Mbook SaaS Account Agreement
This Mbook SaaS Account Agreement (this “Agreement”) is entered into by and between Mestrelab Research SL, Feliciano Barrera 9B-Baixo, 15706, Santiago de Compostela, A Coruña, Spain, with CIF B15964521 (“Mestrelab”) and the subscriber identified below (the “Subscriber”) as of the last date of signature below (the “Effective Date”).
- Definitions. The below capitalized terms have the meanings set forth below or in the referenced provision. Other capitalized terms used herein are defined as they arise in this Agreement.
- “Quote” means a written quote from Mestrelab specifying the SaaS Software modules that Subscriber may subscribe to and the corresponding Subscription Fees for a subscription to such SaaS Software modules payable to Mestrelab.
- “Mestrelab Server” means the server, operated by Amazon Web-Services, on which Mestrelab maintains an executing instance of the SaaS Software and the Subscriber Content, accessible by Subscriber via the SaaS Services.
- “Authorized Collaborator” has the meaning set forth in Section 2.3 below.
- “Authorized Number of Users” means the number of Registered Users that Subscriber has purchased a subscription for pursuant to a purchase order issued or payment made in response to an applicable Quote.
- “Documentation” means the user documentation provided to Subscriber with respect to the use of the SaaS Software, including the online application help accessible from the SaaS Software, as updated from time to time by Mestrelab.
- “Mbook API” means an application program interface defined as set of services, protocols and tools for building software third party client applications according to the licensing model.
- “Registered User” means an employee or individual consultant or contractor (who is a natural person) of Subscriber or its Authorized Collaborator who has been authorized by Subscriber or (if Subscriber permits) its Authorized Collaborator to access the SaaS Software on behalf of Subscriber or its Authorized Collaborator and who has been provided a unique user name and password for use when accessing such SaaS Services.
- “SaaS Software” means the modules of Mestrelab’s proprietary Mbook software solutions which Subscriber has purchased a Subscription to pursuant to a purchase order in response to a valid Quote.
- “Subscriber Content” means all text, data, graphics, pictures, or other content that Subscriber, its Authorized Collaborators, or the Registered Users post or upload into the SaaS Software. As set forth in Section 5.3(b), Subscriber Content is the Confidential Information of Subscriber.
- “Subscription” has the meaning set forth in Section 2.1 below.
- “Subscription Fees” has the meaning set forth in Section 4.
- “Term”, “Initial Term”, and “Renewal Term” each have the meaning set forth in Section 3.1.
- Grant of Subscription License; Subscription Restrictions.
- SaaS License and Subscription. Subject to the terms and conditions in this Agreement and as specified in the Quote, Mestrelab grants to Subscriber, and Subscriber accepts, a nonexclusive, nontransferable license (the “Subscription”), without the right to sublicense, for Registered Users of Subscriber and of its Authorized Collaborators to remotely access and interface with, via the Internet, an executing instance of the SaaS Software that is operating on and from a Mestrelab Server, through the Registered Users’ use of supported and properly configured web browsers, in the manner described in the SaaS Software Documentation (collectively, the “SaaS Services”), solely for Subscriber’s benefit. Subscriber acknowledges that while the SaaS Services entitle Subscriber and its Authorized Collaborators to remotely access the SaaS Software that is hosted and operated on Mestrelab’s Server, Subscriber is not entitled or permitted to download or otherwise obtain a copy of the SaaS Software. Mestrelab and/or its subcontractors shall provide such SaaS Services 24 hours, seven days a week, provided, however, that from time to time, Mestrelab or its subcontractors may perform scheduled or unscheduled maintenance as may be necessary to maintain the proper operation of the SaaS Software, and access to such SaaS Software by Subscriber may be impaired or interrupted while such maintenance is being performed. Mestrelab may conduct scheduled maintenance between the hours of 8 a.m. and 10 a.m. CET, or such similar time period as Mestrelab may from time-to-time substitute by providing notice to Subscriber (including, but not limited to, by sending an email to Subscriber, or to all subscribers).
- Registered Users. Using the functionality of the SaaS Software and the administrative account tools provided therein, Subscriber may register with the SaaS Software named employees and individual consultants or contractors (who are natural persons) of Subscriber and its Authorized Collaborators as Registered Users. Each Registered User shall login to the SaaS Software using the unique login and password associated with such Registered User. Subscriber and its Authorized Collaborators shall not permit any person to use a Registered User’s login and password to login and access the SaaS Software (other than the Registered User associated with such login and password). As further described in Section 4.3, if the aggregate number of Registered Users of Subscriber and its Authorized Collaborators exceeds the then current Authorized Number of Users, then Subscriber shall pay Mestrelab for the purchase of additional licenses for the excess additional Registered Users, which shall correspondingly increase the Authorized Number of Users. Subscriber may replace an existing Registered User with a new Registered User without increasing the aggregate number of Registered User licenses, provided that the replaced Registered User may not continue to access the SaaS Software after being replaced and further provided that such replaced Registered User may not in the future replace another Registered User and may only be restored as a Registered User through Subscriber’s purchase of a new license for such Registered User as described in Section 4.3.
- Authorized Collaborators. Using the functionality of the SaaS Software and the administrative account tools provided therein, Subscriber may authorize a third party with whom Subscriber is working or collaborating with to access the SaaS Software as an “Authorized Collaborator” of Subscriber hereunder (each an “Authorized Collaborator”) in order that Subscriber may better collaborate with such Authorized Collaborator. Mestrelab reserves the right to check that the Authorized Collaborators and their Registered Users are not in breach of the licensing and pricing conditions of the Subscriber. Subscriber acknowledges that Authorized Collaborators and their Registered Users shall have access and may contribute to Subscriber Content. For purposes of clarity, an Authorized Collaborator and its Registered Users may be Authorized Collaborators and Registered Users of one or more other subscribers of Mestrelab, in which case the Authorized Collaborator and its Registered Users will have separate and unique logins for those other subscriber accounts. When an Authorized Collaborator and its Registered Users are logged into the SaaS Software under a different subscriber’s account, they will not have access to Subscriber Content through the SaaS Software; and when they are logged in to Subscriber’s account, they will not have access to any other subscriber’s content through the SaaS Software. Subscriber acknowledges that while such an Authorized Collaborator and its Registered Users are logged into the SaaS Software under logins and passwords associated with a different subscriber’s account (i.e., not Subscriber’s account) where they are acting as authorized collaborators and registered users of such different subscriber, then the Authorized Collaborator’s and its Registered Users’ use of the SaaS Software shall not be governed by this Agreement (but rather by Mestrelab’s agreement with such other subscriber).
