RITESOFT, LLC SOFTWARE LICENSE AGREEMENT
BY ACCEPTING THIS AGREEMENT OR ACCESSING OR USING THE SOFTWARE OR SERVICE, YOU ARE AGREEING TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. THE PERSON ACCEPTING THIS AGREEMENT, IF DOING SO ON BEHALF OF A COMPANY (CUSTOMER), REPRESENTS THAT THE PERSON HAS THE AUTHORITY TO ACCEPT AND BIND THE CUSTOMER TO THESE TERMS. IF THE PERSON ACCEPTING THE AGREEMENT DOES NOT HAVE SUCH AUTHORTY OR IF THE PERSON DOES NOT AGREE TO THESE TERMS, THE PERSON MUST NOT ACCEPT THESE TERMS AND THE PERSON OR CUSTOMER MUST NOT ACCESS OR USE THE LICENSED PROGRAMS.
1. GRANT OF LICENSE
riteSOFT LLC (riteSOFT) and the Customer agree that during any free trial and any customer order, whether subscription or annual license, for Licensed Programs under this Agreement, the following terms and conditions will apply except as otherwise noted for free trials.
riteSOFT will grant a nontransferable, nonexclusive license for the Licensed Programs in consideration of the fees disclosed and agreed to by Customer, which is incorporated herein by reference or as provided in the order form or quote, subject to the terms and conditions of this Agreement for each program. The grant of the license to use the Licensed Programs, and any component software incorporated by riteSOFT in the Licensed Programs, is limited to the intended purpose of the Licensed Programs and for no other purpose of any kind.
The following is a list of terms used in this Agreement:
2.1 Customer: the entity or person placing an order for accessing the Licensed Program as referenced in the order form or quote.
2.2. Licensed Program: the software program and any related Mobile Apps, website, domain names, and other materials or documentation provided for use in connection with the Licensed Program.
2.3. Use: riteSOFT will make the Licensed Program available to Customer pursuant to this Agreement during the License or Subscription Term. During the Term, riteSOFT grants to the customer a limited, non-exclusive right to access and use the Software only for its internal business purposes for up to the number of Users included in the order form or quote, including the right to download, install and use the Mobile Apps in connection with the Licensed Program.
2.4. License Fee or Subscription Fee: The Customer will pay either a one-time Initial License Fee plus an Annual License Fee OR an annual Subscription Fee except during a Free Trial. The Annual License Fee is an annual fee for the service described in Section 4 hereof and being an amount or the period of one year. A Subscription Fee means an annual or monthly fee (where available) for the service described in Section 4.
2.5. License Term: hereafter referred to as Period, is a set period of 12 months.
2.6. Subscription Term: is a period of 12 months that commences on the first of the month following the initial invoice date.
2.7. Registration Number/License File: means the algorithmic key number or license file provided by riteSOFT to allow the Customer to use the Licensed Program. This number/file is renewed each year upon payment of the Annual License or Subscription Fee.
2.8. Concurrent Users: When the Licensed Program is purchased with an annual license fee, users are licensed and counted by seat. A single seat license can be shared with multiple users, but only one user can be logged in to the Licensed Program using that seat. The total number of users logged in to the Licensed Program at one time cannot exceed the number of concurrent users licensed.
2.9. Named Users: When the Licensed Program is purchased as a subscription, each user is specified (named) when the software is set up with individual log-in credentials. User names and log-in credentials are not shared with other users.
3. TERM, RENEWAL, AND TERMINATION
3.1. Term: This Agreement is effective for a 12-month period as defined in Section 2.
3.2. Renewal: This Agreement will renew annually on payment of the Annual License Fee or Subscription Fee as specified in Section 4 unless terminated.
3.3. Termination: This Agreement may be terminated by the Customer upon a 30-day written notice to riteSOFT prior to the end of the License or Subscription period, provided that the Customer discontinues use of all Licensed Programs. Termination will take effect at the end of the initial contract period or then subsequent contract period. riteSOFT may immediately discontinue any license or terminate this Agreement upon written notice to the Customer if the Customer fails to comply with any of the terms and conditions of the Agreement. riteSOFT may terminate this Agreement for any reason, upon a 30-day notice from riteSOFT to the Customer, other than for noncompliance with the Agreement which will result in immediate termination.
3.4. Free Trial Termination: Upon expiration of a Customer’s free trial, riteSOFT may immediately suspend Customer’s access to the Software or Services and their customer data will be deleted. Customer data cannot be recovered once it is deleted. Customer must export customer data prior to the free trial ending.
3.5. Data Export: Upon termination or expiration of this Agreement, Customer’s access to the Services, Software, Mobile Apps, and other riteSOFT technology will terminate. riteSOFT strongly recommends that Customer export all Customer Data before termination or expiration. riteSOFT does not retain or have access to Customer Data collected with the premise versions of Licensed Programs. If Licensed Programs are hosted by riteSOFT, and Customer Data is retained by riteSOFT that can be exported, Customer may contact riteSOFT within 14 days following the effective date of termination to have riteSOFT export Customer’s Data. Customer Data cannot be recovered once it is deleted.
