Last Updated: March 23, 2021
YOU MUST READ THE BELOW IN ITS ENTIRETY BEFORE PROCEEDING TO ACCESS THE INSPECTIONXPERT SERVICES. THIS AGREEMENT FORMS A BINDING CONTRACT BETWEEN YOU AND US WHEN ACCEPTED BY YOU. YOU ACCEPT THESE TERMS AND CONDITIONS OF SERVICE (THIS “AGREEMENT”) BY: (1) ACCESSING OR USING THE INSPECTIONXPERT SERVICES; (2) INDICATING ACCEPTANCE OF THESE TERMS WHEN THEY ARE PRESENTED ONLINE, SUCH AS BY CHECKING A BOX CAPTIONED WITH ACCEPTANCE LANGUAGE OR CLICKING AN ICON BEARING AN “ACCEPT” OR SIMILAR LEGEND OR BY OTHERWISE ELECTRONICALLY SIGNING THIS AGREEMENT; OR (3) EXERCISING OR PURPORTING TO EXERCISE ANY OF THE RIGHTS GRANTED TO YOU UNDER THIS AGREEMENT. THE INDIVIDUAL ACCEPTING THIS AGREEMENT ON BEHALF OF AN ENTITY REPRESENTS THAT HE OR SHE HAS AUTHORITY TO REPRESENT THE ENTITY AND CREATE A LEGALLY BINDING CONTRACT. IF YOU DO NOT AGREE TO THIS AGREEMENT OR HAVE SUCH AUTHORITY, YOU MAY NOT USE THE INSPECTIONXPERT SERVICES.
This Agreement is entered into by and between InspectionXpert Corporation, a North Carolina corporation, with offices at 1 Glenwood Avenue, 5th Floor, Raleigh, North Carolina 27603 (“InspectionXpert”) and the party who accepts the Agreement on whose behalf you accept this Agreement (individually and collectively, “Customer”), as of the date of such acceptance (the “Effective Date”). In consideration of the mutual covenants, terms and conditions set forth herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:
“Access Credentials” means any user name, identification number, password, license or security key, security token, PIN or other security code, method, technology or device used, alone or in combination, to verify an individual’s identity and authorization to access and use the Services.
“Affiliate” of a Person means any other Person that directly or indirectly, through one or more intermediaries, controls, is controlled by or is under common control with, such Person. The term “control” (including the terms “controlled by” and “under common control with”) means the direct or indirect power to direct or cause the direction of the management and policies of a Person, whether through the ownership of voting securities, by contract or otherwise.
“Authorized User” means Customer’s employees (a) who are authorized by Customer to access and use the Services under the rights granted to Customer pursuant to this Agreement; and (b) for whom access to the Services has been purchased hereunder. Unless otherwise agreed in writing, the Services are licensed on a per seat basis.
“Customer Data” means information and data that is created or displayed within or uploaded to the Services by Customer or its Authorized Users and hosted through the Services during or as part of inspection management reporting process, including text, images, photos, and other content.
“Customer Systems” means the Customer’s information technology infrastructure, including computers, software, hardware, databases, electronic systems (including database management systems) and networks, whether operated directly by Customer or through the use of third-party services.
“InspectionXpert Materials” means the Services and InspectionXpert Systems and any and all other information, data, documentation, and other content that are provided or used by InspectionXpert or any Subcontractor in connection with the Services or otherwise comprise or relate to the Services or InspectionXpert Systems. For the avoidance of doubt, InspectionXpert Materials include Usage Data and any information, data or other content derived from InspectionXpert’s monitoring of Customer’s access to or use of the Services, but do not include Customer Data.
“InspectionXpert Personnel” means all individuals involved in the performance of Services as employees, agents or independent contractors of InspectionXpert or any Subcontractor (as defined in Section 2.1).
“InspectionXpert Systems” means the information technology infrastructure used by or on behalf of InspectionXpert in performing the Services, including all computers, software, hardware, databases, electronic systems (including database management systems) and networks, whether operated directly by InspectionXpert or through the use of third-party services.
“Intellectual Property Rights” means any and all registered and unregistered rights granted, applied for or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world.
“Law” means any statute, law, ordinance, regulation, rule, code, order, constitution, treaty, common law, judgment, decree or other requirement of any federal, state, local or foreign government or political subdivision thereof, or any court or tribunal of competent jurisdiction.
“Usage Data” means data and information related to Customer’s use of the Services that is used by InspectionXpert, including to compile statistical and performance information related to the provision and operation of the Services.
“Person” means an individual, corporation, partnership, joint venture, limited liability entity, governmental authority, unincorporated organization, trust, association or other entity.
“Process”, “Processing” or “Processed” means to take any action or perform any operation or set of operations that the Services are capable of taking or performing on any data, information or other content.
“Representatives” means, with respect to a party, that party’s and its Affiliates’ employees, officers, directors, consultants, agents, independent contractors, service providers, sublicensees, subcontractors and legal advisors.
“Services” means the software-as-a-service offering described in the applicable Order Form (as defined in Section 2.1).
“Third-Party Materials” means materials and information, in any form or medium, including any open-source or other software, documents, data, content, specifications, products, equipment or components of or relating to the Services that are not proprietary to InspectionXpert.
2.1 Access and Use. Subject to and conditioned on Customer’s and its Authorized Users’ compliance with the terms and conditions of this Agreement, InspectionXpert hereby grants Customer a nonexclusive, non-transferable right to access and use the Services during the Term, solely for use by Authorized Users and in accordance with the terms and conditions herein. Such use is limited to Customer’s internal use and solely for the purpose of Customer’s internal business operations. InspectionXpert shall provide to Customer (or to its Authorized Users directly) the Access Credentials within a reasonable time following the Effective Date and promptly thereafter to new Authorized Users as requested by Customer. Customer and InspectionXpert shall specify particular InspectionXpert services, along with their applicable pricing and terms, on the online order form (each an “Order Form”) that references this Agreement. In the event of any conflict between this Agreement and an Order Form, this Agreement which control unless the applicable provision in the Order Form expressly states that it will control. InspectionXpert has and will retain sole control over the operation, provision, maintenance and management of InspectionXpert Materials and InspectionXpert reserves the right, at its sole discretion, to engage third parties (each, a “Subcontractor”) from time to assist in performing the Services.
