect to any entity, any other entity directly or indirectly controlling or controlled by, or under direct or indirect common control with, such entity. For purposes of this definition, an entity will control another entity if the first entity: (i) owns more than fifty percent (50%) of the voting securities of the other entity; or (ii) has the ability to elect a majority of the board of directors of the other entity.
1.2 “Authorized User” means an individual (i) to whom Customer (or, when applicable, Dealpath at Customer’s request) has assigned a unique username-password combination to access and use the Services; and (ii) who has registered to access and use the Services.
1.3 “Customer Data” means all data and information input or submitted by Customer, or Authorized Users on Customers behalf, into the Services.
1.4 “Fees” means the fees described in the applicable Order Form.
1.5 “Intellectual Property Rights” means patent rights (including, without limitation, patent applications and disclosures), trademark rights, copyrights, trade secrets, moral rights, know-how, and any other intellectual property rights recognized in any country or jurisdiction in the world.
1.6 “Order Form” means an Order Form executed by the Parties which explicitly references this Agreement. Each fully executed Order Form is incorporated by reference into this Agreement.
1.7 “Order Form Effective Date” means the Effective Date for Order Form #1 and the date set forth in the applicable Order Form for all subsequent Order Forms.
1.8 “Order Form Initial Term” means the initial term of an Order Form as set forth therein.
1.9 “Order Form Renewal Period” means the renewal period of an Order Form as set forth therein.
1.10 “Order Form Term” means, with respect to an Order Form, the Order Form Initial Term together with any Order Form Renewal Periods.
1.11 “Professional Services” means any professional services set forth in the applicable Order Form, including but not limited to the implementation services performed by Dealpath to configure and rollout the Services to Customer, as described in the applicable Order Form.
1.12 “Service Level Agreement” means service level agreement set forth in Exhibit A.
1.13 “Services” means Dealpath’s cloud-based collaboration and workflow platform for real estate investment professionals accessible through the Site, as more particularly described and identified in the applicable Order Form. The Services include Professional Services where applicable in this Agreement.
1.14 “Site” means Dealpath’s website located at https://www.dealpath.com.
2. SERVICES
2.1 Professional Services. If an Order Form includes Professional Services, Dealpath will provide the Professional Services to Customer in accordance with this Agreement and the applicable Order Form.
2.2 Services. Dealpath will provide the Services to Customer in accordance with this Agreement, including without limitation the Service Level Agreement and the applicable Order Form. Subject to Customer’s compliance with this Agreement, Dealpath hereby grants Customer a limited, non-exclusive, non-transferable, non-sublicensable, worldwide license to access and use the Services during the applicable Order Form Term solely for Customer’s business purposes, and such access and use is expressly limited to: (i) the number of Authorized Users for which Customer has paid the applicable Fees; and (ii) the scope of access and functionality designated in the applicable Order Form for each category of Authorized User.
2.3 Authorized Users. An Authorized User may be an employee, independent contractor, or service provider of Customer; provided that each Authorized User must be an individual and may only use the Services on behalf of the Customer. Customer will at all times be responsible and liable hereunder for all actions or omissions (i) of any Authorized User or (ii) under an Authorized User’s account, whether such action or omission was by an Authorized User or another individual or entity, and whether or not such action or omission was authorized by an Authorized User or Customer. During the Order Form Initial Term or any Order Form Renewal Period, as applicable, Customer may, in its discretion, add additional Authorized Users in accordance with the process and prices described in the relevant Order Form. Upon each Order Form Renewal Period, subject to written notice at least thirty (30) days prior to the start of an Order Form Renewal Period, Customer may decrease its number of Authorized Users for each User Category and the applicable Fees will be adjusted accordingly.
2.4 Affiliates. An Affiliate of Customer may procure Services from Dealpath under this Agreement by executing an Order Form between Dealpath and Customer’s Affiliate for the Services to be provided. The fully executed Order Form and the provisions hereof will be deemed to be a binding two-party agreement between Customer’s Affiliate and Dealpath, and for the purposes of such Order Form all references to Customer in this Agreement will be deemed to mean Customer’s Affiliate agreeing to such Order Form. Customer will be responsible and liable hereunder for any act or omission of Customers’ Affiliates to the same extent as if Customer had directly engaged in such act or omission.
2.5 Restrictions. Customer shall not allow access to or use of the Services by anyone other than Authorized Users, and shall not allow an Authorized User to access the Services beyond the functionality scope set forth for the User Category designated for such Authorized User. Customer will not at any time, and will not permit any individual or entity (including, without limitation, Authorized Users) to, directly or indirectly: (i) use the Services in any manner beyond the scope of rights expressly granted in this Agreement; (ii) copy, modify, distribute, or create derivative works of the Site, Services, or any software used to provide the Services; (iii) reverse engineer, disassemble, decompile, decode or otherwise attempt to derive or gain improper access to any software component of the Services, in whole or in part; (iv) frame, mirror, sell, resell, reproduce, loan, publish, distribute, assign, transfer, rent, or lease use of the Services to any third-party, provide access to the Site or Services on a time-share or service bureau basis, or otherwise allow any third-party to use the Services for any purpose other than for the benefit of Customer in accordance with this Agreement; (v) use the Services in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any third-party, or that violates any applicable law; (vi) interfere with, or disrupt the integrity or performance of, the Services, or any data or content contained therein or transmitted thereby; (vii) access or search the Services (or download any data or content contained therein or transmitted thereby) through the use of any engine, software, tool, agent, device or mechanism (including spiders, robots, crawlers or any other similar data mining tools) other than software or Services features provided by Dealpath for use expressly for such purposes; (viii) transfer any of its rights hereunder except as set forth in Section 11.9 (Assignment), (ix) use the Services to transmit any bulk unsolicited commercial communications, or (x) use the Services for benchmarking or competitive analysis, or to develop, commercialize, license or sell any product, service or technology that could, directly or indirectly, compete with the Services.
2.6 Data Protection and Security. Each Party will comply with its obligations set forth in the Data Protection Addendum attached hereto as Exhibit B.
2.7 Third-Party Services. Certain features and functionalities within the Services may allow Customer and its Authorized Users to interface or interact with, access and/or use compatible third-party services, products, technology, data, and content (collectively, “Third-Party Services”) through the Services. Dealpath makes the APIs available to Customer to connect with Third-Party Services that are set forth in the applicable Order Form, and such APIs are provided hereunder as part of the Services. However, Dealpath does not provide any aspect of the Third-Party Services and is not responsible for any compatibility issues, errors or bugs in the Third-Party Services caused in whole or in part by the Third-Party Services or any update or upgrade thereto. Customer is solely responsible for maintaining the Third-Party Services and obtaining any associated licenses and consents necessary for Customer to use the Third-Party Services in connection with the Services.
