NOTICE: THIS IS A LEGALLY BINDING AGREEMENT BETWEEN THE LEGAL PERSON OR CORPORATE ENTITY RECEIVING THE BENEFIT OF THIS AGREEMENT (THE “CUSTOMER” OR “YOU”) AND AVEVA SOFTWARE, LLC (“AVEVA”) (COLLECTIVELY, THE “PARTIES” AND EACH, A “PARTY”). PLEASE READ IT CAREFULLY.
IF YOU CLICK THE “I AGREE” BUTTON:
- YOU AGREE THAT CUSTOMER WILL BE BOUND TO THE TERMS OF THIS CLOUD SERVICES AGREEMENT (THE “AGREEMENT”);
- YOU REPRESENT AND WARRANT THAT YOU HAVE AUTHORITY TO ENTER INTO THIS AGREEMENT ON BEHALF OF CUSTOMER; AND
- YOU REPRESENT AND WARRANT THAT YOU HAVE READ AND AGREED TO THE TERMS OF THIS AGREEMENT. ALTERNATIVELY, BY USING THE PRODUCTS, YOU CONFIRM THAT CUSTOMER AGREES TO BE BOUND BY THESE TERMS.
IF YOU DO NOT AGREE WITH THE TERMS OF THIS AGREEMENT, DO NOT CLICK “I AGREE” AND DO NOT USE THE PRODUCTS.
IF A SYSTEM INTEGRATOR, CONTRACTOR, CONSULTANT, OR ANY OTHER PARTY USES THE CLOUD SERVICES ON YOUR BEHALF PRIOR TO YOUR USE OF THE CLOUD SERVICES, SUCH PARTY WILL BE DEEMED TO BE YOUR AGENT ACTING ON YOUR BEHALF, AND YOU WILL BE DEEMED TO HAVE ACCEPTED ALL OF THE TERMS AND CONDITIONS CONTAINED IN THIS AGREEMENT AS IF YOU HAD USED THE CLOUD SERVICES YOURSELF.
AVEVA CLOUD SERVICES AGREEMENT
NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, NO RIGHT TO ACCESS, USE, OR LICENSE THE PRODUCTS IS GRANTED (WHETHER EXPRESSLY, BY IMPLICATION, OR OTHERWISE) UNDER THIS AGREEMENT, AND THIS AGREEMENT EXPRESSLY EXCLUDES ANY RIGHT, CONCERNING ANY PRODUCTS THAT CUSTOMER DID NOT ACQUIRE LAWFULLY OR THAT IS NOT A LEGITIMATE, AUTHORIZED COPY OF SUCH PRODUCTS.
This Agreement consists of the following: (i) the terms and conditions set forth in the AVEVA General Terms and Conditions (“GTCs”); (ii) the AVEVA Cloud Services Addendum (“Cloud Services Addendum”); (iii) the AVEVA Data Processing Addendum (“Data Processing Addendum”) (as applicable); and (v) any Transaction Documents executed by the Parties and entered into in accordance with the GTCs.
AVEVA GENERAL TERMS AND CONDITIONS
1.1. Definitions. The following capitalized terms used in these GTCs have the respective meanings specified below:
“Addenda” means two or more Addendum.
“Addendum” means any of the following: GDPR and Data Processing Addendum, Local Country Addendum (if applicable), Services Addendum, Cloud Services Addendum, Software Addendum, Support Addendum, and Software and Support Addendum.
“Affiliates” means, as to any entity, any other entity that, directly or indirectly, Controls, is Controlled by or is under common Control with such entity. To avoid misunderstanding, AVEVA “Affiliates” means any direct or indirect wholly-owned subsidiary of AVEVA Group plc. For the avoidance of doubt, the term “Affiliate” shall exclude Schneider Electric S.A. and all of its subsidiaries.
“Agreement” has the meaning set forth in the Preamble.
“Anti-Bribery Laws” has the meaning set forth in Section 14.1 (Anti-Bribery).
“AVEVA” has the meaning set forth in the Preamble.
“AVEVA Indemnitees” has the meaning set forth in Section 9.3 (Indemnification by Customer).
“AVEVA Marks” has the meaning set forth in Section 4.5 (AVEVA Trademarks).
“Claims” means any and all claims, demands, liabilities, obligations, charges, suits, proceedings, actions and causes of action.
“Cloud Product” means the subscription-based license, platform, infrastructure or other “as-a-service” solution for which access is provided to Customer by AVEVA pursuant to a Transaction Document.
“Control” means, with respect to any entity, the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of such entity, whether through the ownership of voting securities (or other ownership interest), by contract or otherwise.
“Customer” has the meaning set forth in the Preamble.
“Customer Content” means all software, data (including personal data), information, text, images, audio, video, photographs, non-AVEVA or third-party applications, and other content and material, in any format, provided by Customer, any of Customer’s users, or on behalf of Customer that is stored in, or run on or through, the Products and Services.
“Damages” means any and all losses, damages, judgments, costs and expenses in connection with a Claim, including a Party’s attorneys’ fees and court costs.
“Effective Date” means the date that Customer accepts this Agreement by clicking the “Agree” button or checking the “Agree” box.
“Export Control Laws” means any and all laws that control, restrict, or impose licensing requirements on export, re-export, transfer or use of goods, software, technology, or services, issued or adopted by any government, state or regulatory authority of any country in which obligations under the Agreement are to be performed, or in which AVEVA or any of its Affiliates are incorporated or operate, including without limitation the United States of America, the United Kingdom, and the European Union or of any of its Member States.
“Force Majeure” has the meaning set forth in Section 15.3 (Force Majeure).
“GDPR” has the meaning set forth in Section 6.1 (No Joint Data Controllership).
“GTCs” has the meaning set forth in the Preamble.
“Initial Term” has the meaning set forth in Section 10.1 (Term of GTCs).
“Law” means any and all laws and regulations applicable to or binding upon the Products, Services, or a Party in the performance of its obligations or exercise of its rights under the Agreement.
“Order Form” means the document issued by AVEVA or an authorized AVEVA distributor or authorized AVEVA reseller in hard or electronic copy which, among other things, may identify (a) the particular Software ordered by or for Customer, (b) the location of the designated Device(s) or Named Users, (c) the duration or term of the Software license granted to Customer, (d) the license fees and any applicable Support fees owed by Customer and/or (e) the payment schedule.
“Party” and “Parties” have the meaning set forth in the Preamble.
“Pre-Existing Customer Intellectual Property” means Intellectual Property Rights created or developed by or on behalf of Customer prior to the Effective Date of these GTCs, not developed specifically for AVEVA or in contemplation of the Agreement.
“Products” means the Software and SaaS Products that AVEVA lists on a Transaction Document and makes available to Customer.
“Professional Services” means professional services, including any implementation, configuration, custom development, or training, that AVEVA provides to Customer pursuant to a Transaction Document (but excluding, for the avoidance of doubt, any SaaS Product).
“Renewal Term” has the meaning set forth in Section 10.1 (Term of GTCs).
“Sanctions Laws” means any economic, financial, trade or other, sanction, restriction, embargo, import or export ban, prohibition on transfer of funds or assets or on performing services, or equivalent measure imposed by any government, regulatory authority of any country in which obligations under the Agreement are to be performed, or in which AVEVA or any of its Affiliates are incorporated or operate, including without limitation the United States of America, the United Kingdom, and the European Union or of any of its Member States.
“Schedule” means the Product or Service Schedule specified in an applicable Transaction Document.
“Services” means Professional Services and Support, individually or collectively.
“Software” means the software products (in object code (machine-readable) format only) licensed to Customer by AVEVA pursuant to a Transaction Document, including any new releases, updates, or versions that Customer is entitled to receive.
“Streamlined Rules” has the meaning set forth in Section 15.10 (Binding Arbitration).
“Support” means the support services described in the Agreement, including specifically the Software and Support Addendum and the Cloud Services Addendum.
“Tax” or “Taxes” has the meaning set forth in Section 3.2 (Taxes).
“Third-Party Products” means products (including any software-as-a-service products) and software of a third-party vendor supplied by AVEVA or incorporated by AVEVA into its Products.
“Third-Party Services” means services made available by a third-party vendor.
“Trade Controls” has the meaning set forth in Section 14.2 (Trade Control).
“Work Product” means any art, discovery, improvement, deliverable, process, customization, report, documentation, invention, modification, enhancement, product, software or other item developed, created, or provided in connection with the Services, whether or not copyrightable or patentable, inclusive of all related know-how, trade secrets, and any other tangible or intangible technical material or information delivered by AVEVA to Customer or any of its Affiliates under the Agreement.
“$” shall mean lawful money of the United States.
1.2. Interpretation. Except as otherwise expressly provided in the Agreement, the following rules apply: (a) the singular includes the plural and the plural includes the singular; (b) “include”, “includes” and “including” are not limiting; (c) unless the context otherwise requires or unless otherwise provided, references to a particular agreement, instrument, document, law or regulation also refer to and include all renewals, extensions, modifications, amendments and restatements of such agreement, instrument, document, law or regulation; (d) a reference in the Agreement to a Section or Schedule is to the Section of or Schedule to the Agreement unless otherwise expressly provided; (e) a reference to a Section in the Agreement, unless the context clearly indicates to the contrary, refers to all sub-parts or sub-components of any said Section; (f) words such as “hereunder,” “hereto,” “hereof,” and “herein,” and other words of like import, unless the context clearly indicates to the contrary, refers to the whole of the Agreement and not to any particular Section, subsection or clause hereof; (g) where the Agreement states that a Party “shall,” “will,” or “must” perform in some manner or otherwise act or omit to act, it means that the Party is legally obligated to do so in accordance with the Agreement; and (h) references to any statute includes any amendments thereto and its implementing regulations.
2. USE OF PRODUCTS.
2.1. Right to Use Products. Subject to Customer’s compliance with all terms and conditions of the Agreement (including payment of all applicable fees), AVEVA will deliver and make the Products listed in the applicable Transaction Document available to Customer and, if expressly stated in the applicable Transaction Document, Customer’s named Affiliate(s).
2.2. Evaluation of Products and Free Products. If a Product is provided by AVEVA on an evaluation basis or as a free trial, then subject to Customer’s compliance with this Agreement, AVEVA grants to Customer a nonexclusive, worldwide, non-transferable, nonsublicensable, limited, revocable right during the applicable evaluation or free trial term to use the Product solely for evaluating whether Customer wishes to purchase a commercial right to access and use such Product. Notwithstanding anything to the contrary in this Agreement, AVEVA does not provide maintenance and support, warranties, service levels and applicable credits, indemnification, with respect to such Products.
2.3. Right for Customer’s Affiliates to Enter Into Transaction Documents. The Parties agree that certain of Customer’s Affiliates may, as applicable, purchase Products and Services from time to time, subject to the terms and conditions set forth in these GTCs, Addenda, and Schedules by entering into Transaction Documents. In order for a particular Affiliate of Customer to utilize these GTCs through a Transaction Document, Customer’s Affiliate shall enter into a Local Country Addendum with AVEVA’s Affiliate specifying country-specific requirements for the performance of the Agreement, if required.
3. PAYMENTS AND INVOICING.
3.1. Payment. Upon credit approval, unless otherwise agreed in the applicable Transaction Document, Customer shall pay all fees specified in the applicable invoice within thirty (30) days from the invoice date. Customer shall pay a late charge of 1.5% per month on all payments which are not paid when due. Except where otherwise specified, all dollar amounts are expressed in United States dollars (US$). For the avoidance of doubt, a delay in Customer’s payment of any money due under the Agreement or any Transaction Document shall constitute a material breach of the Agreement for purposes of Section 10.3 (Termination for Material Breach).
3.2. Taxes. Fees and other charges described in the Agreement do not include Taxes. Unless otherwise agreed in the applicable Transaction Document, Customer will pay all sales, use, value-added, gross receipt, or other similar taxes (“Tax” or “Taxes”) imposed by applicable Law based on the Products and Services that Customer ordered, except for taxes based on AVEVA’s income. If AVEVA is required to pay such Taxes (other than taxes based on AVEVA’s income), Customer shall reimburse AVEVA for all such amounts. Subscription licenses are sold as Software and not Services and AVEVA will bill and Customer will pay to AVEVA Tax as such. If Customer is required by applicable Law to make any Tax withholding from amounts paid or payable to AVEVA under the Agreement, (a) the amount paid or payable shall be increased to the extent necessary to ensure that AVEVA receives a net amount equal to the amount that it would have received had no Taxes been withheld and (b) Customer shall provide proof of such withholding to AVEVA. If Customer is exempt from paying Taxes, Customer shall provide AVEVA with written evidence of a valid Tax exemption. In addition, Customer shall, on at least an annual basis and upon reasonable request from AVEVA, update or re-confirm such Tax-exempt status. AVEVA reserves the right to invoice Customer for applicable Taxes if Customer fails to maintain or update written evidence of such Tax-exempt status or exemption with AVEVA.
3.3. Customer will provide proof of any exemption from Taxes to AVEVA at least fifteen (15) business days before the due date for paying an invoice. If AVEVA does not collect the required Taxes from Customer but is subsequently required to remit the Taxes to any taxing authority, Customer will promptly reimburse AVEVA for all such Taxes, including all accrued penalties and interest charges if the failure to timely collect and remit was not due to the fault of AVEVA.
3.4. Each Party is responsible for its own income taxes or taxes based on gross revenues or gross receipts.
3.5. Non-Refundable Fees. Customer acknowledges and agrees that orders placed by Customer for Products and Services will be non-cancellable and the fees paid are non-refundable unless otherwise expressly stated in the Agreement.
4. INTELLECTUAL PROPERTY RIGHTS.
4.1. AVEVA Ownership of Intellectual Property Rights. All Intellectual Property Rights in and to the Work Product, Products, Services, including techniques, knowledge or processes associated with design contributions, related knowledge or processes, and any and all updates, upgrades, modifications, enhancements, and derivative works of the foregoing, regardless of whether or not solely created by AVEVA or jointly with the Customer, shall belong to, and vest in, AVEVA or, as applicable, its licensors. All rights not expressly granted to Customer are reserved to AVEVA or, as applicable, its licensors.
4.2. Rights to Customer Content. Customer retains all right, title, and interest in and to the Customer Content. During the Term, Customer hereby grants to AVEVA and its Affiliates a global, royalty-free, irrevocable, sub-licensable, non-exclusive license to use, copy, distribute, modify, display, and perform the Customer Content as necessary for AVEVA to perform its obligations under the Agreement.
4.3. Non-Assertion of Rights. Customer covenants, on behalf of itself and its successors and assigns, not to assert against AVEVA, its Affiliates or licensors, any rights, or any Claims of any rights, in any Products, Documentation, or Services, and Customer hereby voluntarily waives any right to demand from AVEVA, its Affiliates or licensors any rights to any Products, Documentation, or Services, except the rights that are expressly granted to Customer under the Agreement.
4.4. Suggestions and Residual Knowledge. In compliance with the applicable confidentiality obligations, AVEVA shall have all right, title and interest, including, all Intellectual Property Rights, in and to, and the unrestricted royalty-free right to use and incorporate into the Products, Documentation, and Services, any and all suggestions, enhancement requests, recommendations, and/or other feedback provided by Customer, relating to the Products, Documentation, and/or Services. Furthermore, Customer acknowledges and agrees that AVEVA is free to use its general knowledge, skills and experience, and any ideas, concepts, know-how and techniques, related to or derived from the performance of its obligations under the Agreement.