2.2 Changes. InspectionXpert reserves the right, in its sole discretion, to make any changes to the Services and InspectionXpert Materials that it deems necessary or useful to maintain or enhance InspectionXpert’s services generally or to comply with applicable Law.
2.3 Suspension or Termination of Services. InspectionXpert may, directly or indirectly, suspend, terminate or otherwise deny Customer’s, any Authorized Users’, or any other Person’s access to or use of all or any part of the Services or InspectionXpert Materials, without incurring any resulting obligation or liability, if: (a) InspectionXpert receives a judicial or other governmental demand or order, subpoena or law enforcement request that expressly or by reasonable implication requires InspectionXpert to do so; or (b) InspectionXpert believes, in its reasonable discretion, that: (i) Customer or any Authorized User has failed to comply with any material term of this Agreement, or accessed or used the Services beyond the scope of the rights granted or for a purpose not authorized under this Agreement; (ii) Customer or any Authorized User is, has been or is likely to be involved in any fraudulent, misleading or unlawful activities relating to or in connection with any of the Services; or (iii) this Agreement expires or is terminated. This Section 2.3 does not limit any of InspectionXpert’s other rights or remedies, whether at law, in equity or under this Agreement.
4. Customer Obligations.
4.1 Customer Systems and Cooperation. Customer shall at all times during the Term: (a) set up, maintain and operate in good repair all Customer Systems on or through which the Services are accessed or used; and (b) retain sole control over the operation, maintenance and management of, and all access to and use of, the Customer Systems, and sole responsibility for all access to and use of InspectionXpert Materials by any Person by or through the Customer Systems or any other means controlled by Customer or any Authorized User, including any: (i) information, instructions or materials provided by any of them to the Services or InspectionXpert; (ii) results obtained from any use of the Services or InspectionXpert Materials; and (iii) conclusions, decisions or actions based on such use.
4.2. Corrective Action and Notice. If Customer becomes aware of any actual or threatened activity prohibited by Section 3, Customer shall, and shall cause its Authorized Users to, immediately: (a) take all reasonable and lawful measures within their respective control that are necessary to stop the activity or threatened activity and to mitigate its effects (including, where applicable, by discontinuing and preventing any unauthorized access to the Services and InspectionXpert Materials and permanently erasing from their systems and destroying any data to which any of them have gained unauthorized access); and (b) notify InspectionXpert of any such actual or threatened activity.
4.3 Limitation on Customer Data. Customer agrees that the Customer Data will not contain any financial account identifiers (e.g., credit card numbers of bank account numbers), government issued identifiers (e.g., social security and driver’s license numbers) or other types of sensitive data that is subject to specific or elevated data protection requirements such as the Gramm-Leach-Bliley Act or HIPAA (“Sensitive Personal Data”). InspectionXpert shall have no liability under this Agreement for Sensitive Personal Data, notwithstanding anything to the contrary herein.
5.1 InspectionXpert Systems and Security Obligations. InspectionXpert shall exercise commercially reasonable efforts to prevent unauthorized exposure or disclosure of Client Data, including maintaining, implementing, and complying with commercially reasonable administrative, technical, and physical safeguards. InspectionXpert shall review its security controls regularly, but no less than annually, and update and maintain them to comply with applicable Laws, technology changes and best practices. To request information about InspectionXpert’s current security practices, please contact InspectionXpert at firstname.lastname@example.org.
5.2 Customer Control and Responsibility. Customer has and will retain sole responsibility for: (a) all Customer Data, including its content and use; (b) all information, instructions and materials provided by or on behalf of Customer or any Authorized User in connection with the Services; (c) the Customer Systems; (d) the security and use of Customer’s and its Authorized Users’ Access Credentials; and (e) all access to and use of the Services and InspectionXpert Materials directly or indirectly by or through the Customer Systems or its or its Authorized Users’ Access Credentials, with or without Customer’s knowledge or consent, including all results obtained from, and all conclusions, decisions and actions based on, such access or use. Customer shall employ all physical, administrative and technical controls, screening and security procedures and other safeguards necessary to: (i) securely administer through its Customer-authorized agents the distribution and use of all Access Credentials and protect against any unauthorized access to or use of the Services by activating and deactivating Authorized User accounts within the Services; (ii) cause its Customer-authorized agents and Authorized Users to use strong password creation and protection practices and maintain strict confidentiality of their user names and passwords used for authentication to the Customer Systems; and (iii) control the content and use of Customer Data, including the uploading or other provision of Customer Data for Processing by the Services, such that the Services are used for lawful purposes that comply with all applicable federal, state and foreign privacy and data protection Laws. Customer shall ensure that its Customer-authorized agents or Authorized Users report system availability or other system issues (security or otherwise) to InspectionXpert Support by emailing support@InspectionXpert.com.
5.3 Export Control Regulations.
(a) Customer and InspectionXpert shall comply with all applicable export control laws and regulations (including, if applicable, the Arms Export Control Act, the International Traffic in Arms Regulations (“ITAR”), the Export Administration Act, and the Export Administration Regulations (“EAR”) and collectively with the ITAR, the “Export Control Regulations’)) in connection with this Agreement. If any of the technical data, software and/or technical assistance (collectively, “Controlled Materials”) to be provided to InspectionXpert by Customer, or which may be viewed by InspectionXpert personnel, are controlled under the ITAR or EAR, Customer shall obtain Customer’s prior written approval before providing any Controlled Materials to InspectionXpert or before InspectionXpert personnel view Controlled Materials. If Controlled Materials must be exchanged or viewed, the Parties shall consult with each other to ensure the Parties’ compliance with Export Control Laws.
