Dealpath Terms of Service​

These Terms of Service (the “Terms”), together with all Order Forms (as defined below), govern Customer’s access and use of the Services (defined below) offered by Dealpath Inc. (“Dealpath”) and Dealpath’s website located at www.dealpath.com and all subdomains thereof (the “Site”), unless Dealpath and Customer (as defined below) have entered into a separate written agreement governing Customer’s access and use of the Services.  These Terms commence upon the Order Form Effective Date of the initial Order Form.

1. DEFINITIONS
   1. “Authorized User” means an individual which Customer (or, when applicable, Dealpath at Customer’s request) has authorized to use the Services, including without limitation (i) to whom Customer (or, when applicable, Dealpath at Customer’s request) has assigned a unique username-password combination to access and use the Services; and (ii) who has registered to access and use the Services.
   2. “Customer” means the company or other legal entity identified as customer in the applicable Order Form.
   3. “Customer Data” means all data and information input or submitted by Customer, or Authorized Users on Customer’s behalf, into the Services.
   4. “Effective Date” means the effective date of the initial Order Form between Dealpath and Customer.
   5. “Fees” means the fees described in the applicable Order Form.
   6. “Intellectual Property Rights” means patent rights (including, without limitation, patent applications and disclosures), trademark rights, copyrights, trade secrets, moral rights, know-how, and any other intellectual property rights recognized in any country or jurisdiction in the world.
   7. “Order Form” means an order form duly executed by Dealpath and Customer which explicitly references these Terms. Each Order Form shall be deemed incorporated by reference into these Terms upon mutual execution.
   8. “Order Form Initial Term” means the initial term of an Order Form as set forth therein.
   9. “Order Form Renewal Period” means the renewal period of an Order Form as set forth therein.
   10. “Order Form Term” means, with respect to an Order Form, the Order Form Initial Term together with any Order Form Renewal Periods.
   11. “Professional Services” means any professional services expressly set forth in an applicable Order Form, which may include implementation services performed by Dealpath to configure and rollout the Services to Customer, as described in the applicable Order Form.
   12. “Service Level Agreement” means service level agreement set forth in Exhibit A.
   13. “Services” means Dealpath’s proprietary cloud-based collaboration and workflow platform for real estate investment professionals as more particularly described and identified in the applicable Order Form.
2. SERVICES
   1. Services. Dealpath will use commercially reasonable efforts to provide the Services to Customer in accordance with these Terms, including the Service Level Agreement, and the applicable Order Form.  Subject to Customer’s compliance with these Terms, Dealpath hereby grants Customer a limited, non-exclusive, non-transferable, non-sublicensable, worldwide license to access and use the Services during the applicable Order Form Term solely for Customer’s business purposes, and such access and use is expressly limited to: (i) the number of Authorized Users for which Customer has paid the applicable Fees; and (ii) the scope of access and functionality designated in the Order Form for each category of Authorized User.
   2. Authorized Users. An Authorized User may be an employee, independent contractor, or service provider of Customer; provided that each Authorized User must be an individual and may only use the Service on behalf of the Customer.  Customer will at all times be responsible and liable hereunder, for all actions or omissions (i) of any Authorized User or (ii) under an Authorized User’s account, whether such action or omission was by an Authorized User or by another party, and whether or not such action or omission was authorized by an Authorized User.  During the Order Form Initial Term or any Order Form Renewal Period, as applicable, Customer may, in its discretion, add additional Authorized Users in accordance with the process and prices described in the relevant Order Form. Upon each Order Form Renewal Period, subject to written notice at least thirty (30) days prior to the start of an Order Form Renewal Period, Customer may decrease its number of Authorized Users for each User Category and the applicable Fees will be adjusted accordingly.
   3. Professional Services. If an Order Form expressly includes Professional Services, Dealpath will use commercially reasonable efforts to perform the Professional Services for Customer in accordance with these Terms and the applicable Order Form.  Dealpath’s sole and exclusive liability and Customer’s sole and exclusive remedy for any failure to provide the Professional Services in accordance with these Terms or the applicable Order Form will be to re-perform the non-conforming Professional Services such that they are in accordance with these Terms and the applicable Order Form.
   4. Restrictions. Customer shall not allow access to or use of the Site or Services by anyone other than Authorized Users, and shall not allow an Authorized User to access the Site or Service beyond the functionality scope set forth for the User Category designated for such Authorized User. Customer will not at any time, and will not permit any individual or entity (including, without limitation, Authorized Users) to, directly or indirectly: (i) use the Services in any manner beyond the scope of rights expressly granted in these Terms; (ii) copy, modify, distribute, or create derivative works of the Site, Services, or any software used to provide the Services; (iii) reverse engineer, disassemble, decompile, decode or otherwise attempt to derive or gain improper access to any software component of the Services, in whole or in part; (iv) frame, mirror, sell, resell, reproduce, loan, publish, distribute, assign, transfer, rent, or lease use of the Services to any third-party, provide access to the Site or Services on a time-share or service bureau basis, or otherwise allow any third-party to use the Services for any purpose other than for the benefit of Customer in accordance with these Terms; (v) use the Services in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any third-party, or that violates any applicable law; (vi) interfere with, or disrupt the integrity or performance of, the Services, or any data or content contained therein or transmitted thereby; (vii) access or search the Services (or download any data or content contained therein or transmitted thereby) through the use of any engine, software, tool, agent, device or mechanism (including spiders, robots, crawlers or any other similar data mining tools) other than software or Services features provided by Dealpath for use expressly for such purposes; (viii) transfer any of its rights hereunder except as set forth in Section 11.9 (Assignment), (ix) use the Services to transmit any bulk unsolicited commercial communications, or (x) use the Services for benchmarking or competitive analysis, or to develop, commercialize, license or sell any product, service or technology that could, directly or indirectly, compete with the Services.
   5. Acceptable Use Policies. Customer acknowledges and agrees that Dealpath has no obligation to monitor or police communications or data transmitted through the Site or Services and that Dealpath shall not be responsible for the content of any such communications or transmissions. However, Dealpath has the right to monitor the foregoing for the purpose of operating the Site and Services, to ensure compliance with these Terms, and to comply with applicable law or other legal requirements. Customer and its Authorized Users shall use the Site or Services exclusively for authorized and legal purposes, consistent with all applicable laws, regulations and the rights of others. Customer and its Authorized Users shall not use the Site or Services to transmit any bulk unsolicited commercial communications.