4. FEES AND PAYMENT
4.1. Payment Due: The Customer acknowledges that the initial license cost or subscription fees are due and payable with the order for the Licensed Program.
4.2. Fees: The Customer agrees to pay the Annual License or Subscription Fee, and other amounts specified in Section 5, in consideration of riteSOFT granting the Customer the right to use the Licensed Program. riteSOFT will in turn furnish to the Customer the maintenance service described below in relation to the Licensed Program for the Initial Period or Initial Subscription Term, commencing on the date as described in Section 2 and continuing if Customer is current on its payment of the Annual License or Subscription Fees.
4.3. Applicable Taxes: In addition to the charges due under this Agreement, the Customer agrees to pay any use, value-added, or sales taxes arising from this Agreement and shall indemnify and save harmless riteSOFT from the same.
4.4. Purchases from Channel Partners: Customer may procure use of any Services, Software, or Mobile Apps from a third-party authorized reseller of riteSOFT Licensed Programs. Customer’s use of any riteSOFT Services, Software, or Mobile Apps procured through a Channel Partner will be subject to the terms of this Agreement, and all fees payable for such use will be payable to the Channel Partner pursuant to the terms agreed to between Customer and Channel Partner.
4.5. Maintenance Services: are (a) supplying updates to the Customer’s current Licensed Program at riteSOFT’s sole discretion; and (b) supplying corrections for any error in the Licensed Programs made known to riteSOFT normally by the issue of updated versions of the Licensed Programs from time to time as riteSOFT shall determine.
4.6. Registration Key/File: Upon payment, riteSOFT will furnish the Customer with a registration key or file required to access and use the Licensed Program for the Initial Period or Initial Subscription Term, commencing on the date described in Section 2 and continuing if Customer is current on its payment of the Annual License or Subscription Fees.
4.7. Suspension: Failure to pay the Annual License or Subscription Fees when due will automatically result in the withdrawal of access to the software or service relative to the Licensed Programs including maintenance services, Licensed Program updates, add-on modules, and Apps. To requalify for services, the Customer shall pay all Annual License or Subscription fees, accrued and outstanding since the date of last payment, as well as charges for the Licensed Program’s recertification as the current version to be eligible for the services.
4.8. Access to Customer: The Customer shall make available free of charge to riteSOFT all information, facilities, and service required by riteSOFT for the performance of its obligations under this Agreement.
4.9. Timeliness: The obligation of riteSOFT under this Agreement, including without limitation, the obligation to provide the Licensed Programs and the maintenance services, are subject to and conditioned upon the timely performance of the Customer’s obligations under this Agreement, including without limitation payment of the Annual License Fee or Subscription Fee.
4.10. Failure to Pay: IN THIS REGARD, CUSTOMER ACKNOWLEDGES THAT WITHOUT LIMITATION, FAILURE TO PAY AN ANNUAL LICENSE OR SUBSCRIPTION FEE SHALL ENTITLE RITESOFT, WITHOUT PRIOR NOTICE, TO TERMINATE THIS AGREEMENT AND THE LICENSE TO USE THE SOFTWARE, UPON WRITTEN NOTICE TO THE CUSTOMER.
4.11. Price Increases: riteSOFT reserves the right to increase the Annual License Fee or the Subscription Fee at the renewal time of the 12-month Period.
5. UPGRADES, ADDITIONAL SERVICES, INTEGRATION, OR PLUGIN FEES
5.1. Additional Purchases: Any upgrades for additional users, packages, or add-on modules during the contract period will be invoiced at riteSOFT’s prevailing list price.
5.2. Service Fees: All services requested by the Customer that are not covered by the maintenance service described in Section 4 above, including but not limited to: a visit to the Customer’s location, additional project management or implementation, any reimplementation services, assistance with Licensed Program installation and training of Customer staff or other technical support, shall be chargeable to the Customer upon the provision of services. Unless otherwise agreed, the charges shall be at riteSOFT’s current standard rates for the time spent by the personnel in performing such services, including travel time and any other direct expenses with the above services.
5.3. Integration and Plugin Fees: Integrations and Plugins developed by riteSOFT that are licensed, subscribed to, or contracted for during the contract period will be charged at the prevailing list price or hourly rate. riteSOFT Integrations and Plugins may need additional development work if more extensive changes are made to the Licensed Programs in the future. If this occurs, Integration or Plugin changes will be invoiced at the prevailing hourly rate.
6. USAGE AND CUSTOMER DATA
6.1. Customer Account: Customer may need to register for an Account to access the Licensed Programs. Customer agrees to keep its customer information current so that riteSOFT may send notices, statements, and other information to Customer via email or through its Licensed Program.