- Subscriber Responsibilities and Obligations. Subscriber and its Authorized Collaborators shall be solely responsible, at its sole cost and expense, for establishing, maintaining, and operating their connection to the Internet (the speed of which may have a significant impact on the responsiveness of the SaaS Service), including all access lines, all Internet service provider connection charges, and any long distance telephone charges. Subscriber shall be responsible for the actions and omissions of all its Authorized Collaborators and the Registered Users of Subscriber and its Authorized Collaborators with respect to their use of the SaaS Software and SaaS Services.
- Use of Mbook API
- The Subscriber will require its Registered Users to comply with (and not knowingly enable them to violate) applicable law, regulation, and the Terms.
- The subscriber and the Registered users will only access (or attempt to access) the Mbook API by the means described in the documentation of that API. If Mestrelab assigns you developer credentials (e.g. client IDs), you must use them with the applicable APIs. You will not misrepresent or mask either your identity or your API Client’s identity when using the APIs or developer accounts.
- The Terms are non-exclusive. You acknowledge that Mestrelab may develop products or services that may compete with the API Clients or any other products or services.
- Mestrelab sets and enforces limits on your use of the API (e.g. limiting the number of API requests that you may make or the number of users you may serve. You agree to, and will not attempt to circumvent, such limitations documented with each API. If you would like to use any API beyond these limits, you must obtain Mestrelab express consent so using the Mbook API without an API license or performing more request per unit of time than defined in your purchasing conditions will also lead to a revocation of your license.
- When using the Mbook API, you may not (or allow those acting on your behalf to):
-
- Sublicense an API for use by a third party. Consequently, you will not create an API Client that functions substantially the same as the APIs and offer it for use by third parties.
- Perform an action with the intent of introducing to Mestrelab products and services any viruses, worms, defects, Trojan horses, malware, or any items of a destructive nature.
- Defame, abuse, harass, stalk, or threaten others.
- Interfere with or disrupt the API or the servers or networks providing the API.
- Reverse engineer or attempt to extract the source code from any API or any related software.
- Use the APIs for any activities where the use or failure of the APIs could lead to death, personal injury, or environmental damage.
- Remove, obscure, or alter any Mestrelab terms of service or any links to or notices of those terms.
- No Modification, Reverse Engineering, etc. Subscriber and its Authorized Collaborators and their respective Registered Users shall not
- copy, modify, or create derivative work of the SaaS Software or SaaS Services (other than the one granted by the use of Mbook API) or
- access, attempt to access, or otherwise interfere with the Mestrelab Servers, SaaS Software or SaaS Services (other than to access the functionality of the SaaS Software and SaaS Services in accordance with the terms of this Agreement).
- Security. As part of the SaaS Services, Mestrelab (or its subcontractors as applicable) shall use good faith efforts to implement security measures (such as password protection and encryption) and maintain such other safeguards which are reasonably intended to prevent the destruction, loss, interception, or alteration of Subscriber Content by unauthorized persons and which are consistent with current commercial practices in the industry. The parties expressly recognize that, although Mestrelab shall take such reasonable steps, or cause such reasonable steps to be taken, to prevent security breaches, it is impossible to maintain flawless security. Subscriber and its Registered Users will not attempt to disable, modify or circumvent any security safeguard adopted by Mestrelab.
- Training. Subscriber may engage Mestrelab to provide training pursuant to a separate written agreement.
- Technical Support. Mestrelab shall provide reasonable technical support via email during its normal business hours. Technical support questions and requests should be addressed to support@mestrelab.com
- Term and Termination.
- Term. Subject to earlier termination as described in Section 3.2, and unless otherwise agreed in writing by the parties, this Agreement shall commence on the Effective Date and continue for one year (such period being referred to as the “Initial Term”). Thereafter, this Agreement shall automatically renew for successive renewal terms of one year each (each a “Renewal Term,” and, together with the Initial Term, the “Term”), unless either (a) Subscriber notifies Mestrelab of its desire not to renew at least thirty (30) days prior to the expiration of the then current Initial Term of Renewal Term or (b) Mestrelab notifies Subscriber of its desire not to renew at least thirty (30) days prior to the expiration of the Initial Term or Renewal Term then in effect.
- Termination. This Agreement may be terminated prior to the expiration of its Term as follows:
- By Subscriber for any or no reason upon ten (10) days’ written notice to Mestrelab, but Mestrelab shall not have any obligation to provide any refund, including for fees paid to Mestrelab in advance by Subscriber;
- By Mestrelab, if Subscriber fails to pay any amount when due and does not amend such breach within ten (10) days of delivery of written notice;
- By Mestrelab, if Subscriber has breached any provision of this Agreement and, if such breach is subject to amendment, such breach has remained unamended for at least thirty (30) days following notice thereof (and if not subject to amendment, then upon notice of the breach to Subscriber).
- Effects of Termination.
- Except as expressly provided herein, upon any expiration or termination of this Agreement, all rights, licenses and obligations of the parties shall immediately cease and terminate and Subscriber and its Authorized Collaborators and their respective Registered Users shall cease to use and access the SaaS Services and SaaS Software. Subscriber shall pay Mestrelab in full any remaining unpaid amounts owed to Mestrelab relating to the Subscription.