2.8 Acceptable Use Policies. Customer acknowledges and agrees that Dealpath has no obligation to monitor or police communications or data transmitted through the Site or Services and that Dealpath shall not be responsible for the content of any such communications or transmissions. However, Dealpath has the right to monitor the foregoing for the purpose of operating the Site and Services, to ensure compliance with this Agreement, and to comply with applicable law or other legal requirements. Customer and its Authorized Users shall use the Site or Services exclusively for authorized and legal purposes, consistent with all applicable laws, regulations and the rights of others. Customer and its Authorized Users shall not use the Site or Services to transmit any bulk unsolicited commercial communications.
3. CUSTOMER OBLIGATIONS
3.1 Cooperation and Assistance. Customer shall at all times provide Dealpath with good faith cooperation and assistance and make available such information, facilities, Customer personnel and equipment as may be reasonably required by Dealpath in order to provide the Services (and, if applicable, Professional Services), including, but not limited to, providing Customer Data, security access, information and, as necessary, software interfaces to Customer’s business applications (provided that such cooperation, assistance and resources shall be at all times subject to and in accordance with Customer’s facility, workplace, internet usage, and other internal policies provided to Dealpath in writing). Additionally, Customer shall be solely responsible for acquiring and maintaining all telecommunications and Internet services and other hardware and software required to access and use the Services, including, without limitation, any and all costs, fees, expenses, and taxes of any kind related to the foregoing.
3.2 Marketing Support. Customer grants to Dealpath a non-exclusive, non-transferable (except as permitted under Section 11.9), limited right to use Customer’s name, trademarks, and logos (collectively, the “Customer Marks”) on Dealpath’s web sites and in the production of marketing materials, provided that (i) such use is in accordance with the trademark and logo use guidelines that Customer provides to Dealpath, and (ii) such consent/grant may be given, withheld, or withdrawn at any time in Customer’s sole and absolute discretion. All goodwill developed from such use shall be solely for the benefit of Customer.
3.3 Enforcement. Customer shall keep confidential and not disclose to any third-parties (except for third-party Authorized Users), and shall ensure that Authorized Users keep confidential and do not disclose to any third-parties (except for third-party Authorized Users), any user identifications, account numbers and account profiles. Customer shall ensure that all Authorized Users comply with the terms and conditions of this Agreement, including, without limitation, with Customer’s obligations and the restrictions set forth in Sections 2.5 (Restrictions). Customer shall promptly notify Dealpath of any reasonable suspicion or reasonably alleged material violation of this Agreement by Customer or an Authorized User and shall reasonably cooperate with Dealpath with respect to: (a) investigation by Dealpath of any such suspected or alleged violation of this Agreement and (b) any action by Dealpath to enforce this Agreement. Dealpath may suspend or terminate any Authorized User’s access to the Services upon notice to Customer in the event that Dealpath reasonably determines that such Authorized User this Agreement or of any other agreement between Dealpath and such Authorized User pursuant to which such Authorized User is permitted to access and use the Services.
3.4 Customer Data. Customer hereby grants Dealpath a right and license to copy, use, display, perform and modify the Customer Data solely to perform its obligations under this Agreement, including to provide the Services. Customer is responsible for providing all Customer Data in the appropriate format and the means by which the Customer Data was acquired, and for providing any notices, and obtaining any necessary rights, consents, and licenses for Dealpath to use the Customer Data in accordance with this Agreement.
4. FEES; EXPENSES; TAXES
4.1 Fees. In consideration for Dealpath providing the Services and, if applicable, Professional Services, Customer shall pay to Dealpath the Fees in accordance with the terms set forth in the applicable Order Form.
4.2 Invoices; Payment; Late Payment. Unless otherwise set forth in an Order Form, (a) Dealpath shall invoice Customer annually for all Fees and applicable Taxes (as defined in Section 4.3), and including any related interest and/or penalties), due in that period, and (b) each invoice is due and payable thirty (30) days following Customer’s receipt of a duly issued invoice. If Dealpath has not received payment within thirty (30) days after the due date and Customer has not reasonably disputed an invoice, interest shall accrue on such undisputed past due amounts at the rate of one and one-half percent (1.5%) per month, but in no event greater than the highest rate of interest allowed by applicable law, calculated from the date such amount was due until the date that payment is received by Dealpath. Dealpath may also suspend Customer’s access to the Services until all payments are made in full.
4.3 Taxes. All Fees and other amounts stated or referred to in this Agreement are exclusive of all taxes, duties, levies, tariffs, and other governmental charges (including, without limitation, VAT) (collectively, “Taxes”). Customer shall be responsible for payment of all Taxes and any related interest and/or penalties resulting from Customer’s use of the Services, other than any taxes based on Dealpath’s income.
5. PROPRIETARY RIGHTS.
5.1 Services. Dealpath shall own and retain all right, title and interest in and to: (a) the Services, and all improvements, enhancements, updates, and modifications thereto, and any derivative works of the foregoing; (b) any underlying software, algorithms, interfaces, databases, tools, know-how, processes, methods, applications, inventions or other technology used to deliver the Services; and (c) all Intellectual Property Rights in and to any of the foregoing (collectively “Dealpath IP”). Dealpath may also make available data from third party partners, and such partners retain ownership of all data so provided.
5.2 Customer Data. Customer shall own and retain all right, title and interest in and to the Customer Data; provided that Dealpath may collect, generate, process and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies, including without limitation learnings, analytics, algorithms, benchmarking data and other information derived therefrom (collectively, “Usage Data”). Usage Data shall be in an aggregated and de-identified form. Dealpath agrees that it will not use Usage Data in a manner that would permit reverse engineering of Usage Data such that Customer (or its Authorized Users) can be identified as the source of such data.
5.3 Feedback. From time to time Customer or its employees, contractors, or representatives may provide Dealpath with suggestions, comments, feedback or the like with regard to the Services, Professional Services, or other products or services of Dealpath (collectively, “Feedback”). To the extent that Customer provides to Dealpath any Feedback, Customer grants Dealpath a non-exclusive, worldwide, perpetual, irrevocable, fully-paid, royalty-free, sublicensable and transferable license to use, make, sell, offer for sale, import, copy, modify, create derivative works based upon, distribute, publicly display, publicly perform and otherwise exploit, freely and without restriction, the Feedback for any purpose.
6. CONFIDENTIALITY
6.1 Definition. “Confidential Information” means any business or technical information disclosed by one Party to the other Party that: (i) if disclosed in writing, is marked “confidential” or “proprietary” at the time of disclosure; (ii) if disclosed orally, is identified as “confidential” or “proprietary” at the time of disclosure, and is summarized in a writing sent by the disclosing Party to the receiving Party within thirty (30) days after any such disclosure; or (iii) under the circumstances, a person exercising reasonable business judgment would understand to be confidential or proprietary. For clarity, and regardless of the circumstances and manner of disclosure, Customer Data is considered to be Confidential Information of Customer, and the Services and other Dealpath IP are Dealpath’s Confidential Information. The terms and conditions of this Agreement shall be deemed the Confidential Information of Dealpath.