   6. Third-Party Services. Certain features and functionalities within the Services may allow Customer and its Authorized Users to interface or interact with, access and/or use compatible third-party services, products, technology, data, and content (collectively, “Third-Party Services”) through the Services.  Dealpath makes the APIs available to Customer to connect with Third-Party Services that are set forth in the applicable Order Form, and such APIs are provided hereunder as part of the Services.  However, Dealpath does not provide any aspect of the Third-Party Services and is not responsible for any compatibility issues, errors or bugs in the Third-Party Services caused in whole or in part by the Third-Party Services or any update or upgrade thereto.  Customer is solely responsible for maintaining the Third-Party Services and obtaining any associated licenses and consents necessary for Customer to use the Third-Party Services in connection with the Services.
   7. Data Protection and Security. Each Party will comply with its obligations set forth in the Data Processing Addendum attached hereto as Exhibit B.
3. CUSTOMER OBLIGATIONS
   1. Cooperation and Assistance. Customer shall at all times provide Dealpath with good faith cooperation and assistance and make available such information, facilities, Customer personnel and equipment as may be reasonably required by Dealpath in order to provide the Services (and, if applicable, Professional Services), including, but not limited to, providing Customer Data, security access, information and, as necessary, software interfaces to Customer’s business applications (provided that such cooperation, assistance and resources shall be at all times subject to and in accordance with Customer’s facility, workplace, internet usage, and other internal policies, as then in effect). Additionally, Customer shall be solely responsible for acquiring and maintaining all telecommunications and Internet services and other hardware and software required to access and use the Services, including, without limitation, any and all costs, fees, expenses, and taxes of any kind related to the foregoing.
   2. Enforcement. Customer shall keep confidential and not disclose to any third-parties (except for third-party Authorized Users), and shall ensure that Authorized Users keep confidential and do not disclose to any third-parties (except for third-party Authorized Users), any user identifications, account numbers and account profiles.  Customer shall ensure that all Authorized Users comply with these Terms, including, without limitation, with Customer’s obligations and the restrictions set forth in Sections 2.4 (Restrictions) and 2.5 (Acceptable Use Policies). Customer shall promptly notify Dealpath of any reasonable suspicion or reasonably alleged violation of these Terms by Customer or an Authorized User and shall reasonably cooperate with Dealpath with respect to: (a) investigation by Dealpath of any such suspected or alleged violation of these Terms and (b) any action by Dealpath to enforce these Terms. Dealpath may suspend or terminate any Authorized User’s access to the Services upon notice to Customer in the event that Dealpath reasonably determines that such Authorized User violated these Terms or of any other agreement between Dealpath and such Authorized User pursuant to which such Authorized User is permitted to access and use the Services.
   3. Customer Data. Customer hereby grants Dealpath a right and license to copy, use, display, perform and modify the Customer Data solely to perform its obligations under these Terms, including to provide the Services and Professional Services.  Customer is responsible for providing all Customer Data in the appropriate format and the means by which the Customer Data was acquired, and for providing any notices, and obtaining any necessary rights, consents, and licenses for Dealpath to use the Customer Data in accordance with these Terms.
   4. Marketing Support. Customer grants to Dealpath a non-exclusive, non-transferable (except as permitted under Section 11.9 – Assignment), limited right to use Customer’s name, trademarks, and logos (collectively, the “Customer Marks”) on Dealpath’s websites and in the production of marketing materials, provided that (i) such use is in accordance with the trademark and logo use guidelines that Customer provides to Dealpath, and (ii) such consent/grant may be given, withheld, or withdrawn at any time in Customer’s sole and absolute discretion. All goodwill developed from such use shall be solely for the benefit of Customer.
4. FEES; EXPENSES; TAXES
   1. Fees. In consideration for Dealpath providing the Services and, if applicable, Professional Services, Customer shall pay to Dealpath the Fees in accordance with the terms set forth in the applicable Order Form.
   2. Invoices; Payment; Late Payment. Unless otherwise set forth in an Order Form, (a) Dealpath shall invoice Customer annually for all Fees and applicable Taxes (as defined in Section 4.3 – Taxes), and including any related interest and/or penalties, due in that period, and (b) each invoice is due and payable thirty (30) days following Customer’s receipt of a duly issued invoice. If Dealpath has not received payment within thirty (30) days after the due date and Customer has not reasonably disputed an invoice, interest shall accrue on such undisputed past due amounts at the rate of one and one-half percent (1.5%) per month, but in no event greater than the highest rate of interest allowed by applicable law, calculated from the date such amount was due until the date that payment is received by Dealpath, and Dealpath may suspend Services until all payments are made in full.
   3. Taxes. All Fees and other amounts stated or referred to in these Terms are exclusive of all taxes, duties, levies, tariffs, and other governmental charges (including, without limitation, VAT) (collectively, “Taxes”). Customer shall be responsible for payment of all Taxes and any related interest and/or penalties resulting from Customer’s use of the Services, other than any taxes based on Dealpath’s income.
5. PROPRIETARY RIGHTS.
   1. Services and Data. Dealpath shall own and retain all right, title and interest in and to: (a) the Services, and all improvements, enhancements, updates, and modifications thereto, and any derivative works of the foregoing; (b) any underlying software, algorithms, interfaces, databases, tools, know-how, processes, methods, applications, inventions or other technology used to deliver the Services or Professional Services, or otherwise developed by or on behalf of Dealpath in connection with providing Implementation  or Professional Services; and (c) all Intellectual Property Rights in and to any of the foregoing (collectively, “Dealpath IP”).
   2. Customer Data. Customer shall own and retain all right, title and interest in and to the Customer Data; provided that Dealpath may collect, generate, process and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies, including without limitation learnings, analytics, algorithms, data and other information derived therefrom (collectively, “Usage Data”). Usage Data shall not incorporate any Customer Data and shall be in an aggregated and de-identified form. Dealpath shall own all right, title and interest in and to Usage Data, and all Intellectual Property Rights therein, which shall be deemed a part of Dealpath IP. Dealpath agrees that it will not use Usage Data for the benefit of a third party in a manner that would permit reverse engineering of Usage Data such that Customer (or its Authorized Users) can be identified as the source of such data.