- Subject to Subscriber paying Mestrelab all unpaid amounts owed, Subscriber shall be entitled to obtain a copy of the Subscriber Content, at Subscriber’s reasonable discretion, in hard copy or in electronic form. Subscriber shall contact Mestrelab and make arrangements to retrieve the Subscriber Content no later than sixty (60) days following termination of the Agreement. Such retrieval may, at Subscriber’s reasonable discretion, be in hard copy or in electronic form. Mestrelab shall not be responsible for storing or maintaining any Subscriber Content not retrieved within six (6) months following termination of this Agreement. Any Subscriber Content created during the evaluation period will be made available to Subscriber upon request during a period of 45 days after the evaluation has ended at the maximum.
- Notwithstanding the foregoing, the provisions of Sections 2.5, 3.3, 4, 5, 6, 7, 8 and 9.6 shall survive the termination of this Agreement in accordance with their terms.
- Subscription Fees.
- Trial. Subscriber may obtain a free of cost evaluation version of the SaaS Software for a period of 45 days. The use of the evaluation version is subject to the terms and conditions of this SaaS Account Agreement. After expiry of the trial period, Subscriber’s and Authorized Collaborators’ access to the SaaS Software and SaaS Services is contingent upon Subscriber’s payment to Mestrelab of the relevant subscription fees (the “Subscription Fees”).
- Initial Subscription Term. The Subscriber shall pay Mestrelab the Subscription Fee specified in the applicable Quote for the Initial Term for a subscription to access to the SaaS Software on or prior to the Effective Date (or, for SaaS Software modules subsequently added by Subscriber to its subscription, prior to the start date specified in the applicable Quote).
- Renewal Terms. Mestrelab will charge Subscriber at commencement of each Renewal Term for the then current Subscription Fees (which may be greater or less than the previous Term) for the upcoming Renewal Term. Unless Subscriber notifies Mestrelab in writing that it is cancelling its subscription prior to commencement of the Renewal Term, Subscriber shall be obligated to pay Mestrelab for the entire renewal Subscription Fee for any Renewal Term that has commenced, irrespective of the level of Subscriber’s actual or expected use of the SaaS Software during such Renewal Term.
- Additional Registered User Licenses. If Subscriber desires to add additional Registered Users in excess of the then current Authorized Number of Users, then Subscriber may purchase an additional Registered User license for each Registered User in excess of the Authorized Number of Users (and thereby increase the Authorized Number of Users by such number) by paying Mestrelab the then current per Registered User Subscription Fee (pro-rated for any partial Term based on when the additional Registered Users are registered) for each additional Registered User license. Mestrelab may from time to time during each Initial Term and Renewal audit the number of Registered Users and if Mestrelab discovers that the number of Registered Users of Subscriber and its Authorized Collaborators exceeds the then Authorized Number of Users, then Mestrelab shall invoice Subscriber and Subscriber shall pay Mestrelab the applicable Subscription Fees for such additional Registered Users (pro-rated for any partial Term based on when the additional Registered Users were registered).
- Payment Terms. All payments shall be made in local currency and be on other terms agreed directly with Mestrelab.
- Ownership, Intellectual Property Rights and Nondisclosure.
- Mestrelab and its licensors are the sole owners of the SaaS Software and SaaS Services and of all copyright, trade secret, patent, trademark and other intellectual property rights therein and thereto. This Agreement does not provide Subscriber with any rights to the SaaS Software, the SaaS Services or any copies thereof except as expressly set forth herein. As between Subscriber and Mestrelab, Subscriber is the sole owner of the Subscriber Content and all intellectual property right therein and thereto, and this Agreement does not provide Mestrelab with any rights to the Subscriber Content except as expressly set forth herein.
- Subscriber shall take all reasonable steps to ensure that no unauthorized persons have access to the SaaS Software or SaaS Services using logins and passwords issued to Subscriber or its Authorized Collaborators or Registered Users, and to ensure that no persons authorized to have such access shall take any action which would be in violation of this Agreement if taken by Subscriber. Subscriber shall promptly report to Mestrelab any actual or suspected violation of this Section 5, and shall take further steps as may reasonably be requested by Mestrelab to prevent or remedy any such violation.
- Confidentiality Obligations.
- Confidential Information. From time to time, either party (the “Disclosing Party”) may disclose or make available to the other party (the “Receiving Party”), whether orally or in physical or electronic form, confidential or proprietary information concerning the Disclosing Party and/or its business, products, customers, services, policyholders and/or claimants, including but not limited to information and/or documents concerning; (1) financial information, strategic business plans, policies and/or methods; (2) marketing, claims, sales, underwriting strategy, and decision making processes; (3) pricing and/or profit information; (4) lists of actual or prospective customers; (5) proprietary and/or confidential intellectual property; and (6) intellectual property of third parties licensed to the disclosing party (collectively, “Confidential Information”) in connection with this Agreement. Each party agrees that during the Term and thereafter: (i) it will use Confidential Information belonging to the Disclosing Party solely for the purpose(s) of this Agreement; and (ii) it will take reasonable precautions, but no less than it would take to prevent the disclosure of its own similar Confidential Information, to ensure that it does not disclose Confidential Information belonging to the Disclosing Party to any third party (other than the Receiving Party’s employees, contractors, and/or professional advisors on a need-to-know basis who are bound by obligations of nondisclosure and limited use at least as stringent as those contained herein) without first obtaining the Disclosing Party’s written consent. Upon request by the Disclosing Party, the Receiving Party will return all copies of any Confidential Information to the Disclosing Party. For Confidential Information that does not constitute trade secrets under applicable law, these confidentiality obligations will expire three (3) years after the termination or expiration of this Agreement, and for Confidential Information that constitutes trade secrets shall survive until such Confidential Information ceases to be a trade secret. The Receiving Party will be responsible for any breach of this Section by its employees, representatives, and agents. Non-public information regarding the SaaS Software and the SaaS Services (including but not limited to their performance, operation, and data formats) and the Documentation are the Confidential Information of Mestrelab. The terms of this Agreement are the Confidential Information of both parties, but may be disclosed by either party with its advisors and potential investors or acquirers who are subject to confidentiality obligations or to enforce its terms.