6.2 Use and Nondisclosure. A receiving Party will not use the disclosing Party’s Confidential Information except to perform its obligations and exercise its rights hereunder and, except with the disclosing party’s prior written consent, will not disclose such Confidential Information to any third-party except to those of its employees, agents, contractors, and subcontractors who have a bona fide need to know such Confidential Information for the performance or enforcement of this Agreement; provided that each such employee, agent, contractor, and subcontractor is bound by a written agreement that contains use and disclosure restrictions consistent with the terms set forth in this Section. Each receiving Party will protect the disclosing Party’s Confidential Information from unauthorized use and disclosure using efforts equivalent to the efforts that the receiving Party ordinarily uses with respect to its own confidential information of like importance and in no event less than a reasonable standard of care. The provisions of this Section 6.2 will remain in effect for a period of three (3) years after the expiration or termination of this Agreement; provided that with respect to Confidential Information that is a trade secret, the provisions of this Section 6.2 will remain in effect for so long as such Confidential Information is deemed a trade secret under applicable law.
6.3 Exclusions. The obligations and restrictions set forth in Section 6.2 will not apply to any information that: (i) is or becomes generally known to the public through no fault of or breach of this Agreement by the receiving Party; (ii) is rightfully known by the receiving Party at the time of disclosure; (iii) is independently developed by the receiving Party without access to the disclosing Party’s Confidential Information; or (iv) the receiving Party rightfully obtains from a third-party who, after due inquiry, has the right to disclose such information without breach of any confidentiality obligation to the disclosing Party.
6.4 Permitted Disclosures. The provisions of this Section 6 (Confidentiality) will not restrict either Party from disclosing the other Party’s Confidential Information: (i) pursuant to the order or requirement of a court, administrative agency, or other governmental body; provided that the Party required to make such a disclosure gives reasonable notice to the other Party to enable it to contest such order or requirement or limit the scope of such request; (ii) on a confidential basis to its legal or professional financial advisors and to potential investors or acquirors; or (iii) as required under applicable securities regulations.
7. WARRANTY
7.1 Mutual Warranties. Each Party hereby represents and warrants to the other Party that: (i) it is duly organized, validly existing and in good standing under its jurisdiction of organization and has the right to enter into this Agreement and (ii) the execution, delivery and performance of this Agreement and the consummation of the transactions contemplated hereby are within the corporate powers of such Party and have been duly authorized by all necessary corporate action on the part of such Party, and constitute a valid and binding agreement of such Party.
7.2 Warranty for Services. Dealpath represents and warrants that: (i) the Services will be in material accordance with the specifications set forth in the applicable Order Form; and (ii) Dealpath’s delivery of the Services will be in material accordance with the Service Level Agreement. Dealpath’s sole and exclusive liability and Customer’s sole and exclusive remedy for any breach of the warranty set forth in this Section 7.2 (Warranty for Services) will be as set forth in the Service Level Agreement.
7.3 Warranty for Professional Services. Dealpath represents and warrants that, if applicable, the Professional Services provided under this Agreement will be provided in a professional and workmanlike manner. Dealpath’s sole and exclusive liability and Customer’s sole and exclusive remedy for any breach of the warranty set forth in this Section 7.3 (Warranty for Professional Services) will be to re-execute the Professional Services that fail to meet such warranty.
7.4 Disclaimer. EXCEPT AS EXPRESSLY PROVIDED IN SECTIONS 7.1 AND 7.2, THE SERVICES AND PROFESSIONAL SERVICES ARE PROVIDED ON AN “AS IS” BASIS, AND DEALPATH MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHATSOEVER, EXPRESS OR IMPLIED, IN CONNECTION WITH THIS AGREEMENT, THE SERVICES, OR ANY OTHER DEALPATH IP, AND DEALPATH HEREBY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY, ACCURACY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT, AND NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE. DEALPATH DISCLAIMS ANY WARRANTY THAT THE SERVICES WILL BE ERROR FREE OR UNINTERRUPTED OR THAT ALL ERRORS WILL BE CORRECTED. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM DEALPATH OR ELSEWHERE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THIS AGREEMENT. Customer assumes sole responsibility and liability for results obtained from the use of the Services and for conclusions drawn from such use. Dealpath shall have no liability for any claims, losses, or damages caused by errors or omissions in any Customer Data or other information provided to Dealpath by Customer in connection with the Services or any actions taken by Dealpath at Customer’s direction. Dealpath shall have no liability for any claims, losses or damages arising out of or in connection with Customer’s or any Authorized User’s use of any Third Party Services.
8. TERM AND TERMINATION
8.1 Term. This Agreement shall commence on the Effective Date and shall continue until terminated in accordance with this Section 8 (the “Term”). Each Party may terminate this Agreement for any or no reason upon written notice to the other Party if no Order Form is then-in-effect.
8.2 Termination for Cause. Either Party may terminate this Agreement (together with all Order Forms) upon written notice if the other Party breaches any material term of this Agreement and fails to correct the breach within thirty (30) days following written notice from the non-breaching Party specifying the breach; provided that the cure period for any default with respect to payment shall be ten (10) business days. Either Party may terminate an individual Order Form upon written notice if the other Party breaches any material term of such Order Form and fails to correct the breach within thirty (30) days following written notice from the non-breaching Party specifying the breach; provided that the cure period for any default with respect to payment shall be ten (10) business days.
8.3 Rights and Obligations Upon Expiration or Termination. Termination of this Agreement will automatically terminate all outstanding Order Forms. Upon expiration or termination of each Order Form: (i) Customer’s and its Authorized Users’ right to access and use the Services under such Order Form shall immediately terminate; (ii) Customer and its Authorized Users shall immediately cease all use of the Services under such Order Form; (iii) each Party shall make no further use of any Confidential Information, materials, or other items (and all copies thereof) belonging to the other Party (unless otherwise authorized to do so hereunder based on a separate Order Form); (iv) each party will promptly return to the other party (or destroy) all Confidential Information of the other party in its possession or control, provided that Dealpath may retain copies in accordance with its standard data retention policies of with regard to any archived electronic communications which may be stored confidentially; and (v) upon request, Dealpath shall at no additional cost make the Customer Data available to for download for a period of sixty (60) days following expiration/termination (Customer may request longer timeframes and/or different formats which, if approved by Dealpath, may be subject to additional cost).
8.4 Survival. The rights and obligations of Dealpath and Customer contained in Sections 1 (Definitions), 2.6 (Data Protection and Security), 2.8 (Acceptable Use Policies), 4 (Fees, Expenses and Taxes), 5 (Proprietary Rights), 6 (Confidentiality), 7.4 (Disclaimer), 8.3 (Rights and Obligations Upon Expiration or Termination), 8.4 (Survival), 9 (Indemnification), 10 (Limitation of Liability), and 11 (General) shall survive any expiration or termination of this Agreement and Order Forms.