4.5. AVEVA Trademarks. Unless otherwise expressly stated in the Agreement, AVEVA retains all goodwill in and Customer has no rights in any trade name, trademark, service mark, logo or other designation owned by AVEVA, whether registered or unregistered, including the following: AVEVA, the AVEVA logo, Wonderware and InTouch (“AVEVA Marks”). Customer shall not (a) claim any right, title or interest in any AVEVA Mark; (b) register, seek to register, or cause to be registered any AVEVA Mark, other than in AVEVA’s name and at AVEVA’s specific request; (c) adopt and use any trademark, service mark, trade name, logo or designation that might be confusingly similar to any AVEVA Mark; (d) attach any other trademark, service mark, trade name, logo or designation to the Products, Documentation, or Services; (e) adapt or remove AVEVA Marks from the Products, Documentation, or Services; or (f) use any AVEVA Mark in connection with products other than the Products or Services.
4.6. AVEVA Ownership of Work Product. AVEVA owns all Intellectual Property Rights in and to the Work Product, including techniques, knowledge or processes associated with the Work Product, regardless whether or not solely created by AVEVA or jointly with Customer. Customer shall execute and ensure its third parties and Affiliates execute, at AVEVA's expense, any and all such documentation to secure AVEVA’s rights in such Work Product. For the avoidance of doubt, Customer and AVEVA agree and acknowledge that no Work Product will be considered “work made for hire” under the Copyright Act of 1976, 17 U.S.C. § 101 et seq., or any similar legislation of any other jurisdiction.
4.7. Customer’s License to Joint Work Products. Customer hereby grants to AVEVA a non-exclusive, worldwide, royalty free, perpetual license to use the jointly created Work Product in accordance with this Section 4 (Intellectual Property Rights).
4.8. AVEVA’s License to Work Products. Subject to Customer’s compliance with all terms and conditions of the Agreement (including payment of all applicable fees), AVEVA hereby grants to Customer a personal, non-exclusive, non-transferable, limited, revocable, license during the term of the Transaction Document (or such longer period if expressly set forth in a Transaction Document) to use any Work Product provided to Customer solely for Customer’s internal business operations to support Customer’s authorized usage of the Product in accordance with the terms of the Agreement.
4.9. Customer’s Pre-Existing Intellectual Property. Customer shall own the Pre-Existing Customer Intellectual Property and have all right, title, and interest in and to the Pre-Existing Customer Intellectual Property. During the term of the applicable Transaction Document, Customer grants to AVEVA and its Affiliates a global, royalty-free, irrevocable, sub-licensable, non-exclusive license to use, copy, distribute, modify, display, and perform the Pre-Existing Customer Intellectual Property as necessary for AVEVA to perform its obligations under the Agreement.
4.10. Data Collection and Ownership. Notwithstanding anything to the contrary contained in the Agreement, Customer authorizes AVEVA to collect, use, disclose, and modify in perpetuity information or data (including, but not limited to, general usage information and measurements) that is provided by Customer in connection with the use or receipt of the Products or Services (or generated or created in the course of AVEVA providing the Products or Services) for the purposes of developing, improving, optimizing, and delivering Products or Services. AVEVA may not share any collected data that includes Customer’s Confidential Information with a third party except (a) in accordance with Section 5 (Confidentiality); or (b) to the extent the collected data is aggregated and anonymized such that Customer cannot be identified. Upon collection, AVEVA shall be the owner of such data.
5.1. Confidential Information. From time to time, either Party (the “Disclosing Party”) may disclose or make available to the other Party (the “Receiving Party”) Confidential Information of or in the possession of the Disclosing Party in connection with the Agreement. The term “Confidential Information” means any and all information in any form that Disclosing Party provides to Receiving Party in the course of the Agreement and that either (a) has been marked as confidential; or (b) is of such nature that a reasonable person would consider confidential under like circumstances. For the avoidance of doubt, Confidential Information includes any and all (i) Products and Services and any information pertaining to such Products and Services (including any user manuals, mathematical techniques, correlations, concepts, designs, specifications, listings, and other Documentation, whether or not embedded on a device or another form of media); (ii) confidential or proprietary information of a third party that is in the possession of the Disclosing Party; (iii) software or other materials which include Intellectual Property Rights Customer develops that references AVEVA’s Confidential Information; and (iv) the terms and conditions of the Agreement. Notwithstanding the foregoing, Confidential Information shall not include any information, however designated, that the Receiving Party can show (A) is or has become generally available to the public without breach of the Agreement by the Receiving Party, (B) became known to the Receiving Party prior to disclosure to the Receiving Party by the Disclosing Party, (C) was received from a third party without breach of any nondisclosure obligations to the Disclosing Party or otherwise in violation of the Disclosing Party’s rights, (D) was developed by the Receiving Party independently of any Confidential Information received from the Disclosing Party, or (E) is considered personal data as further described in Section 6 (Data Protection).
5.2. Confidentiality Obligations. Each Party (or third party whose Confidential Information has been disclosed) retains ownership of its Confidential Information. Each Party shall (a) protect the Confidential Information received from the Disclosing Party in the same manner as it protects the confidentiality of its own proprietary and confidential materials but in no event with less than reasonable care; and (b) use the Confidential Information received from the Disclosing Party solely for the purpose of the Agreement. Upon termination of the Agreement or upon written request submitted by the Disclosing Party, whichever comes first, the Receiving Party shall return or destroy, at the Disclosing Party’s choice, all of the Disclosing Party’s Confidential Information; provided, however, that AVEVA may retain Customer’s Confidential Information during the pendency of a dispute or litigation between the Parties. Notwithstanding the foregoing, neither Party shall be required to return or destroy any such Confidential Information if such return or destruction is impracticable, technically infeasible or contrary to either Party’s bona fide existing document retention policies. Except with respect to its Affiliates, employees, contractors, or agents who need to know Confidential Information in order to support the performance of such Party’s obligations related to the Agreement, and who are contractually bound by confidentiality obligations that are at least as protective as those contained in the Agreement, neither Party shall, disclose to any person any Confidential Information received from the Disclosing Party without the Disclosing Party’s prior written consent. The Receiving Party will be responsible for any breach of this Section 5 (Confidentiality) by its Affiliates, employees, contractors, and agents and any third party to whom it discloses Confidential Information in accordance with this Section 5 (Confidentiality). For Confidential Information that does not constitute a “trade secret” under applicable Law, these confidentiality obligations will expire three (3) years after the termination or expiration of the Agreement. For Confidential Information that constitutes a “trade secret” under applicable Law, these confidentiality obligations will continue until such information ceases to constitute a “trade secret” under such applicable Law. Notwithstanding anything to the contrary in this Section 5 (Confidentiality), the Receiving Party may disclose Confidential Information pursuant to an order of a court or governmental agency; provided, that, if permitted by applicable Law, the Receiving Party shall first notify the Disclosing Party of such order and afford the Disclosing Party the opportunity to seek a protective order relating to such disclosure.
5.3. Unauthorized Access. Customer must immediately notify AVEVA in writing if any third party gains unauthorized access to AVEVA’s proprietary materials, Intellectual Property Rights or Confidential Information. Customer will use its best efforts to prevent such unauthorized access.
5.4. Press Releases and Client List Reference. Neither Party shall issue any press release concerning the other Party’s work or the Agreement without the other Party’s consent. Notwithstanding the foregoing, AVEVA may identify Customer as a client of AVEVA and use Customer’s name and logo and release an announcement regarding the award of the Agreement and AVEVA is hereby granted a license for the term of the Agreement to use Customer’s name and logo for this purpose, as well as in AVEVA’s marketing literature and customer lists, from time to time as needed. AVEVA may generally describe the nature of the work in AVEVA’s promotional materials, presentations, case studies, qualification statements, and proposals to current and prospective clients.
6. DATA PROTECTION.
6.1. No Joint Data Controllership. The Parties agree that in connection with any processing of personal data shared by Customer with AVEVA in connection with the performance of these GTCs, for the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) (including as it applies in the United Kingdom) and other applicable data protection laws, AVEVA will act for all purposes as an independent data controller, and no joint controllership (or equivalent concept) over any such personal data arises as between AVEVA and Customer. In the event that, in any respect, AVEVA and Customer are determined to be joint data controllers in respect of any such data by any court in the UK or the EEA, or by any government authority with responsibility for data privacy, or an equivalent finding is made by a competent court or authority elsewhere: (a) each Party shall comply with all applicable Laws relating to data privacy and protection in connection with all such personal data, and shall provide, upon request of the other Party, all information necessary to demonstrate such compliance; and (b) each data controller shall indemnify the other Party in full and keep the other Party indemnified in respect of any and all Damages incurred by the other Party or for which that data controller becomes liable as a result of the failure by that data controller to comply with its obligations as data controller under the applicable Laws relating to data privacy and protection. The Parties further agree that AVEVA does not, save as otherwise specifically agreed in writing, act as Customer’s data processor.
6.2. Customer Content. Customer shall obtain all rights related to Customer Content required in connection with the performance, receipt or use of the Products and hereby grants all necessary rights and permissions to enable AVEVA, its Affiliates, its subcontractors, and (where relevant) its sub-processors to use, copy, and process the Customer Content using the Products or to fulfil AVEVA’s obligations under the Agreement, including, without limitation, making necessary disclosures and obtaining all licenses, permits, approvals, or consents required in connection with any personal data or regulated content in the Customer Content. Customer is solely responsible for the accuracy, quality, integrity, legality, reliability, and appropriateness of Customer Content. Without prejudice to the Data Processing Addendum, Customer is responsible for any use by Customer or Customer’s users of the Products in a manner that is inconsistent with the Agreement. To the extent Customer discloses or transmits Customer Content to a third party (including by allowing a third party to access Customer Content as a user), AVEVA is no longer responsible for the security, integrity or confidentiality of such content outside of AVEVA’s control. Customer will collect and maintain all personal data contained in the Customer Content in compliance with applicable data privacy and protection Laws (including the GDPR) and Data Processing Addendum (if applicable).
6.3. Security. Without prejudice to the Data Processing Addendum, Customer is responsible for any security vulnerabilities, and the consequences of such vulnerabilities, arising from Customer Content, including any viruses, Trojan horses, worms or other harmful programming routines contained in Customer Content. Customer is solely responsible for determining the suitability of the Products for Customer’s business processes and for complying with all applicable legal requirements regarding Customer Content and its use of the Products. Customer will provide reasonable assistance required in connection with the provision of the Products and any Support. Customer acknowledges and agrees that Customer’s reasonable assistance is a necessary precondition for AVEVA’s correct performance of its obligations under the Agreement. Customer bears all consequences and costs resulting from breach of its duties.
7. DISCLAIMER OF WARRANTIES.
EXCEPT FOR THE EXPRESS REPRESENTATIONS AND WARRANTIES SET FORTH IN THE AGREEMENT (INCLUDING ANY APPLICABLE SCHEDULES AND/OR ANY APPLICABLE ADDENDA), AVEVA AND ITS LICENSORS DISCLAIM ALL OTHER WARRANTIES, REPRESENTATIONS, OR STATEMENTS, WHETHER EXPRESS, IMPLIED OR STATUTORY INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE EXCEPT TO THE EXTENT THAT ANY WARRANTIES IMPLIED BY LAW CANNOT BE VALIDLY WAIVED. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY AVEVA, ITS DEALERS, DISTRIBUTORS OR AGENTS OR EMPLOYEES SHALL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF THE WARRANTIES SET FORTH IN THE AGREEMENT AND CUSTOMER MAY NOT RELY ON ANY SUCH INFORMATION OR ADVICE. AVEVA DOES NOT WARRANT THAT THE PRODUCTS OR SERVICES WILL MEET CUSTOMER’S REQUIREMENTS, THAT THE PRODUCTS OR SERVICES WILL OPERATE IN COMBINATIONS OTHER THAN AS SPECIFIED IN AVEVA’S DOCUMENTATION (INCLUDING ANY APPLICABLE SCHEDULES AND/OR ANY APPLICABLE ADDENDA), THAT THE OPERATION OF THE PRODUCTS AND SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE OR THAT THE PRODUCTS OR SERVICES WILL PROTECT AGAINST ALL POSSIBLE SECURITY THREATS, INTERNET THREATS OR OTHER THREATS OR INTERRUPTIONS. THE PRODUCTS AND SERVICES ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS AND MAY BE SUBJECT TO TRANSMISSION ERRORS, DELIVERY FAILURES, DELAYS AND OTHER LIMITATIONS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS. FOR THE AVOIDANCE OF DOUBT, AVEVA DISCLAIMS ALL LIABILITY FOR INFRINGEMENT CLAIMS OF ANY KIND ARISING FROM: (A) ANY CUSTOMER USE OF AVEVA PRODUCTS BEYOND THE SCOPE OF THE AGREEMENT; (B) CUSTOMER’S USE OF AVEVA PRODUCTS IN COMBINATION WITH ANY PRODUCTS NOT DEVELOPED BY AVEVA, TO THE EXTENT THE CLAIM IS SUCH COMBINED USE; (C) CUSTOMER’S FAILURE TO USE UPDATED OR MODIFIED VERSIONS OF AVEVA PRODUCTS PROVIDED OR MADE AVAILABLE BY AVEVA WITHOUT ADDITIONAL CHARGE; OR (D) AVEVA’S COMPLIANCE WITH DESIGNS OR SPECIFICATIONS OF A PUBLISHED STANDARD OR AS PROVIDED BY CUSTOMER.
8. LIMITATION OF LIABILITY.
8.1. CONSEQUENTIAL DAMAGES. NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN, IN NO EVENT SHALL AVEVA BE LIABLE FOR (A) ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, SPECIAL, PUNITIVE OR SIMILAR DAMAGES OR (B) LOSS OF BUSINESS, PROFITS, SAVINGS, OR REVENUE, LOSS, CORRUPTION OR DESTRUCTION OF DATA, BUSINESS INTERRUPTION, OR DOWNTIME, IN EACH CASE ARISING OUT OF OR RELATED TO THE AGREEMENT, REGARDLESS OF THE CAUSE OF ACTION OR BASIS OF LIABILITY (WHETHER IN CONTRACT, TORT, INDEMNITY, STRICT LIABILITY OR ANY OTHER LEGAL OR EQUITABLE THEORY), AND EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
8.2. Damages Cap. Subject to Section 8.3 (Exceptions), the aggregate liability of AVEVA to Customer for any loss or Damage arising under or in relation to the Agreement, regardless of the basis of liability (whether arising out of liability under breach of contract (including under any indemnity), tort (including but not limited to negligence), misrepresentation, breach of statutory duty, breach of warranty or Claims by third parties arising from any breach of the Agreement) shall not exceed the fees paid by Customer pursuant to the applicable Transaction Document for the specific Product or Service giving rise to such liability in the twelve (12) month period preceding the date of the incident giving rise to the Claim. The provisions of this Section 8 (Limitation of Liability) allocate the risks between AVEVA and Customer, and AVEVA’s pricing reflects this allocation of risk and the limitation of liability specified herein. However, if Customer has paid no fees under the terms of a Transaction Document in the twelve (12) month period preceding the date of the incident giving rise to the Claim, the aggregate liability of AVEVA to Customer for such Claim shall not exceed $5,000.