6.2. Number of Users: Customer acknowledges that this license is valid for the number of users purchased.
6.3. Named Users: When the Licensed Program is purchased as a subscription, the customer agrees that user logins will not be shared or used by more than 1 user.
6.4. User Compliance: Customer agrees to ensure that each user complies with the provisions of this Agreement.
6.5. Use Restrictions: Customer agrees not to use riteSOFT Licensed Programs to process data on behalf of any third party other than Customer’s users.
6.6. Agreement Not Assignable: This Agreement is not assignable. None of the licenses granted hereunder nor any of the Licensed Program materials or copies thereof may be sublicensed, assigned, or transferred by the Customer without the prior written consent of riteSOFT. Any attempt to sublicense, assign or transfer any of the rights, duties, or obligations under this Agreement is void.
6.7. Unauthorized Access: The Customer may not modify, adapt, or otherwise gain or attempt to gain unauthorized access to riteSOFT Licensed Programs or its related systems, or decompile, reverse engineer, disassemble, reproduce, or copy, or otherwise access the source code or underlying program of any part of riteSOFT Licensed Programs.
6.8. Customer Data Backup: Customer is solely responsible for back-up of Customer Data.
6.9. User Login Confidentiality: Customer is responsible for maintaining the confidentiality of user login information and credentials for accessing the Licensed Programs.
6.10. Data Access and Processing: Customer grants to riteSOFT a non-exclusive, royalty-free right to process the Customer Data solely to the extent necessary to perform its obligations under this Agreement.
6.11. Customer Data: As between the parties, Customer retains all rights, title, and interest (including any and all intellectual property rights) in and to the Customer Data and any modifications made thereto in the course of the operation of the riteSOFT Licensed Programs. Customer is solely responsible for the accuracy, content, and legality of all Customer Data.
6.12. Data Security: riteSOFT will use appropriate technical and organizational measures to protect the Customer Data from unauthorized access, process, loss, or disclosure when riteSOFT hosts the Licensed Program. riteSOFT measures are designed to provide a level of security that is appropriate to the risk of processing the Customer Data within the software. Customer understands that riteSOFT will process Customer Data in accordance with this Agreement and Privacy Notice. When riteSOFT hosts the Licensed Program, the parties will comply with the terms of the Data Processing Agreement which is incorporated into this Agreement in Addendum A.
6.13. Usage Data. Usage Data includes but is not limited to query logs, and any data relating to the operation, support, and/or about Customer’s use of the Licensed Programs, services, and riteSOFT websites. Notwithstanding anything to the contrary in this Agreement, riteSOFT may collect and use Usage Data to develop, improve, support, and operate its products and services. riteSOFT will not share Usage Data that includes Customer’s confidential information with a third party except in accordance with executing this Agreement.
6.14. Audit of Use. riteSOFT may, at its expense, audit Customer’s use of the Licensed Program. Audits shall be conducted during regular business hours at Customer’s place or places of business and shall not unreasonably interfere with Customer’s business activities. Audits shall be conducted no more than once annually. If, as a result of any such audit, riteSOFT identifies unauthorized use of the Licensed Program, Customer shall pay, in addition to a full License Fee for each copy of the Licensed Program in use by Customer and the reasonable expenses of riteSOFT in conducting the audit.
7. THIRD PARTY PRODUCT INTEGRATIONS
7.1. Integrations Developed by riteSOFT: riteSOFT Licensed Programs may be integrated by riteSOFT with Third Party Products for the purposes of sharing Customer Data for data processing under this Agreement. The Customer accepts that riteSOFT does not provide or grant any licenses or rights to use any Third-Party Products. Third Party Products are the property of the licensor and no legal relationship, whether contractual or otherwise, exists between the Customer and riteSOFT in respect of the Third-Party Products. riteSOFT is not responsible for any defects in the Third-Party Products and shall not be responsible for the support and/or maintenance of the Third-Party Products.
7.2. Integrations Developed by Third Parties: The customer acknowledges that riteSOFT is not responsible for the support, maintenance, or any defects in integrations to the Licensed Programs developed by third parties.
8.1. Malfunction: In the event of a malfunction of a Licensed Program during operation of the system by the Customer, and provided such malfunction arises solely by reason of error or omission in the Licensed Program provided by riteSOFT and is not caused in whole or in part by the Customer’s operator error or by failure of the Customer’s staff to follow the procedures as outlined by riteSOFT, or by any modification made to the data or Licensed Program by the Customer by any means other than those provided by riteSOFT, then riteSOFT binds itself, at its cost, to correct such Licensed Program or refund the initial License Fees or Subscription Fees for the first 90 days, excluding any service or integration fees, to be determined at riteSOFT’s option.