9. INDEMNIFICATION
9.1 Indemnification by Dealpath. Dealpath shall defend (or settle), indemnify and hold harmless Customer, its officers, directors and employees (collectively, “Customer Indemnitees”), from and against any court costs, reasonable attorneys’ fees, damages and liabilities awarded in final judgment against Customer Indemnitees, and amounts agreed to in settlement, with respect to each of the foregoing, to the extent arising from any third-party claim, allegation, or suit against Customer Indemnitees that the Services, as provided by Dealpath to Customer pursuant to this Agreement, infringe, misappropriate, or otherwise violate any Intellectual Property Right of any third-party. In connection with Dealpath’s obligations under this Section 9.1, Customer will: (a) provide Dealpath with prompt written notice of such claim (provided that any delay that does not materially prejudice Dealpath’s ability to defend the claim will not relieve Dealpath of its indemnification obligations); (b) provide reasonable cooperation to Dealpath, at Dealpath’s expense, in the defense and settlement of such claim; and (c) afford Dealpath sole authority to defend or settle such claim, provided that Dealpath shall make no settlement or enter into any stipulated judgement that would impose obligations on Customer without first obtaining Customer’s written consent, except for financial obligations that Dealpath fulfills as part of such settlement.
9.2 Injunctions. If Customer’s use of the Services is, or in Dealpath’s opinion is likely to be, enjoined due to the type of claim specified in Section 9.1, then Dealpath may at its sole option and expense: (i) replace or modify the Services to make them non-infringing and of equivalent functionality; (ii) procure for Customer the right to continue using the Services; or (iii) if Dealpath is unable to accomplish either (i) or (ii) despite using its reasonable efforts, terminate the applicable Order Form or this Agreement altogether) and refund to Customer all unused prepaid fees applicable to the Services.
9.3 Exclusions. Notwithstanding the terms of Section 9.1, Dealpath will have no liability for any infringement or misappropriation claim of any kind to the extent that it results from: (i) Customer’s breach of this Agreement, negligence, willful misconduct, or fraud; (ii) the combination, operation or use of the Services with equipment, devices, software or data not supplied by Dealpath, if a claim would not have occurred but for such combination, operation or use; (iii) Customer Data; (iv) Customer’s or an Authorized User’s use of the Services other than in accordance with this Agreement; or (v) Customer’s failure to use any enhancements, modifications, or updates to the Services made available by Dealpath to Customer, or Customer’s continued use of a prior version of the Services that has been superseded by a non-infringing version subsequently released by Dealpath.
9.4 Sole Remedy. THE PROVISIONS OF SECTION 9.1, 9.2, AND 9.3 STATE DEALPATH’S SOLE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO ANY ALLEGED OR ACTUAL INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS BY THE SERVICES.
9.5 Indemnification by Customer. Customer shall defend (or settle), indemnify and hold harmless Dealpath, its officers, directors and employees (collectively, “Dealpath Indemnitees”), from and against any court costs, reasonable attorneys’ fees, damages and liabilities awarded in final judgment against Dealpath Indemnitees, and amounts agreed to in settlement, with respect to each of the foregoing, to the extent arising from any third-party claim, allegation, or suit based on Customer Data, including but not limited to any claim that Customer Data is infringing, misappropriating, or violating any Intellectual Property Rights or the publicity, privacy, or other rights of any third-party, applicable law, or was collected or disclosed in violation of this Agreement. In connection with Customer’s obligations under this Section 9.5, Dealpath will: (a) provide Customer with prompt written notice of such claim (provided that any delay that does not materially prejudice Customer’s ability to defend the claim will not relieve Customer of its indemnification obligations); (b) provide reasonable cooperation to Customer, at Customer’s expense, in the defense and settlement of such claim; and (c) afford Customer sole authority to defend or settle such claim, provided that Customer shall make no settlement or enter into any stipulated judgement that would impose obligations on Dealpath without first obtaining Dealpath’s written consent, except for financial obligations that Customer fulfills as part of such settlement.
10. LIMITATION OF LIABILITY.
10.1 Exclusion of Damages. EXCEPT FOR LIABILITY ARISING FROM CUSTOMER’S MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS IN THE SERVICES, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY LOSS OF INCOME, DATA, PROFITS, REVENUE OR BUSINESS INTERRUPTION, OR OTHER ECONOMIC LOSS, OR INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES, WHETHER OR NOT SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND WHETHER ANY CLAIM FOR RECOVERY IS BASED ON THEORIES OF CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE AND STRICT LIABILITY) OR OTHERWISE.
10.2 Total Liability. EXCEPT FOR CUSTOMER’S PAYMENT OBLIGATIONS, LIABILITY ARISING FROM CUSTOMER’S MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS IN THE SERVICES, DEALPATH’S IP INDEMNIFICATION OBLIGATIONS IN SECTION 9.1 AND CUSTOMER’S CUSTOMER DATA INDEMNIFICATION OBLIGATIONS IN SECTION 9.5, IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY TO THE OTHER PARTY AND ANY THIRD-PARTY REGARDING THIS AGREEMENT, CUSTOMER’S ACCESS TO AND USE OF THE SERVICES, AND/OR THE PROFESSIONAL SERVICES EXCEED THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER IN THE TWELVE-MONTH PERIOD PRECEDING THE CLAIM OR ACTION, REGARDLESS OF THE FORM OR THEORY OF THE CLAIM OR ACTION.
10.3 Basis of the Bargain. THE LIMITATIONS OF LIABILITY AND EXCLUSIONS OF DAMAGES SET FORTH IN THIS SECTION 10 (LIMITATION OF LIABILITY) ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN DEALPATH AND CUSTOMER AND WILL APPLY TO THE MAXIMUM EXTENT ALLOWED UNDER APPLICABLE LAW.
11. GENERAL
11.1 Subcontractors. Dealpath may use subcontractors and other third-party providers in connection with the performance of its own obligations hereunder (“Subcontractors”) as it deems appropriate; provided that Dealpath remains responsible and liable for the acts and omissions of each such Subcontractor to the same extent Dealpath would be liable in accordance with the terms and limitations of this Agreement had Dealpath directly engaged in such acts or omissions.
11.2 Governing Law. This Agreement and all matters arising out of or relating to this Agreement shall be governed by the laws of the State of California, without regard to its conflict of law provisions. Any legal action or proceeding relating to this Agreement shall be brought exclusively in the state or federal courts located in San Francisco, California. Dealpath and Customer hereby agree to submit to the jurisdiction of, and agree that venue is proper in, those courts in any such legal action or proceeding.
11.3 Waiver. The waiver by either Party of any default or breach of this Agreement shall not constitute a waiver of any other or subsequent default or breach. No waiver of any provision of this Agreement will be effective unless it is in writing and signed by the Party granting the waiver.
11.4 Notices. All notices required or permitted under this Agreement will be in writing, will reference this Agreement, and will be deemed given: (i) when delivered personally; (ii) one (1) business day after deposit with a nationally-recognized express courier, with written confirmation of receipt; (iii) when sent by email, on the date the email was sent with confirmation of transmission if sent during normal business hours of the receiving Party, and on the next business day if sent after normal business hours of the receiving Party; or (iv) three (3) business days after having been sent by registered or certified mail, return receipt requested, postage prepaid. All such notices sent to: (i) Dealpath will be sent to the address set forth below and (ii) to Customer will be sent to the address set forth in Order Form #1, or to such other address as may be specified by either Party to the other Party in accordance with this Section.Dealpath:
Dealpath, Inc.