8.3. Exceptions. Notwithstanding the foregoing, the limitations on amounts of Damages set forth in Section 8.2 (Damages Cap) shall not apply to AVEVA’s intentional misconduct, fraud, or fraudulent misrepresentation, or to the extent prohibited by applicable Law. For the avoidance of doubt, nothing in this Section 8 (Limitation of Liability) shall preclude AVEVA’s recovery of Damages from Customer if Customer or any of its Affiliates: (a) use any Product or Service beyond the scope of the Agreement; (b) infringe on or misappropriate any of AVEVA’s Intellectual Property Rights; or (c) is in breach of Section 14 (Compliance with Laws) of these GTCs.
9.1. Indemnification by AVEVA. AVEVA shall defend and indemnify Customer against Claims brought against Customer by any third party alleging that Customer’s use of the Products in accordance with the terms and conditions of the Agreement, constitutes an infringement of a patent or copyright, or misappropriation of a trade secret of a third party AVEVA will pay Damages finally awarded to the third party (or the amount of any settlement AVEVA enters into) with respect to such Claims. This obligation of AVEVA shall not apply if the alleged infringement or misappropriation results from: (a) use of the Products in conjunction or combination with any other software, services, or any product, data, item, or apparatus that AVEVA did not provide to Customer or its Affiliates (including any Third-Party Services or Third-Party Products); (b) anything Customer or its Affiliates provide or design including configurations, instructions, or specifications (including any Products that were provided pursuant to Customer’s designs, drawings, or specifications); (c) a modification of a Product other than with AVEVA’s prior written consent; (d) Customer’s or its Affiliates’ failure to use the latest release or version of a Product (including any corrections or enhancements) where such use would have prevented the infringement or misappropriation Claim; (e) Customer’s or its Affiliates’ use, storage, distribution, reproduction, or maintenance not permitted by the Agreement; or (f) Customer’s or its Affiliates’ breach of Section 14 (Compliance with Laws) of these GTCs. If AVEVA believes, in its reasonable opinion, that a Claim under this Section 9.1 (Indemnification by AVEVA) could or is likely to be made, AVEVA may, after consultation with Customer, cease to offer or deliver such Products without being in breach of the Agreement.
9.2. Infringement Remedies. In the event a Claim under Section 9.1 (Indemnification by AVEVA) is made and such Product is held to infringe a third-party’s patent or copyright, or misappropriate a trade secret, then AVEVA may, at its sole option and expense: (a) procure for Customer the right to continue using the Product under the terms of the Agreement or (b) replace or modify the Product to be non-infringing without a material decrease in functionality. If these options are not reasonably available, AVEVA or Customer may terminate the Agreement upon written notice to the other and Customer shall immediately cease using or shall return the infringing Product and AVEVA shall refund Customer the unamortized portion of the license fees (or any applicable Support fees) paid for such Product based on a straight-line three (3) year depreciation from the date Customer received the Product. The provisions of this Section 9.2 (Infringement Remedies) state the sole, exclusive, and entire liability of AVEVA to Customer, and is Customer’s sole remedy, with respect to third-party Claims covered by Section 9.1 (Indemnification by AVEVA).
9.3. Indemnification by Customer. Customer shall defend and indemnify AVEVA and its Affiliates (and each of their licensors), and each of their respective officers, directors, contractors, agents, and employees (“AVEVA Indemnitees”) against Claims brought against AVEVA Indemnitees by any third party arising from or related to: (a) Customer’s or its Affiliates’ (i) breach of the Agreement; or (ii) use of the Products or Services in violation of any applicable Law; (b) any Customer Content; (c) an allegation that any material provided by Customer or its Affiliates violates, infringes, or misappropriates the Intellectual Property Rights of a third party; (d) AVEVA’s use of or access to Customer’s or its Affiliates’ software, machines, equipment, systems, information technology environment, or premises in connection with the provision of the Support; and (e) Customer’s or its Affiliates’ breach of the Agreement. For the avoidance of doubt, the foregoing shall apply regardless of whether such Damage is caused by the conduct of Customer and/or its named users or by the conduct of a third party using Customer’s access credentials.
9.4. Indemnification Requirements. The indemnification obligations under this Section 9 (Indemnification) are conditioned on: (a) the Party against whom a third-party Claim is brought timely notifying the other Party in writing of any such Claim, provided however that a Party’s failure to provide or delay in providing such notice shall not relieve a Party of its obligations under this Section 9 (Indemnification) except to the extent such failure or delay prejudices the defense; (b) the Party who is obligated to defend a Claim having the right to fully control the defense of such Claim; (c) the Party against whom a third-party Claim is brought reasonably cooperating in the defense of such Claim; and (d) Customer complying with AVEVA’s direction to cease any use of the Products which in AVEVA’s reasonable opinion, is likely to constitute an infringement or misappropriation. Any settlement of any Claim shall not include a financial or specific performance obligation on or admission of liability by the Party against whom the Claim is brought, provided however that AVEVA may settle any Claim on a basis requiring AVEVA to substitute for the Products any alternative substantially equivalent non-infringing products. AVEVA shall not be responsible for any settlement made without its consent. The Party against whom a third-party Claim is brought may appear, at its own expense, through counsel reasonably acceptable to the Party obligated to defend Claims. Neither Party shall undertake any action in response to any infringement or misappropriation, or alleged infringement or misappropriation that is prejudicial to the other Party’s rights.
10. TERM AND TERMINATION.
10.1. Term of GTCs. The initial term of these GTCs begins on the Effective Date and shall continue thereafter for five (5) years unless terminated earlier by a Party pursuant to these GTCs (including, but not limited to, this Section 10 (Term and Termination)) (the “Initial Term”). The GTCs will auto-renew for one (1) year periods following the Initial Term (each, a “Renewal Term”) until either Party provides notice of intention to not renew sixty (60) days before the end of the then current Initial Term or Renewal Term. The Initial Term and each Renewal Term shall collectively be referred to as the “Term”.
10.2. Transaction Document Term. The initial term of each Transaction Document shall commence on the effective date specified in the Transaction Document and continue thereafter until: (a) the end of the term of the Transaction Document as specified in the Transaction Document; (b) if specified in the Transaction Document, delivery of the Products or completion of the Services in accordance with the Transaction Document; or (c) earlier termination by either Party in accordance with this Section 10 (Term and Termination).
10.3. Termination for Material Breach. Either Party may terminate these GTCs or a Transaction Document for cause if the other Party commits a material breach of the GTCs or Transaction Document and fails to cure such breach within thirty (30) days (or with respect to Customer’s payment failure, within ten (10) days) of receipt of a notice of default from the non-defaulting Party. Termination will not relieve Customer of its obligations specified in Section 10.5 (Effect of Termination) and will not entitle Customer to a refund of any license fees (or any applicable Support fees) previously paid. For the avoidance of doubt, Customer’s non-compliance with Section 4 (Record Keeping, Audits, and Compliance Certificates) of the Software and Support Addendum shall constitute a material breach of the Agreement.
10.4. Termination for Financial Deterioration. Either Party may terminate these GTCs or a Transaction Document immediately if the other Party files for bankruptcy, ceases or threatens to cease carrying on business, becomes insolvent, or makes an appointment, assignment or novation for the benefit of creditors.
10.5. Effect of Termination. If these GTCs are terminated prior to the completion of one (1) or more Transaction Documents, then the Transaction Documents that are not terminated shall continue to be governed by the GTCs for the remainder of the applicable term of the Transaction Document in accordance with Section 10.2 (Transaction Document Term).
10.6. Right to Suspend. In the event that: (a) Customer or any of its Affiliates breach the Agreement; (b) AVEVA experiences or reasonably believes it will experience a security threat or system failure that endangers the integrity of AVEVA’s internal systems; or (c) a Force Majeure conditions occurs, AVEVA may in its sole discretion, with or without notice, suspend, change or impose limits on Customer’s use of the Products or Services, or any portion thereof, either temporarily or permanently, without any liability of AVEVA.
10.7. Evaluation Term. If Customer is using the Product on an evaluation basis or as a free trial, then the term for such Product will be specified in the Transaction Document. If no such term is specified, the term shall be forty-five (45) days from the date the Product is delivered.
For as long as any Transaction Document remains in effect, AVEVA will maintain, at its sole cost and expense, comprehensive general liability and property damage insurance in an amount not less than $1 million in the aggregate. Additionally, AVEVA will maintain, at its sole cost and expense, workers’ compensation insurance in accordance with statutory requirements.
12. THIRD-PARTY PRODUCTS AND SERVICES.
12.1. Third-Party Services. The Services may include integrations with Third-Party Services on external websites that are accessed through the Products or Services. These Third-Party Services are not part of the Products or Services and the Agreement does not apply to them. Customer may be subject to terms and conditions with those third parties.
12.2. Third-Party Products. Unless otherwise agreed in writing by AVEVA, if Third-Party Products are supplied by AVEVA to Customer, such Third-Party Products are provided on a “pass-through” basis only and are subject to the terms and conditions of the third-party vendor, including but not limited to warranties, licenses, indemnities, limitation of liability, prices and changes thereto.
AVEVA provides its standard training for Products and Services by telephone, email consultation, or virtual media, both in-person and electronically. Any fees required for such training will be set forth in the applicable Transaction Document.
14. COMPLIANCE WITH LAWS.
14.1. Anti-Bribery. Each Party represents and undertakes that in connection to its entering into the Agreement and each Transaction Document and its performance of the Agreement and each Transaction Document, that it shall comply at all times with all applicable anti-bribery laws and regulations, including the U.K. Bribery Act 2010, the U.S. Foreign Corrupt Practices Act and any local anti-bribery laws and regulations (collectively referred to as “Anti-Bribery Laws”). For the avoidance of doubt, a breach of any of the undertakings in this Section 14.1 (Anti-Bribery) by Customer or any of its Affiliates shall be deemed to be a material breach of the Agreement for the purpose of Section 10.3 (Termination for Material Breach). Without limiting the generality of the foregoing, each Party undertakes to the other Party that:
14.1.1. it will not, and will ensure that its authorized representatives and associated persons will not, directly or indirectly engage in or abet any activity, practice or conduct, which would constitute a breach of or an offense under Anti-Bribery Laws;
14.1.2. it has and will maintain in place adequate procedures designed to prevent any authorised representatives and associated persons from undertaking any conduct that would give rise to a breach of or an offense under Anti-Bribery Laws; and
14.1.3. from time to time at the reasonable request of the other Party, it will confirm in writing that it has complied with its undertakings under Sections 14.1.1 and 14.1.2 and will provide any information reasonably requested by the other Party in support of such compliance.
14.2. Trade Control. Customer undertakes in its performance of the Agreement and each Transaction Document to comply with all applicable Export Control Laws and Sanctions Laws, regulations, orders, decrees and lists (collectively, “Trade Controls”), including but not limited to, the U.S. Export Administration Regulations, the U.S. Office of Foreign Asset Control Regulations, the UK Export Control Order 2008/3231 (as amended), and the EU Dual-Use Regulations 428/2009 (as amended), as well as the laws of the jurisdiction in which the Products or Services will be received and used. The Products and Services provided under this Agreement and each Transaction Document may not be used: (a) in the Crimea region, in the Donetsk’s People’s Republic and Luhansk People’s Republic regions of Ukraine, Cuba, Iran, North Korea or Syria; (b) in connection with a military end-user or military end use in Burma/Myanmar, China, Russia or Venezuela; (c) for the construction, design, development, delivery, maintenance, production, stockpiling, support, or use of: (i) nuclear, chemical or biological weapons, (ii) rocket systems, missiles, or unmanned air vehicles, (iii) unsafeguarded nuclear activities, or (iv) maritime nuclear propulsion plants, their land prototypes, or related facilities; (d) by or for the specific benefit of any individual or entity on a sanctions or export denial list maintained by the UN, US, EU, UK, or other applicable jurisdiction, or any entity 50% or more owned in the aggregate by any such party; (e) for any other use requiring a sanctions or export control authorization where such authorization has not been obtained; or (f) in any manner, that could result in AVEVA or its Affiliates being in violation of, or being subject to negative consequences under, Trade Controls. Customer agrees that it will comply with any requirements related to the import of any Products and Services and Customer will not re-export or transfer any Products and Services in violation of Trade Controls.
14.3. Breach. For the avoidance of doubt, if AVEVA determines that, in its reasonable opinion, Customer or any of its Affiliates has breached or is likely to breach Section 14.1 (Anti-Bribery) or Section 14.2 (Trade Control), that breach shall constitute a material breach of the Agreement for purposes of Section 10.3 (Termination for Material Breach). Additionally, AVEVA shall have the right to suspend its obligations under, or terminate, the Agreement with immediate effect in the event that AVEVA determines that, in its reasonable opinion, the continued performance of its obligations under the Agreement could result in AVEVA or its Affiliates being in violation of, or being subject to negative consequences under, Trade Controls.
15.1. Assignment. The Agreement shall extend to and be binding upon the Parties to the Agreement, their successors, and assigns, provided, however, that neither Party shall assign or transfer the Agreement without the other Party’s prior written consent, which shall not be unreasonably withheld, delayed or conditioned. AVEVA may condition its consent to any such assignment on Customer: (a) updating the AVEVA Product Customer has contracted for to the then-current version; and/or (b) paying AVEVA’s then-current license fees (and/or all applicable Support fees). Notwithstanding the foregoing limitation, AVEVA may assign or transfer the Agreement, in whole or in part, without obtaining the consent of Customer, to a parent company or subsidiary or in connection with the transfer or sale of its entire business or sale of all or substantially all of its assets, or in the event of a merger, divestiture, internal reorganization or consolidation with another company.
15.2. Independent Contractor. AVEVA is an independent contractor, and each Party agrees that no partnership, joint venture, agency, fiduciary, or employment relationship exists between the Parties.
15.3. Force Majeure. Except for Customer’s payment obligations, neither Party shall be liable for delays caused by conditions arising out of or caused, directly or indirectly, by circumstances beyond their reasonable control, including acts of God, earthquakes, fires, floods, wars, civil or military disturbances, acts of terrorism, sabotage, strikes, epidemics, pandemics, riots, power failures, computer failure and any such circumstances beyond their reasonable control as may cause interruption, loss or malfunction of utility, transportation, computer (hardware or software) or telephone communication service, accidents, labor disputes, acts of civil or military authority, governmental actions, or inability to obtain labor, material, equipment or transportation (“Force Majeure”); provided, however, that notice thereof is given to the other Party as soon as practicable. All such Force Majeure conditions preventing performance shall entitle the Party hindered in the performance of its obligations under the Agreement to an extension of the date of delivery of the Products or completion of the Services by a period of time equal to the period of delay incurred as a result of the Force Majeure or to any other period as the Parties may agree in writing.