(b) The Services are configured so that Customer may designate through the portal whether a document is subject to ITAR and constitutes Controlled Materials. Customer has the ability to set access controls to restrict access to such Controlled Materials to specific Authorized Users within Customer’s organization. Customer is solely responsible for ensuring that only its Authorized Users who are permitted by the applicable Export Control Regulations to access such Controlled Materials are given access, and Customer is solely responsibility for its Authorized Users’ compliance with the Export Control Regulations.
6. Fees and Payment.
6.1 Fees and Payment. Customer shall pay InspectionXpert the fees set forth in each Order Form (“Fees”) in accordance with this Section 6. Unless otherwise specified in the applicable Order Form, Customer shall pay all Fees, as described on the Order Form for the applicable service tier, via credit card at the time of signup, in which case Customer’s credit card will be billed immediately. If fees are invoiced, payment is due within thirty (30) days of receipt of the invoice. If the Fees are recurring over designated time periods stated on an Order Form, then payment is due prior to the start of each subscription period, and to the extent Customer pays automatically be credit card, the credit card on file will be charged at the start of each pay period. Customer shall make all payments hereunder in US dollars via credit card, check, or wire transfer to the account designated by InspectionXpert. If Customer fails to make any payment when due then, pursuant to Section 12, InspectionXpert may terminate this Agreement immediately and without liability or notice to Customer.
6.2. Auto-Renewal. To the extent you pay with a credit card, your credit card will be billed at signup. YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT (A) YOUR SUBSCRIPTION WILL AUTO-RENEW FOR ANOTHER TERM OF THE SAME LENGTH AS THE INITIAL TERM AT THE APPLICABLE TIER LEVEL, (B) INSPECTIONXPERT (OR OUR THIRD PARTY PAYMENT PROCESSOR) IS AUTHORIZED TO CHARGE YOU FOR YOUR SELECTED SUBSCRIPTION, IN ADDITION TO ANY APPLICABLE TAXES AND OTHER CHARGES, FOR AS LONG AS YOUR SUBSCRIPTION CONTINUES, AND (C) YOUR SUBSCRIPTION IS CONTINUOUS UNTIL YOU CANCEL IT OR INSPECTIONXPERT SUSPEND OR STOP PROVIDING ACCESS TO THE SITE OR SUBSCRIPTION IN ACCORDANCE WITH THESE TERMS. YOU MAY CANCEL YOUR SUBSCRIPTION ELECTRONICALLY WITHIN YOUR ACCOUNT INTERFACE IN THE SERVICES. IF CUSTOMER CANCELS BEFORE THE EXPIRATION DATE OF ITS CURRENT SUBSCRIPTION, CUSTOMER WILL NOT BE ENTITLED TO A REFUND OF ANY AMOUNTS THAT CUSTOMER HAS ALREADY PAID, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW.
6.3 Taxes. All Fees and other amounts payable by Customer under this Agreement are exclusive of taxes and similar assessments. Without limiting the foregoing, Customer is responsible for all sales, use and excise taxes and any other similar taxes, duties and charges of any kind imposed by any federal, state or local governmental or regulatory authority on any amounts payable by Customer hereunder, other than any taxes imposed on InspectionXpert’s income.
7.1 Confidential Information. In connection with this Agreement each party (as the “Disclosing Party”) may disclose or make available Confidential Information to the other party (as the “Receiving Party”). “Confidential Information” means information in any form or medium (whether oral, written, electronic or other) that the Disclosing Party considers confidential or proprietary, including information consisting of or relating to the Disclosing Party’s technology, trade secrets, know-how, business operations, plans, strategies, customers and pricing and information with respect to which the Disclosing Party has contractual or other confidentiality obligations. Without limiting the foregoing, all InspectionXpert Materials are the Confidential Information of InspectionXpert, and all Customer Data is the Confidential Information of Customer. Confidential Information does not include information that: (a) was rightfully known to the Receiving Party without restriction on use or disclosure prior to such information’s being disclosed or made available to the Receiving Party in connection with this Agreement; (b) was or becomes generally known by the public other than by the Receiving Party’s or any of its Representatives’ noncompliance with this Agreement; (c) was or is received by the Receiving Party on a nonconfidential basis from a third party that, to the Receiving Party’s knowledge, was not or is not, at the time of such receipt, under any obligation to maintain its confidentiality; or (d) the Receiving Party can demonstrate by written or other documentary records was or is independently developed by the Receiving Party without reference to or use of any Confidential Information.
7.2. Protection of Confidential Information. As a condition to being provided with any disclosure of or access to Confidential Information, the Receiving Party shall: (a) not access or use Confidential Information other than as necessary to exercise its rights or perform its obligations under and in accordance with this Agreement; (b) except as may be permitted by and subject to its compliance with Section 7.3, not disclose or permit access to Confidential Information other than to its Representatives who: (i) need to know such Confidential Information for purposes of the Receiving Party’s exercise of its rights or performance of its obligations under and in accordance with this Agreement; (ii) have been informed of the confidential nature of the Confidential Information and the Receiving Party’s obligations under this Section 7.2; and (iii) are bound by written confidentiality and restricted use obligations at least as protective of the Confidential Information as the terms set forth in this Section 7; (c) safeguard the Confidential Information from unauthorized use, access or disclosure using at least the degree of care it uses to protect its similarly sensitive information and in no event less than a reasonable degree of care; and (d) ensure its Representatives’ compliance with, and be responsible and liable for any of its Representatives’ non-compliance with, the terms of this Section 7.
7.3 Compelled Disclosures. If the Receiving Party or any of its Representatives is compelled by applicable Law to disclose any Confidential Information then, to the extent permitted by applicable Law, the Receiving Party shall: (a) promptly, and prior to such disclosure, notify the Disclosing Party in writing of such requirement so that the Disclosing Party can seek a protective order or other remedy or waive its rights under Section 7.2; and (b) provide reasonable assistance to the Disclosing Party, at the Disclosing Party’s sole cost and expense, in opposing such disclosure or seeking a protective order or other limitations on disclosure. If the Disclosing Party waives compliance or, after providing the notice and assistance required under this Section 7.3, the Receiving Party remains required by Law to disclose any Confidential Information, the Receiving Party shall disclose only that portion of the Confidential Information that the Receiving Party is legally required to disclose.