- Subscriber Content. Mestrelab acknowledges and agrees that the Subscriber Content is the Confidential Information of Subscriber (subject to Section 5.3(c)) and is therefore subject to the restrictions on disclosure and use set forth in Section 5.3(a) above. Notwithstanding the foregoing, Mestrelab may use Subscriber Content or other Subscriber Confidential Information to (i) provide the SaaS Services to Subscriber as contemplated herein, (ii) monitor Subscriber’s and its Authorized Collaborators’ and Registered Users’ use of the SaaS Services for security purposes, (iii) enforce the terms of this Agreement, and (iv) to study usage of the SaaS Services, including to aggregate with other subscribers’ usage data, in order to identify patterns of use and/or improve the SaaS Services and SaaS Software and to further develop other software applications offered by Mestrelab, including to train algorithms.
- Exclusions. For purposes hereof, “Confidential Information” will not include any information that the Receiving Party can establish by convincing written evidence: (i) was independently developed by the Receiving Party without use of or reference to any Confidential Information belonging to the Disclosing Party; (ii) was acquired by the Receiving Party from a third party having the legal right to furnish same to the Receiving Party; or (iii) was at the time in question (whether at disclosure or thereafter) generally known by or available to the public (through no fault of the Receiving Party).
- Required Disclosures. These confidentiality obligations will not restrict any disclosure required by order of a court or any government agency, provided that the Receiving Party gives prompt notice to the Disclosing Party of any such order and reasonably cooperates with the Disclosing Party at the Disclosing Party’s request and expense to resist such order or to obtain a protective order.
- Equitable Relief. Because unauthorized access, use, disclosure or transfer of the Confidential Information or other intellectual property of either party in violation of this Section 5 will diminish substantially the value of such Confidential Information or other intellectual property and irreparably harm the owner of such Confidential Information or intellectual property, if either party breaches the provisions of this Section 5, the other party shall be entitled to seek equitable relief, including a restraining order, preliminary and permanent injunctive relief, specific performance and any other relief that may be available from any court, without providing a bond or other security, in addition to any other remedy to which such party may be entitled at law or in equity.
- Data Privacy.
- Subscriber’s contact information: Mestrelab will process the Subscriber’s personal data (i.e. name, surname, company, email, address, payment details) for several purposes depending on the Subscriber’s interaction with Mestrelab: If the Subscriber has registered for a free trial or to make a purchase, the Subscriber’s data will be used to set up and maintain the Subscriber’s user account, for compliance screenings (i.e. to satisfy export control requirements) and, in case of a purchase, to invoice the Subscriber and administrate that sales case. Mestrelab will use the data provided by the Subscriber via the website, email or any other contact channel to follow up on any request submitted by the Subscriber as well as to inform the Subscriber on Mestrelab’s products and services related to any purchase made by the Subscriber. These activities are based on either the performance of Mestrelabs’s contractual relationship with the Subscriber (article 6 (1) b GDPR), on Mestrelab’s legitimate interest (article 6 (1) f GDPR) or the fulfilment of a legal obligation (article 6 (1) c GDPR). Mestrelab may engage in general marketing communication with the Subscriber based on the Subscriber’s prior consent. Mestrelab does not use the Subscriber’s personal data for automated decision making or profiling. The provision of the the Subscriber’s personal information as required by Mestrelab is necessary to enter and perform the contract with Mestrelab and/or to manage any requests submitted by the Subscriber. Failure to provide such necessary information may lead to Mestrelab not being able to offer the products and/or services required by the Subscriber.
- Personal data processed in the SaaS Software. Subscriber acknowledges that Mestrelab, to provide the services to Subscriber, may have access to limited personal information related to Registered Users. The Parties will enter into the Data Processing Agreement as set out in Exhibit A to this Agreement.Please contact privacy@mestrelab.com in the case of any privacy-related enquiry.
- Limited Warranty; Limitations of Liability.
- Mestrelab warrants to Subscriber that the SaaS Software shall perform substantially in accordance with the Documentation. Mestrelab’s sole obligation, and Subscriber’s sole remedy, with respect to any breach of this limited warranty of performance shall be for Mestrelab to correct such nonconformance or provide reasonable alternative functionality at Mestrelab’s sole cost and expense.
- Except as stated above, Mestrelab disclaims all other warranties, both express and implied, with respect to the SaaS Software and SaaS Services, including, but not limited to, all implied warranties of merchantability and fitness for a particular purpose (irrespective of any previous course of dealing between the parties or custom or usage of trade), non-infringement, or that the SaaS Software or SaaS Services will be uninterrupted or error free.
- Mestrelab’s liability for damages to Subscriber for any claims whatsoever, and for all claims in the aggregate, regardless of the form of any claim or action, shall not exceed the Subscription Fees paid under this agreement for the initial or renewal term in which the most recent claim arose.
- Mestrelab shall in no event be liable for any indirect, special, incidental, exemplary, punitive or consequential damages arising out of or in connection with the use or performance of the SaaS Software or SaaS Services, whether or not Mestrelab has been made aware of the possibility of such damages, including, but not limited to, any damages resulting from loss of data or content or lost profits.
- Subscriber acknowledges and agrees that Mestrelab only grants the rights under this Agreement in reliance on limitations of liability and disclaimers of warranty set forth in Sections 7.2, 7.3 and 7.4 above and that these provisions are essential terms of this Agreement.
- Indemnification.