Attn: Mike Sroka
300 California Street, Ste 300
San Francisco, CA 94104
11.5 Severability. In the event any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions of this Agreement shall remain in full force and effect.
11.6 Force Majeure. Neither Party shall be liable hereunder by reason of any failure or delay in the performance of its obligations hereunder (except for the payment of money) on account of events beyond the reasonable control of such Party, which may include without limitation denial-of-service attacks, strikes, shortages, riots, insurrection, epidemics, pandemics, fires, flood, storm, explosions, acts of God, war, terrorism, governmental action, labor conditions, earthquakes and material shortages (each a “Force Majeure Event”). Upon the occurrence of a Force Majeure Event, the non-performing Party will be excused from any further performance of its obligations affected by the Force Majeure Event for so long as the event continues and such Party continues to use commercially reasonable efforts to resume performance.
11.7 Compliance with Laws. Each Party agrees to comply with all applicable laws and regulations with respect to its activities hereunder, including, but not limited to, any export laws and regulations of the United States. Customer affirms that it is not named on, owned by, or acting on behalf of any U.S. government denied-party list, and it agrees to comply fully with all relevant export control and sanctions laws and regulations of the United States (“Export Laws”) to ensure that neither the Services nor any technical data related thereto, is: (i) used, exported or re-exported directly or indirectly in violation of Export Laws; or (ii) used for any purposes prohibited by the Export Laws.
11.8 Relationship Between the Parties. Nothing in this Agreement shall be construed to create a partnership, joint venture or agency relationship between the Parties. Neither Party will have the power to bind the other or to incur obligations on the other’s behalf without such other Party’s prior written consent.
11.9 Assignment. Neither Party may assign or transfer this Agreement, in whole or in part, without the other Party’s prior written consent; provided that: (i) Dealpath may assign this Agreement without Customer’s prior written consent to a successor entity in connection with a merger, acquisition, consolidation, or sale of all or substantially all of Dealpath’s assets to which this Agreement relate (by operation of law or otherwise); and (ii) Customer may assign this Agreement without Dealpath’s prior written consent to a successor entity who is not a competitor of Dealpath in connection with a merger, acquisition, consolidation, or sale of all or substantially all of Customer’s assets to which this Agreement relate (by operation of law or otherwise). Any attempted assignment or transfer without such consent will be null and of no effect. Subject to the foregoing, this Agreement shall inure to the benefit of the Parties, their successors and permitted assigns.
11.10 Entire Agreement. This Agreement (together with all Order Forms) constitutes the complete and exclusive agreement between the Parties concerning its subject matter and supersedes all prior or contemporaneous agreements or understandings, written or oral, concerning the subject matter of this Agreement. This Agreement may not be modified or amended except in a writing signed by a duly authorized representative of each Party.
11.11 Non-Exclusive Remedies. Except as otherwise set forth in this Agreement, including Sections 7 (Warranty) and 9.4 (Sole Remedy), the exercise by either Party of any remedy under this Agreement will be without prejudice to its other remedies under this Agreement or otherwise.
11.12 Equitable Relief. Each Party acknowledges that a breach by the other Party of any confidentiality or proprietary rights provision of this Agreement may cause the non-breaching Party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching Party may institute an action to enjoin the breaching Party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a Party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching Party may be entitled at law or in equity.
11.13 No Third-Party Beneficiaries. This Agreement is intended for the sole and exclusive benefit of the signatories and is not intended to benefit any third-party. Only the Parties to this Agreement may enforce it.
11.14 Construction of Agreement. The Parties agree that they have participated equally in the preparation of this Agreement and that the language and terms of this Agreement will not be construed against either Party by reason of the extent to which such Party or its professional advisors participated in the preparation of this Agreement.
11.15 Counterparts. This Agreement may be executed in counterparts, each of shall constitute an original, and all of which shall constitute one and the same instrument.
11.16 Headings. The headings in this Agreement are for the convenience of reference only and have no legal effect.
LIST OF EXHIBITS
EXHIBIT A – SERVICE LEVEL AGREEMENT
EXHIBIT B – DATA PROTECTION ADDENDUM
EXHIBIT A
SERVICE LEVEL AGREEMENT
Dealpath will make the Services under each Order Form available to Customer with 99.90% uptime, measured monthly, excluding Excused Downtime (“Uptime Requirement”).
The percentage uptime for the Services under each Order Form will be calculated as follows (“Availability Percentage”). Each month in which the Availability Percentage is less than the Uptime Requirement is referred to herein as a Deficient Month.
α=((η – π – ∆) / (η- π)) * 100
Where:
α = % Availability
η = Number of hours in a month
π = Excused Downtime as defined below
∆ = Total time of Service unavailability
(a) Excused Downtime. “Excused Downtime” occurs when Customer has no or limited access to the Services under an Order Form that arises from (i) scheduled maintenance, (ii) a Force Majeure Event, (iii) any hardware or software not supplied by Dealpath; (iv) from telecommunications or Internet service provider failures; (v) Customer’s use of the Services in an unauthorized or unlawful manner or any interruption resulting from Customer’s misuse, alteration, or damage of the Services; or (vi) Dealpath’s exercise of its rights under the Agreement or the blocking of data communications or other portions of the Services in accordance with its policies.
(b) Scheduled Maintenance. Dealpath will use commercially reasonable efforts to undertake all necessary maintenance in a manner that mitigates impact to Customer and its users and to notify Customer of the required maintenance. Dealpath will use commercially reasonable efforts to provide twenty-four (24) hours’ prior notice for scheduled maintenance not to exceed six (6) hours. Notice provided under this Section will be via email.
(a) Hours of Support. Dealpath will respond to problems with the Services experienced by Customer or its Authorized Users in accordance with this Section 4. Dealpath will provide coverage parameters specific to the service(s) covered in this Agreement as follows:
(b) Problem Severity Level Definitions. Problems reported by Customer to Dealpath support will be assigned a Severity Level in accordance with the following:
| Impact Severity Levels | |
| Severity 1 | Critical Failure – actual failure of Services where the Services are unavailable to the Customer. |
| Severity 2 | Major Degradation – Critical problem causing loss of data or loss of service to core Services functionality. Services are functioning but in a significantly reduced capacity, may affect multiple users. |
| Severity 3 | Minor Service/Application Degradation – does not affect core Services functionality. |
(c) Problem Response Times. Dealpath will use commercially reasonable efforts to meet or exceed the target response and problem resolution times for each Severity Level as set forth in the following:
| Severity Level | Response Time Objective | Restoration
Resolution Objective |
Customer Update Frequency |
| 1
|
4 Hours | 24 hours to resolve or provide work around | Daily |
| 2 | 4 Hours | 3 Business Days to resolve or provide work around | Daily |
| 3 | 1 Day | 20 Business Days to resolve or provide work around | Weekly |
(*) “Business Days” are defined as non-weekend and non-US holiday days.