   3. Feedback. From time to time Customer or its employees, contractors, or representatives may provide Dealpath with suggestions, comments, feedback or the like with regard to the Services or other products or services of Dealpath (collectively, “Feedback”).  To the extent that Customer provides to Dealpath any Feedback, Customer grants Dealpath a non-exclusive, worldwide, perpetual, irrevocable, fully-paid, royalty-free, sublicensable and transferable license to use, copy, modify, create derivative works based upon and otherwise exploit, freely and without restriction, the Feedback for any purpose.
   4. DMCA/Copyright Policy. Dealpath respects copyright law and expects Customer to do the same. It is Dealpath’s policy to terminate in appropriate circumstances access to the Services to customers (and its authorized users) who repeatedly infringe or are believed to be repeatedly infringing the rights of copyright holders. Please see Dealpath’s Copyright Policy at www.dealpath.com, for further information.
6. CONFIDENTIALITY
   1. Definition. “Confidential Information” means any business or technical information disclosed by one party to the other party that: (i) if disclosed in writing, is marked “confidential” or “proprietary” at the time of disclosure; (ii) if disclosed orally, is identified as “confidential” or “proprietary” at the time of disclosure, and is summarized in a writing sent by the disclosing party to the receiving party within thirty (30) days after any such disclosure; or (iii) under the circumstances, a person exercising reasonable business judgment would understand to be confidential or proprietary. For clarity, and regardless of the circumstances and manner of disclosure, subject to Dealpath’s rights set forth elsewhere in these Terms, Customer Data is considered to be Confidential Information of Customer, and the Services and other Dealpath IP are Dealpath’s Confidential Information.  The terms and conditions of Order Forms hereunder shall be deemed the Confidential Information of Dealpath.
   2. Exclusions. The obligations and restrictions set forth in Section 6.3 (Use and Nondisclosure) will not apply to any information that: (i) is or becomes generally known to the public through no fault of or breach of these Terms by the receiving party; (ii) is rightfully known by the receiving party at the time of disclosure; (iii) is independently developed by the receiving party without access to the disclosing party’s Confidential Information; or (iv) the receiving party rightfully obtains from a third party who, after due inquiry, has the right to disclose such information without breach of any confidentiality obligation to the disclosing party.
   3. Use and Nondisclosure. A receiving party will not use the disclosing party’s Confidential Information except to perform its obligations and exercise its rights hereunder, and, except with the disclosing party’s prior written consent, will not disclose such Confidential Information to any third party except to those of its employees, agents, contractors, and subcontractors who have a bona fide need to know such Confidential Information for the performance or enforcement of these Terms; provided that each such employee, agent, contractor, and subcontractor is bound by a written agreement that contains use and disclosure restrictions consistent with the terms set forth in this Section 6 (Confidentiality). Each receiving party will protect the disclosing party’s Confidential Information from unauthorized use and disclosure using efforts equivalent to the efforts that the receiving Party ordinarily uses with respect to its own confidential information of like importance and in no event less than a reasonable standard of care. The provisions of this Section 6.3 (Use and Nondisclosure) will remain in effect for a period of three (3) years after the expiration or termination of these Terms; provided that with respect to Confidential Information that is a trade secret, the provisions of this Section 6.3 (Use and Nondisclosure) will remain in effect for so long as such Confidential Information is deemed a trade secret under applicable law.
   4. Permitted Disclosures. The provisions of this Section 6 (Confidentiality) will not restrict either party from disclosing the other party’s Confidential Information: (i) pursuant to the order or requirement of a court, administrative agency, or other governmental body; provided that the party required to make such a disclosure gives reasonable notice to the other party to enable it to contest such order or requirement or limit the scope of such request; (ii) on a confidential basis to its legal or professional financial advisors and to potential investors or acquirors; or (iii) as required under applicable securities regulations.
7. WARRANTY
   1. Mutual Warranties. Each party hereby represents and warrants to the other party that: (i) it is duly organized, validly existing and in good standing under its jurisdiction of organization and has the right to enter into these Terms and (ii) the execution, delivery and performance of these Terms and the consummation of the transactions contemplated hereby are within the corporate powers of such party and have been duly authorized by all necessary corporate action on the part of such party, and constitute a valid and binding agreement of such party.
   2. Warranty for Services. Dealpath represents and warrants that the Services will be in material accordance with the Service Level Agreement. Dealpath’s sole and exclusive liability and Customer’s sole and exclusive remedy for any breach of the warranty set forth in this Section 7.2 (Warranty for Services) will be as set forth in Section 5 of the Service Level Agreement.
   3. Customer Warranty. Customer represents and warrants that: (i) it has, and will continue to have, during the applicable Order Form Term, the legal right and authority to access, use and disclose to Dealpath any Customer Data; (ii) Dealpath has the right to use Customer Data in accordance with the terms of these Terms; (iii) all Customer Data will be and remain true, accurate, and complete; and (iv) Dealpath’s use of the Customer Data in accordance with these Terms will not violate any applicable laws or regulations or cause a breach of any agreement or obligations between Customer and any third party.
   4. Disclaimer. EXCEPT AS EXPRESSLY PROVIDED IN SECTION 7, THE SERVICES AND PROFESSIONAL SERVICES ARE PROVIDED ON AN “AS IS” BASIS, AND DEALPATH MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHATSOEVER, EXPRESS OR IMPLIED, IN CONNECTION WITH THESE TERMS, THE SERVICES OR PROFESSIONAL SERVICES, AND DEALPATH HEREBY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY, ACCURACY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT, AND NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE. DEALPATH DISCLAIMS ANY WARRANTY THAT THE SERVICES OR PROFESSIONAL SERVICES WILL BE ERROR FREE OR UNINTERRUPTED OR THAT ALL ERRORS WILL BE CORRECTED. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM DEALPATH OR ELSEWHERE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THESE TERMS. Customer assumes sole responsibility and liability for results obtained from the use of the Services and for conclusions drawn from such use. Dealpath shall have no liability for any claims, losses, or damages caused by errors or omissions in any Customer Data or other information provided to Dealpath by Customer in connection with the Services or any actions taken by Dealpath at Customer’s direction. Dealpath shall have no liability for any claims, losses or damages arising out of or in connection with Customer’s or any Authorized User’s use of any third-party products, services, software or web sites that are accessed via links from within the Services.
8. TERM AND TERMINATION
   1. Term. These Terms are effective as of the Effective Date of the first Order Form the Customer and Dealpath enter into and, unless earlier terminated in accordance with Section 8.2 (Termination for Cause), continue until all Order Forms have expired or are terminated pursuant to these Terms and applicable Order Forms.