8.2. Malware Warranty: riteSOFT warrants that the Licensed Programs when hosted by riteSOFT will be monitored using commercially available means to attempt to detect and prevent the introduction of any code containing viruses, Trojan horses, worms, backdoors, traps, time-out devices or similar destructive or harmful code that self- replicates.
9. LIMITATION OF LIABILITY AND REMEDIES
9.1. Warranty Limitation: The Customer agrees that the foregoing warranty is limited to a period of 90 days following the date on which this Agreement is executed by both the Customer and riteSOFT. This warranty is in lieu of all other warranties and conditions with respect to the Licensed Programs, and riteSOFT disclaims all other warranties and conditions, including but not limited to, any implied warranty or condition of merchantability, of fitness or adequacy for any particular purpose or use, of quality, of productiveness or of capacity.
9.2. Liability: The Customer further agrees that riteSOFT shall not be liable, whether in contract, warranty, condition, tort or otherwise, to the Customer or any person claiming through or under the Customer for any damage or expense, whether consequential or incidental, direct or indirect, special or general, arising from loss of profits or business or otherwise, and whether caused by defect, negligence, breach of warranty or condition, delay in delivery or otherwise, and in no event shall riteSOFT be liable even if it has been advised of the possibility of such damages or expense. Any modifications except those authorized in writing by riteSOFT or performed and/or supplied by riteSOFT to correct known or detected Licensed Program problems, void all warranties.
9.3. Liability Limit: Notwithstanding any other provisions of this Agreement, riteSOFT’s liability on any other claim for loss or liability, including negligence, arising out of, or connected with this Agreement, delivery, or use of any product covered by this Agreement (including but not limited to, loss or liability arising from breach of contract) shall in no case exceed US $1,000.
9.4. Hardware Devices: The Customer will be responsible to determine the suitability of the Licensed Programs and as proposed by riteSOFT for use on the Customer’s computer and other devices, and riteSOFT will assume no liability as to its fitness for the Customer’s needs.
9.5. Data Loss: riteSOFT will assume no liability in the event of loss of Customer data caused in any manner. The Customer is solely responsible for implementing procedures for restart, recovery, and the back-up of Customer Data.
10. CUSTOMER’S REPRESENTATIONS AND WARRANTIES
10.1. Compliance with Terms. Customer shall monitor the Licensed Program and ensure that it is used only in compliance with the terms of this Agreement. Customer shall be responsible and liable for any and all non-compliance with this Agreement by Customer or by any person or entity who obtains access to the Licensed Program through Customer.
10.2. Suitability of Licensed Programs. Customer represents and warrants that as of the time of the beginning of the License or Subscription Term, Customer will have evaluated and examined the Licensed Program and has determined independently that the Licensed Program is suitable for the use intended by this Agreement. Customer assumes all responsibility and risk of selection, installation, use, efficiency, and suitability of the Licensed Program, and subject to the provisions of Section 10., riteSOFT shall have no liability therefor.
10.3. Notification of Defects. Customer shall notify riteSOFT in writing of any material defect riteSOFT believes exists in the Licensed Program, and Customer shall provide to riteSOFT all information known or reasonably available to Customer regarding the alleged defect.
10.4. Third Party Material. With respect to all computer programs and data and hardware not provided by riteSOFT and to be used or reproduced during Customer’s use of the Licensed Program, Customer represents that it has all necessary rights to use or reproduce the computer programs and that no use of the Licensed Program in connection therewith shall be made that causes an infringement of the right of any third party.
10.5. Customer’s Responsibility. Customer shall be exclusively responsible for the supervision, management, and control of its use of the Licensed Program, including, but not limited to (a) assuring proper configuration of equipment or devices; (b) establishing adequate operating methods; and (c) implementing procedures sufficient to satisfy its obligations for security under this Agreement, including appropriate action between it and its employees to prevent misuse, unauthorized copying, modification, or disclosure of the Licensed Program.
11. PROTECTION AND SECURITY OF LICENSED PROGRAM MATERIALS
11.1. Intellectual Property: The Customer agrees the Licensed Programs are the proprietary property of riteSOFT, and that the Licensed Programs are protected by copyright, trademark, trade secret and/or patent laws. The Customer agrees that it shall not copy or otherwise provide or make available for use or copying the Licensed Program Materials or any portion thereof to any persons. If Customer violates the terms of this paragraph, riteSOFT shall have, in addition to any other remedies available to it, the right to injunctive relief enjoining such action, and Customer hereby agrees that other remedies are inadequate.
11.2. Access and Confidentiality: The Customer acknowledges its responsibility to take all such steps as may be necessary to ensure that its employees and any persons permitted to have access to the Licensed Programs shall preserve the proprietary nature and confidentiality of the Licensed Programs for the protection of riteSOFT.
11.3. Data Security: riteSOFT will use appropriate technical and organizational measures to protect the Customer Data from unauthorized access, processing, loss, or disclosure using commercial measures designed to provide a level of security appropriate to the risk of processing the Customer Data.