8. Intellectual Property Rights
8.1. InspectionXpert Materials. All right, title and interest in and to InspectionXpert Materials, including all Intellectual Property Rights therein, are and will remain with InspectionXpert and, with respect to Third-Party Materials, the applicable third-party providers own all right, title and interest, including all Intellectual Property Rights, in and to the Third-Party Materials. Customer has no right, license or authorization with respect to any of InspectionXpert Materials except as expressly set forth in Section 2.1 or the applicable third-party license, in each case subject to Section 3. All other rights in and to InspectionXpert Materials are expressly reserved by InspectionXpert. In furtherance of the foregoing, Customer hereby unconditionally and irrevocably grants to InspectionXpert an assignment of all right, title and interest in and to the Usage Data, including all Intellectual Property Rights relating thereto. Nothing in this Agreement grants any right, title or interest in or to (including any license under) any Intellectual Property Rights in or relating to, the Services, InspectionXpert Materials or Third-Party Materials, whether expressly, by implication, estoppel or otherwise. All right, title and interest in and to the Services, InspectionXpert Materials and the Third-Party Materials are and will remain with InspectionXpert and the respective rights holders in the Third-Party Materials. Notwithstanding anything to the contrary in this Agreement, InspectionXpert may collect and analyze Usage Data for its internal purposes, but except to the extent required by law shall only disclose the Usage Data in an aggregate and anonymized manner in connection with InspectionXpert’s business.
8.2 Customer Data; Reports. As between Customer and InspectionXpert, Customer is and will remain the sole and exclusive owner of all right, title and interest in and to all Customer Data and all reports containing Customer Data generated by Customer through the use of the Services (including AS9102 and PPAP dimensional reports (“Reports”), including all Intellectual Property Rights relating thereto, subject to the rights and permissions granted in Section 8.3.
8.3 Consent to Use Customer Data. Customer hereby irrevocably grants all such rights and permissions in or relating to Customer Data as are necessary or useful to InspectionXpert, its Subcontractors and InspectionXpert Personnel to enforce this Agreement and exercise InspectionXpert’s, its Subcontractors’ and InspectionXpert Personnel’s rights and perform InspectionXpert’s, its Subcontractors’ and InspectionXpert Personnel’s obligations hereunder.
9. Representations and Warranties.
9.1 Mutual Representations and Warranties. Each party represents and warrants to the other party that: (a) it is duly organized, validly existing and in good standing as a corporation or other entity under the Laws of the jurisdiction of its incorporation or other organization; (b) it has the full right, power and authority to enter into and perform its obligations and grant the rights, licenses, consents and authorizations it grants or is required to grant under this Agreement; (c) the execution of this Agreement by its representative has been duly authorized by all necessary corporate or organizational action of such party; and (d) when executed this Agreement will constitute the legal, valid and binding obligation of such party, enforceable against such party in accordance with its terms.
9.3 DISCLAIMER OF WARRANTIES. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN SECTION 9.1, ALL SERVICES AND INSPECTIONXPERT MATERIALS ARE PROVIDED “AS IS.” INSPECTIONXPERT SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE OR TRADE PRACTICE. WITHOUT LIMITING THE FOREGOING, INSPECTIONXPERT MAKES NO WARRANTY OF ANY KIND THAT THE SERVICES OR INSPECTIONXPERT MATERIALS, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE OR ERROR FREE. ALL THIRDPARTY MATERIALS ARE PROVIDED “AS IS” AND ANY REPRESENTATION OR WARRANTY OF OR CONCERNING ANY THIRD-PARTY MATERIALS IS STRICTLY BETWEEN CUSTOMER AND THE THIRD-PARTY OWNER OR DISTRIBUTOR OF THE THIRD-PARTY MATERIALS.
9.4 Disclaimer. InspectionXpert is not providing professional advice, including without limitation regarding Customer’s manufacturing quality or Customer’s compliance with manufacturing specifications. The Services are provided as a tool that allows users to balloon customer-provided part drawings to create inspection reports in connection with customer’s manufacturing operations. Customer is solely responsible, and shall rely on its own employees for, providing the part drawings, selecting data collection points, collecting and inputting measurements of the applicable parts, inspecting the parts, determining whether each complies with the specifications, all conclusions and results from its use of the Services, and Customer’s failure to identify and correct any inaccuracies and/or errors in the content, results, or output of the Services.
10.1 Customer Indemnification. Customer shall indemnify, defend and hold harmless InspectionXpert and its Subcontractors and Affiliates, and each of its and their respective officers, directors, employees, agents, successors and assigns (each, a “InspectionXpert Indemnitee”) from and against any and all losses, damages, deficiencies, claims, actions, judgments, settlements, interest, awards, penalties, fines, costs or expenses of whatever kind, including reasonable attorneys’ fees incurred by such InspectionXpert Indemnitee resulting from any claim, action, lawsuit, costs or actions arising from a claim by a third party (other than an Affiliate of a InspectionXpert Indemnitee) (“Claim”) that arise out of or result from, or are alleged to arise out of or result from: (a) Customer Data, including any Processing of Customer Data by or on behalf of InspectionXpert in accordance with this Agreement; (b) any other materials or information (including any documents, data, specifications, software, content or technology) provided by or on behalf of Customer or any Authorized User, including InspectionXpert’s compliance with any specifications or directions provided by or on behalf of Customer or any Authorized User to the extent prepared without any contribution by InspectionXpert; (c) allegation of facts that, if true, would constitute Customer’s breach of any of its representations, warranties, covenants or obligations under this Agreement; or (d) negligence or more culpable act or omission (including recklessness or willful misconduct) by Customer, any Authorized User or any third party on behalf of Customer or any Authorized User, in connection with this Agreement.