   2. Termination for Cause. Either party may terminate these Terms (together with all Order Forms) upon written notice if the other party breaches any material term of these Terms and fails to correct the breach within thirty (30) days following written notice from the non-breaching specifying the breach; provided that the cure period for any default with respect to payment shall be ten (10) business days. Either party may terminate an individual Order Form upon written notice if the other party breaches any material term of such Order Form and fails to correct the breach within thirty (30) days following written notice from the non-breaching specifying the breach; provided that the cure period for any default with respect to payment shall be ten (10) business days.
   3. Rights and Obligations Upon Expiration or Termination. Termination of these Terms will automatically terminate all outstanding Order Forms.  Upon expiration or termination of each Order Form: (i) Customer’s and its Authorized Users’ right to access and use the Services under such Order Form shall immediately terminate; (ii) Customer and its Authorized Users shall immediately cease all use of the Services under such Order Form; and (iii) each party shall make no further use of any Confidential Information, materials, or other items (and all copies thereof) belonging to the other party (unless otherwise authorized to do so hereunder based on a separate Order Form), and each party will promptly return to the other party (or destroy) all Confidential Information of the other party in its possession or control, except for any archived electronic communications which may be stored confidentially; and (iv) each party will promptly return to the other party (or destroy) all Confidential Information of the other party in its possession or control, provided that Dealpath may retain copies in accordance with its standard data retention policies of with regard to any archived electronic communications which may be stored confidentially; and (v) upon request, Dealpath shall at no additional cost make the Customer Data available to for download for a period of sixty (60) days following expiration/termination (Customer may request longer timeframes and/or different formats which, if approved by Dealpath, may be subject to additional cost).
   4. Survival. The rights and obligations of Dealpath and Customer contained in Sections 1 (Definitions), 2.5 (Acceptable Use Polices), 2.7 (Data and Security), 4 (Fees, Expenses and Taxes), 5 (Proprietary Rights), 6 (Confidentiality), 7.4 (Disclaimer) 8.3 (Rights and Obligations Upon Expiration or Termination), 8.4 (Survival), 9 (Indemnification), 10 (Limitation of Liability), and 11 (General) shall survive any expiration or termination of these Terms and Order Forms.
9. INDEMNIFICATION
   1. Indemnification by Dealpath. Dealpath shall defend (or settle), indemnify and hold harmless Customer, its officers, directors and employees (collectively, “Customer Indemnitees”), from and against any court costs, reasonable attorneys’ fees, damages and liabilities awarded in final judgment against Customer Indemnitees, and amounts agreed to in settlement, with respect to each of the foregoing, to the extent arising from any third-party claim, allegation, or suit against Customer Indemnitees that the Services, as provided by Dealpath to Customer pursuant to these Terms, infringe, misappropriate, or otherwise violate any Intellectual Property Right of any third party.  In connection with Dealpath’s obligations under this Section 9.1 (Indemnification by Dealpath), Customer will: (a) provide Dealpath with prompt written notice of such claim (provided that any delay that does not materially prejudice Dealpath’s ability to defend the claim will not relieve Dealpath of its indemnification obligations); (b) provide reasonable cooperation to Dealpath, at Dealpath’s expense, in the defense and settlement of such claim; and (c) afford Dealpath sole authority to defend or settle such claim. Customer shall not enter into any stipulated judgment or settlement that purports to bind Dealpath without Dealpath’s express written authorization, which shall not be unreasonably withheld or delayed. 
   2. Injunctions. If Customer’s use of the Services is, or in Dealpath’s opinion is likely to be, enjoined due to the type of claim specified in Section 9.1 (Indemnification by Dealpath), then Dealpath may at its sole option and expense: (i) replace or modify the Services to make them non-infringing and of equivalent functionality; (ii) procure for Customer the right to continue using the Services; or (iii) if Dealpath is unable to accomplish either (i) or (ii) despite using its reasonable efforts, terminate the applicable Order Form or these Terms altogether and refund to Customer all unused prepaid fees applicable to the Services.
   3. Exclusions. Notwithstanding the terms of Section 9.1 (Indemnification by Dealpath), Dealpath will have no liability for any infringement or misappropriation claim of any kind to the extent that it results from: (i) Customer’s breach of these Terms, negligence, willful misconduct, or fraud; (ii) the combination, operation or use of the Services with equipment, devices, software or data not supplied by Dealpath, if a claim would not have occurred but for such combination, operation or use; (iii) Customer Data; (iv) Customer’s or an Authorized User’s use of the Services other than in accordance with these Terms; (v) Customer’s failure to use any enhancements, modifications, or updates to the Services made available by Dealpath to Customer, or Customer’s continued use of a prior version of the Services that has been superseded by a non-infringing version subsequently released by the provider.
   4. Sole Remedy. THE PROVISIONS OF SECTION 9.1, 9.2 AND 9.3 STATE DEALPATH AND ITS LICENSORS SOLE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO ANY ALLEGED OR ACTUAL INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS BY THE SERVICES.
   5. Indemnification by Customer. Customer shall defend (or settle), indemnify and hold harmless Dealpath, its officers, directors and employees (collectively, “Dealpath Indemnitees”), from and against any court costs, reasonable attorneys’ fees, damages and liabilities awarded in final judgment against Dealpath Indemnitees, and amounts agreed to in settlement, with respect to each of the foregoing, to the extent arising from any third-party claim, allegation, or suit based on Customer Data, including but not limited to any claim that Customer Data is infringing, misappropriating, or violating any Intellectual Property Rights or the publicity, privacy, or other rights of any third-party, applicable law, or was collected or disclosed in violation of these Terms. In connection with Customer’s obligations under this Section 9.5 (Indemnification by Customer) Dealpath will: (a) provide Customer with prompt written notice of such claim (provided that any delay that does not materially prejudice Customer’s ability to defend the claim will not relieve Customer of its indemnification obligations); (b) provide reasonable cooperation to Customer, at Customer’s expense, in the defense and settlement of such claim; and (c) afford Customer sole authority to defend or settle such claim. Dealpath shall not enter into any stipulated judgment or settlement that purports to bind Customer without Customer’s express written authorization, which shall not be unreasonably withheld or delayed.
10. LIMITATION OF LIABILITY.
    1. Exclusion of Damages. EXCEPT FOR LIABILITY ARISING FROM CUSTOMER’S MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS IN THE SERVICES, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY LOSS OF INCOME, DATA, PROFITS, REVENUE OR BUSINESS INTERRUPTION, OR OTHER ECONOMIC LOSS, OR ANY INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES, WHETHER OR NOT SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND WHETHER ANY CLAIM FOR RECOVERY IS BASED ON THEORIES OF CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE AND STRICT LIABILITY) OR OTHERWISE.