12. RISK OF LOSS
12.1. In the event of the accidental loss of the Licensed Program by the Customer, riteSOFT or their designee will supply to the Customer a replacement copy at no charge. Any additional services will be provided on a time and materials basis.
13.1. Customer shall be solely responsible for, and shall indemnify, defend, and hold riteSOFT free and harmless from all damages, liabilities, charges, and expenses (including reasonable attorneys’ fees) from all claims, lawsuits, or other proceedings arising out of or relating to (i) Customer’s use of the Licensed Program in a manner not permitted by this Agreement, not permitted by riteSOFT, or not in conformance with riteSOFT’s written requirements, (ii) the acts or omissions of Customer, its employees, and agents and all persons or entities who have access through Customer to the Licensed Program, or (iii) relating to an infringement of any right resulting in any way from the use of the Licensed Program with other software or materials not licensed to Customer by or not approved by riteSOFT.
14.1. Assignment. This Agreement is not assignable. None of the licenses granted hereunder nor any of the Licensed Programs or copies thereof may be sublicensed, assigned, or transferred by the Customer without the prior written consent of riteSOFT. Any attempt to sublicense, assign or transfer any of the rights, duties, or obligations under this Agreement is void.
14.2. Entire Agreement. This Agreement as used herein together with the Privacy Notice, quote/order form, and supplemental terms (where applicable), and any future amendments, modifications, or supplements made in accordance herewith constitute the entire agreement. In the event of a conflict between this Agreement, the Privacy Notice, the quote/order form, or supplemental terms, the order of precedence will be first the Privacy Notice, second the quote/order form, third the supplemental terms, and fourth this Agreement. If any provision of this Agreement shall be held to be invalid, illegal, or unenforceable, the validity, legality and enforceability of the remaining provisions shall not in any way be affected or impaired thereby.
14.3. Governing Law. This Agreement is governed by the laws of the state of Minnesota, United States of America. The parties to this Agreement agree, that if a dispute arises under this Agreement, the courts located in the state of Minnesota will hear the case.
14.4. Action Limitation: No action, regardless of form, arising out of this Agreement may be brought by either party more than two years after the cause of action has arisen, or in the area of non-payment, more than two years from the date of the last payment.
14.5. Singular or Plural Context: In this Agreement where the context requires words in the singular include the plural, and words in the plural include the singular.
14.6. Timeliness: Time shall be of the essence to this Agreement.
14.7. Publicity. riteSOFT may identify Customer as a riteSOFT customer in its promotional materials. Customer may opt out at any time by submitting an email to firstname.lastname@example.org. Neither party will issue press releases or other publicity or publications regarding this Agreement or the Parties’ relationship without first obtaining prior written consent of the other party. Neither party grants the other Party, except as provided for in this Paragraph, the right to use its trademarks, service marks, trade names, business names, Internet domain names, e-mail address names, telephone numbers, logos or other designations in any press releases, promotions, or other publications on its external website without first obtaining the other Party’s written consent. Subject to Customer’s prior review and approval, Customer agrees to participate in a case study relating to the successful implementation of riteSOFT products at Customer’s sites and to permit riteSOFT to refer to Customer in advertising, promotional materials, and press releases as a licensee of riteSOFT products. Customer reserves the right to withdraw its authorization for use of its name at any time upon notice to riteSOFT.
14.8. Force Majeure. Neither Party shall be liable hereunder for any failure or delay in the performance of its obligations under this Agreement, except for the payment of money, if such failure or delay is on account of causes beyond its control, including labor disputes, pandemics, civil commotion, war, fires, floods, inclement weather, governmental regulations or controls, casualty, government authority, strikes, or acts of God, in which event the non-performing Party shall be excused from its obligations for the period of the delay and for a reasonable time thereafter. Each party shall use reasonable efforts to notify the other Party of the occurrence of such an event within three (3) business days.
14.9. THE CUSTOMER ACKNOWLEDGES THAT HE/SHE HAS READ THIS AGREEMENT, UNDERSTANDS IT, AND AGREES THAT IT IS THE COMPLETE AND EXCLUSIVE STATEMENT OF THE AGREEMENT BETWEEN THE PARTIES WHICH SUPERCEDES ALL PROPOSALS OR PRIOR AGREEMENTS, ORAL OR WRITTEN, AND ALL OTHER COMMUNICATIONS BETWEEN THE PARTIES RELATING TO THE SUBJECT MATTER OF THE AGREEMENT.
ADDENDUM A: DATA PROCESSING AGREEMENT
1.1. The Parties have entered into or are entering into the Agreement.
1.2. A Party’s performance under the Agreement may currently or in the future involve the processing of Personal Data by the one Party for which the other Party is a data controller or processor and for which the first Party is a data processor or sub-processor, in each case for the purposes of Data Protection Law.