(a) Customer’s sole and exclusive remedy, and Dealpath’s sole and exclusive liability, in connection with the availability of the Services shall be that for each continuous period of downtime lasting longer than one hour that occurs in a calendar Deficient Month, Dealpath will credit Customer 5% of any recurring Fees due for the month in question under the applicable Order Form (monthly fees may be calculated by dividing any annual recurring fees by 12); provided that no more than one such credit will accrue per day. Downtime shall begin to accrue at the earliest of (i) as soon as Customer (with notice to Dealpath) recognizes that downtime is taking place, or (ii) Dealpath otherwise becomes aware that downtime is taking place, and continues until the availability of the Services is restored. In order to receive downtime credit, Customer must notify Dealpath in writing within twenty-four (24) hours from the time of downtime, and failure to provide such notice will forfeit the right to receive downtime credit. Such credits shall not exceed a total of credits for one (1) week of recurring Fees (pro-rated) under the applicable Order Form for any one (1) calendar Deficient Month and, except as set forth in following sentence, such credits may not be redeemed for cash. If there will be no subsequent invoice for recurring Fees from Dealpath, Dealpath will refund to Customer the amount of any credit that would have been due to Customer under a subsequent invoice.
(b) Notwithstanding Section 5(a) above, in the event Customer experiences a Severity Level 1 event five (5) times for the Services under an Order Form within any rolling six (6)-month period, Customer may immediately terminate such Order Form upon written notice.
EXHIBIT B
DATA PROCESSING ADDENDUM
This Data Processing Addendum (including its Attachments) (this “Addendum”) forms part of and is subject to the terms and conditions of the Master Services Agreement (“Agreement”) between Customer and Dealpath.
1. Subject Matter and Duration.
1.1 Subject Matter. This Addendum reflects the Parties’ commitment to abide by Data Protection Laws concerning the Processing of Customer Personal Data in connection with Dealpath’s execution of the Services under the Agreement. All capitalized terms that are not expressly defined in this Addendum will have the meanings given to them in the Agreement. If and to the extent language in this Addendum or any of its Attachments conflicts with the Agreement, this Addendum shall control.
1.2 Duration and Survival. This Addendum will become legally binding upon the Order Form Effective Date of the initial Order Form, or upon the date that the Parties enter into this Addendum if it is completed after the effective such Order Form Effective Date. Dealpath will Process Customer Personal Data until the relationship terminates as specified in the Agreement. Dealpath’s obligations and Customer’s rights under this Addendum will continue in effect so long as Dealpath Processes Customer Personal Data.
2. Definitions.
For the purposes of this Addendum, the following terms and those defined within the body of this Addendum apply.
2.1 “Customer Personal Data” means Customer Data that is Personal Data Processed by Dealpath on behalf of Customer.
2.2 “Data Protection Laws” means all applicable data privacy, data protection, and cybersecurity laws, rules and regulations to which the Customer Personal Data are subject. “Data Protection Laws” include, but not be limited to, the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act, its associated regulations and their successors (“CCPA”), the EU General Data Protection Regulation 2016/679 (“GDPR”), the Data Protection Act 2018 and GDPR as saved into United Kingdom law by virtue of Section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018 (“UK GDPR”), and the Swiss Federal Act on Data Protection of 25 September 2020 (“FADP”).
2.3 “Designated POC” means each Party’s point of contact for urgent privacy and security issues, as designated in the Order Form.
2.4 “Personal Data” shall have the meaning assigned to the terms “personal data” or “personal information” under applicable Data Protection Laws.
2.5 “Process” or “Processing” means any operation or set of operations which is performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
2.6 “Security Incident(s)” means the breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data attributable to Dealpath.
2.7 “Services” means any and all services that Dealpath performs under the Agreement.
2.8 “Standard Contractual Clauses” or “SCCs” means the Standard Contractual Clauses for the Transfer of Personal Data to Processors Established in Third Countries under GDPR, as approved by European Commission Implementing Decision 2021/914. Section 4 to this Addendum contains certain interpretive and supplementary provisions regarding application of the Standard Contractual Clauses. The information required by Annexes 1 and 2 of the Standard Contractual Clauses is provided in Annexes I and II of this Addendum.
2.9 “Subprocessor” means Dealpath’s authorized vendors and third-party service providers that Process Customer Personal Data.
3. Processing Terms for Company Personal Data.
3.1 Documented Instructions. Dealpath and its Subprocessors shall Process Customer Personal Data only in accordance with the documented instructions of Customer or as specifically authorized by this Addendum, the Agreement, or any applicable Order Form. Dealpath will, unless legally prohibited from doing so, inform Customer in writing if it reasonably believes that there is a conflict between Customer’s instructions and applicable law or otherwise seeks to Process Customer Personal Data in a manner that is inconsistent with Customer’s instructions.
3.2 Authorization to Use Subprocessors. Customer generally authorizes Dealpath to engage Subprocessors to provide aspects of the Service. Dealpath’s current Subprocessors are listed at https://www.dealpath.com/subprocessors/.
3.3 Dealpath and Subprocessor Compliance. Dealpath agrees to (i) enter into a written agreement with each Subprocessor regarding its Processing of Customer Personal Data that imposes on such Subprocessors data protection and security requirements for Customer Personal Data at least as protective of Customer’s rights in Customer Personal Data as this Addendum; and (ii) remain responsible to Customer for Subprocessors’ failure to perform their obligations with respect to the Processing of Customer Personal Data.
3.4 Right to Object to New Subprocessors. Where required by Data Protection Laws and provided that Customer signs up for notifications at https://www.dealpath.com/dealpath-sub-processors/, Dealpath will email the contact email address(es) provided (Customer’s POC) prior to engaging any new Subprocessors that Process Customer Personal Data and allow Customer ten (10) days to object. If Customer has legitimate objections to the appointment of any new Subprocessor, the Parties will work together in good faith to resolve the grounds for the objection.
3.5 Confidentiality. Any person authorized to Process Customer Personal Data must contractually agree to maintain the confidentiality of such information or be under an appropriate statutory obligation of confidentiality.
3.6 Personal Data Inquiries and Requests. Dealpath agrees to provide reasonable assistance and comply with reasonable instructions from Customer related to any requests from individuals exercising their rights in Customer Personal Data granted to them under Data Protection Laws.
3.7 Sale of Customer Personal Data Prohibited. Dealpath shall not sell or share Customer Personal Data as those terms are defined by the CCPA.
3.8 Data Protection Impact Assessment and Prior Consultation. Where required by Data Protection Laws, Dealpath agrees to provide reasonable assistance at Customer’s expense to Customer where, in Customer’s judgement, the type of Processing performed by Dealpath requires a data protection impact assessment and/or prior consultation with the relevant data protection authorities.
3.9 Demonstrable Compliance. Dealpath agrees to provide reasonable information necessary to demonstrate compliance with this Addendum to Customer upon reasonable request.