    2. Total Liability. EXCEPT FOR CUSTOMER’S PAYMENT OBLIGATIONS, LIABILITY ARISING FROM CUSTOMER’S MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS IN THE SERVICES, DEALPATH’S IP INDEMNIFICATION OBLIGATIONS IN SECTION 9.1 AND CUSTOMER’S CUSTOMER DATA INDEMNIFICATION OBLIGATIONS IN SECTION 9.5, IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY TO THE OTHER PARTY AND ANY THIRD PARTY RELATED TO THESE TERMS OR CUSTOMER’S ACCESS TO AND USE OF THE SERVICES AND/OR PROFESSIONAL SERVICES EXCEED THE TOTAL FEES OWED BY CUSTOMER IN THE TWELVE-MONTH PERIOD PRECEDING THE CLAIM OR ACTION, REGARDLESS OF THE FORM OR THEORY OF THE CLAIM OR ACTION.
    3. Basis of Bargain. THE LIMITATIONS OF LIABILITY AND EXCLUSIONS OF DAMAGES SET FORTH IN THIS SECTION 10 (LIMITATION OF LIABILITY) ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN DEALPATH AND CUSTOMER AND WILL APPLY TO THE MAXIMUM EXTENT ALLOWED UNDER APPLICABLE LAW.
11. GENERAL
    1. Subcontractors. Dealpath may use subcontractors and other third-party providers in connection with the performance of its own obligations hereunder (“Subcontractors”) as it deems appropriate; provided that Dealpath remains responsible and liable for the acts and omissions of each such Subcontractor to the same extent Dealpath would be liable in accordance with the terms and limitations of these Terms had Dealpath directly engaged in such acts or omissions.
    2. Governing Law. These Terms and all matters arising out of or relating to these Terms shall be governed by the laws of the State of California, without regard to its conflict of law provisions. Any legal action or proceeding relating to these Terms shall be brought exclusively in the state or federal courts located in San Francisco, California. Dealpath and Customer hereby agree to submit to the jurisdiction of, and agree that venue is proper in, those courts in any such legal action or proceeding.
    3. Waiver. The waiver by either party of any default or breach of these Terms shall not constitute a waiver of any other or subsequent default or breach. No waiver of any provision of these Terms will be effective unless it is in writing and signed by the party granting the waiver.
    4. Notices. Dealpath may give notice to Customer by means of a general notice through the Services interface, email to Customer’s e-mail address on record with Dealpath, or by written communication sent by first class postage prepaid mail or nationally recognized overnight delivery service to Customer’s address on record with Dealpath. Customer may give notice to Dealpath by written communication sent by first class postage prepaid mail or nationally recognized overnight delivery service to the address on the Order Form. Notice shall be deemed to have been given upon receipt or, if earlier, two (2) business days after mailing, as applicable. For notices made by e-mail, the date of receipt will be deemed the date on which such notice is transmitted.
    5. Severability. In the event any provision of these Terms is held to be invalid or unenforceable, the remaining provisions of these Terms shall remain in full force and effect.
    6. Force Majeure. Neither party shall be liable hereunder by reason of any failure or delay in the performance of its obligations hereunder (except for the payment of money) on account of events beyond the reasonable control of such party, which may include without limitation denial-of-service attacks, strikes, shortages, riots, insurrection, epidemics, pandemics, fires, flood, storm, explosions, acts of God, war, terrorism, governmental action, labor conditions, earthquakes and material shortages (each a “Force Majeure Event”). Upon the occurrence of a Force Majeure Event, the non-performing party will be excused from any further performance of its obligations effected by the Force Majeure Event for so long as the event continues and such party continues to use commercially reasonable efforts to resume performance.
    7. Compliance with Laws. Each party agrees to comply with all applicable laws and regulations with respect to its activities hereunder, including, but not limited to, any export laws and regulations of the United States. Customer affirms that it is not named on, owned by, or acting on behalf of any U.S. government denied-party list, and it agrees  to comply fully with all relevant export control and sanctions laws and regulations of the United States (“Export Laws”) to ensure that neither the Services nor any technical data related thereto, is: (i) used, exported or re-exported directly or indirectly in violation of Export Laws; or (ii) used for any purposes prohibited by the Export Laws, including, but not limited to, nuclear, chemical, or biological weapons proliferation, missile systems or technology, or restricted unmanned aerial vehicle applications.
    8. Relationship Between the Parties. Nothing in these Terms shall be construed to create a partnership, joint venture or agency relationship between the parties. Neither party will have the power to bind the other or to incur obligations on the other’s behalf without such other party’s prior written consent.
    9. Assignment. Neither Party may assign or transfer these Terms, in whole or in part, without the other party’s prior written consent; provided that: (i) Dealpath may assign these Terms without Customer’s prior written consent to a successor entity in connection with a merger, acquisition, consolidation, by operation of law, or sale of all or substantially all of Dealpath’s assets to which these Terms relate; and (ii) Customer may assign these Terms without Dealpath’s prior written consent to a successor entity who is not a direct or indirect competitor of Dealpath in connection with a merger, acquisition, consolidation, by operation of law, or sale of all or substantially all of Customer’s assets to which these Terms relate.  Any attempted assignment or transfer without such consent will be null and of no effect.  Subject to the foregoing, these Terms will bind and inure to the benefit of the parties, their successors and permitted assigns.
    10. Entire Agreement. These Terms (together with all Order Forms) constitute the complete and exclusive agreement between the parties concerning its subject matter and supersede all prior or contemporaneous agreements or understandings, written or oral, concerning the subject matter of these Terms. These Terms may not be modified or amended except in a writing signed by a duly authorized representative of Dealpath and Customer. If there is any inconsistency between the provisions of these Terms and the terms in any Order Form, these Terms shall prevail. If accepted by Dealpath in lieu of or in addition to Dealpath’s Order Form, Customer’s purchase order shall be binding only as to the following terms: (a) the Services ordered and (b) the appropriately calculated fees due. Other terms shall be void.
    11. Non-Exclusive Remedies. Except as otherwise set forth in these Terms, including Sections 7.2 (Warranty for Services) and 9.4 (Sole Remedy), the exercise by either party of any remedy under these Terms will be without prejudice to its other remedies under these Terms or otherwise.
    12. Equitable Relief. Each party acknowledges that a breach by the other party of any confidentiality or proprietary rights provision of these Terms may cause the non-breaching party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching party may institute an action to enjoin the breaching party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching party may be entitled at law or in equity.
    13. No Third-Party Beneficiaries. These Terms are intended for the sole and exclusive benefit of the signatories and are not intended to benefit any third party. Only the parties to these Terms may enforce them.
    14. Headings. The headings in these Terms are for the convenience of reference only and have no legal effect.