10.2 Indemnification Procedure. The party seeking indemnification (the “Indemnitee”) shall cooperate with the other party (the “Indemnitor”) at the Indemnitor’s sole cost and expense. The Indemnitor shall promptly assume control of the defense and shall employ counsel of its choice to handle and defend the same, at the Indemnitor’s sole cost and expense. The Indemnitee may participate in and observe the proceedings at its own cost and expense with counsel of its own choosing. The Indemnitor shall not settle any Claim on any terms or in any manner that adversely affects the rights of any Indemnitee without the Indemnitee’s prior written consent. The Indemnitee’s failure to perform any obligations under this Section 10.2 will not relieve the Indemnitor of its obligations under this Section 10, except to the extent that the Indemnitor can demonstrate that it has been materially prejudiced as a result of such failure.
11. Limitations of Liability. IN NO EVENT WILL INSPECTIONXPERT OR ANY OF ITS LICENSORS, SERVICE PROVIDERS OR SUPPLIERS BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT OR ITS SUBJECT MATTER UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY AND OTHERWISE, FOR ANY: (A) LOSS OF PRODUCTION, USE, BUSINESS, REVENUE OR PROFIT OR DIMINUTION IN VALUE; (B) IMPAIRMENT, INABILITY TO USE OR LOSS, INTERRUPTION OR DELAY OF THE SERVICES; (C) LOSS, DAMAGE, CORRUPTION OR RECOVERY OF DATA OR BREACH OF DATA OR SYSTEM SECURITY; (D) COST OF REPLACEMENT GOODS OR SERVICES; (E) LOSS OF GOODWILL OR REPUTATION; OR (F) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED OR PUNITIVE DAMAGES, REGARDLESS OF WHETHER SUCH PERSONS WERE ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE. IN NO EVENT WILL THE COLLECTIVE AGGREGATE LIABILITY OF INSPECTIONXPERT AND ITS LICENSORS, SERVICE PROVIDERS AND SUPPLIERS ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER ARISING UNDER OR RELATED TO BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR ANY OTHER LEGAL OR EQUITABLE THEORY, EXCEED THE TOTAL AMOUNTS PAID TO INSPECTIONXPERT UNDER THIS AGREEMENT IN THE TWELVE MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM. THE FOREGOING LIMITATIONS APPLY EVEN IF ANY REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
12. Term and Termination.
12.1 Term and Termination. The term of this Agreement shall be as set forth on the applicable Order Form or other agreement that incorporates this Agreement, and shall continue until the termination of the last Order Form or other agreement that incorporates this Agreement, unless terminated as permitted herein. In addition to any other express termination right set forth herein or on an applicable Order Form: InspectionXpert may terminate this Agreement immediately and without liability or notice to Customer if Customer: (i) fails to pay any amount when due or (ii) breaches any of its obligations under Section 3 or Section 5.2; or (iii) if InspectionXpert files a petition of any type as to its bankruptcy, is declared bankrupt, becomes insolvent, makes an assignment for the benefit of creditors, or goes into liquidation or receivership. Regardless of the reason for such termination, Customer shall pay for all services provided to it prior to the termination date.
12.2 Effect of Termination. Upon termination or expiration of this Agreement, Customer shall immediately discontinue access and use of the Service and destroy all username and passwords associated with such access. Customer is responsible for downloading all Customer Data and Reports prior to the termination or expiration of this Agreement. Your Customer Data will be retained for 90 days following the effective date of termination or expiration of this Agreement. If you contact InspectionXpert within 90 days of termination or expiration of .your subscription, your account will be restored along with your existing Customer Data. Your Customer Data will be deleted from InspectionXpert’s system upon your written request or after the 90 day period following termination or expiration of this Agreement.
13. Surviving Terms. The provisions set forth in the following sections, and any other right or obligation of the parties in this Agreement that, by its nature, should survive termination or expiration of this Agreement, will survive any expiration or termination of this Agreement: Sections 3, 7, 8, 9.3, 9.4 and 10-14.
14.1 Relationship of the Parties. The relationship between the parties is that of independent contractors. Nothing contained in this Agreement shall be construed as creating any agency, partnership, joint venture or other form of joint enterprise, employment or fiduciary relationship between the parties, and neither party shall have authority to contract for or bind the other party.
14.2 Public Announcements. Neither party shall issue or release any announcement, statement, press release or other publicity or marketing materials relating to this Agreement or otherwise use the other party’s trademarks, service marks, trade names, logos, domain names or other indicia of source, association or sponsorship, in each case, without the prior written consent of the other party.
14.3 Notices. You agree that all agreements, notices, disclosures, and other communications that we provide to you electronically to the email address provided when you accept this Agreement satisfy any legal requirement that such communications be in writing. All notices, requests, consents, claims, demands, waivers and other communications from you to InspectionXpert under this Agreement have binding legal effect only if in writing and addressed to InspectionXpert as follows:
To InspectionXpert by E-mail:
Email Address: email@example.com
Chief Operating Officer
To InspectionXpert by Surface Mail:
InspectionXpert Corporation, PO Box 1660
Apex, NC 27502
Attention: Chief Operating Officer
Notices sent to InspectionXpert in accordance with this Section 14.3 will be deemed effectively given: (i) when received, if delivered by hand, with signed confirmation of receipt; (ii) when received, if sent by a nationally recognized overnight courier, signature required; (iii) when sent, if by e-mail, in each case, with confirmation of transmission, if sent during the addressee’s normal business hours, and on the next business day, if sent after the addressee’s normal business hours; and (iv) on the third day after the date mailed by certified or registered mail, return receipt requested, postage prepaid.
14.4 Headings. The headings in this Agreement are for reference only and do not affect the interpretation of this Agreement.
14.5 Entire Agreement. This Agreement, together with the applicable Order Form, constitutes the sole and entire agreement of the parties with respect to the subject matter of this Agreement and supersedes all prior and contemporaneous understandings, agreements, representations and warranties, both written and oral, with respect to such subject matter.
14.6 Assignment. Customer shall not assign or otherwise transfer any of its rights, or delegate or otherwise transfer any of its obligations or performance under this Agreement, in each case whether voluntarily, involuntarily, by operation of law or otherwise, without InspectionXpert’s prior written consent. No assignment, delegation or transfer will relieve Customer of any of its obligations or performance under this Agreement. Any purported assignment, delegation or transfer in violation of this Section 14.6 is void. This Agreement is binding upon and inures to the benefit of the parties hereto and their respective successors and permitted assigns.