15.4. Waiver. The waiver (whether express or implied) by either Party of a breach or default of any of the provisions of the Agreement (including any Transaction Document) by the other Party shall not be construed as a waiver of any succeeding breach of the same or other provisions nor shall any delay or omission on the part of either Party to exercise or avail itself of any right power or privilege that it has or may have hereunder operate as a waiver of any breach or default by the other Party.
15.5. Notices. All notices and other communications required or permitted under the Agreement will be in writing and delivered by confirmed transmission, by courier or overnight delivery service with written verification of receipt, or by registered or certified mail, return receipt requested, postage prepaid, and in each instance, will be deemed given upon receipt. All such notices, approvals, consents and other communications will be sent to the addresses set forth on the Transaction Document or to such other address as may be specified in writing by either Party to the other in accordance with this Section 15.5 (Notices).
15.6. Invalidity and Severability. If any provision of the Agreement (including any Transaction Document) shall be found by any court to be invalid or unenforceable, the invalidity or unenforceability of such provision shall not affect the other provisions of the Agreement and all provisions not affected by such invalidity or unenforceability shall remain in full force and effect. The Parties hereby agree to attempt to substitute for any invalid or unenforceable provision a valid or enforceable provision which achieves to the greatest extent possible the economic, legal and commercial objectives of the invalid or unenforceable provision.
15.7. Negotiated Terms. The Parties agree that the terms and conditions of the Agreement are the result of negotiations between the Parties and that the Agreement shall not be construed in favor of or against either Party by reason of the extent to which such Party or its professional advisors participated in the preparation of the Agreement.
15.8. Survival of Provisions. The provisions of the Agreement that by their nature survive expiration or termination of the Agreement will survive expiration or termination of the Agreement, including, but not limited to, the following Sections of these GTCs: 3 (Payments and Invoicing), 4 (Intellectual Property Rights), 5 (Confidentiality), 7 (Disclaimer of Warranties), 8 (Limitation of Liability), 9.3 (Indemnification by Customer), 10 (Term and Termination), 12 (Third-Party Products and Services), 14 (Compliance with Laws), and 15 (Miscellaneous).
15.9. Governing Law and Jurisdiction. The validity of the Agreement and the rights, obligations and relations of the Parties under the Agreement and in any dispute between them will be construed and determined under and in accordance with the substantive laws of the State of California, without regard to such state’s principles of conflicts of law. If a court must enter or enforce an arbitration award, if a party applies solely for preliminary or injunctive relief, or if the binding arbitration provision set forth in Section 15.10 (Binding Arbitration) is deemed invalid or ineffective, then each Party irrevocably agrees to submit to the exclusive jurisdiction of (and waives any objection to the venue of) the federal or state courts located in Orange County, California to enter or enforce such award, to determine such preliminary or injunctive relief, or to determine such Claim or matter arising out of or in connection with the Agreement, as applicable. To the extent otherwise applicable, the Parties hereto agree that the United Nations Convention on the International Sale of Goods will not apply to the Agreement.
15.10. Binding Arbitration. Any controversy or Claim arising out of or relating to the Agreement, including any breach of the Agreement, shall be determined by final and binding arbitration administered by JAMS under its Streamlined Arbitration Rules and Procedures (“Streamlined Rules”). The award rendered by the arbitrator shall be final, non-reviewable, and non-appealable and binding on the Parties and may be entered and enforced in any court having jurisdiction. There shall be one arbitrator agreed to by the Parties within twenty (20) days of receipt by the respondent of the request for arbitration or in default thereof appointed by JAMS in accordance with the Streamlined Rules, which arbitrator shall have substantial experience in resolving business disputes involving similar products or services. The place of arbitration shall be Orange County, California. The arbitrator will have no authority to award punitive, consequential, liquidated, or other Damages waived, disclaimed, or otherwise prohibited by the Agreement and the award shall not exceed the applicable limitation of liability set forth in the Agreement. Neither Party has the right to act as a class representative or participate as a member of a class with respect to any arbitrated controversy or Claim arising out of or relating to the Agreement (including any breach of the Agreement). The prevailing Party in any action or arbitration shall be entitled to recover all attorneys’ fees and costs including, without limitation, arbitration fees and fees of experts.
15.11. Waiver of Jury Trial. Each Party waives, to the fullest extent permitted by applicable Law, any right it may have to a trial by jury in respect of any proceedings relating to the Agreement or any performance or failure to perform of any obligation under the Agreement.
15.12. Ethical Trading Policy. Customer shall comply with AVEVA’s then-current ethical trading policy located at www.aveva.com/policies/ethical/en, which shall be incorporated herein by reference.
15.13. Third-Party Beneficiary. Except as expressly set forth in the Agreement, the Parties do not intend to create rights for any person as a third-party beneficiary of the Agreement.
15.14. Entire Agreement; Amendments; Execution. The Agreement constitutes the entire agreement between the Parties relating to its subject matter and supersedes all prior or contemporaneous representations, understandings or agreements whether written or oral, relating to its subject matter. The Agreement will prevail over any additional, conflicting, or inconsistent terms and conditions that may be contained in any purchase order or other document furnished by Customer to AVEVA, or any clickwrap agreement covering the same subject matter. The Agreement may be amended or modified only by a writing that is signed by or on behalf of both Parties. The Agreement may be executed in counterparts, each of which will be deemed an original, but all of which together will constitute one and the same instrument. An executed facsimile or electronic copy of the Agreement shall be construed as if it were an original.
AVEVA CLOUD SERVICES ADDENDUM
1.1 “Acceptable Use Policy” or “AUP” means the then-current acceptable use policy of AVEVA, which is currently located at https://www.aveva.com/en/legal/usage-policy/, as such policy or URL may be updated, modified, supplemented, or otherwise amended from time to time.
1.2 “Accessed Stream Count” means the number of unique data streams that have been accessed during a calendar day as measured in Coordinated Universal Time (UTC).
1.3 “Account Administrator” means the Representative(s) set out in the Transaction Document, which, in the management of the applicable Product(s), has the right to grant access or use to any Users of such Product on behalf of Customer. Customer will name (a) one (1) Account Administrator in the applicable Transaction Document and (b) one (1) Account Administrator on AVEVA Connect.
1.4 “Account Information” means any and all information about Customer, its Affiliates, and Users that Customer or any User provides to AVEVA, or AVEVA collects, in connection with the creation or administration of their accounts (including any Usage Metrics).
1.5 “Available Minutes” means the total number of minutes during a calendar month.
1.6 “AVEVA Connect” means AVEVA's platform for managing User subscriptions and accessing the applicable Products.
1.7 “AVEVA Connect Account” means an account of Customer that is available on AVEVA Connect in which Customer may access applicable Products.
1.8 “Best-fit Storage” means an algorithm that may be used together with the Data Acquisition Rate for any applicable Product. For example, AVEVA’s Best-fit Storage combined with a Data Acquisition Rate of sixty (60) seconds means that regardless of the number of values submitted for a Data Point, only the minimum set of values required to give a good representation of the Data Point for that sixty (60) seconds are stored. The minimum set of values may include the First, Last, Minimum, Maximum, and Mean value for the Data Point.
1.9 “Connected Services Provider” means a customer who acts as a reseller, value-added reseller (VAR), distributor and/or a provider of service-bureau usage of the Products.
1.10 “Credits” means the virtual credits purchased by Customer that may be redeemed directly to use the Product or to create a License File allowing access and use of the Product. At the start of the Term, Credits for Software (whether cloud SaaS, on-premises) as set forth in the Product Rate Plan, will be allotted to Customer for use throughout the entire Term. Any unused Credits remaining at the end of the Term may not be carried forward to any other term or otherwise. Credits designated for Cloud SaaS are not inter-changeable with Credits designated for On-Premises Software.
1.11 “Credit Access Period” means a period defined in the Transaction Document during which a User may access multiple instances of the applicable Product from multiple devices, and it will count as a single access for the purpose of charging Credits. Each Credit Access Period consumes the number of Credits shown against the Products in the Transaction Document’s subscription table. Where Customer wishes the Product to be used by multiple Users, the same applies per additional User.
1.12 “Credit Weighting” The number of Credits required for a single User to utilize a Product during a Credit Access Period.
1.13 “Customer Authorized Officer” means any Representative nominated by Customer or set out in the Transaction Document, which, in the management of the Product, provides certain commercial instructions in writing to AVEVA.
1.14 “Daily Active Users” or “DAU” refers to the total number of Users that have been identified by AVEVA as accessing the Product during a calendar day, as measured in Coordinated Universal Time (UTC).
1.15 “Data Acquisition Rate” means the fastest rate at which the Product will store values for a single Data Point. This is expressed in terms of the duration between successive values stored by the Product. Values submitted that exceed the Data Acquisition Rate may not be stored by the Product. Data Acquisition Rates may be set forth in a Transaction Document for the applicable Product.
1.16 "Data Controller" has the meaning set forth in the Data Processing Addendum.
1.17 “Data Point” means a discrete unit of information – usually representing a value from a sensor or other device - that is being monitored over time and published and/or stored by the Product. Data Points may be set forth in a Transaction Document for the applicable Product.
1.18 "Data Processor" has the meaning set forth in the Data Processing Addendum.
1.19 “Data Sharing” has the meaning set forth in Section 3.3 (Data Sharing).
1.20 “Data Sharing Content" means Customer Content and all other software, data (including personal data), information, text, images, audio, video, photographs, and other content and material, in any format, accessed, uploaded, created, modified, distributed, transmitted, reproduced, and otherwise processed in connection with Data Sharing.
1.21 “Data Source” means a piece of equipment or other system that is providing one or more Data Points to the applicable Product and is being represented and managed as an inbound connection to such Product. Data Sources may be set forth in a Transaction Document for the applicable Product.
1.22 “Documentation” means the technical documentation, program specifications, operations manuals, and other documentation as are available on the Product (or through AVEVA Connect for such Product), which may be updated, modified, supplemented, or otherwise amended from time to time.
1.23 “Downtime” means the total number of minutes during a calendar month that the Product are unavailable to Customer when such unavailability is solely caused by Product errors or other factors within AVEVA’s reasonable control. Downtime does not include Emergency Downtime, Scheduled Downtime, and General Unavailability.
1.24 “Edge Device” is a host (whether an on-premises hardware device or a virtualized container or environment) for which AVEVA does not have any responsibility for maintaining or over which AVEVA does not exert control.
1.25 “Emergency Downtime” means those times when AVEVA or a third party becomes aware of a security or other vulnerability that AVEVA deems to require prompt remediation and, as a result, the Products are temporarily made unavailable in order for AVEVA to remediate the security or other vulnerability.
1.26 “General Unavailability” means unavailability caused by: (a) network outages; (b) infrastructure outages; (c) a third party or Customer’s hardware or software; (d) the acts or omissions of Customer or its employees, subcontractors, or agents; (e) events outside of AVEVA’s direct control, such as downtime as a result of the failure or lack of availability of third-party cloud services upon which the Services depend; or (f) Force Majeure conditions.
1.27 “Goods” means all products, equipment, materials, spare parts, hardware, supplies, and accessories for which support has been purchased under the applicable Transaction Document.
1.28 “High Risk Use” has the meaning set forth in Section 11 (High Risk Use and Industry and Categorical Restrictions).
1.29 “License File” means a Software license file used by Software applications that contains registration information that allows the User to open and access the applicable Software.
1.30 “Monthly Active Users” or “MAU” means the total number of Users that have been identified by AVEVA as accessing the Product during a calendar month, as measured in Coordinated Universal Time (UTC).
1.31 “Named User” means a unique, named individual who has logged-in or otherwise accessed the Product. Uniqueness of an individual is determined through a combination of (a) the credentials or other identifying information provided during any login sequence and (b) the internet address, network address, equipment identifier, International Mobile Equipment Identity, or other item that identifies the device being used to access the Product.
1.32 “OEM Customer” means a customer who is an original equipment manufacturer and/or provider of private-label versions of the Products.
1.33 “Partner Account” means an account that is not for production purposes and is provided to partners participating in the AVEVA Partner Network program.
1.34 “Permitted Third Party” means any third party (including Affiliates of the Customer) specifically identified in a Transaction Document as a User of any of the Products listed in such Transaction Document and has issued a Permitted Third-Party Undertaking Letter to AVEVA (if requested by AVEVA).
1.35 “Permitted Third-Party Undertaking Letter” means a letter, commitment, or agreement, in form and substance satisfactory to AVEVA in its sole discretion, requiring such third party to comply with all terms and conditions contained in the Agreement (and to be responsible for any non-compliance).
1.36 “Preview Features” means a feature, either within a Product or independent of a Product, that has not been made available for general release to AVEVA’s customers, but is offered to certain of AVEVA’s customers in a state that can be “previewed“ for feedback and validation prior to any general release.
1.37 “Product” has the meaning set forth in the GTCs. As used in this Cloud Services Addendum, “Product” will also include Cloud Products (as defined in the GTCs). 1.38 “Production Account” means a Customer’s account that can be used for active production.
1.39 “Product Rate Plan” means that document that provides a Customer with the agreed list of offers and their associated Credit rates. Each time a Customer accesses the Product, Credits will be deducted from the total number of Credits shown in the applicable Customer’s credit balance in AVEVA Connect. The Product Rate Plan will be used to track the usage of offers against the Order’s Credits. The Product Rate Plan may change depending upon the Products that the Customer chooses throughout the course of the Term. Such changes will be shown in AVEVA Connect.
1.41 “Release Notes” means electronic notification issued by AVEVA at the launch of a new Product or a product update or technical modification of a Product.
1.42 “Representatives” means any employees, officers, representatives, or advisers of a Party.
1.43 “Reward Credits” means, either: (a) Credits that AVEVA may offer to Customer at a discount to the then-current Credit rates, or (b) Credits that AVEVA may offer at no cost to Customer, each of which may be offered to Customer at AVEVA’s sole discretion.
1.44 “Scheduled Downtime” means the period of time when the Products are unavailable because of network changes, hardware or maintenance activity or upgrades.
1.45 “Service Credit” has the meaning set forth in Section 7.2.
1.46 “Service Level” means any service level for a Product that is set forth in a Schedule for such Product.
1.47 “Stored Stream Count” means the number of data streams that are stored in the applicable Product at the end of day as measured in Coordinated Universal Time (UTC).
1.48 “Test Account” means an account that is not for production purposes and is provided to Customer as a separate and distinct account from Customer’s prerequisite Production Account.
1.49 “Third-Party Content” means (a) all data and information submitted to AVEVA by or on behalf of Customer, (b) obtained, developed or produced in connection with the provision, receipt or use of the Product, or (c) to which AVEVA has access in connection with the provision of the Product.
1.50 “Top-Up Credits” means additional Credits purchased by Customer during the course of the Term to remedy an AVEVA Connect Account that is overdrawn in Credit usage or to supplement Customer’s Credit usage.
1.51 “Uptime” means the time during a calendar month in which the Products are available for Customer’s use. In order to determine if AVEVA met the Uptime Commitment for a calendar month, the Uptime percentage will be calculated as follows: (Available Minutes – Downtime) / (Available Minutes * 100).
1.52 “Uptime Commitment” has the meaning set forth in Section 7.1 (Service Levels).
1.53 “Usage Metrics” means the standard of measurement for determining the permitted use and calculating the fees due for a Product as set forth in the Transaction Document.