- Mestrelab shall defend, indemnify, and hold harmless Subscriber and its officers, directors, employees, and shareholders from and against any and all any damages, penalties, judgments and reasonable related costs and expenses, including but not limited to reasonable legal fees and expenses, (“Damages”) arising out of any third party claim or allegation (a “Claim”) that Subscriber’s use or access of the SaaS Software or SaaS Services in accordance with the terms of this Agreement infringes the patent, copyright or other intellectual property right of any third party, except to the extent (a) due to any Subscriber Content or specific materials that Mestrelab uses or uploads into the SaaS Software or (b) such claim is based on Subscriber’s use of such the SaaS Services or the SaaS Software in combination with other services and products not supplied by Mestrelab and not required by the Documentation.
- Subscriber shall defend, indemnify, and hold harmless Mestrelab, and its respective officers, directors, employees, and shareholders from and against any and all Damages, including but not limited to reasonable legal fees and expenses, arising out of any third party Claim that any Subscriber Content posted or loaded into the SaaS Software or SaaS Services by Subscriber or its Authorized Collaborators or Registered Users infringes the patent, copyright or other intellectual property right of any third party or violates any laws, including privacy laws.
- If Subscriber or Mestrelab intends to claim indemnification hereunder (for itself or for another Indemnitee) with respect to any Damages arising under a Claim, then Subscriber or Mestrelab (the “Indemnified Party”) shall promptly notify the other party (the “Indemnifying Party”) of any Claim in respect of which the Indemnified Party (whether for itself or for one of the persons entitled to indemnification under Section 8.1 or 8.2) intends to claim such indemnification reasonably promptly after the Indemnified Party is aware thereof, and the Indemnifying Party shall assume the defense of any related third party action, suit or proceeding with counsel of the Indemnifying Party’s choice. The indemnity agreement in this Section 8 shall not apply to amounts paid in settlement of any claim, loss, damage or expense if such settlement is effected without the consent of the Indemnifying Party, which consent shall not be withheld or delayed unreasonably. The failure of the Indemnified Party to deliver notice to the Indemnifying Party within a reasonable time after the Indemnified Party becomes aware of any such matter, if prejudicial to Indemnifying Party’s ability to defend such action, shall relieve the Indemnifying Party of any liability under this Section 8 with respect to such Claim. The Indemnified Party and all indemnitees shall cooperate fully with the Indemnifying Party and its legal representatives in the investigation of any matter covered by this indemnification.
- Should the SaaS Software or SaaS Services become, or in Mestrelab’s opinion, be likely to become the subject of a claim or an injunction preventing its use as contemplated herein, Mestrelab may, at its option (i) procure for Subscriber the right to continue to access the SaaS Software or SaaS Services hereunder, (ii) replace or modify the SaaS Software or SaaS Services so that it becomes non-infringing, or, if Mestrelab determines, in its sole discretion, that (i) and (ii) are not commercially practical for Mestrelab, then (iii) Mestrelab may terminate this Agreement and arrange to refund to Subscriber a pro-rated amount of the Subscription Fees paid in advance for the then current Initial Term or Renewal Term based on the remaining portion of the then current Term for which such Subscription Fees were paid.
- This Section 8 states the entire liability of Mestrelab with respect to infringement of third party intellectual property rights by the SaaS Services or the SaaS Software or any part thereof or by its operation.
- Compliance with Laws; Export Control
- Subscriber agrees to comply with all applicable laws with respect to Subscriber’s use of the SaaS Software. Subscriber acknowledges and agrees that the SaaS Software, technical data and/or services (“Items”), are subject to export control, customs, economic sanctions, and anti-boycott laws, regulations, rules, and associated executive orders enacted, issued, entered, promulgated, or enforced by the European Union, the United States, the United Nations, the Organization for Security and Co-operation in Europe (the “OSCE”), or the country where Subscriber resides (provided such applicable laws or regulations of the Territory do not conflict with applicable regulations of the European Union or the United States) (each individually, an “Export Control Law” and, collectively, the “Export Control Laws”). Subscriber will comply with all applicable Export Control Laws and not provide any Items to anyone in a country or other destination that is subject to a United States Government export embargo (currently Cuba, Iran, North Korea, Sudan, Syria and the Crimea Region) (an “Embargoed Destination”), to a representative of an Embargoed Destination, or to persons or for purposes prohibited under any Export Control Law. Prohibited end-uses include the research on or development of chemical, biological or nuclear weapons, unmanned air vehicles or missiles, or nuclear explosive or fuel cycle activities. In addition to any other remedy it may have, Mestrelab may terminate this Agreement immediately and without notice, and cancel the download, activation and/or provision of any maintenance or other customer service involving any Item if (a) Mestrelab has not received all export-related documentation requested by Mestrelab or (b) Mestrelab believes that such activity may violate any Export Control Law or Mestrelab’s own compliance policies. If Subscriber accesses the Mestrelab Server, or purchases, downloads, or activates Items from the Mestrelab Server, Subscriber represents that it is not in any Embargoed Destination, acting for anyone in an Embargoed Destination, and that it is not a person or entity (or owned by one or more entities) that has/have been sanctioned or otherwise listed on a prohibited persons lists issued by the United States, the United Nations, the European Union, the OSCE, the United Kingdom, Japan, Australia or Switzerland. Subscriber shall indemnify Mestrelab for all losses, costs, claims, damages and expenses (including attorneys’ fees and expenses) arising from its violation or alleged violation of any applicable federal, state or local law, including without limitation, any Export Control Law.
- Miscellaneous.
- Trademark and Names. This Agreement does not grant either party the right to use any trademark, trade name or logo of the other party in any advertising or promotional material. If mutually agreed by Subscriber and Mestrelab, Mestrelab may identify Subscriber as a customer of Mestrelab, including as a subscriber of the SaaS Software, in promotional materials and published lists of Mestrelab’s customers and/or issue a press release describing this subscription including a quote from Subscriber.