4. Cross-Border Transfers of Personal Data.
4.1 Cross-Border Transfers of Personal Data. Customer authorizes Dealpath to transfer Customer Personal Data across international borders, including from the European Economic Area, Switzerland and the United Kingdom to the United States. Where required, cross-border transfers of Customer Personal Data must be supported by an approved adequacy mechanism.
4.2 Standard Contractual Clauses. If Customer uses the Service to transfer Personal Data originating in the European Economic Area, Switzerland, and/or the United Kingdom is transferred to a country that has not been found to provide an adequate level of protection under applicable Data Protection Laws, the Parties agree that the transfer shall be governed by, as applicable: (i) the Standard Contractual Clauses; (ii) another appropriate safeguard pursuant to Article 46 of GDPR or equivalent safeguard under other applicable Data Protection Laws; or (ii) a derogation pursuant to Article 49 of GDPR or equivalent derogation under other applicable Data Protection Laws.
4.3 Incorporation of Standard Contractual Clauses. The parties agree that the Standard Contractual Clauses are hereby incorporated by reference into this Addendum as follows:
(a) Module 1: Transfer controller to controller, Clauses 1 to 6, 8 and 10 to 18 apply where Dealpath Processes Personal Data as a Controller, Dealpath and its relevant Affiliates are located in non-adequacy approved third countries, and Customer and its relevant Affiliates are established in the EEA.
(b) Module 2: Transfer controller to processor, Clauses 1 to 6 and 8 to 18 apply where Dealpath Processes Personal Data as a Processor, Dealpath and its relevant Sub-Processor Affiliates are located in non-adequacy approved third countries, and Customer and its relevant Affiliates are established in the EEA.
(c) Module 3: Transfer processor to processor, Clauses 1 to 6 and 8 to 18 apply where Dealpath Processes Personal Data as a Processor, Dealpath and its relevant Sub-Processor Affiliates are located in non-adequacy approved third countries, and Customer and its relevant Affiliates are established in the EEA.
4.4 Standard Contractual Clause Optional Provisions. Where the Standard Contractual Clauses identify optional provisions (or provisions with multiple options) the following shall apply:
(a) Clause 7 (Docking Clause) is omitted; Clause 9(a) (Use of sub-processors) – Option 2 shall apply and the parties shall follow the process and timing agreed in the Addendum to appoint sub-processors;
(b) In Clause 11(a) (Redress) – the Optional provision shall NOT apply;
(c) In Clause 16(b) (Suspension of transfers) if Dealpath is the data exporter it will suspend transfers of personal data only as required by law and will notify Customer as promptly as possible (before suspension if possible) so that Customer may remedy the condition requiring suspension;
(d) In Clause 17 (Governing Law) – the laws of the Republic of Ireland shall govern; and
(e) In Clause 18 (Choice of forum and jurisdiction) – the courts of the Republic of Ireland shall have jurisdiction.
4.5 Supplementary Terms to Standard Contractual Clauses
(a) The purpose of the Processing, categories of data subjects and categories of data are identified on Annex 1.
(b) The certification of deletion required by Clause 8.5 and Clause 16(d) will be provided upon Customer’s written request.
(c) The measures Dealpath is required to take under Clause 8.6(c) will only cover Dealpath’s impacted systems.
(d) Documentation and compliance. For the purposes of Clauses 8.9(b) and 8.9(e) the review and audit provisions in the Agreement and Addendum shall apply.
(e) Where the Standard Contractual Clauses require Dealpath to notify the competent supervisory authority, Dealpath shall first provide Customer with the details of the notification, permitting Customer to have prior written input into the relevant notification where Customer so desires to do, and without delaying the timing of the notification unduly.
(f) For purposes of Clause 8.2 – Module 1, Clause 8.3 – Module 2 and Clause 15.1(a), unless otherwise stated by Dealpath, Customer will be responsible for communicating with data subjects, and Dealpath shall provide the level of assistance set out in the Addendum.
(g) Customer will reimburse Dealpath for all costs and expenses incurred by Dealpath in connection with the performance of Dealpath’s obligations under Clause 15.1(b) and Clause 15.2 without regard for any limitation of liability set forth in the Terms.
(h) Liability. For the purposes of Clause 12(a), the liability of the Parties shall be limited in accordance with the limitation of liability provisions in the Terms.
(i) Signatories. Notwithstanding the fact that the SCCs are incorporated herein by reference without being signed directly, Dealpath and Customer each agrees that their execution of the Agreement is deemed to constitute its execution of the SCCs, and that it is duly authorized to do so on behalf of, and to contractually bind, the Data Exporter or Data Importer (as applicable) accordingly.
4.6 Swiss Law Provisions. Personal Data transfers from Switzerland will be governed by the SCCs as conformed to Swiss law as follows:
(a) references to the EU, member states and GDPR in the SCCs are amended mutatis mutandis to refer to Switzerland, the FDPA, and the Swiss Federal Data Protection and Information Commissioner; and
(b) In Clause 17 (Governing Law) the laws of Switzerland shall govern, and in Clause 18 (Choice of forum and jurisdiction) the courts of Switzerland shall have jurisdiction.
4.7 United Kingdom Law Provisions. Personal Data transfers from the United Kingdom will be governed by the SCCs as conformed to UK law pursuant to the International Data Transfer Addendum (the “IDTA”) issued by the UK Information Commissioner’s Office (the “ICO”) and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022.
(a) In Part 1 of the IDTA, the information required by Tables 1 – 3 is provided in the Terms, Addendum and these SCCs.
(b) The IDTA’s Mandatory Clauses are incorporated by reference into this Addendum in accordance with Alternative Part 2 of the template IDTA.
(c) References to the EU, member states and GDPR in the Standard Contractual Clauses are amended mutatis mutandis to refer to the United Kingdom, UK GDPR and the ICO.
(d) In Clause 17 of the Standard Contractual Clauses (Governing Law), the laws of England and Wales shall govern, and in Clause 18 (Choice of forum and jurisdiction), the courts in London, England shall have jurisdiction. A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts in the UK.
5. Information Security Program.
5.1 Dealpath agrees to implement appropriate technical and organizational measures designed to protect Customer Personal Data in accordance with Data Protection Laws, as described in Annex II to this Attachment 1 to Exhibit B.
5.2 Security Incidents.
(a) Notice. Upon becoming aware of a Security Incident, Dealpath agrees to provide notice via e-mail without undue delay and within the time frame required under Data Protection Laws to Customer’s Designated POC. Where possible, such notice will include all available details required under Data Protection Laws for Customer to comply with its own notification obligations to regulatory authorities or individuals affected by the Security Incident.
(b) Investigation. Dealpath will investigate the Security Incident and provide Customer with information concerning the scope, cause, impact of, and mitigation measures referenced in Section 6.3 below taken with respect to such Security Incident upon the initial notification referenced in Section 6.1 above, or, if not available at such time, promptly thereafter.