14.7 No Third-Party Beneficiaries. Except as set forth in Section 10, this Agreement is for the sole benefit of the parties hereto and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer upon any other Person any legal or equitable right, benefit or remedy of any nature whatsoever under or by reason of this Agreement.
14.8 Amendment and Modification; Waiver. No amendment to or modification of this Agreement is effective unless it is in writing and signed by each party. No waiver by any party of any of the provisions hereof shall be effective unless explicitly set forth in writing and signed by the party so waiving. Except as otherwise set forth in this Agreement, no failure to exercise or delay in exercising, any rights, remedy, power or privilege arising from this Agreement will operate or be construed as a waiver thereof; nor shall any single or partial exercise of any right, remedy, power or privilege hereunder preclude any other or further exercise thereof or the exercise of any other right, remedy, power or privilege.
14.9 Severability. If any term or provision of this Agreement is invalid, illegal or unenforceable in any jurisdiction, such invalidity, illegality or unenforceability shall not affect any other term or provision of this Agreement or invalidate or render unenforceable such term or provision in any other jurisdiction. Upon such determination that any term or other provision is invalid, illegal or unenforceable, the parties hereto shall negotiate in good faith to modify this Agreement so as to effect the original intent of the parties as closely as possible in a mutually acceptable manner in order that the transactions contemplated hereby be consummated as originally contemplated to the greatest extent possible.
14.10. Governing Law; Submission to Jurisdiction. This Agreement is governed by and construed in accordance with the internal laws of the State of North Carolina, including its statutes of limitations, without giving effect to any choice or conflict of law provision or rule that would require or permit the application of the laws of any jurisdiction other than those of the State of North Carolina. Any legal suit, action or proceeding arising out of or related to this Agreement or the licenses granted hereunder will be instituted exclusively in the federal courts of the United States or the courts of the State of North Carolina in each case located in the city of Raleigh and County of Wake, North Carolina, and each party irrevocably submits to the exclusive jurisdiction of such courts in any such suit, action or proceeding. Service of process, summons, notice or other document by mail to InspectionXpert’s address set forth herein or to the mailing address you provide when you register for the Services shall be effective service of process for any suit, action or other proceeding brought in any such court.
Customer Data Processing Addendum
This Customer Data Processing Addendum (“Addendum”) amends and forms part of the InspectionXpert Terms and Conditions of Service or other written agreement (“Agreement”) executed between Customer InspectionXpert and shall be effective as of the Effective Date of the Agreement. Unless otherwise defined in this Addendum, capitalized terms will have the meanings set forth in the Agreement.
1. PROCESSING OF DATA
1.1 As between Customer and InspectionXpert, Customer is the Controller of Personal Data and InspectionXpert is the Processor of Personal Data (each of Customer and InspectionXpert may be referred to herein as “Controller” and “Processor,” respectively). Further details of the Processing activities to be performed by Processor are described on the attached Attachment 1 (Details of Processing of Data), incorporated herein by reference.
1.2 Processor will Process Data only as reasonably necessary for the provision of Services and consistent with the Agreement, or otherwise in accordance with the terms and conditions set forth in this Addendum and any other documented and agreed-upon lawful instructions provided by Customer to Processor hereunder, unless Processing is required by applicable law, in which case InspectionXpert shall to the extent permitted by applicable law inform Customer of that legal requirement before the relevant Processing. InspectionXpert shall not otherwise retain, use, or disclose Personal Data for any purpose other than for the specific purpose of performing the Services as described in the Agreement, including retaining, using, or disclosing Personal Data for a commercial purpose other than providing the Services. InspectionXpert shall ensure that any person who is authorized by InspectionXpert to Process Personal Data (including its staff, agents, and subcontractors) shall be under an appropriate obligation of confidentiality.
1.3 Customer agrees that (i) it shall comply with its obligations as a Controller under Data Protection Laws in respect of its Processing of Personal Data and any Processing instructions it issues to InspectionXpert; and (ii) it has provided notice and obtained all consents and rights necessary under Data Protection Laws for InspectionXpert to Process Personal Data and provide the Services as described in the Agreement. Customer shall ensure that Customer is entitled to transfer the relevant Personal Data to InspectionXpert so that InspectionXpert may lawfully use, process, and transfer the Personal Data in accordance with the Agreement on the Customer’s behalf. Customer shall immediately notify InspectionXpert and cease Processing Personal Data in the event any required authorization or legal basis for Processing is revoked or terminates. InspectionXpert will not be liable for any claim brought against InspectionXpert arising from any action or omission by InspectionXpert to the extent that such action or omission resulted directly from Customer’s instructions or any failure of Customer to comply with this Addendum.
2. DATA SECURITY
Each party shall take appropriate technical and organizational measures against unauthorized or unlawful Processing of Personal Data or its accidental loss, destruction, or damage. InspectionXpert shall implement and maintain commercially reasonable technical and organizational security measures designed to protect Personal Data from Data Breaches, to help ensure the ongoing confidentiality, integrity, and availability of the Personal Data and Processing systems, in accordance with InspectionXpert’s security standards, including, as appropriate, the measures referred to in Article 32 of the GDPR. Notwithstanding the above, Customer agrees that it is responsible for its secure use of the Services, including securing its account authentication credentials, protecting the security of Personal Data when in transit, and taking any appropriate steps to securely encrypt or backup Personal Data, as well as the security obligations outlined in the Agreement.
Customer hereby authorizes InspectionXpert to engage Sub-processors to Process Personal Data on Customer's behalf, including the Sub-processors currently engaged by InspectionXpert. Consistent with Data Protection Laws, InspectionXpert shall: (i) take commercially reasonable measures to ensure that Sub-processors have the requisite capabilities to Process Personal Data in accordance with this Addendum; (ii) enter into a written agreement with each Sub-processor that requires the Sub-processor to protect the Personal Data to the same standard required by this Addendum; and (iii) remain responsible for its compliance with the obligations of this Addendum and for any acts or omissions of the Sub-processor that cause InspectionXpert to breach any of its obligations under this Addendum. InspectionXpert will notify Customer in the event that it intends to engage different or additional Sub-processors that will Process Personal Data pursuant to this Addendum, which may be done by email or posting on a website identified by InspectionXpert to Customer. Customer must raise any objection to posted Sub-processors within five (5) calendar days of the posted update. Customer’s objection shall only be effective if submitted to InspectionXpert in writing, specifically describing Customer’s reasonable belief that InspectionXpert’s proposed use of the Sub-processor(s) will materially, adversely affect Customer’s compliance with GDPR. In any such case, the parties will make reasonable efforts to reconcile the matter. In the event Customer’s concern cannot be resolved, InspectionXpert may terminate the Agreement with no penalty and Customer shall immediately pay all fees and costs then owing and incurred by InspectionXpert as a result of termination.
4.1 Upon Customer’s written request, InspectionXpert shall (a) provide commercially reasonable cooperation to assist Customer in its response to any requests from data protection authorities with authority relating to the Processing of Personal Data under the Agreement and this Addendum. In the event that any such request is made directly to InspectionXpert, InspectionXpert shall not respond to such communication directly without Customer's prior authorization, unless legally compelled to do so. If InspectionXpert is required to respond to such a request, InspectionXpert shall promptly notify Customer and provide it with a copy of the request unless legally prohibited from doing so; and (b) provide Customer with reasonable cooperation and assistance as needed to fulfil Customer’s obligation under GDPR to carry out a data protection impact assessment related to Customer’s use of the Services, to the extent Customer does not otherwise have access to the relevant information, and to the extent such information is available to InspectionXpert. InspectionXpert shall further provide reasonable assistance to Customer in the cooperation or prior consultation with the supervisory authority in the performance of its tasks, to the extent required under GDPR.
4.2 If a law enforcement or other governmental agency sends InspectionXpert a request or other lawful process for Personal Data (for example, a subpoena or court order), InspectionXpert may attempt to redirect the agency to request that data directly from Customer. As part of this effort, InspectionXpert may provide Customer’s basic contact information to the law enforcement agency. If compelled to disclose Personal Data to a law enforcement agency, then InspectionXpert shall give Customer reasonable notice of the demand to allow Customer to seek a protective order or other appropriate remedy unless InspectionXpert is legally prohibited from doing so.
4.3 To the extent Customer, in its use or receipt of the Services, does not have the ability to correct, amend, block or delete Personal Data as required by Data Protection Laws, then at Customer’s written direction Processor shall provide commercially reasonable assistance to Customer with any commercially reasonable request by Customer to facilitate such actions to the extent Processor is legally permitted to do so. To the extent legally permitted, InspectionXpert shall notify Customer if it receives a request from an individual data subject for access to, correction, amendment or deletion of that person’s Personal Data, or a request to restrict Processing. InspectionXpert shall provide Customer with commercially reasonable cooperation and assistance in relation to handling of a data subject’s request, to the extent legally permitted and to the extent Customer does not have the ability to address the request independently.
5. DATA BREACH NOTICE
Each party shall notify the other party without undue delay after becoming aware of any Data Breach. The notifying party shall make reasonable efforts to identify the cause of the Data Breach and shall undertake such steps as the notifying party deems necessary and reasonable to remediate the cause of such Data Breach. The notifying party shall provide information related to the Data Breach to the other party in a timely fashion and as reasonably necessary for the receiving party to maintain compliance with the Data Protection Laws.
6. INTERNATIONAL TRANSFERS OF DATA Customer consents to the processing or transfer of Personal Data to the third countries and international organizations outside the EEA that are not recognized by the European Commission as providing an adequate level of protection for Personal Data, as set forth in Section 5 of Attachment 1. Unless another valid transfer mechanism exists for such transfers which satisfies the GDPR, such transfers shall be governed by the Standard Contractual Clauses (Processors) set out on the attached Attachment 2, incorporated herein by reference, which shall be deemed to be executed by the parties upon execution of this Addendum. For avoidance of doubt, the Standard Contractual Clauses apply only to Personal Data that is transferred from the EEA or Switzerland to outside the EEA or Switzerland, either directly or via onward transfer, to any third countries and international organizations outside the EEA that are not recognized by the European Commission as providing an adequate level of protection for Personal Data. The Standard Contractual Clauses will not apply to Personal Data that is not transferred, either directly or via onward transfer, outside the EEA, or if an alternative recognized compliance standard for the lawful transfer of Personal Data outside the EEA was met. For purposes of the Standard Contractual Clauses, Customer shall be deemed “Data Exporter.” The parties will cooperate in good faith to amend the Standard Contractual Clauses in response to legal or regulatory changes impacting the terms of such clauses. Each party’s signature to this Addendum shall be considered a signature to the standard contractual clauses (including the appendices).
7. AUDIT RIGHTS
Upon Customer’s request, and subject to the confidentiality obligations in the Agreement, Processor shall, within a reasonable period following such request, make available to Customer (or Customer’s independent, third-party auditor) information regarding Processor’s compliance with the obligations set forth in this Addendum in the form of the third-party certifications or summary audit reports. To the extent not otherwise possible to satisfy an audit obligation mandated by Data Protection Laws, Customer may contact Processor in accordance with the Notice provision in Section 9 of this Addendum to request an onsite audit of the procedures relevant to the protection of Data that is subject to the terms of this Addendum. Before the commencement of any such onsite audit, Customer and Processor shall mutually agree upon the scope, timing, and duration of the audit. Customer shall promptly notify Processor of any information regarding non-compliance discovered during the course of an audit. All audits will be at Customer’s sole expense. Notwithstanding the foregoing, InspectionXpert will not be required to disclose any proprietary or privileged information to Customer or an agent or vendor of Customer in connection with any audit or inspection undertaken pursuant to this Addendum.
8. RETURN OR DELETION OF PERSONAL DATA
Upon completion of the Services or the expiration or termination of the Agreement, Processor will, at Customer’s discretion: (a) return all Data Processed under or in connection with this Agreement to Customer; or (b) securely delete and destroy all Data in the possession or control of Processor and upon request of Customer, certify in writing that such deletion and destruction has occurred, in each case unless otherwise required by applicable law.
This Addendum shall continue in full force until termination or expiration of the Agreement. Processor acknowledges and agrees that, notwithstanding the termination or expiration of the Agreement for any reason, the obligations in this Addendum shall continue for so long as any Personal Data remains in Processor’s custody or control, or Processor (or any permitted Subprocessor) otherwise processes Data under or in connection with the Agreement. This Addendum is made an integral part of and incorporated by reference into, the Agreement. With respect to the subject matter of this Addendum, in the event of a conflict between the terms of this Addendum and the Agreement, the terms of this Addendum shall control. For avoidance of doubt, the liability of each party under or in connection with this Addendum shall be subject to the exclusions and limitations of liability set out in the Agreement. Except as may be otherwise provided pursuant to the Standard Contractual Clauses, no one other than a party to this Addendum, its successors and permitted assignees shall have any right to enforce any of its terms. Unless otherwise required by the Standard Contractual Clauses or other data transfer requirements, this Addendum will be subject to the governing law identified in the Agreement without giving effect to conflict of laws principles. All notices under this Addendum will be provided in accordance with Section 14.3 of the Agreement. This Addendum may be entered into by the parties in any number of counterparts. Each counterpart will, when executed and delivered, be regarded as an original, and all the counterparts will together constitute one and the same instrument.
“CCPA” means the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq.
“Controller” means an entity that determines the purposes and means of the Processing of Personal Data.
“Data Breach” means any breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data Processed by InspectionXpert or a Sub-processor.
“Data Protection Laws” means all data protection and privacy laws applicable each party’s respective activities involving the Processing of Personal Data under this Addendum, including, where applicable, GDPR and CCPA.
“EEA” means, for the purposes of this Addendum, the European Economic Area, United Kingdom and Switzerland.
“GDPR” means Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation) and any member state law implementing the same.
“Personal Data” means any information relating to an identified or identifiable natural person that is (i) included in Customer Data that InspectionXpert Processes on behalf of Customer in the course of providing the Services; and (ii) subject to the Data Protection Laws.
“Processor” means an entity that Processes Personal Data on behalf of a Controller.
“Processing” has the meaning given to it in the GDPR and “process,” “processes” and “processed” shall be interpreted accordingly.
“Services” means the Services as described in the Agreement.
“Standard Contractual Clauses” means the standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC pursuant to the European Commission Decision of 5 February 2010 and attached to this Addendum as Annex 1.
“Sub-processor” means any Processor engaged by InspectionXpert to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement.
DETAILS OF PROCESSING
Section 1: Subject Matter and Duration of the Processing of Data
The subject matter and duration of the Processing of Data are set out in the Agreement and this Addendum.
Section 2: Nature and Purpose of the Processing of Data
The purpose(s) of the Processing of Data to be carried out by Processor for Controller under or in connection with the Agreement is as follows: To provide cloud-based inspection management software and services for use between businesses.
Section 3: Types of Data to be Processed
Controller may submit Personal Data to the Services, the extent to which is determined and controlled by Controller, and may include but it not limited to, the following categories of Personal Data:
● Job Title/Profession
● First and Last Name
● Email Address
● Phone Number
● Ship-to Address
● IP Address
● Browser Cookies
● Session ID
● User Session Activity
Section 4: Categories of Data Subject to Whom the Data Relates
Controller may submit Personal Data to the Services, the extent to which is determined and controlled by Controller, and may include but it not limited to Personal Data relating to the following categories of Data Subjects:
Controller’s users use the platform in their capacity as employees or representatives of Controller’s business, to generate business reports and summaries on behalf of Controller.
Section 5: International Transfers
Processor may transfer Data to the following countries outside of the EEA:
United States – Services are provided from the United States.
Standard Contractual Clauses (processors)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection
The entity identified as “Customer” in the DPA (the “data exporter”)
InspectionXpert Corporation, 1 Glenwood Avenue, 5th Floor, Raleigh, North Carolina, United States (the “data importer”)
each a “party”; together “the parties”,
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
For the purposes of the Clauses:
(a) 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
(b) 'the data exporter' means the controller who transfers the personal data;
(c) 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
(d) 'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) 'technical and organisational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in the Processing Appendix which forms an integral part of the Clauses.
Third-party beneficiary clause
1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
Obligations of the data importer
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorised access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
Mediation and jurisdiction
1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.
2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Cooperation with supervisory authorities
1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.
2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.
Obligation after the termination of personal data processing services
1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES
The data exporter is the entity identified as “Customer” or “Controller” in this Addendum.
The data importer is InspectionXpert, a provider of cloud-based inspection management software and services for use between businesses.
Data subjects are defined in Section 4 of Attachment 1 of this Addendum.
Categories of data
The personal data is defined in Section 3 of Attachment 1 of this Addendum.
The personal data transferred will be subject to the following basic processing activities (please specify): The processing operations are defined in Section 2 of Attachment 1 of this Addendum.
APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES
This Appendix forms part of the Clauses and must be completed and signed by the parties. By agreeing to the Agreement, the parties will be determined to have agreed to this Appendix 2.
Processor has implemented and will maintain the following technical and organizational security measures for the Processing of Personal Data:
InspectionXpert’s software-as-a-service platform services are hosted by Amazon Web Services (AWS), with its security program implemented according to AWS’s Shared Security Model. Personal Data through the platform is encrypted at rest using AES cryptographic algorithm in Galois/Counter Mode (GCM) with 256-bit secret keys, and data in transit through the platform is encrypted via 256-bit AES session keys for TLS encryption. InspectionXpert employs 24 x 7 monitoring systems at the application and infrastructure layers to monitor performance, availability, capacity, and security of the cloud-native platform. InspectionXpert’s in-house security team manages security, risk-management, and compliance services. Additionally, 3rd-party cybersecurity firms may be used to provide specialized services like penetration testing.