- Entire Agreement. This Agreement constitutes the entire agreement between Mestrelab and Subscriber with respect to the subject matter hereof, and supersedes any prior agreement between the parties with respect to the subject matter hereof. No Addendum, waiver, consent, modification, amendment or change of the terms of this Agreement shall bind either party unless in writing and signed by duly authorized officers of Subscriber and Mestrelab. No terms and conditions in any purchase order issued by Subscriber under this Agreement, including in response to a Quote, shall apply and any such purchase order terms and conditions shall be superseded by the terms of this Agreement, except that, as applicable, such purchase order shall evidence Subscriber’s acceptance of the applicable Quote, including Subscriber’s election of any options or choices expressly contemplated by such Quote (such as number of Authorized Number of Users).
- Severability. In the event that any provision of this Agreement is held by a court of competent jurisdiction to be unenforceable because it is invalid or in conflict with any law of any relevant jurisdiction, the validity of the remaining provisions shall not be affected, and the rights and obligations of the parties shall be construed and enforced as if the Agreement did not contain the particular provisions held to be unenforceable.
- Assignments. Neither this Agreement nor any rights, obligations or subscriptions granted hereunder may be assigned or delegated by either party, including but not limited to by operation of law, without the prior written consent of the other party, which shall not unreasonably be withheld, except that either party may assign this Agreement to a successor to its business in connection with a merger or sale of all or substantially all of its assets. This Agreement shall inure to the benefit of the parties and their permitted successors and assigns.
- Notices. Any notice by a party under this Agreement shall be in writing and either personally delivered or sent via reputable overnight courier (such as Federal Express) or certified mail, postage prepaid and return receipt requested addressed to the other party as follows:
To Mestrelab:
Mestrelab Research SL
r/Feliciano Barrera 9B-Baixo
15706 Santiago de Compostela
A Coruña – SPAIN
To Subscriber: to the address on the signature page of this Agreement;
or, in each case, such other address of which either party may from time to time notify the other in accordance with this Section 10.5. All notices shall be in English and shall be deemed effective on the date of personal delivery, one business day after deposit with an overnight courier, or five (5) business days after deposit in the mail. - Governing Law; Dispute Resolution. The validity, construction and interpretation of this Agreement, and the rights and duties of the parties, shall be governed by and construed in accordance with the laws of the local jurisdiction of the applicable Mestrelab entity listed on Page 1 of this agreement, without giving effect to the conflict of law provisions thereof, and excluding any application of the United Nations Convention on Contracts for the International Sale of Goods. Other than as necessary to enforce any final judgment, award or determination or to obtain a preliminary injunction or other equitable relief to safeguard a party’s intellectual property or confidential information, any action brought pursuant to or in connection with this Agreement shall be brought only in the state or federal courts within the local jurisdiction of the applicable Mestrelab entity listed on Page 1 of this Agreement without regard to its conflict of law provisions and both parties submit to the personal jurisdiction, and waive any objections to venue, of such courts.
- No Waiver. The waiver by either party of a breach of a default of any provision of this Agreement by the other party shall not be construed as a waiver of any succeeding breach of the same or any other provision, nor shall any delay or omission on the part of either party to exercise or avail itself of any right, power or privilege that it has, or may have thereunder, operate as a waiver of any right, power or privilege by such party.
- Section Headings. Captions and section headings hereof are for reference purposes only and shall not control or alter the meaning of this Agreement as set forth in the text.
- Force Majeure. In the event that either party is unable to perform any of its obligations under this Agreement because of causes beyond its reasonable control or because of any Act of God, accident to equipment or machinery; any fire, flood, hurricane, tornado, storm or other weather condition; any war, act of war, act of public enemy, terrorist act, sabotage, riot, civil disorder, act or decree of any governmental body; any failure of communications lines, transportation, light, electricity or power; any earthquake, civil disturbance, commotion, lockout, strike or other labor or industrial disturbance; or any illness, epidemic, quarantine, death or any other natural or artificial disaster the party who has been so affected shall immediately give notice to the other party and shall do everything reasonably possible to resume performance. Upon receipt of such notice, all obligations under this Agreement shall be immediately suspended and performance times shall be considered extended for a period of time equivalent to the time lost because of any such delay. Nothing provided herein shall excuse the delay of any payment that is validly due by Subscriber to Mestrelab.
The Subscriber agrees to be bound by this End User License Agreement and evidences so by pressing the ‘Agree’ button.
Exhibit A
Data Processing Agreement
Mestrelab Research SL
This Data Processing Agreement (“Addendum”) forms part of the MBook SaaS Account Agreement (“Agreement”) between Mestrelab and the Subscriber for the provision of the SaaS Software (“SaaS Software”).
In this Addendum Mestrelab is also referred to as “the processor” and Subscriber is also referred to as “the controller”.
In consideration of the mutual obligations set out herein, the parties hereby agree that the terms and conditions set out below shall be added as an Addendum to the Agreement. In the event of any conflict or inconsistency between this Addendum and the Agreement in effect between the Subscriber and Mestrelab, this Addendum shall prevail. In the event of any conflict or inconsistency between this Addendum and the Model Clauses under Section 1.4, the Model Clauses shall prevail, except with respect to provisions of this Addendum that expressly clarify a specific provision of the Model Clauses.
- Definitions: Capitalized terms not defined herein will have the meanings given to them in the Agreement. In this Addendum, the following terms shall have the following meanings:
- “controller“, “processor“, “data subject“, “personal data” and “processing” (and “process“) shall have the meanings given in the Applicable Data Protection Law;
- “SaaS Software” shall have the meaning assigned under the Agreement;
- “Registered User” shall have the meaning assigned under the Agreement;
- “Applicable Data Protection Law” shall mean: Regulation 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”), as well as laws implementing and supplementing the GDPR. Outside of the scope of the Regulation referred to above, “Applicable Data Protection Law” shall mean the data protection laws of the country in which the relevant Subscriber entity (controller) is domiciled or where the Subscriber’s end users are located;
- Relationship of the parties: Subscriber (the controller) appoints Mestrelab as a processor to process the personal data described in Annex A (the “Data“). Subscriber shall verify that the processing operations for the provision of the SaaS Software under the Agreement – including any international transfer – are in compliance with the Applicable Data Protection Law and notify Mestrelab about any potential noncompliance before the processing starts.
- Governance. Mestrelab acts as a processor and Subscriber and those entities that it permits to use the SaaS Software act as controllers under the Addendum. Subscriber acts as a single point of contact and is solely responsible for obtaining any relevant authorizations, consents and permissions for the processing of personal data in accordance with this Addendum, including, where applicable approval by controllers to use Mestrelab as a Processor. Where authorizations, consent, instructions or permissions are provided by Subscriber these are provided not only on behalf of the Subscriber but also on behalf of any other controller using the SaaS Software. Where Mestrelab informs or gives notice to Subscriber, such information or notice is deemed received by those controllers permitted by Subscriber to use the SaaS Software and it is Subscriber’s responsibility to forward such information and notices to the relevant Controllers.
- Purpose limitation: Mestrelab shall process the Data as a processor for the purpose of providing the SaaS Software according to the purposes described in Annex A and strictly in accordance with the documented instructions given by the Subscriber to Mestrelab (the “Permitted Purpose“), except where otherwise required by any law applicable to Mestrelab. In such a case, Mestrelab will inform Subscriber of such legal requirement before processing, unless the law prohibits Mestrelab to inform Subscriber on important grounds of public interest. The Agreement (including this Addendum) constitutes the documented initial instructions. Mestrelab will use reasonable efforts to follow any other Subscriber instructions, as long as they are required by Data Protection Law, technically feasible and do not require changes to the SaaS Software. If any of the beforementioned exceptions apply, or Mestrelab otherwise cannot comply with an instruction or is of the opinion that an instruction infringes Data Protection Law, Mestrelab will immediately notify Subscriber (email permitted). Subscriber acknowledges that Mestrelab collects and processes aggregated system performance data to ensure proper performance of the services: such data sets may contain personal related information such as usernames and any personal related information contained in log files. For the sake of clarity, data used on development and test systems do not contain personal data.
- International transfers: Within the scope of GDPR, personal data are not transferred outside of the European Economic Area (“EEA“). In the event personal data need to be transferred outside of the EEA or the defined country of storage and processing as defined in the Agreement, Mestrelab will (i) inform Subscriber in advance; and (ii) take such measures as are necessary to ensure the transfer is in compliance with the Applicable Data Protection Law. Such measures may include (without limitation) transferring the Data to a recipient in a country that the European Commission has decided provides adequate protection for personal data, to a recipient that has achieved binding corporate rules authorisation in accordance with Applicable Data Protection Law, to a recipient that has executed the standard contractual clauses (“Model Clauses”) adopted or approved by the European Commission, as the case may be. In the case Data will be subject to an international transfer as described in this section, the Model Clauses Controller to Processor will be automatically incorporated in this Addendum. A copy of the Model Clauses (notified under the document C(2010) 593) is available at the following link: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087. In case the data exporter under the clauses is located outside of the EU/EEA, the term “member state” under the Model Clauses shall mean “country where the data exporter is located”.
- Confidentiality of processing: Mestrelab shall ensure that any person that it authorises to process the Data (including Mestrelab’s staff, agents and subcontractors) (an “Authorised Person“) shall be subject to an appropriate duty of confidentiality (whether a contractual duty or a statutory duty) and shall not permit any person to process the Data who is not under such a duty of confidentiality. Mestrelab shall ensure that all Authorised Persons process the Data only as necessary for the Permitted Purpose.
- Security: Mestrelab shall implement appropriate technical and organisational measures to protect the Data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorised disclosure of, or access to the Data (a “Security Incident“). Such measures shall have regard to the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. Such measures shall include, as appropriate:
- the pseudonymisation and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
- Subprocessing: Subscriber acknowledges and agrees that Data Processor may engage subprocessors to process personal data in connection with the services pursuant to the Agreement, subject to the requirements in this section. Mestrelab shall enter into a binding agreement with each subprocessor before any transfer of personal data to such subprocessor. Such agreement shall impose data protection terms that protect the personal data at the same standard provided for by this Addendum, especially regarding confidentiality, data protection and information security. Mestrelab shall remain liable for any breach of this Addendum if and to the extent that it is caused by an act, error or omission of its subprocessor. Mestrelab may chance a subprocessor at its discretion, provided that: (a) Mestrelab will inform Subscriber in advance by e-mail of any intended additions or replacements to the list of subprocessors including name, address and role of the new subprocessor; and (b) Subscriber may object to such changes. If Subscriber refuses to consent to Mestrelab’s appointment of a third party subprocessor on reasonable grounds relating to the protection of the data, then either Mestrelab will not appoint the subprocessor to the services rendered to Subscriber, or, if that is not possible Subscriber may elect to suspend or terminate the Agreement. Any termination under this Section shall be deemed to be without fault by either party; Subscriber shall be entitled to a refund on a pro rata basis of any subscription charges paid in advance. Mestrelab may replace a Subprocessor without advance notice where the reason for the change is outside of Mestrelab’s reasonable control and prompt replacement is required for security or other urgent reasons. In this case, Mestrelab will inform Subscriber of the replacement Subprocessor as soon as possible following its appointment. A list of subprocessors as at the date of this Addendum is attached as Annex B.
- Cooperation and data subjects’ rights: At Subscriber’s request, Mestrelab will reasonably cooperate with Subscriber in dealing with requests from Data Subjects or regulatory authorities regarding Mestrelab’s processing of Personal Data or any Security Incident referred to in Section 11 below. Mestrelab shall notify the Subscriber as soon as reasonably practical about any request it has received from a data subject in relation to the Personal Data processing, without itself responding to such request without Subscriber’s further instructions, if applicable. Mestrelab shall provide functionality that supports Subscriber’s ability to correct or remove Personal Data from the SaaS Software, or restrict its processing in line with Data Protection Law. Where such functionality is not provided, Mestrelab will correct or remove any Personal Data, or restrict its processing, in accordance with the Subscriber’s instruction and Data Protection Law.