1.3. To the extent that clause 1.2 applies, Data Protection Law requires the Parties to enter into a data processing agreement that contains certain principles in relation to processing Personal Data and accordingly, the Parties agree to the terms set out in this document, the Data Processing Agreement, which forms an integral part of the Agreement.
1.4. In the event that the Agreement or another agreement under which riteSOFT performs Services to Customer requires the processing of Personal Data, the Parties shall always include at least the following information regarding processing activities: (a) the purpose of the processing of Personal Data; (b) the categories of data subjects; (c) the applicable information security measures; and (d) duration of processing of Personal Data under the Agreement. The said information shall be detailed in Appendix 1 (Processing of Personal Data) of this Data Processing Agreement.
The following definitions apply in this Data Processing Agreement:
2.1. Agreement: means the riteSOFT Software Terms and Conditions Agreement to which this Data
Processing Agreement applies.
2.2. Applicable Law: means in relation to a Party and the applicable Country, any and all: (i) statutes,
subordinate legislation and common law; (ii) regulations; (iii) ordinances and by-laws; (iv) directives, codes of practice, circulars, guidance notes, judgments and decisions of any competent authority or any governmental, inter-governmental or supranational agency, body, department, or regulatory authority or organization; and (v) other similar provisions, from time to time, for which compliance is mandatory for that Party.
2.3. Country: means the country in which riteSOFT has its registered office address, the United States of America.
2.4. Data Protection Law: means (i) the Data Protection Directive 95/46/EC and ePrivacy Directive 2002/58/EC as implemented by countries within the EEA; (ii) Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, General Data Protection Regulation (GDPR) and any applicable national implementing laws, regulations and secondary legislation; (iii) the Canadian Privacy Act which came into force on July 1, 1983; (iv) Personal Information Protection and Electronic Documents Act (PIPEDA) which came into force on April 13, 2000; (v) the Province of British of Columbia’s Personal Information Protection Act (PIPA), which came into force on January 1, 2004; (vi) the California Consumer Privacy Act (“CCPA”); (vii) other Laws that implement the Laws that are identified in (i)-(vi) above; and (viii) any other Applicable Laws regulating the processing of Personal Data in any applicable jurisdiction and which relates to the Agreement.
2.5. EEA: shall mean the European Economic Area.
2.6. Laws: shall mean legislation, laws, rules, regulations, or any subordinate legislation and/or judgments, opinions, orders, notices, guidance, or decisions of governmental authorities, in each case, as these may be repealed, reenacted, amended, overruled, or replaced from time to time.
2.7. Model Clauses: means the model clauses—standard contractual clauses for the transfer of Personal Data to processors established in third countries, controller to processor, dated February 5, 2010.
2.8. Other Party: means the Party that is not the Responsible Party with reference to a particular instance of processing personal data.
2.9. Responsible Party: means the Party that processes Personal Data.
2.10. Additional Definitions Not Defined: References to controller, processor, processing, Personal Data, Personal Data breach, data subject, and any other term used in the Data Processing Agreement but not defined herein shall each have the meaning attributed to the terms defined in the Data Protection Law. In addition, references to “Personal Data” will be references to the Personal Data provided or made available by the Other Party to the Responsible Party pursuant to the Agreement.
2.11. Capitalized Terms: subject to the above, capitalized terms used in this Data Processing Agreement which are not defined herein will bear the meanings assigned to such terms in the Agreement.
3. TERM AND CONSEQUENCES OF TERMINATION
3.1. Term: The rights and obligations in the Data Processing Agreement shall subsist for the Contract Period of the Agreement.
3.2. Termination: The Data Processing Agreement will cease upon termination of the Agreement. Termination of the Agreement will not prejudice any right of action or remedy which may have accrued to either Party under this Data Processing Agreement prior to that termination, including the right to seek injunctive relieve or any other remedy.
4. GENERAL OBLIGATIONS
4.1. Data Protection Law Requirements: Each Party shall comply with all requirements of Data Protection Law applicable to it in connection with the performance and operation of the Agreement. This clause is in addition to, and does not relieve, remove, or replace a Party’s obligations under Data Protection Law.
4.2. Data Processor or Controller: The Parties acknowledge that for the purposes of Data Protection Law, where applicable, the Other Party is the data controller and the Responsible Party is the data processor, except when the Other Party acts as a processor of Personal Data, in which case the Responsible Party is a sub-processor.
5. RESPONSIBLE PARTY’S DATA PROTECTION OBLIGATIONS
5.1. Processor: The Responsible Party shall not engage another processor unless required or authorized by the Other Party. If the Other Party consents to such other processor, then the Responsible Party warrants and represents that it has entered or will enter, as the case may be, into a written agreement with that other processor incorporating data processing obligations which comply with Data Protection Law. As between the Other party and the Responsible Party, the Responsible Party shall remain fully liable for all acts or omissions of any such other processor. The Responsible Party shall inform the Other Party of any intended changes concerning the addition or replacement of other processors, and the Other Party shall have the right to object to such changes.