1.54 “User Credentials” means the username and password of each User as provided by AVEVA to Customer to use the applicable Product and any associated User identifiers.
1.55 “User” means Customer’s employees, contractors, and agents authorized to use the Products on Customer’s behalf in accordance with the Agreement. An individual will not be deemed to be authorized unless such individual has created a user ID and password in an AVEVA Connect Account. A User must be an in individual and not bots, sensors, chips, devices, etc.; provided, however, a User may access an AVEVA Connect Account through an application programming interface (API) under certain situations as specified in the Documentation. Customer will not share, and will prohibit each User from sharing, any username or password with another User, any other individual or entity or any non-human (e.g., bots, sensors, chips, devices, etc). Customer will not engage in, and will prohibit, any and all concurrent use of a user ID, whether by a User, any other individual or entity, or any non-human (e.g., bots, sensors, chips, devices, etc.).
2. TRANSACTION DOCUMENTS.
2.1. From time to time, AVEVA and Customer may enter into Transaction Documents whereby AVEVA provides Products to Customer. Each Transaction Document will constitute a contract between AVEVA and Customer separate and distinct from any other Transaction Document. Each Transaction Document will be deemed to incorporate the terms of the GTCs (whether or not stated on the face of the Transaction Document).
3. USE OF PRODUCTS.
3.1. Use of Products. During the Term and subject to Customer’s compliance with all terms and conditions of the Agreement (including payment of all applicable fees), AVEVA grants to Customer a personal, non-exclusive, nontransferable limited right to access and use the Products and Documentation, through AVEVA Connect, solely for the internal business operations of Customer and subject to all usage restrictions for such Product in the Agreement or Documentation. Customer shall not make such Product accessible or available for use by Affiliates, Permitted Third Parties or any other individual, entity or non-human (e.g., bots, sensors, chips, devices, etc.) unless expressly permitted in the Agreement or Documentation; provided, however, that Customer will always be liable for all acts or omissions of Users, Affiliates, Permitted Third Parties and all other individuals, entities or non-humans (e.g., bots, sensors, chips, devices, etc.) (including for all non-compliance with terms of the Agreement) . Customer may allow the Account Administrator and the Users, as applicable, to use the Products on Customer’s behalf in accordance with the Agreement provided all third party Users are listed as Permitted Third Parties in the applicable Transaction Documents. For a Product that is specifically designed to allow Customer’s clients, agents, customers, suppliers or other third parties to access the Product in order to interact with Customer, such third parties will be considered “Users” subject to the terms of the Agreement. Customer shall cause the Users to comply with the Agreement. Following the expiration or termination of the Term, Customer shall not be able to access or use the Product or Documentation. For the avoidance of doubt, the use of the Products and Documentation accessed via a Partner Account or a Test Account is governed by Section 4.7 (Test and Partner Accounts) and not by this Section 3.1.
3.2. OEM Customer and Connected Service Provider. Notwithstanding Section 3.1 (Use of Products), AVEVA recognizes that in certain circumstances, Customer may be an OEM Customer and/or a Connected Service Provider. In such instances, Customer understands that it may make the Product available to its third-party customers only pursuant to additional terms and conditions between AVEVA and Customer with respect to Customer's participation as an OEM Customer and/or a Connected Service Provider.
3.3. Data Sharing. During the Term and subject to Customer’s compliance with all terms and conditions of the Agreement (including payment of all applicable fees), AVEVA grants to Customer a personal, non-exclusive, non-transferable limited right to allow individuals and/or non-humans (e.g., bots, sensors, chips, devices, etc.) to access, upload, create, modify, distribute, transmit, reproduce, and otherwise process Data Sharing Content via Customer’s AVEVA Connect Account through the specific access key mechanisms as specified in the Documentation (“Data Sharing”). AVEVA will use the Accessed Stream Count and Stored Stream Count to monitor Data Sharing and Customer will use Credits for Data Sharing as set forth in the Product Rate Plan (if applicable). AVEVA disclaims all liability or obligation relating to Data Sharing. Customer: (a) represents and warrants that it has the right to share with AVEVA or its Affiliates, subcontractors and sub-processors any and all personal information about the individuals provided in connection with Data Sharing; (b) is responsible for any and all acts or omissions on the part of the individuals and/or non-humans (e.g., bots, sensors, chips, devices, etc.) in connection with Data Sharing as if they were acts or omissions of Customer; (c) has obtained all necessary licenses, consents and rights to participate in Data Sharing; and (d) is solely responsible for all obligations in connection with Data Sharing and the Data Sharing Content accessed, uploaded, created, modified, distributed, transmitted, reproduced, and otherwise processed therein.
3.4. Restrictions on Use.
3.4.1 Copy Restrictions. Copyright laws and international treaties protect the Product, including the Documentation. Unauthorized copying of the Product, the Documentation or any part thereof, is expressly prohibited. All titles, trademarks, and copyright and restricted rights notices will be reproduced in such copies.
3.4.2 Use Restrictions. The Agreement only gives Customer some rights to use and access the Product or Documentation, and AVEVA and its licensors reserve all other rights. Customer does not acquire any rights, express or implied, other than those expressly granted in the Agreement. Unless applicable Law gives Customer more rights despite this limitation, Customer may use the Product or Documentation only as expressly permitted in the Agreement. In doing so, Customer will comply with all technical limitations in the Product or Documentation, including those that only allow Customerto use the Product and Documentation in certain ways. Customer will not and will not permit others to:
(a) reverse engineer, reproduce, decompile, recompile, disassemble, merge, modify, adapt or translate the Product or any component thereof (including Documentation), or create derivative works based on the Product (including Documentation), except and only to the extent that (i) applicable Law expressly permits, despite this limitation, (ii) AVEVA gives it prior written consent, or (iii) the Documentation accompanying the Product expressly permits;
(b) incorporate the Product into any other software program or software-as-a-service product not provided by AVEVA, except (i) for incorporation of such Product or Documentation with application program interfaces that AVEVA makes publicly available for such Product or Documentation or (ii) to the extent permitted to customize the Product in accordance with the accompanying Documentation;
(c) remove, obliterate, destroy, minimize, block or modify any logos, trademarks, copyright, digital watermarks, or other notices of AVEVA or its licensors that are included in the Product or Documentation, except as may be permitted when using application program interfaces that AVEVA makes publicly available for such Product or Documentation;
(d) make more copies of the Product than as allowed in the Agreement or by applicable Law, despite this limitation;
(e) publish (or otherwise make available) the Product or Documentation, including any application programming interfaces included in the Product, or any programs or materials resulting from the Product or Documentation (excluding Customer Content), for others to copy;
(f) transfer, sublicense, rent, lease, sell, lend, distribute, outsource, permit timesharing or service bureau use of, commercially exploit, make available, or assign the Product or any part thereof (including Documentation and any materials or programs, such as underlying software programs) to any other person or entity (except as expressly permitted by the Agreement);
(g) transfer the Product or Documentation to another location or to other equipment without the prior written consent of AVEVA (except as otherwise expressly permitted pursuant to the Agreement);
(h) use the Product or Documentation to store or transmit infringing, libelous, or otherwise unlawful or tortious material (or to store or transmit material in violation of Law or third-party privacy rights);
(I) use the Product or Documentation in a way intended to access or use the underlying infrastructure or to avoid incurring fees or exceed usage limitations;
(j) perform or disclose any of the following security testing of the Product or associated infrastructure without AVEVA’s prior written consent: network discovery, port and service identification, vulnerability scanning, password cracking, remote access testing, or penetration testing;
(k) use or access the Product or Documentation in a manner not permitted by (or otherwise inconsistent with) the Documentation;
(l) use the Product to build or support, directly or indirectly, products or services competitive to the Product; or
(m) perform any benchmark testing or any of the following security testing of the Products without AVEVA’s prior written consent, which will not be unreasonably withheld: network discovery, port and service identification, vulnerability scanning, password cracking, remote access testing, or penetration testing.
(n) Data collection failover deployments run only in parallel with the primary data collection deployment without an explicit license.
i. All other copies of Products running in parallel with the primary deployment must be explicitly licensed or subscribed to.
ii. For example, Products that are copied for backup purposes may not be used for training, testing, as a hot standby nor as a caching server. The Products may only be used to recover from a failure.
3.5. Acceptable Use Policy. Customer shall comply with, and ensure Users comply with, the Acceptable Use Policy and shall not use or permit the use of the Product in a manner that violates the Acceptable Use Policy, which is incorporated herein by reference.
4. PROVISION OF PRODUCTS.
4.1. Provision of Product. AVEVA will provide the Products to Customer through AVEVA Connect substantially in accordance with the Agreement.
4.2. Subscription Models. AVEVA may offer to Customer various subscription models for the Product. Accept as otherwise provided in the applicable Transaction Document, the terms and conditions relating to the applicable subscription models are as follows:
4.2.1. Named User Model. If the Product has been subscribed to on a Named User Model basis, then Customer’s access to and use of the Product will be limited to the number of (and specified) Named Users set forth in the Transaction Document.
4.2.2. Monthly Active User Model. If the Product has been subscribed to on a Monthly Active User Model basis, then during any calendar month (as measured in Coordinated Universal Time (UTC), Customer’s access to and use of the Product will be limited to and not exceed the number of Monthly Active Users set forth in the Transaction Document.
4.2.3. Daily Active User Model. If the Product has been subscribed to on a Daily Active User Model basis, then during any calendar day (as measured in Coordinated Universal Time (UTC)), Customer’s access to and use of the Product will be limited to and not exceed the number of Daily Active Users set forth in the Transaction Document.
4.2.4. Hourly Usage Model. If the Product has been subscribed to on an Hourly Usage Model basis, then Customer’s access to and use of the Product will be limited to and will not exceed the number of hours set forth in the Transaction Document.
4.2.5. Credit Based Subscription Model. If the Product has been subscribed to on a Credit Based Subscription Model basis, then then Customer’s access to and use of the Product will be limited to and will not exceed the number of Credits set forth in the Transaction Document. Customer will purchase Credits at the start of the initial term and on each renewal term. The Customer’s rights to use such Credits will expire at the end of the initial term and any renewal term on which the Credits were purchased. Where Customer purchases Top-up Credits, such Top-up Credits will be purchased at the agreed rate and will expire at the end of the initial term or renewal term, as applicable. AVEVA may, but is not required, to send notifications to the Account Administrator in connection with the following events:
• One (1) month before Customer’s projected usage will have consumed all remaining Credits.
•One (1) week before Customer’s projected usage will have consumed all remaining Credits.
• When all Credits have been consumed.
Where the Customer’s use of the Product exceeds the number of Credits (an “Overdraft”) the Customer will be required to purchase additional Credits in the form of Top-Up Credits to remedy the AVEVA Connect Account being overdrawn, within forty-five (45) days of any Overdraft. AVEVA reserves the right to limit or deny access to future consumption of Credits if Customer fails to correct an Overdraft in accordance with this Section 4.2.5. Notwithstanding Section 3 (Payments and Invoicing) of the GTCs, if Customer owes AVEVA any unpaid fees or has any issued and outstanding invoice(s), Customer shall pay the full amount of such unpaid fees and/or invoice(s) to AVEVA prior to purchasing Top-up Credits.
4.3. Hosting. Subject to Section 14 (Subcontractors and Data Centers) and Section 2.6.2 of the Data Processing Addendum, unless a specific hosting region is specified in an applicable Transaction Document for a Product, AVEVA shall host and provide the Product from such center(s) and location(s) as AVEVA may determine (including as may be necessary for any redundancy or backup purposes). This Cloud Services Addendum is subject to the Data Processing Addendum, which is incorporated into this Cloud Services Addendum by reference.
4.4. Disclaimer of Third-Party Products and Services. The Product may enable Customer to access, use, or purchase products and/or services from third parties (including through external websites). Any access, use, or purchase of such third-party products or services (including any content, data, information, pictures, or other materials available or provided through such third-party products or services) will be solely at Customer’s own risk and AVEVA disclaims all liability or obligation relating to the same. Any contract entered into, and any transactions completed, relating to or in connection with such third-party products or services is between Customer and the relevant third party, not AVEVA.
4.5. Modifications or Discontinuance of Content and Products. At any time, AVEVA may modify, update the features, specifications, or functionality of any Product and/or any Documentation or discontinue any of the following that is made available or accessible through a Product (other than Customer Content except as otherwise permitted by the Agreement): software, machine images, data (including, but not limited to, engineering data, models, samples, libraries, and standards), information, text, audio, video, images, or other content or material contained in the Product, Documentation, application programming interfaces, sample code, libraries, command line tools, proofs of concept, templates, and other related technology. However, modifications will not compromise the material functionality of the Product. AVEVA will use their best efforts to notify Customers of any such modifications through Release Notes. AVEVA reserves the right to “end of life” any Product in accordance with its then-current end of life policy, which is located at https://www.aveva.com/en/legal/policies-compliance/
4.6. Collection of Usage Metrics. AVEVA and its licensors may collect, and process Usage Metrics and other information relating to the provision or use of the Products (a) for AVEVA’s own internal purposes, (b) in order to ensure Customer’s compliance with the Agreement and (c) to prevent fraud.
4.7. Test and Partners Accounts.
4.7.1. Test Accounts. Subject to Customer’s compliance with all terms and conditions of the Agreement (including payment of all applicable fees), AVEVA grants to Customer a personal, non-exclusive, non-transferable limited right to access and use the Test Account, and all applications subscribed within, solely for non-production use for its internal business purposes. However, if Customer uses a Test Account for production purposes, AVEVA reserves the right to charge such Customer fees for the applicable Product. Customer shall not make the Test Account, or any applications subscribed within the Test Account, accessible or available for use by any other individual or entity unless expressly permitted by AVEVA. Customer is liable for (a) all acts or omissions (including non-compliance with terms of the Agreement) of Users, Affiliates, Permitted Third Parties, and (b) access to the Test Account by any other individuals or entities.
4.7.2. Partner Accounts. Subject to Customer’s compliance with all terms and conditions of the Agreement (including payment of all applicable fees), AVEVA grants to Customer a personal, non-exclusive, non-transferable limited right to access and use the Partner Account, and all applications subscribed within, solely for (a) supporting the development, promotion and sale of Products via AVEVA Connect and (b) non-production use for its internal business purposes. However, if Customer uses a Partner Account for production purposes, AVEVA reserves the right to charge such Customer fees for the applicable Product. Partner Accounts are exclusively reserved for AVEVA’s partners and such partners must have an active partner agreement with AVEVA in order to access a Partner Account and not be in breach of such agreement. If the partner agreement terminates or expires, then such Customer’s Partner Account will immediately terminate and will not be renewed. Customer shall not make the Partner Account, or any applications subscribed within the Partner Account, accessible or available for use by any other individual or entity unless expressly permitted by AVEVA. Customer is liable for (i) all acts or omissions (including non-compliance with terms of the Agreement) of Users, Affiliates, Permitted Third Parties, and (ii) access to the Partner Account by any other individuals or entities.