LIST OF EXHIBITS

EXHIBIT A – SERVICE LEVEL AGREEMENT

EXHIBIT B – DATA PROCESSING ADDENDUM

EXHIBIT A
SERVICE LEVEL AGREEMENT

1. Service Availability.

Dealpath will make the Services under each Order Form available to Customer with 99.90% uptime, measured monthly, excluding Excused Downtime (“Uptime Requirement”). 

 2. Service Availability Calculation.

The percentage uptime for the Services under each Order Form will be calculated as follows (“Availability Percentage”).  Each month in which the Availability Percentage is less than the Uptime Requirement is referred to herein as a Deficient Month.

α=((η – π – ∆) / (η- π)) * 100

Where: 

α = % Availability
η =  Number of hours in a month
π = Excused Downtime as defined below
∆ = Total time of Service unavailability

3. Excused Downtime.

(a) Excused Downtime. “Excused Downtime” occurs when Customer has no or limited access to the Services under an Order Form that arises from (i) scheduled maintenance, (ii) a Force Majeure Event, (iii) any hardware or software not supplied by Dealpath; (iv) from telecommunications or Internet service provider failures; (v) Customer’s use of the Services in an unauthorized or unlawful manner or any interruption resulting from Customer’s misuse, alteration, or damage of the Services; or (vi) Dealpath’s exercise of its rights under the Terms or the blocking of data communications or other portions of the Services in accordance with its policies.

(b) Scheduled Maintenance. Dealpath will use commercially reasonable efforts to undertake all necessary maintenance in a manner that mitigates impact to Customer and its users and to notify Customer of the required maintenance. Dealpath will use commercially reasonable efforts to provide twenty-four (24) hours’ prior notice for scheduled maintenance not to exceed six (6) hours.  Notice provided under this Section will be via email.

4. Technical Support

(a) Hours of Support. Dealpath will respond to problems with the Services experienced by Customer or its Authorized Users in accordance with this Section 4. Dealpath will provide coverage parameters specific to the service(s) covered in these Terms as follows:

(b) Problem Severity Level Definitions. Problems reported by Customer to Dealpath support will be assigned a Severity Level in accordance with the following:

(c) Problem Response Times.  Dealpath will use commercially reasonable efforts to meet or exceed the target response and problem resolution times for each Severity Level as set forth in the following:

(*) “Business Days” are defined as non-weekend and non-US holiday days.

5. Service Level Credits

(a) Customer’s sole and exclusive remedy, and Dealpath’s sole and exclusive liability, in connection with the availability of the Services shall be that for each continuous period of downtime lasting longer than one hour that occurs in a calendar Deficient Month, Dealpath will credit Customer 5% of any recurring Fees due for the month in question under the applicable Order Form (monthly fees may be calculated by dividing any annual recurring fees by 12); provided that no more than one such credit will accrue per day. Downtime shall begin to accrue at the earliest of (i) as soon as Customer (with notice to Dealpath) recognizes that downtime is taking place, or (ii) Dealpath otherwise becomes aware that downtime is taking place, and continues until the availability of the Services is restored. In order to receive downtime credit, Customer must notify Dealpath in writing within twenty-four (24) hours from the time of downtime, and failure to provide such notice will forfeit the right to receive downtime credit.  Such credits shall not exceed a total of credits for one (1) week of recurring Fees (pro-rated) under the applicable Order Form for any one (1) calendar Deficient Month and, except as set forth in following sentence, such credits may not be redeemed for cash.  If there will be no subsequent invoice for recurring Fees from Dealpath, Dealpath will refund to Customer the amount of any credit that would have been due to Customer under a subsequent invoice. 

(b) Notwithstanding Section 5(a) above, in the event Customer experiences a Severity Level 1 event five (5) times for the Services under an Order Form within any rolling six (6)-month period, Customer may immediately terminate such Order Form upon written notice.

EXHIBIT B – Data Processing Agreement

This Data Processing Addendum (“Addendum”) forms part of the Terms between Customer and Dealpath.

1. Subject Matter and Duration.

(a) Subject Matter. This Addendum reflects the parties’ commitment to abide by Data Protection Laws concerning the Processing of Customer Personal Data in connection with Dealpath’s provision of the Services under the Terms. All capitalized terms that are not expressly defined in this Addendum will have the meanings given to them in the Terms. If and to the extent language in this Addendum or any of its Exhibits conflicts with the Terms, this Addendum shall control.

(b)  Duration and Survival. This Addendum will become legally binding upon the Effective Date, or upon the date that the Parties enter into this Addendum if it is completed after the Effective Date. Dealpath will Process Customer Personal Data until the relationship terminates as specified in the Terms. Dealpath’s obligations and Customer’s rights under this Addendum will continue in effect so long as Dealpath Processes Customer Personal Data.

2. Definitions.

For the purposes of this Addendum, the following terms and those defined within the body of this Addendum apply.

(a) “Customer Personal Data” means Personal Data Processed by Dealpath on behalf of Customer.

(b) “Data Protection Laws” means all applicable data privacy, data protection, and cybersecurity laws, rules and regulations to which the Customer Personal Data are subject. “Data Protection Laws” shall include, but not be limited to, the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act, its associated regulations and their successors (“CCPA”), the EU General Data Protection Regulation 2016/679 (“GDPR”), the Data Protection Act 2018 and GDPR as saved into United Kingdom law by virtue of Section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018 (“UK GDPR”), and the Swiss Federal Act on Data Protection of 25 September 2020 (“FADP”).

(c) “Personal Data” shall have the meaning assigned to the terms “personal data” and/or “personal information” under applicable Data Protection Laws.

(d) “Process” or “Processing” means any operation or set of operations which is performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

(e) “Security Incident(s)” means the breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data attributable to Dealpath.

(f) “Services” means any and all services that Dealpath performs under the Terms.