5.2. Processing Purpose: The subject matter and duration of the process, the nature and purpose of
the process, the type of Personal Data, the categories of data subjects and the obligations and rights of the Other Party are set out in this Data Processing Agreement, including the Appendix, and the Agreement.
5.3. Responsible Party Obligations:
5.3.1. Process Personal Data: The Responsible Party shall process the Personal Data only on documented instructions from the Other Party, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by the Applicable Laws of the relevant Country to which the Responsible Party is subject. In such cases, the Responsible Party shall inform the Other Party of that legal requirement before processing,
unless that law prohibits such information on important grounds of public interest.
5.3.2. Maintain Confidentiality: The Responsible Party shall ensure that persons authorized
to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
5.3.3. Article 32 of GDPR: The Responsible Party shall take all measures required pursuant to Article 32 of the GDPR to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
5.3.4. Regulation Chapter III: The Responsible Party shall respond to requests from individuals exercising their rights as foreseen in applicable data protection law, such as the rights outlined in the Regulation Chapter III, hereunder the right to access and the right to rectification or erasure, the Other Party shall provide the Responsible Party with commercially reasonable assistance, without undue delay, taking into account the nature of the processing.
5.3.5. Article 28 (2) and 28 (4): The Responsible Party shall respect the conditions referred to in GDPR Article 28(2) and 28(4) for engaging another processor; taking into account the nature of the processing, assist the Other Party by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Other Party’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR.
5.3.6. Articles 32 to 36: The Responsible Party shall assist the Other Party in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to the Responsible Party.
5.3.7. Return or Delete Personal Data: At the election of the Other Party, delete or return all the
Personal Data to the Other Party at the termination of the Agreement relating to processing and delete existing copies unless the Applicable Laws of the relevant Country requires storage of the Personal Data.
5.3.8. Audits and Inspections: Make available to the Other Party all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Other Party or another auditor mandated by the Other Party in relation to the processing of the Personal Data of data subjects on behalf of the Other Party by the Responsible Party.
5.3.9. Infringement: Immediately inform the Other Party if, in the Responsible Party’s opinion, an
instruction infringes the GDPR or other Applicable Laws of the relevant Country.
5.3.10. Data Breach: Inform the Other Party without undue delay after becoming aware of a Personal Data breach.
5.3.11. Data Subject Request: And subject to the provisions of any Applicable Law, notify the Other
Party: (i) promptly if it receives or is notified of a request from a data subject to have access to that data subject’s Personal Data; (ii) promptly if it receives or is notified of a complaint or request relating to the Other Party’s obligations under Data Protection Law, and shall provide the Other
Party with reasonable assistance, at the Other Party’s reasonable cost and expense, in respect of the matters set out in (i) and (ii).
5.4. Transfer of Data: Notwithstanding anything to the contrary, the Responsible Party shall not transfer Personal Data out of the relevant Country without the specific prior written authorization of the Other Party. In the event of a transfer of Personal Data outside the relevant Country, the Model Clauses shall be deemed incorporated into this Data Processing Agreement, without amendment, and shall
be binding on the Parties as if incorporated herein. Further, the Responsible Party agrees to (i) comply with any requirements or obligations, or enter into any agreements reasonably required by the Other Party (or the controller, if the controller is not the Other Party) and notified to the Responsible Party in
respect of the processing of Personal Data; (ii) enter into the Model Clauses directly with the controller; and/or (iii) enter into with the Other Party and/or the controller, or agree to be bound by, any additional Model Clauses established for the transfer of Personal Data from processor to processor.
5.5. Warranty: The Responsible Party warrants that it has no reason to believe that the legislation applicable to it prevents it from complying with this Data Processing Agreement and that, in the event of a change in such legislation which could have an adverse effect on a Responsible Party’s warranties, representations, and obligations under this Data Processing Agreement, it will promptly notify
the change to the Other Party and the Other Party shall be entitled to suspend the transfer of Personal Data to the Responsible Party and/or terminate the Agreement without liability for compensation.
5.6. Personal Data Processing Purpose: The Parties agree that the Responsible Party shall not process Personal Data except for the purpose of the performance of the Agreement. The Parties acknowledge that the Agreement and this Data Processing Agreement constitute the documented instructions from the Other Party to the Responsible Party for the processing of Personal Data by the Responsible Party.
6.1. Inconsistency or Conflict: If there is any conflict or inconsistency between this Data Processing Agreement and the Agreement, the provisions of this Data Processing Agreement shall apply in relation to the processing of Personal Data for the purpose of resolving that conflict or inconsistency.
6.2. Amendment: The Parties may amend this Data Processing Agreement: (i) if necessary to comply
with Applicable Law; (ii) if required to do so by a supervisory authority or other regulatory entity; (iii) in order to implement standard contractual clauses adopted or approved by the European Commission or applicable supervisory authority; or (iv) in order to comply with an approved code of conduct or certification mechanism referred to in Articles 40, 42, and 43 of the GDPR.