4.8. Preview Features. AVEVA may make available Preview Features to Customer solely for enabling feedback. Customer is prohibited from using Preview Features for production purposes. If Customer uses Preview Features for production purposes, AVEVA reserves the right to charge such Customer a reasonable fee. AVEVA may offer Preview Features to Customer on a discretionary basis and AVEVA reserves the right to revoke or suspend Customer’s usage of, or access to, any or all Preview Features at any time. AVEVA may grant access to Preview Features through the AVEVA Connect Account at no additional charge to Customer. Notwithstanding anything contrary in the Agreement, Customer’s use of Preview Features will be at Customer’s own risk and AVEVA offers Preview Features on an AS IS, WHERE IS, and AS AVAILABLE basis. Furthermore, AVEVA: (a) disclaims any and all liability, damages, or obligation relating Preview Features; (b) will not indemnify or defend Customer for any Claim by any third party arising from or related to Preview Features; (c) will not provide Support for Preview Features; (d) will not provide any service level commitments for Preview Features; and (e) makes no guarantee that Preview Features will be released for general availability at any time.
5. Administration and Rights of Access.
5.1. Responsibilities of Customer Authorized Officer. Customer shall provide AVEVA with written notice of any changes to the name and/or contact information of the Customer Authorized Officer as listed on the applicable Transaction Document. The responsibilities of the Customer Authorized Officer shall be:
5.1.1. Serving as Customer’s authorized representative for communicating with AVEVA; and
5.1.2. Providing AVEVA notice of any commercial decisions by Customer that affect funding of an AVEVA Connect Account or the use of Credits or Top-Up Credits;
5.2. Responsibilities of Account Administrator. Customer shall provide AVEVA with written notice of any changes to the name and/or contact information of the Account Administrator as listed on the applicable Transaction Document. The responsibilities of the Account Administrator shall be:
5.2.1. Administering the day-to-day operations of the account;
5.2.2. Inviting Users into an AVEVA Connect Account, subject to the restrictions set forth in Section 1.53 (User); and
5.2.3. Assigning any necessary User permissions in an AVEVA Connect Account.
5.3. AVEVA Access Rights. AVEVA may access the AVEVA Connect Account under the following circumstances and will not be liable for any downtime or Customer’s loss of use during such access:
5.3.1. performance of maintenance and shut-down services;
5.3.2. routine checks that the system is running in order to validate the Service Levels AVEVA is committed to;
5.3.3. update and perform any other essential services, as and when required determined solely by AVEVA; or
5.3.4. at any time when the Account Administrator is unavailable to perform its essential functions.
6. SECURITY MEASURES AND DATA PRIVACY.
6.1. Security Measures. AVEVA will implement commercially reasonable measures to secure and protect the Products, including against accidental or unlawful loss, access, or disclosure in accordance with the Data Processing Addendum.
6.2. No Joint Data Controllership. For the avoidance of doubt, the language governing joint data controllership in Section 6.1 (No Joint Data Controllership) of the GTCs is incorporated into this Cloud Services Addendum by reference.
7. SERVICE LEVEL COMMITMENT.
This Section 7 applies to service level commitments for all Products other than service level commitments for (a) Products accessed through a Partner Account or Test Account, or (b) Preview Features.
7.1. Service Levels. During the Term, the Uptime for a respective Product type (the “Uptime Commitment”) will be as specified at https://www.aveva.com/en/legal/trust/servicelevel/
7.2. If AVEVA does not meet the Uptime Commitment then, subject to Customer’s compliance with Section 7.3 (Service Credits), Customer will receive a credit toward the cost of such Product as set forth in Section 7.3 (Service Credits) (the “Service Credit”). The Uptime Commitment does not include: (a) non-availability due to scheduled or emergency maintenance of the application services or AVEVA Connect; (b) instances where AVEVA has taken Type A, B, C, or D Product, as the case may be, offline due to the security interests of its business or its customers; (c) the availability and/or uptime of any third-party software not managed or controlled by AVEVA that is provisioned by Customer to Edge Devices; and (d) any unavailability caused by a Force Majeure condition. AVEVA may change or discontinue Service Levels from time to time but will provide ninety (90) days’ prior notice to Customer before any material change to a Service Level. If the Customer objects to the change in case of a potential service degradation, reduced availability to operation critical systems or discontinuance of Service Levels, then AVEVA shall use its best efforts to address the objection through one of the following options (to be selected at AVEVA’s sole discretion):
7.2.1. AVEVA will take the corrective steps or actions requested by the Customer; or
7.2.2. AVEVA will abort its plans based on the Customer’s feedback.
7.2.3. If AVEVA is unable to address the objection through such means set forth in (i) or (ii) above, AVEVA may cease to provide, or the Customer may agree not to use (temporarily or permanently), the particular aspect of the Service or Product.
7.3. Service Credits.
7.3.1. The following Service Credits are Customer’s sole and exclusive remedy if AVEVA fails to meet the Uptime Commitment. Any Service Credit payable to Customer will be issued to Customer in the calendar month following the calendar month in which the service level failure occurred.
7.3.2. If the calendar month Uptime percentage is above the applicable Service Level minus two percent (2%) but less than the applicable Service Level, then subject to Customer’s compliance with Section 7.4 (Customer Obligations), Customer will receive a one-time credit of ten percent (10%) of the monthly fees for the affected Product due for the calendar month in which the Uptime failure occurred.
7.3.3. If the calendar month Uptime percentage is above the applicable Service Level minus five percent (5%) but less than the applicable Service Level minus two percent (2%), then subject to Customer’s compliance with Section 7.4 (Customer Obligations), Customer will receive a one-time credit of twenty percent (20%) of the monthly fees for the affected Product due for the calendar month in which the Uptime failure occurred.
7.3.4. If the calendar month Uptime percentage is less than applicable Service Level minus five (5%) then, subject to Customer’s compliance with Section 7.4 (Customer Obligations), Customer will receive a one-time credit of fifty percent (50%) of the monthly fees for the affected Product due for the calendar month in which the Uptime failure occurred. The maximum available Service Credit for failure to meet the Uptime Commitment for any given calendar month is fifty percent (50%) of the monthly fees for the affected Product for the applicable calendar month on Customer’s next invoice.
7.4. Customer Obligations. In order to receive a Service Credit, Customer must notify AVEVA via email at email@example.com within thirty (30) days of the end of the calendar month in which AVEVA failed to meet the Uptime Commitment. The notification must describe such failure in sufficient detail, to be determined in AVEVA’s reasonable discretion, and include the dates and times of any Downtime in order for AVEVA to confirm such failure. If Customer does not send timely and proper notice as set forth in this Section 7.4, then Customer waives its right to receive the Service Credit for the calendar month in which AVEVA failed to meet the Uptime Commitment.
8. CUSTOMER OBLIGATIONS AND CONTENT.
8.1. Customer Content. Customer shall obtain all rights related to Customer Content required in connection with the performance, receipt or use of the Products and hereby grants all necessary rights and permissions to enable AVEVA, its Affiliates, its subcontractors, and its Sub-processors to host, use, copy, provide, store, distribute, transmit, access, modify, display, and otherwise process the Customer Content using the Products or to fulfil AVEVA’s obligations under the Agreement, including making necessary disclosures and obtaining all licenses, permits, approvals, or consents required in connection with any Personal Data or regulated content in the Customer Content. Customer is solely responsible for the accuracy, quality, integrity, legality, reliability, and appropriateness of Customer Content. Without prejudice to the Data Processing Addendum, Customer is responsible for (a) all security vulnerabilities, and the consequences of such vulnerabilities, arising from Customer Content, including any viruses, Trojan horses, worms or other harmful programming routines contained in Customer Content, and (b) all use by Customer or Users of the Products in a manner that is inconsistent with the Agreement. To the extent Customer discloses or transmits Customer Content to a third party (including by allowing a third party to access Customer Content as a User), AVEVA is no longer responsible for the security, integrity or confidentiality of such content outside of AVEVA’s control.
8.2. Provision of Information. In order to use or access the Product, Customer must provide details as specified by AVEVA during the registration process for at least one Account Administrator. The Account Administrator can then register for User Credentials for Users for their access to the Product. User Credentials are personal, and Customer may not sell, transfer, sublicense, or otherwise assign them to any other person or entity.
8.3. Specific Customer Responsibilities. Customer is solely responsible for Customer’s and Users’ use of the Products and shall: (a) make all Users aware of and ensure Users’ compliance with the terms of the Agreement and indemnify AVEVA for any such non-compliance by Users; (b) be liable for any fees for Users who the Account Administrator has registered to the Products; (c) not allow any User Credentials to be used by more than one individual User unless it has been reassigned in its entirety to another individual, in which case the prior User shall no longer have any right to use or access the Products; (d) ensure that the use and access of the Products and provision and submission of any Customer Content does not violate any AVEVA policy, applicable Law, or the Agreement, including the AUP; (e) provide any reasonably necessary information and cooperation for AVEVA to provide the Products; (f) be responsible and liable for all activities of Users and for any use of Customer’s User Credentials and shall ensure that the User Credentials are kept confidential and secure (AVEVA will not be responsible for any unauthorized access through Customer’s User Credentials); (g) ensure that Customer Content is compatible with the application program interfaces; (h) ensure that Customer’s network and systems comply with relevant specifications and requirements that may be provided by AVEVA from time to time; (i) be solely responsible for procuring and maintaining any systems, network connections, and telecommunications links necessary to access any Products (including any application program interfaces); and (j) use commercially reasonable efforts to prevent any unauthorized use of or access to the Products (and upon becoming aware of such unauthorized use or access, promptly notify AVEVA of such use or access).
8.4. No Special or Specific Data. Unless otherwise specified in the applicable Transaction Document or Schedule for a particular Product, Customer Content may not include any sensitive or special categories of personal data that imposes specific data security, data protection obligations, or governmental regulations on AVEVA, including, but not limited to: (a) the Health Insurance Portability and Accountability Act of 1996 (HIPAA); (b) Gramm-Leach-Bliley Act of 1999 (GLB); (c) all applicable Laws and non-governmental standards protecting payment data (including Payment Card Industry Data Security Standard (PCI-DSS) and Payment Application Data Security Standard (PA-DSS)); (d) all Laws concerning the protection, transport, storage, use and processing of sensitive or special categories of personal data (including under the EU General Data Protection Regulation); and (e) all applicable Laws similar to those laws listed in subsections (a) through (d) above.
8.5. Return of Customer Content During the Term. Without prejudice to the Data Processing Addendum, Customer may request in writing during the Term that AVEVA return to Customer any Customer Content stored on the Product. Following receipt of such request, AVEVA will (at Customer’s expense) use commercially reasonable efforts to return (in AVEVA’s standard format or any other format selected by AVEVA) such Customer Content within sixty (60) days after receipt of such request.
8.6. Return of Customer Content Following Expiration or Termination. Without prejudice to the Data Processing Addendum, upon Customer’s request before the sixtieth (60th) day after the expiration or termination of the applicable Transaction Document, AVEVA will return (in AVEVA’s standard format or any other format selected by AVEVA) or remove Customer Content from the Products, except where required to retain such Customer Content in accordance with applicable Law. AVEVA may charge for certain activities performed at Customer’s request (such as delivering Customer Content in a specific format).).
8.7. Customer Content. Without limiting the generality of the definition of ‘Customer Content’ in the GTCs, the Parties acknowledge and agree that “Customer Content” will not be deemed to include the Products, the software agents, applications and tools that AVEVA makes available to Customer, the Products, the AVEVA Intellectual Property Rights, and any and all derivative works of the foregoing. However, “Customer Content” will be deemed to include any Third-Party Content that is brought by Customer into the Products by Customer’s (or any User’s) use of the Products.
8.8. Legal and Regulatory Requirements. Customer acknowledges and agrees that Customer is solely responsible for Customer’s compliance with any Laws. Customer is solely responsible for ensuring that the Product meets all requirements (whether technical, functional, legal, or otherwise) that are necessary for Customer to fulfill its compliance obligations. If the Product does not meet Customer’s requirements, then Customer should not use the Product.
8.9. Data Retention System. Customer acknowledges and agrees that the Product is not intended to act as a document or data retention system for Customer. The Product has limited capacity to store Customer’s data (including the Customer Content) and Customer must store and backup such data (including the Customer Content) in a separate system. Customer is also responsible for all individuals’ personal information or all information Customer considers confidential that is included in the Customer Content. Following the sixtieth (60th) day after the expiration or termination of the applicable Transaction Document, AVEVA shall have no further obligations to continue to hold, store, export or return the Customer Content. AVEVA will have no liability for deletion of any Customer Content in accordance with the Agreement.
9. SUSPENSION OF PRODUCTS.
9.1. Suspension Rights. AVEVA may immediately suspend or limit Customer’s or any User’s right to access or use all or any part of a Product, including any AVEVA Connect Account, with or without notice to Customer if, in AVEVA’s reasonable opinion as applicable, (a) the use of or access to such Product (i) poses a security risk to AVEVA or others or impacts the functionality of the Product, (ii) adversely impacts AVEVA’s or its licensor’s or its service provider’s systems or the Product, or (iii) adversely impacts the access to or use by AVEVA’s other customers of such Product; (b) Customer is in breach of applicable Laws; (c);Customer is in breach or violation of the Agreement, including its payment obligations; (d) directed or requested by any law enforcement or regulatory agency; or (e) a Force Majeure condition occurs. If AVEVA suspends or limits Customer’s or User’s right to access or use all or any part of a Product, including an AVEVA Connect Account, then AVEVA will use reasonable efforts to provide advance notice to Customer to the extent practicable.
9.2. Restoration of Product. If AVEVA suspends or limits any right to access or use the Product in accordance with Section 9.1 (Suspension Rights), then AVEVA will use commercially reasonable efforts to restore such access or use as soon as practicable after Customer has resolved the problem or incident giving rise to such suspension. Material Breach of Agreement. Any incident or problem that would permit AVEVA to suspend or limit any use or access rights pursuant to Section 9.1 (Suspension Rights) will be deemed to be a material breach of the Agreement.
Customer acknowledges and agrees that in no circumstance will AVEVA be liable for (a) investments, expenditures, or commitments related to the access or use of a Product, (b) AVEVA’s reliance on any information provided by an individual, entity, or other organization using Customer’s login credentials (or any User login credentials), or (c) temporary unavailability of all or parts of a Product subject to the terms with respect to the Service Levels.
11. HIGH RISK USE AND INDUSTRY AND CATEGORICAL RESTRICTIONS.
11.1. High Risk Use. THE FOLLOWING CLAUSE APPLIES ONLY TO PRODUCTS UTILIZING MICROSOFT’S SQL SERVER. The Product is not fault-tolerant and is not guaranteed to be error free or to operate uninterrupted. Unless AVEVA gives its prior written consent and is consulted regarding the specific deployment, system set-up and Product support plan, Customer has no right to use (and must not use) the Product in any application or situation where the failure of the Product could lead to death or serious bodily injury of any person, or to severe physical or environmental damage (“High Risk Use”). High Risk Use does not include utilization of the Product for administrative purposes, to store configuration data, engineering and/or configuration tools, or other applications, the failure of which would not result in death, personal injury, or severe physical or environmental damage.