(g) “Standard Contractual Clauses” or “SCCs” means the Standard Contractual Clauses for the Transfer of Personal Data to Processors Established in Third Countries under GDPR, as approved by European Commission Implementing Decision 2021/914. Section 4 to this Addendum contains certain interpretive and supplementary provisions regarding application of the Standard Contractual Clauses. The information required by Annexes 1 and 2 of the Standard Contractual Clauses is provided in Annexes I and II of this Addendum.

(h) “Subprocessor” means Dealpath’s authorized vendors and third-party service providers that Process Customer Personal Data.

3. Data Use and Processing.

(a) Documented Instructions. Dealpath and its Subprocessors shall Process Customer Personal Data only in accordance with the documented instructions of Customer or as specifically authorized by this Addendum, the Terms, or any applicable Order Form. Dealpath will, unless legally prohibited from doing so, inform Customer in writing if it reasonably believes that there is a conflict between Customer’s instructions and applicable law or otherwise seeks to Process Customer Personal Data in a manner that is inconsistent with Customer’s instructions.

(b) Authorization to Use Subprocessors. Customer generally authorizes Dealpath to engage Subprocessors to provide aspects of the Service. Dealpath’s current Subprocessors are listed at https://www.dealpath.com/subprocessors/.

(c) Dealpath and Subprocessor Compliance. Dealpath agrees to (i) enter into a written agreement with each Subprocessor regarding its Processing of Customer Personal Data that imposes on such Subprocessors data protection and security requirements for Customer Personal Data at least as protective of Customer’s rights in Customer Personal Data as this Addendum; and (ii) remain responsible to Customer for Subprocessors’ failure to perform their obligations with respect to the Processing of Customer Personal Data.

(d) Right to Object to New Subprocessors. Where required by Data Protection Laws and provided that Customer signs up for notifications at https://www.dealpath.com/dealpath-sub-processors/, Dealpath will email the contact email address(es) provided (Customer’s POC) prior to engaging any new Subprocessors that Process Customer Personal Data and allow Customer ten (10) days to object. If Customer has legitimate objections to the appointment of any new Subprocessor, the Parties will work together in good faith to resolve the grounds for the objection.

(e) Confidentiality. Any person authorized to Process Customer Personal Data must contractually agree to maintain the confidentiality of such information or be under an appropriate statutory obligation of confidentiality.

(f) Personal Data Inquiries and Requests. Dealpath agrees to provide reasonable assistance and comply with reasonable instructions from Customer related to any requests from individuals exercising their rights in Customer Personal Data granted to them under Data Protection Laws.

(g) Sale of Customer Personal Data Prohibited. Dealpath shall not sell or share Customer Personal Data as those terms are defined by the CCPA.

(h) Data Protection Impact Assessment and Prior Consultation. Where required by Data Protection Laws, Dealpath agrees to provide reasonable assistance at Customer’s expense to Customer where, in Customer’s judgement, the type of Processing performed by Dealpath requires a data protection impact assessment and/or prior consultation with the relevant data protection authorities.

(i) Demonstrable Compliance. Dealpath agrees to provide reasonable information necessary to demonstrate compliance with this Addendum to Customer upon reasonable request.

4. Cross-Border Transfers of Personal Data.

(a) Cross-Border Transfers of Personal Data. Customer authorizes Dealpath to transfer Customer Personal Data across international borders, including from the European Economic Area, Switzerland and the United Kingdom to the United States. Where required, cross-border transfers of Customer Personal Data must be supported by an approved adequacy mechanism.

(b) Compliant Transfer Mechanisms. Without prejudice to the foregoing, Customer consents to transfers where Dealpath has implemented a transfer solution compliant with applicable Data Protection Laws, which for example may include: (i) where such transfer is subject to an adequacy decision by the European Commission; (ii) the Standard Contractual Clauses; (iii) another appropriate safeguard pursuant to Article 46 of GDPR or equivalent safeguard under other applicable Data Protection Laws; or (iv) a derogation pursuant to Article 49 of GDPR or equivalent derogation under other applicable Data Protection Laws.

(c) Incorporation of Standard Contractual Clauses. The parties agree that the Standard Contractual Clauses are hereby incorporated by reference into this Addendum as follows:

(i) Module 1: Transfer controller to controller, Clauses 1 to 6, 8 and 10 to 18 apply where Dealpath Processes Personal Data as a Controller, Dealpath and its relevant Affiliates are located in non-adequacy approved third countries, and Customer and its relevant Affiliates are established in the EEA. 

(ii) Module 2: Transfer controller to processor, Clauses 1 to 6 and 8 to 18 apply where Dealpath Processes Personal Data as a Processor, Dealpath and its relevant Sub-Processor Affiliates are located in non-adequacy approved third countries, and Customer and its relevant Affiliates are established in the EEA.

(iii) Module 3: Transfer processor to processor, Clauses 1 to 6 and 8 to 18 apply where Dealpath Processes Personal Data as a Processor, Dealpath and its relevant Sub-Processor Affiliates are located in non-adequacy approved third countries, and Customer and its relevant Affiliates are established in the EEA.

(d) Standard Contractual Clause Optional Provisions. Where the Standard Contractual Clauses identify optional provisions (or provisions with multiple options) the following shall apply: 

(i) Clause 7 (Docking Clause) is omitted; 

(ii) In Clause 9(a) (Use of sub-processors) – Option 2 shall apply and the parties shall follow the process and timing agreed in the Addendum to appoint sub-processors; 

(iii) In Clause 11(a) (Redress) – the Optional provision shall NOT apply; 

(iv) In Clause 16(b) (Suspension of transfers) if Dealpath is the data exporter it will suspend transfers of personal data only as required by law and will notify Customer as promptly as possible (before suspension if possible) so that Customer may remedy the condition requiring suspension;

(v) In Clause 17 (Governing Law) – the laws of the Republic of Ireland shall govern; and 

(vi) In Clause 18 (Choice of forum and jurisdiction) – the courts of the Republic of Ireland shall have jurisdiction. 

(e) Supplementary Terms to Standard Contractual Clauses

(i) The purpose of the Processing, categories of data subjects and categories of data are identified on Annex 1.

(ii) The certification of deletion required by Clause 8.5 and Clause 16(d) will be provided upon Customer’s written request.

(iii) The measures Dealpath is required to take under Clause 8.6(c) will only cover Dealpath’s impacted systems.

(iv) Documentation and compliance. For the purposes of Clauses 8.9(b) and 8.9(e) the review and audit provisions in the Agreement and Addendum shall apply. 