(c) Mitigation. Dealpath will take reasonable steps to mitigate the effects of the Security Incident as it relates to Dealpath’s impacted systems.
5.3 Audits. Dealpath uses third party auditors to verify the adequacy of its Processing of Customer Personal Data. The audit: (i) is performed annually; (ii) is performed against the SOC 2 Type 2 framework; (iii) is performed by an independent third-party security professional at Dealpath’s selection and expense; and (iv) will result in the generation of an audit report affirming that Dealpath’s security controls are compliant with SOC 2 Type 2 (“Report”). Upon request, Dealpath will provide Customer with a copy of its then current Report. If Customer demonstrates that the information contained in the Report is not sufficient for its compliance purposes, then Customer may carry out a follow up audit to ensure Dealpath’s compliance with the terms of this Addendum by having Dealpath complete a data protection questionnaire of reasonable length. Any provision of the Report to, or audit carried out by Customer shall be subject to reasonable confidentiality procedures.
5.4 Data Deletion. At the expiry or termination of the Agreement, Dealpath will, upon Customer’s request, delete or return all Customer Personal Data (excluding any back-up or archival copies which shall be deleted in accordance with Dealpath’s data retention schedule), except where Dealpath is required to retain copies under applicable laws, in which case Dealpath will isolate and protect that Customer Personal Data from any further Processing except to the extent required by applicable laws.
6. Processing Details.
6.1 Subject Matter. The subject matter of the Processing is the Services pursuant to the Agreement.
6.2 Duration. The Processing will continue until the expiration or termination of the Agreement.
6.3 Categories of Data Subjects. Data subjects whose Customer Personal Data will be Processed pursuant to the Agreement.
6.4 Nature and Purpose of the Processing. The purpose of the Processing of Customer Personal Data by Dealpath is the performance of the Services.
6.5 Types of Customer Personal Data. Customer Personal Data that is Processed pursuant to the Agreement.
EXHIBIT B – ATTACHMENT 1
This Attachment 1 forms part of the Addendum and supplements the Standard Contractual Clauses. Capitalized terms not defined in this Attachment 1 have the meaning set forth in the Addendum.
The Parties agree that the following terms shall supplement the Standard Contractual Clauses:
Data Exporter: Customer.
Address: As set forth in the Order Form.
Contact person’s name, position, and contact details: As set forth in the Order Form.
Activities relevant to the data transferred under these Clauses: The Services.
Role: Controller.
Data Importer: Dealpath.
Address: As set forth in the Order Form.
Contact person’s name, position, and contact details: As set forth in the Order Form.
Activities relevant to the data transferred under these Clauses: The Services.
Role: Processor.
B. Description of the Transfer:
Categories of data subjects whose personal data is transferred: The categories of data subjects whose Customer Personal Data is transferred under the Standard Contractual Clauses including, but not limited to, Authorized Users.
Categories of personal data transferred: The categories of Customer Personal Data transferred under the Standard Contractual Clauses including, but not limited to, Authorized Users’ name and email address.
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures: To the Parties knowledge, no sensitive data is transferred.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis): Customer Personal Data is transferred in accordance with the standard functionality of the Services, or as otherwise agreed upon by the Parties.
Nature of the processing: The Services.
Purpose(s) of the data transfer and further processing: The Services.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: Dealpath will retain Customer Personal Data in accordance with the Addendum.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing: The subject matter, nature and duration identified in the Addendum.
C. Competent Supervisory Authority: The supervisory authority mandated by Clause 13. If no supervisory authority is mandated by Clause 13, then the Irish Data Protection Commission (DPC), and if this is not possible, then as otherwise agreed by the Parties consistent with the conditions set forth in Clause 13.
D. Additional Data Transfer Impact Assessment Questions:
Will data importer process any personal data under the Clauses about a non-United States person that is “foreign intelligence information” as defined by 50 U.S.C. § 1801(e)?
Not to Dealpath’s knowledge.
Is data importer subject to any laws in a country outside of the European Economic Area, Switzerland, and/or the United Kingdom where personal data is stored or accessed from that would interfere with data importer fulfilling its obligations under the Clauses? For example, FISA Section 702. If yes, please list these laws:
As of the effective date of the Addendum, no court has found Dealpath to be eligible to receive process issued under the laws contemplated by this question, including FISA Section 702, and no such court action is pending.
Has data importer ever received a request from public authorities for information pursuant to the laws contemplated by the question above? If yes, please explain:
No.
Has data importer ever received a request from public authorities for personal data of individuals located in European Economic Area, Switzerland, and/or the United Kingdom? If yes, please explain:
No.
E. Data Transfer Impact Assessment Outcome: Taking into account the information and obligations set forth in the Addendum and, as may be the case for a Party, such Party’s independent research, to the Parties’ knowledge, the Customer Personal Data originating in the European Economic Area, Switzerland, and/or the United Kingdom that is transferred pursuant to the Standard Contractual Clauses to a country that has not been found to provide an adequate level of protection under applicable Data Protection Laws is afforded a level of protection that is essentially equivalent to that guaranteed by applicable Data Protection Laws.
F. Clarifying Terms: The Parties agree that: (i) the certification of deletion required by Clause 8.5 and Clause 16(d) of the Standard Contractual Clauses will be provided upon Customer’s written request; (ii) the measures Dealpath is required to take under Clause 8.6(c) of the Standard Contractual Clauses will only cover Dealpath’s impacted systems; (iii) the audit described in Clause 8.9 of the Standard Contractual Clauses shall be carried out in accordance with Section 7 of the Addendum; (iv) where permitted by applicable Data Protection Laws, Dealpath may engage existing Subprocessors using European Commission Decision C(2010)593 Standard Contractual Clauses for Controllers to Processors and such use of Subprocessors shall be deemed to comply with Clause 9 of the Standard Contractual Clauses; (v) the termination right contemplated by Clause 14(f) and Clause 16(c) of the Standard Contractual Clauses will be limited to the termination of the Standard Contractual Clauses; (vi) unless otherwise stated by Dealpath, Customer will be responsible for communicating with data subjects pursuant to Clause 15.1(a) of the Standard Contractual Clauses; (vii) the information required under Clause 15.1(c) of the Clauses will be provided upon Customer’s written request; and (viii) notwithstanding anything to the contrary, Customer will reimburse Dealpath for all costs and expenses incurred by Dealpath in connection with the performance of Dealpath’s obligations under Clause 15.1(b) and Clause 15.2 of the Standard Contractual Clauses without regard for any limitation of liability set forth in the Agreement.
3. Annex II. Annex II of the Standard Contractual Clauses shall read as follows:
Dealpath will maintain the following technical, organizational, and physical safeguards designed to protect the security, confidentiality, integrity, and availability of Customer Personal Data. Dealpath will not materially decrease the overall security of the Services during the Order Form Term.
Terms of Service – Revision – June 06, 2024
Terms of Service – Revision – January 2nd, 2024
Terms of Service – Revision – February 7, 2023
Stay in the loop about deal management best practices, upcoming events, industry trends and more.