6.3. Affiliates: Where any Affiliate of a Party is given the right to use or access the Licensed Program or performs any of the Services under the Agreement, this Data Processing Agreement shall apply to the processing of Personal Data for that Affiliate and such Affiliate shall be entitled to enforce the provisions of this Data Processing Agreement directly.
6.4. Data Subject Rights: Where the Other Party is a processor of Personal Data on behalf of its customers and the Responsible Party is a sub-processor in respect of such Personal Data, any references in this Data Processing Agreement to the Responsible Party providing the Other Party with assistance shall be deemed to include references to the Responsible Party providing the Other Party’s customers with such assistance.
6.5. Force Majeure: Neither party shall be in breach of this Data Processing Agreement for delay in performing, or failure to perform, any of its obligations under this Data Processing Agreement if such delay or failure results from events, circumstances, or causes beyond its reasonable control.
6.6. Assignment: Neither Party shall assign or otherwise transfer its rights or its obligations under this Agreement, in whole or in part, without the prior written consent of the other Party.
Appendix 1: Description on the Processing of Personal Data
The performance of the Responsible Party’s obligations under the Agreement will include processing of Personal Data as further specified below with respect to: 1) the purpose of the Processing of Personal Data; 2) the categories of data subjects and categories of personal data; 3) the applicable information security measures; and 4) the duration of the Processing of Personal Data under the Agreement, as further agreed below.
1. PURPOSE OF PROCESSING PERSONAL DATA
The Responsible Party shall process Personal Data on behalf of the Other Party as a data processor, to the extent such provision of services requires processing of Personal Data on behalf of the Other Party, for the purposes of the following:
1.1. Data Storage (e.g., record, host, log, archive or otherwise store the Other Party’s Data)
1.2. Data Access (e.g., retrieve, copy, examine, modify, transport, scan, or otherwise access the Other Party’s Data)
1.3. Data Analysis (e.g., survey, test, study, interpret, organize, report, or otherwise analyze the Other Party’s Data)
2. CATEGORIES OF DATA SUBJECTS AND PERSONAL DATA
2.1. Categories of data subjects include:
2.1.1. Site visitors
2.1.2. Users of the software
2.2. The categories of personal data include:
2.2.1. Full names
2.2.2. Email addresses
2.2.3. Phone numbers
2.2.4. Job role
2.2.6. Visitor device details (e.g., device type, browser, screen dimensions)
2.2.7. Usage behavior & preferences (e.g., traffic source, entrance page, pages visited, click path, exit page, time on page/site)
2.2.8. Products ordered, order totals, and order date
2.2.9. Cookies/IP addresses
3. APPLICABLE INFORMATION SECURITY MEASURES
The Responsible Party ensures that the organization, employees, subcontractors, and processes are validated to the Responsible Party’s standards and information security policies.
Taking into account state of the art technology, the costs of implementation and the nature, scope, context, and purposes of processing carried out by the Responsible Party hereunder as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Responsible Party shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
3.1. Such measures shall include, where appropriate and relevant for each processing action: the pseudonymization and encryption of Personal Data; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of processing.
3.2. Accordingly, the following measures shall be implemented.
3.2.1. Data Center: When data collected is hosted by the Responsible Party, it is stored using Microsoft
Azure Cloud Services which are protected by Microsoft security measures and password protected.
3.2.2. Data Access: The Responsible Party maintains a secure development environment by defining limited data access within the internal and production systems in accordance with job necessity. User IDs and passwords, in accordance with password strength requirements, are required to gain access to the Responsible Party’s networks and work stations. The network is maintained with security protections such as a Sonic Firewall and virus protection software. The office network is protected by WPA2 and WEP encryption and access is limited to specific devices. All devices are password protected and users are automatically logged out of inactive devices and applications. Internal employee incoming and outgoing web access is monitored by Sonic Firewall.
3.2.3. Background Checks and Confidentiality: Any employee with access to internal or external systems
must undergo background checks as well as training and regular audits in accordance with both the employee’s job description as well as common internet and pc security. All employees are required to sign a confidentiality agreement.
3.2.4. Data Control: All Client data is securely stored and never shared without expressed written consent from the Client. Data integrity is maintained through strong schema architecture. Any application access to data requires approval and is regularly reviewed.
4. DURATION OF PROCESSING PERSONAL DATA
Personal Data shall be processed under this Agreement until the Responsible Party has ceased to process the Other Party’s Data and Personal Data on the basis of Agreement or any other agreement between the Parties and when the Agreement or any other Agreement has been terminated or has expired.
riteSOFT LLC, 3717 23rd St. S., Suite 102, St. Cloud, MN 56301
320-252-6830 | www.ritesoft.com
Revised: August 5, 2022