(v) Where the Standard Contractual Clauses require Dealpath to notify the competent supervisory authority, Dealpath shall first provide Customer with the details of the notification, permitting Customer to have prior written input into the relevant notification where Customer so desires to do, and without delaying the timing of the notification unduly.  

(vi) For purposes of Clause 8.2 – Module 1, Clause 8.3 – Module 2 and Clause 15.1(a), unless otherwise stated by Dealpath, Customer will be responsible for communicating with data subjects, and Dealpath shall provide the level of assistance set out in the Addendum. 

(vii) Customer will reimburse Dealpath for all costs and expenses incurred by Dealpath in connection with the performance of Dealpath’s obligations under Clause 15.1(b) and Clause 15.2 without regard for any limitation of liability set forth in the Terms.

(viii) Liability. For the purposes of Clause 12(a), the liability of the Parties shall be limited in accordance with the limitation of liability provisions in the Terms.  

(ix) Signatories. Notwithstanding the fact that the SCCs are incorporated herein by reference without being signed directly, Dealpath and Customer each agrees that their execution of the Agreement is deemed to constitute its execution of the SCCs, and that it is duly authorized to do so on behalf of, and to contractually bind, the Data Exporter or Data Importer (as applicable) accordingly. 

(f) Swiss Law Provisions. Personal Data transfers from Switzerland will be governed by the SCCs as conformed to Swiss law as follows:

(i) references to the EU, member states and GDPR in the SCCs are amended mutatis mutandis to refer to Switzerland, the FDPA, and the Swiss Federal Data Protection and Information Commissioner; and

(ii) In Clause 17 (Governing Law) the laws of Switzerland shall govern, and in Clause 18 (Choice of forum and jurisdiction) the courts of Switzerland shall have jurisdiction. 

(g) United Kingdom Law Provisions. Personal Data transfers from the United Kingdom will be governed by the SCCs as conformed to UK law pursuant to the International Data Transfer Addendum (the “IDTA”) issued by the UK Information Commissioner’s Office (the “ICO”) and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022.

(i) In Part 1 of the IDTA, the information required by Tables 1 – 3 is provided in the Terms, Addendum and these SCCs.

(ii) The IDTA’s Mandatory Clauses are incorporated by reference into this Addendum in accordance with Alternative Part 2 of the template IDTA. 

(iii) References to the EU, member states and GDPR in the Standard Contractual Clauses are amended mutatis mutandis to refer to the United Kingdom, UK GDPR and the ICO.

(iv) In Clause 17 of the Standard Contractual Clauses (Governing Law), the laws of England and Wales shall govern, and in Clause 18 (Choice of forum and jurisdiction), the courts in London, England shall have jurisdiction. A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts in the UK.

5. Information Security Program.

(a) Dealpath agrees to implement appropriate technical and organizational measures designed to protect Customer Personal Data in accordance with Data Protection Laws, as described in Annex II below.

6. Security Incidents.

(a) Notice. Upon becoming aware of a Security Incident, Dealpath agrees to provide notice via e-mail without undue delay and within the time frame required under Data Protection Laws to Customer’s POC. Where possible, such notice will include all available details required under Data Protection Laws for Customer to comply with its own notification obligations to regulatory authorities or individuals affected by the Security Incident.

(b) Investigation. Dealpath will investigate the Security Incident and provide Customer with information concerning the scope, cause, impact of, and mitigation measures referenced in (c) below taken with respect to such Security Incident upon the initial notification referenced in (a) above, or, if not available at such time, promptly thereafter.

(c) Mitigation. Dealpath will take reasonable steps to mitigate the effects of the Security Incident.

7. Audits.

(a) Audits. The parties acknowledge that Dealpath uses third-party auditors to verify the adequacy of its Processing of Customer Personal Data. The audit: (i) is performed annually; (ii) is performed against the SOC 2 Type 2 framework; (iii) is performed by an independent third-party security professional at Dealpath’s selection and expense; and (iv) will result in the generation of an audit report affirming that Dealpath’s security controls are compliant with SOC 2 Type 2 (“Report”). Upon request, Dealpath will provide Customer with a copy of its then current Report. If Customer demonstrates that the information contained in the Report is not sufficient for its compliance purposes, then Customer may carry out a follow up audit to ensure Dealpath’s compliance with the terms of this Addendum by having Dealpath complete a data protection questionnaire of reasonable length. Any provision of the Report to, or audit carried out by Customer shall be subject to reasonable confidentiality procedures.

8. Data Deletion.

(a) Data Deletion. At the expiry or termination of the Terms, Dealpath will, upon Customer’s request, delete or return all Customer Personal Data (excluding any back-up or archival copies which shall be deleted in accordance with Dealpath’s data retention schedule), except where Dealpath is required to retain copies under applicable laws, in which case Dealpath will isolate and protect that Customer Personal Data from any further Processing except to the extent required by applicable laws.

(b) Customer can choose to engage Dealpath’s Professional Services at any point to request an export of all Customer Personal Data and any other of Customer’s Services account information (such as tasks, files, comments, and deal activity logs). The requested information will be exported and delivered to the Customer contact specified in writing by Customer (email accepted) in a common file format.

9. Processing Details.

(a) Subject Matter. The subject matter of the Processing is the Services pursuant to the Terms.

(b) Duration. The Processing will continue until the expiration or termination of the Terms.

(c) Categories of Data Subjects. Data subjects whose Customer Personal Data will be Processed pursuant to the Terms.

(d) Nature and Purpose of the Processing. The purpose of the Processing of Customer Personal Data by Dealpath is the performance of the Services.

(e) Types of Customer Personal Data. Customer Personal Data that is Processed pursuant to the Terms.

Annex I. Annex I to the Standard Contractual Clauses shall read as follows:

A. List of Parties

Data Exporter: Customer.
Address: As set forth in the Order Form.
Contact person’s name, position, and contact details: As set forth in the Order Form.
Activities relevant to the data transferred under these Clauses: The Services.
Role: Controller.

Data Importer: Dealpath. 
Address: As set forth in the Order Form.
Contact person’s name, position, and contact details: As set forth in the Order Form.
Activities relevant to the data transferred under these Clauses: The Services.
Role: Processor.

B. Description of the Transfer:

Categories of data subjects whose personal data is transferred: The categories of data subjects whose Customer Personal Data is transferred under the Standard Contractual Clauses including, but not limited to, Authorized Users.

Categories of personal data transferred: The categories of Customer Personal Data transferred under the Standard Contractual Clauses including, but not limited to, Authorized Users’ name and email address.