11.2. Industry and Categorical Restrictions. THE FOLLOWING CLAUSE APPLIES ONLY TO AVEVA’S BOCAD AND FABTROL PRODUCTS. Customer shall not use the Product in connection with aircraft or other modes of human mass transportation, nuclear or chemical facilities, or medical life support devices unless Customer has provided full details of such proposed use to AVEVA and has received prior written approval for such use from AVEVA. In addition to Customer’s indemnification obligations set forth in Section 9.3 (Indemnification by Customer) of the GTCs, if Customer does not provide such details and receive such prior written approval, then Customer will indemnify, defend, and hold harmless AVEVA and its Affiliates for any claims or liability that results from oris related to Customer’s use of the Product in such areas.
12. AUDITS AND VERIFICATION.
12.1. Record Keeping. As part of the Products, AVEVA maintains records of Users and from where they logged on.
12.2. Verification of Use. Customer will monitor its own use of the Products and report any use in excess of the Usage Metrics to AVEVA. AVEVA may monitor and audit Customer’s use of the Products to verify compliance with the Usage Metrics and the Agreement. Any reasonable and actual costs incurred by AVEVA for such audit shall be paid by Customer if the audit results indicate usage in excess of the permitted quantities or levels by at least five percent (5%), underpayment of any fees, or breach of the Agreement.
13. SUPPORT SERVICES AND MAINTENANCE.
AVEVA will maintain and support the Product in accordance with AVEVA’s then-current maintenance and support policies.
13.1. Maintenance Schedules: AVEVA shall use commercially reasonable efforts to provide Customers with notice of any Scheduled Downtime and Emergency Downtown as set forth below:
AVEVA will endeavor to provide prior notice of any service impacting Emergency Downtime as is reasonably practicable.
14. SUBCONTRACTORS AND DATA CENTERS.
Subject to the Data Processing Addendum, AVEVA reserves the right to contract with third-party subcontractors or Affiliates to provide all or part of the Product on behalf of AVEVA and AVEVA may change or replace such subcontractors or Affiliates at any time in its sole discretion. Customer understands and agrees that AVEVA, its Affiliates, and its subcontractors may perform certain aspects of the Product, such as (but not limited to) service administration, hosting, support, and/or disaster recovery, from data centers and other facilities located throughout the world. As such, Customer acknowledges and agrees that use of the Product may result in the Customer’s data (including, but not limited to, any Customer Content) being collected, transferred, processed, and/or used in any area of the world, subject to Section 2.6 of the Data Processing Addendum.
15. DISCLAIMER OF WARRANTIES.
2.1. DISCLAIMER OF ALL OTHER WARRANTIES. FOR THE AVOIDANCE OF DOUBT, THE DISCLAIMER OF WARRANTIES SET FORTH IN SECTION 7 (DISCLAIMER OF WARRANTIES) OF THE GTCS IS INCORPORATED INTO THIS CLOUD SERVICES ADDENDUM BY REFERENCE.
16. ADDITIONAL INDEMNIFICATION.
In addition to Customer’s indemnification obligations set forth in Section 9.3 (Indemnification by Customer) of the GTCs, Customer shall defend and indemnify AVEVA Indemnitees against Claims brought against AVEVA Indemnitees by any third party arising from or related to: (a) Customer’s use of or access to Third-Party Products; (b) AVEVA’s use of or access to Customer’s software, machines, equipment, systems, information technology environment, or premises in connection with the provision of any support services; (c) Customer’s or its Affiliate’s use of the Product in connection with any High Risk Use; (d) Customer’s or its Affiliates’ failure to (i) provide the details and/or (ii) receive the prior written approvals as specified in Section 11.2 (Industry and Categorical Restrictions); and (e) Data Sharing and any Data Sharing Content therein, including any and all acts or omissions on the part of the individuals and/or non-humans (e.g., bots, sensors, chips, devices, etc.) in connection with Data Sharing..
Notwithstanding the notice provisions contained in Section 15.5 (Notices) of the GTCs, any notices or other communications required or permitted to be provided pursuant to this Agreement may be provided by AVEVA to Customer (i) on the AVEVA portal for the Product or (ii) by electronic mail to Customer’s email address on record in AVEVA’s account information records.
AVEVA DATA PROCESSING ADDENDUM
1.1. References to Personal Data, Data Subject, Data Controller, Data Processor, Processing, or Personal Data Breach shall be as defined in equivalent or substantially the same definitions under the Applicable DP Legislation.
1.2. “Applicable DP Legislation” means any applicable laws and regulation in any relevant jurisdiction relating to the data protection, data privacy, use or processing of any Personal Data under this Agreement that apply to a Party, including where applicable: (i) EU Regulation 2018/1725 ("GDPR"); (ii) any laws or regulations ratifying, implementing, adopting, supplementing or replacing such applicable laws and regulation, in each case, as updated, amended or replaced from time to time and (iii) the GDPR as incorporated into law in the United Kingdom pursuant to Section 3 of the European Union (Withdrawal) Act 2018 ("UK GDPR"), the Data Protection Act 2018 ("DPA"), the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419), or any other statute or statutory provision which modifies, consolidates, re-enacts or supersedes the GDPR following the cessation of application of European Union law to the United Kingdom as a result of the withdrawal of the United Kingdom from the European Union.
1.3. “Customer Personal Data” shall mean the Personal Data that is uploaded into the Products as Customer Content, or which is otherwise Processed by AVEVA as a Data Processor on behalf of Customer or one of its Affiliates as a Data Controller.
1.4. “Standard Contractual Clauses" or "SCC” means the standard contractual clauses approved by the European Commission in Commission Decision 2021/914 dated 4 June 2021, for transfers of personal data in countries not otherwise recognised as offering an adequate level of protection for personal data by the European Commission (as amended and updated from time to time) in the form set out in this Data Processing Addendum.
1.5. “Sub-processor” means any third party engaged by AVEVA (including any AVEVA Affiliate) to process Customer Personal Data on behalf of Customer.
2. DATA PROTECTION.
2.1. Both Parties will comply with their respective obligations under the Applicable DP Legislation as relevant to this Agreement (and where an Affiliate of a Party is the Data Controller or Data Processor, such Party shall procure that its Affiliate complies with the Applicable DP Legislation). This Data Processing Addendum is in addition to, and does not relieve, remove or replace, a Party's obligations under the Applicable DP Legislation.
2.2. The Parties acknowledge that for the purposes of the Applicable DP Legislation, the Customer is the Data Controller and AVEVA is the Data Processor in respect of the Customer Personal Data. Customer shall not require AVEVA to undertake or engage in any processing activity regarding any Personal Data provided by Customer that requires, or would result in the capacity of a Data Controller in respect of the Personal Data. The following sets out the details of the Customer Personal Data and Processing to be undertaken by AVEVA on behalf of Customer.
Processing by AVEVA
Processing by AVEVA
Processing of the Customer Personal Data pursuant to provision of the Products, Services and Support Services.
Processing by AVEVA
Nature of processing
Transfer, storage, hosting and such other processing activities that are required to provide and support the Products, and as otherwise set out in this Agreement or specified by the Customer.
Processing by AVEVA
Purpose of processing
The provision of Products, Services and Support Services to the Customer.
Processing by AVEVA
Duration of the processing
The duration of the Term (including the term of any applicable TD), or as required to make relevant Customer Personal Data available to Customer, or such other period as required by applicable law including Applicable DP Legislation, whichever is longer.
Processing by AVEVA
As necessary for performance of obligations under the Agreement or as required by applicable law including Applicable DP Legislation, whichever is longer.
Processing by AVEVA
Types of Personal Data
The Customer Personal Data (as defined above) which may include but not be limited to name, email address, phone number and job title.
Processing by AVEVA
Categories of Data Subject
The Customer’s customers, employees, suppliers and related third parties.
2.3. Without prejudice to the generality of Section 2.1, the Customer will ensure that it (or its Affiliate) has a legal basis for Processing, including all necessary and appropriate consents and notices, to enable the lawful transfer of the Personal Data to AVEVA for the duration and purposes of this Agreement.
2.4. AVEVA shall process the Customer Personal Data only on the written instructions of the Customer (as detailed in Section 2.2 above and this Agreement) unless AVEVA is otherwise required by applicable laws including Applicable DP Legislation (in which case such Processing shall be carried out upon notice to Customer, where permitted by applicable law). Confirming acceptance to these terms shall constitute the Customer’s written instructions for AVEVA to undertake the Processing detailed in this Agreement and Section 2.2. AVEVA shall not publish, disclose or divulge any Customer Personal Data to any third party (save for Sub-processors appointed pursuant to section 2.7 herein) without the Customer’s prior written consent (such approval not to be unreasonably withheld or delayed), unless communication is required by Applicable DP Legislation or by any court or other authority of competent jurisdiction, provided that and to the extent lawfully permitted before making such communication AVEVA provides notice to the Customer and such communication must not reference the Customer (unless legally required to do so).
2.5. AVEVA shall ensure that it has in place appropriate technical and organisational measures, to protect against unauthorised or unlawful Processing of Customer Personal Data and against accidental loss or destruction of, or damage to, Customer Personal Data, appropriate and proportionate to the harm that might result from the same, having regard to the state of technological development and the cost of implementing any measures which shall include the measures set out in the Appendix of this Data Processing Addendum.
2.6. Where there is a transfer of Personal Data by a data exporter from within the EEA to a data importer outside the EEA, and such transfer is not governed by an "adequacy decision", is not otherwise "subject to appropriate safeguards" and no "derogation for specific situations" applies, each within the meanings given to them in Articles 45, 46 and 49 of the GDPR respectively (an "ex-EEA Transfer"), the ex-EEA Transfer shall be governed by the SCCs which are hereby incorporated into this Agreement and executed by the parties with AVEVA as the 'Data Importer' and the Customer as the 'Data Exporter'.
2.7. Where there is a transfer of Personal Data by a data exporter from within the UK to a data importer outside the UK and such transfer is not governed by an adequacy decision made by the Secretary of State in accordance with the relevant provisions of the UK GDPR and the DPA (an "ex-UK Transfer"), then, subject to the remaining provisions of this section 2.7, the SCC shall apply to such ex-UK Transfer in the same way as set out in section 2.6for ex-EEA Transfers, save that the following amendments to the application of the SCCs for these purposes shall apply (with references in this section 2.7 to Clauses being to Clauses of the SCCs):
2.7.1. the SCCs shall be read and interpreted in the light of the provisions of the UK GDPR and the DPA, and so that they fulfil the intention for them to provide appropriate safeguards as required by Article 46 of UK GDPR;
2.7.2. the SCCs shall not be interpreted in a way that conflicts with rights and obligations provided for in the UK GDPR and the DPA;
2.7.3. the SCCs are deemed to be amended to the extent necessary so they operate:
18.104.22.168. for ex-UK Transfers made, to the extent that the UK GDPR and the DPA apply to AVEVA's processing when making that ex-UK Transfer; and
22.214.171.124. to provide appropriate safeguards for the ex-UK Transfer in accordance with Articles 46 of the UK GDPR Laws; and
2.7.4. without prejudice to the generality of sections 2.7.1, 2.7.2and 2.7.3 SCCs are amended as follows:
126.96.36.199. Clause 6 Description of the transfer(s) is replaced with: “The details of the transfers(s) and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred) are those specified in Annex I.B where the Applicable DP Legislation in the UK apply to the data exporter’s processing when making that transfer.”;
188.8.131.52. References to “Regulation (EU) 2016/679” or “that Regulation” are replaced by “UK GDPR and DPA” and references to specific Article(s) of “Regulation (EU) 2016/679” are replaced with the equivalent Article or Section of UK GDPR and DPA;
184.108.40.206. References to Regulation (EU) 2018/1725 are removed;
220.127.116.11. References to the “Union”, “EU” and “EU Member State” are all replaced with the “UK”;
18.104.22.168. Clause 13(a) and Annex I.C are not used; the “competent supervisory authority” is the ICO;
22.214.171.124. Clause 17 is replaced to state “These Clauses are governed by the laws of England and Wales”;
126.96.36.199. Clause 18 is replaced to state: “Any dispute arising from these Clauses shall be resolved by the courts of England and Wales. A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of any country in the UK. The Parties agree to submit themselves to the jurisdiction of such courts”.
2.8. AVEVA's liability under the SCC shall form part of AVEVA's liability under the GTCs, and shall be subject to any exclusions and limitations on AVEVA's liability set out in the GTCs.
2.9. If Applicable DP Legislation require the data exporter to execute the SCC applicable to a transfer of Personal Data to a data importer as a separate agreement, AVEVA shall, on written request of the Customer, promptly execute such SCC (as applicable and incorporating such amendments as may reasonably be required to reflect the details of the transfer and the requirements of the relevant Applicable DP Legislation).
2.10. If there is any conflict or ambiguity between the terms of this Data Processing Addendum and the SCC, the term contained in the SCC shall have priority (but only to the extent and in respect of the transfer, and not in respect of any other processing activity).
2.11. AVEVA shall, in relation to any Customer Personal Data Processed in connection with the performance by AVEVA of its obligations under this Agreement:
2.11.1. ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and
2.11.2. taking into account the nature of the Processing and the information available to AVEVA, assist the Customer, at the Customer's cost, in responding to any request from a Data Subject under Applicable DP Legislation and in ensuring compliance with its obligations under the Applicable DP Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators, as applicable;
2.11.3. notify the Customer without undue delay on becoming aware of a Personal Data Breach;
2.11.4. on termination of the Agreement, delete or return Customer Personal Data and copies thereof to the Customer unless required by applicable law including Applicable DP Legislation to continue to store the Customer Personal Data (in which case AVEVA shall retain the same as required by applicable law and its confidentiality obligation under this Agreement) for the Retention Period; and
2.11.5. make available to the Customer all information necessary to demonstrate AVEVA’s compliance with its obligations under this Section 2.11 and subject to AVEVA’s reasonable security procedures, business and operational requirements and AVEVA’s confidentiality obligations, allow for audits, including inspections, conducted by the Customer its supervisory authority or regulator, at Customer’s own cost and expense, upon Customer giving AVEVA prior written notice of no less than thirty (30) days of its intent to conducts such audit or inspection. For the avoidance of doubt, such audit and inspection shall only be for the purposes of determining AVEVA’s compliance with its obligations under this Data Processing Addendum.
2.12. The Customer hereby consents to AVEVA appointing third-party sub-processors of Customer Personal Data under this Agreement (“Sub-processors”), provided that:
2.12.1. (i) The Customer has provided its prior written consent for appointment of such Sub-processor; or (ii) Sub-processor is an Affiliate of AVEVA or identified AVEVA’s list of Sub-processors as specified at https://www.aveva.com/en/legal/trust/data-processing/ and as updated by AVEVA from time to time and notified to the Customer;
2.12.2. The Customer may object in writing to use of a Sub-processor, and shall describe its reasons for the objection, and may request corrective steps to be taken;
2.12.3. If the Customer objects to the use of a Sub-processor, AVEVA shall use it best efforts to address the objection through one of the following options (to be selected at AVEVA’s sole discretion): (i) AVEVA will abort its plans to use the Sub-processor for the processing of Customer Personal Data; or (ii) AVEVA will take the corrective steps requested by the Customer in its objection (which removes the Customer’s objection) and proceed to use the Sub-processor for the processing of Customer Personal Data. If AVEVA is unable to address the objection through such means, AVEVA may cease to provide, or the Customer may agree not to use (temporarily or permanently), the particular aspect of the Service or Product that would involve the use the Sub-processor for the processing of Customer Personal Data. Termination rights, as applicable and agreed in this Agreement, shall apply accordingly; and
2.12.4. AVEVA has entered into, or (as the case may be) will enter into with the third-party sub-processor a written agreement incorporating terms which are substantially similar to those set out in this Data Processing Addendum. AVEVA acknowledges and agrees that it remains liable to the Customer for any breach of the terms of this Data Processing Addendum by any Sub-processor.