- Data Protection Impact Assessment: If Mestrelab believes or becomes aware that its processing of the Data under GDPR is likely to result in a high risk to the data protection rights and freedoms of data subjects, it shall promptly inform Subscriber and provide Subscriber with all such reasonable and timely assistance as Subscriber may require in order to conduct a data protection impact assessment and, if necessary, consult with its relevant data protection authority.
- Security incidents: Upon becoming aware of a Security Incident, Mestrelab shall inform Subscriber without undue delay and shall provide all such timely information and cooperation as Subscriber may require in order for Subscriber to fulfil its data breach reporting obligations under (and in accordance with the timescales required by) the Applicable Data Protection Law. Mestrelab shall further take all such measures and actions as are necessary to remedy or mitigate the effects of the Security Incident and shall keep Subscriber informed of all developments in connection with the Security Incident.
- Audit: Mestrelab shall permit Subscriber (or its appointed third party auditors, (which shall not include any third party auditors who are either a competitor of Mestrelab or not suitably qualified or independent) to audit Mestrelab’s compliance with this Addendum, if: (a) Mestrelab has not provided sufficient evidence of its compliance with the technical and organizational measures or with the terms of this Addendum; (b) a Security Incident has occurred; (c) an audit is formally requested by Subscriber’s data protection authority; or (d) Mandatory Data Protection Law provides Subscriber with a direct audit right and provided that Subscriber shall only audit once in any twelve month period unless mandatory Data Protection Law requires more frequent audits. Subscriber (or its third-party auditors) may enter its premises for the purposes of conducting this audit, provided that Subscriber gives it reasonable prior notice of its intention to audit, conducts its audit during normal business hours, and takes all reasonable measures to prevent unnecessary disruption to Mestrelab’s operations. Document-based audits are preferred.
- Deletion or return of Data: Upon termination or expiry of the Agreement, Mestrelab shall (at Subscriber’s election) destroy or return to Subscriber all Data (including all copies of the Data) in its possession or control (including any Data subcontracted to a third party for processing). This requirement shall not apply to the extent that Mestrelab is required any law applicable to Mestrelab to retain some or all of the Data, in which event it shall isolate and protect the Data from any further processing except to the extent required by such law.
- No Consideration: Notwithstanding anything in the Agreement and in this Addendum, Mestrelab’s access to Subscriber personal data is not part of the consideration exchanged by the parties in respect of the Agreement.
- Indemnity: Each party (the “Indemnifying Party“) shall indemnify the other (the “Indemnified Party“) from and against all loss, cost, harm, expense (including reasonable legal fees), liabilities or damage (“Damage“) suffered or incurred by the Indemnified Party as a result of the Indemnifying Party’s breach of the data protection provisions set out in this Addendum, and provided that: (i) the Indemnified Party gives the Indemnifying Party prompt notice of any circumstances of which it is aware that give rise to an indemnity claim under this Addendum; and (ii) the Indemnified Party takes reasonable steps and actions to mitigate any ongoing Damage it may suffer as a consequence of the Indemnifying Party’s breach.
- Liability: Mestrelab is liable for the damage caused by processing where it has not complied with obligations of the Data Protection Law applicable to the processor, or where it has acted outside or contrary to lawful instructions of the Subscriber. Mestrelab is liable to pay administrative fines which result from a breach of the provisions of the Data Protection Law applicable to the processor. Mestrelab shall be exempt from its liability, only if it proves that it’s not responsible for the event giving rise to the breach of the provisions of the Data Protection Law Applicable to Mestrelab.
Annex A
Data Processing Description
This Annex A forms part of the Agreement and describes the processing that the processor shall perform on behalf of the controller.
Purposes
The processor will process the personal data on behalf of the controller for the following purposes:
Provision and maintenance of the SaaS platform
Controller
The controller is (please specify briefly the controller’s activities relevant to the processing): the Subscriber who subscribed to the SaaS Software that allows certain users to enter, amend, use, delete or otherwise process personal data. Where the Subscriber allows other companies to also use the SaaS Software, these other companies are considered as controllers to the personal data under their control.
Processor
The processor is (please specify briefly the processor’s activities relevant to the transfer):
Mestrelab provides and maintains the SaaS Software as described in the Agreement.
Data subjects
The personal data to be processed concern the following categories of data subjects:
Registered Users, e.g. Subscriber’s Employees or Subscriber’s Students in the case Subscriber is a university or educational institution.
Categories of data
The personal data to be processed concern the following categories of data (please specify):
first name, last name, address (work), e-mail, phone, organization (company or institution), organizational role, Registered Users access and use of the SaaS Software as resulting from the log files.
Special categories of data (if applicable)
The personal data to be processed concern the following special categories of data (please specify):
Not Applicable
Processing operations
The personal data will be subject to the following basic processing activities (please specify):
- Hosting and monitoring of the SaaS Software
- Monitoring Backup & restoration of Subscriber data stored in the SaaS Software
- Release and development of fixes and upgrades to the SaaS Software
- Security monitoring, network-based intrusion detection support, penetration testing
- Support when a Subscriber submits a support ticket because the SaaS Software is not available or not working as expected. Mestelab answers the requests from Subscriber and performs basic troubleshooting, and handles support tickets in a tracking system that is separate from the production instance of the SaaS Software
Data Privacy Office Contact Information:
Mestrelab Research SL
r/ Feliciano Barrera 9B-Baixo
15706 Santiago de Compostela
A Coruña – SPAIN
privacy@mestrelab.com
Annex B
Approved Subprocessors
Name | Processing | Location | Access to data |
AWS | IaaS Hosting Platform | EU Data Centers | Yes |
Salesforce | Customer Relationship Management Platform | EU Data Centers | Yes |