Master Service Agreement
This Master Service Agreement (this “Agreement”) constitutes a binding contract between DoControl Inc. ("we", "us", "our" or "DoControl"), and the customer (“Customer”) identified in the Service Entitlement (as defined below), to which this Agreement is appended.
WHEREAS, DoControl develops and operates a solution providing businesses a modern security layer enforcing advanced security features on the multiple third party SaaS Applications they use, regardless of each SaaS application’s underlying capabilities (the “Service”); and WHEREAS Customer is interested in using the Service internally within Customer’s organization. NOW THEREFORE, in consideration of the mutual covenants hereinafter, by Customer signing an Insertion Order or enrolling online to the Service and assenting to this Agreement, the Parties agree as follows:
1.1. “Applications” means those SaaS-based third-party web applications and online services used by the organization and which the Customer has configured to interconnect with the Service, such as, by way of example only, Dropbox, OneDrive.
1.2. “Feedback” means information or content concerning enhancements, changes or additions to the Service or other DoControl offerings, that are requested, desired or suggested by the Customer or its Users.
1.3. “Output Data” means the various reports, alerts, analytics, recommendations, notices, and other types of information and data that the Service may generate, provide or make available to Customer.
1.4.“Contextual Data” means information: (a) that identifies or depicts the Customer’s content that is controlled or monitored through the Service, such as, by way of example only, file names; or (b) that identifies individuals who have a bearing to the Customer’s content that is controlled or monitored through the Service, such as, by way of example only, sender or recipient name, user name or email address.
1.5. "Service Data” means the data collected and processed in the course of providing the Service about the Customer’s use of the Service, performance of the Service, its compatibility and interoperability, but excluding Contextual Data.
1.6. “Service Entitlement” means either the insertion order Customer has signed, or the enrollment plan Customer has selected and agreed to online, in each case specifying, among others, the Customer’s details, the fees applicable to this Agreement, the Service usage metrics and parameters and limitations for the Customer and the particulars of any support and maintenance scheme for the Service. Such Service Entitlement is incorporated by reference to this Agreement, and constitutes an integral part of it.
1.7. “Term” means the period of this Agreement as specified in Section 12 below.
1.8. “Users” means those employees, consultants and agents that Customer designates to use and deal with the Service.
2. Access to the Service
2.1. Subject to the provisions this Agreement, DoControl grants Customer a non-exclusive, non-transferable, non-sub-licenseable, limited, revocable right for Customer's Users who are permitted to access the Services by Customer to access to use the Service (as specified an detailed in section 3 below) during the Term, internally within the Customer’s organization, pursuant to the usage parameters, limits and metrics specified in the Service Entitlement and any other instructions and technical documentation provided by DoControl from time to time ("Documentation"). Customer hereby grants DoControl, during the Term, a non-exclusive, royalty-free, worldwide license to use, reproduce, and prepare derivative works of all Contextual Data and Output Data, solely to permit DoControl to perform the Services as contemplated hereunder, all subject to DoControl’s compliance with applicable law.
2.2. Customer must ensure that all its Users fully comply with this Agreement. Customer shall be liable to DoControl for all acts or omissions of those that use and deal with the Service on its behalf, as though Customer had performed those acts or omissions.
2.3. DoControl may track and analyze the use of the Services, including by using an application user and on-going monitoring of system logs, for security, quality assurance and support purposes. DoControl takes appropriate measures to ensure that such tracking is limited strictly to the purpose above and is closely monitored.
3. Responsibilities, Authorizations and Applications
3.1. The Customer is exclusively responsible for defining its desired security preferences on the Service, such as data retention policy and temporary sharing policy, (the “Policies”). DoControl shall have no liability whatsoever for any consequences of Customer defining or not defining Policies.
3.2. Customer instructs and authorizes DoControl to interconnect the Service with the Applications, using the credentials that the Customer specifically provides, configures and confirms for this purpose through the Service’s user interface (“Authorizations”). Customer acknowledges that DoControl will use the Authorizations in order to implement Customer’s Policies by transmitting commands and instructions to the Applications. Customer warrants to DoControl that it is lawfully permitted to provide the Authorizations to DoControl.
3.3. The Customer acknowledges that the Applications are owned and operated by third-party providers, not DoControl. DoControl makes no warranties whatsoever regarding the quality, features, performance or security capabilities of the Applications. DoControl does not warrant represent, endorse, support or guarantee the completeness, truthfulness, accuracy, reliability, performance, fitness for purpose or any other attributes of any of the Applications, nor shall DoControl be responsible for reviewing or attempting to verify the accuracy or currency of any of the Applications. Customer acknowledges that: (a) Customer and/or its Users may be required to enter into certain agreements with the owner(s) or licensor(s) of the Applications; and (b) in the event the relevant agreements are not entered into, Customer and/or its Users may be unable to access: (i) the Applications; and/or (ii) any or all of those elements of the Service that permits or enables Customer and/or its Users to search for, find, store, manage, access or use such Application. To the fullest extent permitted by law, Customer expressly disclaims any and all express or implied terms of any nature relating to the Applications. As between Customer and DoControl, Customer is solely responsible for: (a) any Applications installed in, used with or accessed via the Services; (b) determining the suitability of any of the Applications for its intended use by Customer; and (c) as necessary for its intended use, verifying the authenticity and accuracy of the Application prior to using it.
3.4. Customer undertakes to use the Services, all related software, and Documentation provided by DoControl in compliance with all applicable laws and regulations, including but not limited to applicable data security and privacy laws. Customer represents and warrants that no third party agreement prevents it from using the Services, all related software, and Documentation as contemplated hereunder.
3.5. Customer and its Users shall not: (i) sublicense, transfer and/or assign the Service or any part thereof to any third party, or allow any third parties to use the Service; (ii) remove, or in any manner alter, any product identification, proprietary, trademark, copyright or other notices contained in the Service or Documentation; (iii) work around any technical limitations of the Service or use any tool to enable features or functionalities that are otherwise disabled, inaccessible or undocumented in the Service; (iv) breach the security of the Service, identify, probe or scan any security vulnerabilities in the Service; (v) use robots, crawlers and similar applications to scrape, harvest, collect or compile content from or through the Service; (vi) enhance, supplement, modify, adapt, decompile, disseminate, disassemble, recreate, generate, reverse assemble, reverse compile, reverse engineer, or otherwise attempt to identify the underlying source code of the Service; (vii) not copy any features, functions or graphics of the Services or Documentation, or create derivative works of the Services, or use the Service in order to develop or create (or permit others to develop or create) a product or service similar or competitive to the Service; (viii) not represent that it possesses any proprietary interest in the Service, Documentation or any part or derivative thereof; (ix) not directly or indirectly, take any action to contest DoControl's intellectual property rights or infringe them in any way; or (x) except as specifically permitted in writing by DoControl, not use the name, trademarks, trade-names, and logos of DoControl, or take any action, directly or indirectly, to register DoControl's trademarks, copyrights or domain names (or any variation of the foregoing), in its own name, and shall provide commercially reasonable assistance to DoControl to prevent the occurrence of such activity by any third parties.
4. Intellectual Property
4.1. The Service, Documentation and any part thereof, including any and all derivatives, changes and improvements thereof, are a proprietary offering of DoControl, protected under copyright laws and
4.2. Customer may provide DoControl with Feedback, including information pertaining to bugs, errors and malfunctions of the Service, performance of the Service, the Service’s compatibility and interoperability, and information or content concerning enhancements, changes or additions to the Service that Customer requests, desires or suggests. Customer hereby assigns all right, title and interest in and to the Feedback to DoControl, including the right to make commercial use thereof, for any purpose DoControl deems appropriate, on a strictly anonymized and non-identifiable basis.
4.3. Except as provided herein with respect to Customer’s Output Data and Customer’s limited access to use the Service according to this Agreement, this Agreement does not grant or assigns to Customer, any other license, right, title, or interest in or to the Service and Output Data or the intellectual property rights associated with them. All rights, title and interest, including copyrights, patents, trademarks, trade names, trade secrets and other intellectual property rights, and any goodwill associated therewith, in and to the Service or any part thereof, including computer code, graphic design, layout and the user interfaces of the Service, whether or not based on or resulting from Feedback, but excluding Contextual Data, are and will remain at all times, owned by, or licensed, to DoControl.
4.4. WE DO NOT CLAIM OWNERSHIP OVER CONTEXTUAL DATA. WHEN YOUR USE OF THE SERVICE INVOLVES CONTEXTUAL DATA, YOU REPRESENT AND WARRANT TO US THAT YOU ARE LAWFULLY PERMITTED TO HAVE US PROCESS THE CONTEXTUAL DATA FOR THE PROVISION OF THE SERVICE TO YOU.
5.5. Subject to Customer’s written consent, and notwithstanding anything to the contrary herein, DoControl may identify Customer as a customer and indicate Customer as a user of the Service on its website and in other online or offline marketing materials and press releases. Customer hereby grants DoControl a worldwide, non-exclusive, non-transferable, royalty-free and free of charge, license, to use Customer’s name, logo, and website URL on its website and in other online or offline marketing materials relating to the Service. DoControl will use this content strictly in accordance with any usage guidelines sent by Customer in advance.
5.1. ”Confidential Information” shall mean any and all information disclosed by one party (”Disclosing Party”) to the other (”Receiving Party”) regarding past, present, or future marketing and business plans, customer lists, lists of prospective customers, technical, financial or other proprietary or confidential information of the Disclosing Party, formulae, concepts, discoveries, data, designs, ideas, inventions, methods, models, research plans, procedures, designs, formulations, processes, specifications and techniques, prototypes, samples, analyses, computer programs, trade secrets, data, methodologies, techniques, non-published patent applications and any other data or information, as well as improvements and know-how related thereto, whether disclosed orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential or proprietary given the nature of the information and/or the circumstances of its disclosure.
5.2. Contextual Data and Output Data are considered Customer’s Confidential Information and Service Data is considered DoControl’s Confidential Information.
5.3. Each Party herein must hold any Confidential Information in confidence using the same degree of care, but in no case less than a reasonable degree of care, that it uses to prevent the unauthorized dissemination or publication of its own confidential information. Receiving Party may use this Confidential Information only for the purpose of performing its obligations under this Agreement.
5.4. The obligations set forth in this section shall not apply to information that: (i) is now or subsequently becomes generally available in the public domain through no fault or breach on Receiving Party's part; (ii) Receiving Party can demonstrate in its prior established records to have had rightfully in Receiving Party's possession prior to disclosure of the same by the Disclosing Party; (iii) Receiving Party can demonstrate by written records that it had rightfully obtained the same from a third party who has the right to transfer or disclose it, without default or breach of confidentiality obligations; (iv) Disclosing Party has provided its prior written approval for disclosure.
5.5. Notwithstanding the foregoing, Confidential Information may be disclosed pursuant to a binding order or request by court or other governmental authority, or a binding provision of applicable law, provided that, to the extent permissible, (i) Receiving Party provide the Disclosing Party notice of the requested disclosure as soon as practicable, to allow the Disclosing Party, if it so chooses, to seek an appropriate protective or preventive order; and (ii) Receiving Party will disclose only such information as is legally required and will use reasonable efforts to obtain confidential treatment for any Confidential Information that is so disclosed.
6. Data Protection and Privacy
6.1. Customer acknowledges and agrees that DoControl itself or trusted third-parties (such as Application providers) may handle and use the data as follows: (i) DoControl may use the Contextual Data and the Output Data to provide the Service to Customer, and conduct administrative and technical activities necessary to maintain and provide the Service; (ii) DoControl may use the Service Data to conduct analysis or generate metrics related to the Service; (iii) DoControl may use the Service Data for commercial and marketing purposes, publication of case studies and white papers (only in a form not identifying the Customer and its Users); (iv) DoControl may use the Service Data, Output Data and Contextual Data, to bill and collect fees, enforce this Agreement and take any action in any case of dispute, or legal proceeding of any kind involving Customer with respect to the Service; (v) DoControl may use the Service Data, Output Data and Contextual Data, to prevent fraud, misappropriation, infringements, and other illegal activities and misuse of the Service; and (vi) DoControl may use the Service Data, to develop new products and services, and for research and testing, provided that no information identifying the Customer and its Users is publicly shared.
6.2. DoControl may disclose or share Service Data, Output Data and Contextual Data, if required, or if it reasonably believes that it is required, by law, pursuant to a subpoena, order, or decree, issued by a competent judicial or administrative authority, provided that, to the extent legally permitted, DoControl will endeavor to give Customer prompt notice of the requirement prior to such disclosure, to allow Customer, at Customer’s cost and expense, to intervene and protect its interests in the data.
6.3. Subject to the foregoing, DoControl will take precautions to maintain the confidentiality of the Output Data and Contextual Data, in a manner no less protective than it uses to protect its own similar assets, but in no event less than reasonable care. DoControl will not use or disclose Customer’s Data except as described above or otherwise subject to Customer’s express, prior, written permission. DoControl’s personnel, staff, advisors, sub-contractors and consultants will access Customer’s Service Data on a strict 'need to know' basis, subject to this Agreement.
6.4. The Service does not provide, and is not intended as, data back-up service. DoControl may delete Customer’s Data from the Service upon termination of this Agreement. Customer is responsible for maintaining back-up copies of its data.
6.5. The processing and collection of Personal Data (as defined in the DPA) which may occur in the course of the provision of the Services is regulated by the Data Processing Addendum available upon request
7. Technical Support
DoControl, either directly or with the assistance of third parties, will endeavor to provide Customer technical support for technical pursuant to the particulars specified in the Service Entitlement. DoControl will attempt to respond to Customer’s technical questions, problems and inquiries as soon as practicably possible. However, DoControl makes no warranties to the successful or satisfactory resolution of the question, problem or inquiry; and may decline to provide such support for matters that it deems, in its sole discretion, to require unreasonable time, effort, costs or expenses. For the purpose of the provision of technical support for Customer’s technical questions, problems and inquiries, Customer will cooperate, and work closely with DoControl, to reproduce malfunctions, including conducting diagnostic or troubleshooting activities, as DoControl reasonably requests.
8.1. In consideration for the Service, Customer will pay DoControl the fees specified in the Service Entitlement according to the payment schemes, payment terms and payment cycles specified therein. Fees quoted in the Service Entitlement are exclusive of any sales tax, VAT, and transaction charges. Customer shall bear such taxes and charges.
8.2. All Customer’s payment obligations to DoControl are non-cancelable and all amounts paid in connection with the Service are non-refundable. Customer is responsible for paying all fees applicable to its subscription to the Service, whether or not it actively used, accessed or otherwise benefited from the Service.
8.3. Unless set forth otherwise in the Service Entitlement, amounts are due and payable to DoControl within thirty (30) days of receipt of the applicable invoice.
8.4. Failure to settle any overdue fee within twenty one (21) calendar days of its original due date will constitute a material breach of this Agreement and, without limiting any remedies available to DoControl, DoControl may: (i) terminate these this Agreement; or (ii) suspend performance of or access to the Service, until payment is made current. Late payments shall bear interest at the rate of one-and-a-half percent (1.5%) per annum. Customer will reimburse DoControl for all legal costs and attorney fees DoControl incurs in the course of collecting Customer’s overdue fees.
8.5. All fees are quoted in US Dollars and Customer shall pay DoControl in US Dollars, unless stated differently in the Service Entitlement. Fees are payable by the methods indicated in the Service Entitlement.
9. Term and Termination
9.1. Unless specifically stated otherwise in the Service Entitlement, this Agreement will be in effect for the initial period set forth in the Service Entitlement and it will automatically renew for successive 1-year period(s) thereafter unless terminated by either party through a written notice submitted to the other party at least 60 days prior to the then applicable term (the “Term”). In the absence of any other agreement between the parties to the contrary, the terms set forth in the Service Entitlement with respect to the initial Term (including, without limitation, the number of users and fees) shall apply to any subsequent renewal Term.
9.2. Notwithstanding the above, either party may terminate this agreement: (i) In the event of a breach of this Agreement by the other party, where the breach remains uncured for thirty (30) days following written notice thereof from the non-breaching party to the breaching party, but if a breach is of a nature that cannot be cured, then the non-breaching party may terminate the Agreement immediately upon notice to the other party; (ii) If the terminating party is required to do so by law; (iii) If the other party becomes or is declared insolvent or bankrupt, is the subject of any proceeding related to its liquidation or insolvency (whether voluntary or involuntary) which proceedings are not dismissed within sixty (60) days of their commencement, makes an assignment for the benefit of creditors, or takes or is subject to any such other comparable action in any relevant jurisdiction.
9.3. Immediately upon termination of this Agreement: (i) DoControl may terminate Customers’ account on the Service and delete the Output Data and Contextual Data (if stored) in its systems; (ii) Customer shall cease any and all use of the Service; (iii) DoControl will charge Customer for all then-outstanding Service fees (if any). Sections in this Agreement that by their purpose of nature should survive termination of this Agreement, will so survive.
10. No Warranty; Limitation on Liability.
10.1. DoControl will endeavor to have the Service operate properly in all material respects and be provided in a professional manner consistent with industry standards and that it has and will maintain all necessary licenses, consents, and permissions necessary for the performance of its obligations under this Agreement. However, as a service that relies on back-end software, infrastructure, servers, third party networks and continuous internet connectivity, it cannot guarantee that the Service will operate in an uninterrupted or error-free manner, or that it will always be available, free from errors, omissions or malfunctions.
10.2. If DoControl becomes aware of any failure or malfunction, it shall attempt to regain the Service’s availability as soon as practicable. However, such incidents will not be considered a breach of this Agreement.
10.3. THE SERVICE IS PROVIDED “AS IS”. DOCONTROL HEREBY DISCLAIMS ALL WARRANTIES AND REPRESENTATIONS, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THE SERVICE AND THE OUTPUT DATA, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUALITY, ACCURACY, NON-INFRINGEMENT, TITLE, SECURITY, COMPATIBILITY OR PERFORMANCE.
10.4. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND EXCEPT IN THE EVENT OF INTENTIONAL MISCONDUCT, THE INFRINGEMENT OF ANY THIRD PARTY'S INTELLECTUAL PROPERTY RIGHTS DOCONTROL, INCLUDING ITS EMPLOYEES, DIRECTORS, OFFICERS, SHAREHOLDERS, ADVISORS, AND ANYONE ACTING ON ITS BEHALF, WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, STATUTORY OR PUNITIVE DAMAGES, LOSSES (INCLUDING LOSS OF PROFIT, LOSS OF BUSINESS OR BUSINESS OPPORTUNITIES AND LOSS OF DATA), COSTS, EXPENSES AND PAYMENTS, EITHER IN TORT, CONTRACT, OR IN ANY OTHER FORM OR THEORY OF LIABILITY (INCLUDING NEGLIGENCE), ARISING FROM, OR IN CONNECTION, WITH THIS AGREEMENT, ANY USE OF, OR THE INABILITY TO USE THE SERVICE, THE OUTPUT DATA, ANY RELIANCE UPON THE OUTPUT DATA OR ANY ERROR, INCOMPLETENESS, INCORRECTNESS OR INACCURACY OF THE SERVICE OR THE OUTPUT DATA.
10.5. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND EXCEPT IN THE EVENT OF INTENTIONAL MISCONDUCT, OR THE INFRINGEMENT OF ANY THIRD PARTY'S INTELLECTUAL PROPERTY RIGHTS, THE TOTAL AND AGGREGATE LIABILITY OF DOCONTROL (INCLUDING ITS RESPECTIVE EMPLOYEES, DIRECTORS, OFFICERS, SHAREHOLDERS, ADVISORS, AND ANYONE ACTING ON ITS BEHALF), FOR DIRECT DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, THE SERVICE OR THE OUTPUT DATA, SHALL BE LIMITED TO THE FEES PAYABLE TO DOCONTROL FOR THE SERVICE IN THE PRECEDING 12 MONTHS PRIOR TO THE EVENT PURPORTEDLY GIVING RISE TO THE CLAIM OCCURRED.
Customer agrees to indemnify and hold harmless DoControl and its directors, officers, employees, and subcontractors, upon DoControl’s request and at Customer’s expense, from, and against, any damages, loss, costs, expenses and payments, including reasonable attorney’s fees and legal expenses, arising from any third party complaint, claim, plea, or demand in connection with Customer’s breach of Sections 3 - 5 in this Agreement. If DoControl seeks indemnification from Customer, it shall provide Customer with (i) prompt written notice of any indemnifiable claim; (ii) all reasonable assistance and cooperation in the defense of such indemnifiable claim and any related settlement negotiations, at Customer’s expense; and (iii) exclusive control over the defense or settlement of such indemnifiable claim, provided, however, that DoControl may settle or reach compromise on any such claim without Customer’s consent, if and to the extent such settlement or compromise does not impose any liability (monetary, criminal or otherwise) on Customer. DoControl shall have the right to participate, at its own expense, in the defense (and related settlement negotiations) of any indemnifiable claim with counsel of its selection.
12. Governing Law and Jurisdiction
Regardless of Customer’s jurisdiction of incorporation, the jurisdiction where it engages in business, or accesses the Service from, this Agreement and Customer’s use of the Service will be exclusively governed by and construed in accordance with the laws of the State of New York, excluding any otherwise applicable rules of conflict of laws, which would result in the application of the laws of a jurisdiction other than the State of New York. Any dispute, controversy or claim which may arise out of or in connection with this Agreement or the Service, shall be submitted to the sole and exclusive jurisdiction and venue of the Federal and State courts located in New York County, New York. Subject to Section 13.2 below, the Parties hereby expressly consent to the exclusive personal jurisdiction and venue of such courts, and waive any objections related thereto including objections on the grounds of improper venue, lack of personal jurisdiction or forum non conveniens. Notwithstanding the foregoing, DoControl may also lodge a claim against Customer: (a) pursuant to the indemnity clause above, in any court adjudicating a third party claim against DoControl; and (b) for interim, emergency or
injunctive relief in any other court having general jurisdiction over Customer.
13.1. Assignment. Customer may not assign this Agreement without obtaining DoControl’s prior written consent. Any purported assignment without DoControl’s prior written consent is void. To the greatest extent
permissible by law, DoControl may assign these Terms and any Service Entitlement in their entirety, including all right, duties, liabilities, performances and obligations herein, (i) to any affiliate of DoControl as part of an internal reorganization; or (ii) to a third-party, upon a merger, acquisition, change of control or the sale of all or substantially all of DoControl’s equity or assets, without obtaining Customer’s specific consent,. By virtue of such assignment, the assignee assumes DoControl’s stead, including all right, duties, liabilities, performances and obligations hereunder, and DoControl shall be released therefrom.
13.2. Relationship of the Parties. The relationship between the Parties hereto is strictly that of independent contractors, and neither Party is an agent, partner, joint venturer or employee of the other.
13.3. Subcontracting. DoControl may subcontract or delegate the performance of its obligations under this Agreement, or the provision of the Service (or any part thereof), to any third party of its choosing, provided however, that it remains liable to Customer for the performance of its obligations under this Agreement.
13.5. No Waiver. Neither Party will, by mere lapse of time, without giving express notice thereof, be deemed to have waived any breach, by the other Party, of any terms or provisions of this Agreement. The waiver, by either Party, of any such breach, will not be construed as a waiver of subsequent breaches or as a continuing waiver of such breach.