Data Transfer Agreement Incorporating Standard Contractual Clauses
Module 2: Transfer Controller to Processor
CUSTOMER, as detailed in Appendix, Annex 1
(hereinafter referred to as data exporter)
AVEVA, as detailed in Appendix, Annex 1
(hereinafter referred to as data importer)
herewith agree as follows.
STANDARD CONTRACTUAL CLAUSES
Purpose and scope
(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country.
(b) The Parties:
(i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter “entity/ies”) transferring the personal data, as listed in Annex I.A. (hereinafter each “data exporter”), and
(ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A. (hereinafter each “data importer”)
have agreed to these standard contractual clauses (hereinafter: “Clauses”).
(c) These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.
(d) The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.
Effect and invariability of the Clauses
(a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46 (2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.
(b) These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.
Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:
(i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;
(ii) Clause 8.1(b), 8.9(a), (c), (d) and (e);
(iii) Clause 9(a), (c), (d) and (e);
(iv) Clause 12(a), (d) and (f);
(v) Clause 13;
(vi) Clause 15.1(c), (d) and (e);
(vii) Clause 16(e);
(viii) Clause 18(a) and (b).
(b) Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.
(a) Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.
(b) These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
(c) These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.
In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.
Description of the transfer(s)
The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.
(a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.
(b) Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.
(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.
SECTION II – OBLIGATIONS OF THE PARTIES
Data protection safeguards
The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.
(a) The data importer shall process the personal data only on documented instructions from the data exporter. The data exporter may give such instructions throughout the duration of the contract.
(b) The data importer shall immediately inform the data exporter if it is unable to follow those instructions.
8.2 Purpose limitation
The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I. B, unless on further instructions from the data exporter.
On request, the data exporter shall make a copy of these Clauses, including the Appendix as completed by the Parties, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including the measures described in Annex II and personal data, the data exporter may redact part of the text of the Appendix to these Clauses prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand the its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information. This Clause is without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.
If the data importer becomes aware that the personal data it has received is inaccurate, or has become outdated, it shall inform the data exporter without undue delay. In this case, the data importer shall cooperate with the data exporter to erase or rectify the data.
8.5 Duration of processing and erasure or return of data
Processing by the data importer shall only take place for the duration specified in Annex I.B. After the end of the provision of the processing services, the data importer shall, at the choice of the data exporter, delete all personal data processed on behalf of the data exporter and certify to the data exporter that it has done so, or return to the data exporter all personal data processed on its behalf and delete existing copies. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit return or deletion of the personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process it to the extent and for as long as required under that local law. This is without prejudice to Clause 14, in particular the requirement for the data importer under Clause 14(e) to notify the data exporter throughout the duration of the contract if it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under Clause 14(a).
8.6 Security of processing
(a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter ‘personal data breach’). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonymisation, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.
(b) The data importer shall grant access to the personal data to members of its personnel only to the extent strictly necessary for the implementation, management and monitoring of the contract. It shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
(c) In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the breach, including measures to mitigate its adverse effects. The data importer shall also notify the data exporter without undue delay after having become aware of the breach. Such notification shall contain the details of a contact point where more information can be obtained, a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), its likely consequences and the measures taken or proposed to address the breach including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide all information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.
(d) The data importer shall cooperate with and assist the data exporter to enable the data exporter to comply with its obligations under Regulation (EU) 2016/679, in particular to notify the competent supervisory authority and the affected data subjects, taking into account the nature of processing and the information available to the data importer.
8.7 Sensitive data
Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offences (hereinafter ‘sensitive data’), the data importer shall apply the specific restrictions and/or additional safeguards described in Annex I.B.
8.8 Onward transfers
The data importer shall only disclose the personal data to a third party on documented instructions from the data exporter. In addition, the data may only be disclosed to a third party located outside the European Union (in the same country as the data importer or in another third country, hereinafter ‘onward transfer’) if the third party is or agrees to be bound by these Clauses, under the appropriate Module, or if:
(i) the onward transfer is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;
(ii) the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 Regulation of (EU) 2016/679 with respect to the processing in question;
(iii) the onward transfer is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or
(iv) the onward transfer is necessary in order to protect the vital interests of the data subject or of another natural person.
Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.
8.9 Documentation and compliance
(a) The data importer shall promptly and adequately deal with enquiries from the data exporter that relate to the processing under these Clauses.
(b) The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data importer shall keep appropriate documentation on the processing activities carried out on behalf of the data exporter.
(c) The data importer shall make available to the data exporter all information necessary to demonstrate compliance with the obligations set out in these Clauses and at the data exporter’s request, allow for and contribute to audits of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non- compliance. In deciding on a review or audit, the data exporter may take into account relevant certifications held by the data importer.
(d) The data exporter may choose to conduct the audit by itself or mandate an independent auditor. Audits may include inspections at the premises or physical facilities of the data importer and shall, where appropriate, be carried out with reasonable notice.
(e) The Parties shall make the information referred to in paragraphs (b) and (c), including the results of any audits, available to the competent supervisory authority on request.
Use of sub-processors
(a) The data importer has the data exporter’s general authorisation for the engagement of sub-processor(s) from an agreed list. The data importer shall specifically inform the data exporter in writing of any intended changes to that list through the addition or replacement of sub-processors at least thirty (30) days in advance, thereby giving the data exporter sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). The data importer shall provide the data exporter with the information necessary to enable the data exporter to exercise its right to object.
(b) Where the data importer engages a sub-processor to carry out specific processing activities (on behalf of the data exporter), it shall do so by way of a written contract that provides for, in substance, the same data protection obligations as those binding the data importer under these Clauses, including in terms of third-party beneficiary rights for data subjects. The Parties agree that, by complying with this Clause, the data importer fulfils its obligations under Clause 8.8. The data importer shall ensure that the sub-processor complies with the obligations to which the data importer is subject pursuant to these Clauses.
(c) The data importer shall provide, at the data exporter’s request, a copy of such a sub-processor agreement and any subsequent amendments to the data exporter. To the extent necessary to protect business secrets or other confidential information, including personal data, the data importer may redact the text of the agreement prior to sharing a copy.
(d) The data importer shall remain fully responsible to the data exporter for the performance of the sub-processor’s obligations under its contract with the data importer. The data importer shall notify the data exporter of any failure by the sub-processor to fulfil its obligations under that contract.
(e) The data importer shall agree to a third-party beneficiary clause with the sub-processor whereby – in the event the data importer has factually disappeared, ceased to exist in law or has become insolvent – the data exporter shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.
Data subject rights
(a) The data importer shall promptly notify the data exporter of any request it has received from a data subject. It shall not respond to that request itself unless it has been authorised to do so by the data exporter.
(b) The data importer shall assist the data exporter in fulfilling its obligations to respond to data subjects’ requests for the exercise of their rights under Regulation (EU) 2016/679. In this regard, the Parties shall set out in Annex II the appropriate technical and organisational measures, taking into account the nature of the processing, by which the assistance shall be provided, as well as the scope and the extent of the assistance required.
(c) In fulfilling its obligations under paragraphs (a) and (b), the data importer shall comply with the instructions from the data exporter.
(a) The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.
(b) In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them.
(c) Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to:
(i) lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13;
(ii) refer the dispute to the competent courts within the meaning of Clause 18.
(d) The Parties accept that the data subject may be represented by a not-for-profit body, organisation or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.
(e) The data importer shall abide by a decision that is binding under the applicable EU or Member State law.
(f) The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws.
(a) Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.
(b) The data importer shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data importer or its sub-processor causes the data subject by breaching the third-party beneficiary rights under these Clauses.
(c) Notwithstanding paragraph (b), the data exporter shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data exporter or the data importer (or its sub- processor) causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter and, where the data exporter is a processor acting on behalf of a controller, to the liability of the controller under Regulation (EU) 2016/679 or Regulation (EU) 2018/1725, as applicable.
(d) The Parties agree that if the data exporter is held liable under paragraph (c) for damages caused by the data importer (or its sub-processor), it shall be entitled to claim back from the data importer that part of the compensation corresponding to the data importer’s responsibility for the damage.
(e) Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.
(f) The Parties agree that if one Party is held liable under paragraph (e), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage.
(g) The data importer may not invoke the conduct of a sub-processor to avoid its own liability.
(a) [Where the data exporter is established in an EU Member State:] The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as indicated in Annex I.C, shall act as competent supervisory authority.
[Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) and has appointed a representative pursuant to Article 27(1) of Regulation (EU) 2016/679:] The supervisory authority of the Member State in which the representative within the meaning of Article 27(1) of Regulation (EU) 2016/679 is established, as indicated in Annex I.C, shall act as competent supervisory authority.
[Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) without however having to appoint a representative pursuant to Article 27(2) of Regulation (EU) 2016/679:] The supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located, as indicated in Annex I.C, shall act as competent supervisory authority.
(b) The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.
SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES
Local laws and practices affecting compliance with the Clauses
(a) The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.
(b) The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:
(i) the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;
(ii) the laws and practices of the third country of destination– including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards;
(iii) any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.
(c) The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.
(d) The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.
(e) The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a).
(f) Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.
Obligations of the data importer in case of access by public authorities
(a) The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it:
(i) receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or
(ii) becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.
(b) If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.
(c) Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.).
(d) The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.
(e) Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.
15.2 Review of legality and data minimisation
(a) The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).
(b) The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.
(c) The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.
SECTION IV – FINAL PROVISIONS
Non-compliance with the Clauses and termination
(a) The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.
(b) In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).
(c) The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:
(i) the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;
(ii) the data importer is in substantial or persistent breach of these Clauses; or
(iii) the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.
In these cases, it shall inform the competent supervisory authority of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.
(d) Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
(e) Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.
These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third- party beneficiary rights. The Parties agree that this shall be the law of the Republic of Ireland.
Choice of forum and jurisdiction
(a) Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.
(b) The Parties agree that those shall be the courts of the Republic of Ireland
(c) A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence.
(d) The Parties agree to submit themselves to the jurisdiction of such courts.
A. LIST OF PARTIES
Data exporter(s): [Identity and contact details of the data exporter(s) and, where applicable, of its/their data protection officer and/or representative in the European Union]
1. Name: CUSTOMER
Address: As per the relevant Transaction Document
Contact person’s name, position and contact details: As per the relevant Transaction Document
Activities relevant to the data transferred under these Clauses:
Receipt of software services from Data importer
Signature and date: As per the relevant Transaction Document
Role (controller/processor): Controller
Data importer(s): [Identity and contact details of the data importer(s), including any contact person with responsibility for data protection]
2. Name: AVEVA
Address: As per the relevant Transaction Document
Contact person’s name, position and contact details:
The Data Protection Officer - firstname.lastname@example.org
Activities relevant to the data transferred under these Clauses:
Provision of Software Services to Data Exporter
Role (controller/processor): Processor
B. DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred
Employees and contractors of Data Exporter, Data Exporter’s affiliates, sub-contractors and related third parties
Categories of personal data transferred
Name, Job title or position, business email address, business telephone number, IP address
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
Nature of the processing
Collection, organisation, storage, consultation, use, dissemination and erasure of personal data in relation to the purpose.
Purpose(s) of the data transfer and further processing
Processing for provision of contractual services and ancillary purposes
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
The duration of the Processor's commercial relationship with the Controller plus any relevant limitation period required under local law
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
Processing for provision of contractual / support services during the term of the agreement with the Controller and for the relevant limitation period required under local law
C. COMPETENT SUPERVISORY AUTHORITY
The Data Protection Commissioner of the Republic of Ireland.
ANNEX II - TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.
Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.
a) backing-up the Customer Personal Data at regular intervals;
b) ensuring that AVEVA is able, to restore lost or damaged Customer Personal Data from the latest back-up;
c) not using the Customer Personal Data except as required for the performance of its obligations under the Agreement;
d) upon Customer’s written request, grant Customer access to current ISO 27001:2013 certificate and annual SAE18 SOC 2/ISAE3402 SOC (Type II) reports in respect of specific Software supplied under the Agreement (where stated to be available for that Software in the applicable Transaction Document or Software Schedule) addressing data security requirements stated in this Data Processing Addendum;
e) complying with information management procedures and safeguards based on Good Industry Practice, including those concerning the security of the Customer Personal Data. For the purpose of this Data Processing Addendum, “Good Industry Practice” means that degree of skill, care and prudence which would ordinarily be expected of a skilled and experienced supplier of software products and services of the same or a similar nature to the Products, Services and Support Services;
f) maintaining and enforcing safeguards against the destruction, loss, or alteration of Customer Personal Data that are no less rigorous than those maintained by AVEVA for its own information of a similar nature or that otherwise comply with Good Industry Practice;
g) in the event of any destruction, loss, or reduction in the accessibility or usability of Customer Personal Data which is caused by AVEVA, restoring such data using Good Industry Practice data restoration techniques;
h) taking all necessary precautions, in accordance with Good Industry Practice, to prevent any Malicious Code (as defined in the AVEVA Software and Support Addendum) affecting the Products or Services and the Customer Personal Data, including but not limited to using the latest versions of anti-malware software (including latest definitions and updates) available from an industry accepted anti-malware software vendor to check for and delete Malicious Code;
i) notifying the Customer as soon as practicable upon becoming aware of any Security Incident and providing the Customer with a detailed description of the Security Incident, the type of Customer Personal Data that is the subject of the Security Incident, the identity of any affected individuals and all other information and cooperation which the Customer may reasonably request. For the purpose of this Data Processing Addendum, “Security Incident” shall mean any incident resulting in loss, destruction or material alteration of Customer Personal Data, or unauthorized third-party access to Customer Personal Data;
j) taking immediate action, at AVEVA’s own cost, to investigate any Security Incident, to identify, prevent and mitigate the effects of such Security Incident and, with the Customer’s prior agreement, to carry out any recovery or other action necessary to remedy the Security Incident. AVEVA must ensure that any such recovery or other action does not compromise any technical information or artefacts (including, for example, logs) which would reasonably be required by the Customer to understand the Security Incident, mitigate its effects and/or prevent its recurrence;
k) not issuing, publishing or otherwise making available to any third party any press release or other communication concerning a Security Incident without the Customer's prior approval (such approval not to be unreasonably withheld or delayed), unless communication is required by Applicable DP Legislation or by any court or other authority of competent jurisdiction provided that before making such communication AVEVA to the extent lawful provides notice to the Customer that it will be making such communication and such communication must not reference the Customer (unless legally required to do so);
l) use of data centres where Customer Personal Data is stored, accessed or otherwise processed, in accordance with Good Industry Practice;
o) performing continuous service improvement and continuous monitoring of the Services used in connection with the provision of the Products and Services and promptly rectifying any security vulnerabilities identified by such testing.
LIST OF SUB-PROCESSORS
The controller has authorised the use of the sub-processors at the following link: