THIS MASTER SERVICES AGREEMENT (this “Agreement”) is entered into by and between DataPrivia, Inc and the Customer, defined below, as of the Effective Date. 

The Parties agree to the following terms and conditions set forth in this Agreement: 

Section 1. Definitions. As used in this Agreement, the italicized and capitalized terms set forth below shall have the respective meaning set forth opposite such term: 

1.1Affiliates” with respect to a Party, means any entity that, directly or indirectly, through one or more intermediaries, controls, is controlled by or is under common control with such Party. 

1.2Agreement” means this Master Services Agreement. 

1.3Compliance Mandates” means any regulatory requirements that a customer of DataPrivia may be subject to.  Compliance Mandates may include but are not limited to HIPPA, ITAR, GDRP, PCI, CMMC, etc. 

1.4 “Confidential Information” means information relating to the Disclosing Party or its current or proposed business, including financial statements, budgets, and projections, customer identifying information, potential and intended customers, employers, products, computer programs, methods, specifications, manuals, software, analyses, strategies, marketing plans, business plans, and other confidential information, whether provided orally, in writing, or by any other media, that was or will be provided or shown to the Receiving Party or its directors, officers, employees, agents, and representatives (each a “Receiving Party Representative”) by or on behalf of the Disclosing Party or any of its directors, officers, employees, agents, and representatives (each a “Disclosing Party Representative”), or obtained by the Receiving Party or a Receiving Party Representative from review of documents or property of, or communications with, the Disclosing Party or a Disclosing Party Representative; and all notes, analyses, compilations, studies, summaries, and other material, whether provided orally, in writing, or by any other media, that contain or are based on all or part of the information (the “Derivative Materials”). 

1.5Customer” means the customer entity entering into this Agreement and shall include Customer’s Affiliates approved by DataPrivia to receive Services under this Agreement. 

1.6Customer Data” means any data provided by Customer to DataPrivia and/or Customer data accessed or used by DataPrivia or transmitted by Customer to DataPrivia or DataPrivia Equipment in connection with DataPrivia’s provision of the Services, including, but not limited to, Customer data included in any written or printed summaries, analyses or reports generated in connection with the Services. 

1.7Customer Purchased Equipment” means any equipment purchased by the Customer pursuant to a Service Order. 

1.8Customer Reports” means any written summaries, reports, analyses, and findings or other information or documentation prepared exclusively for Customer in connection with the Consulting Services. 

1.9Damages” means injunctions, judgments, orders, decrees, rulings, damages, dues, penalties, fines, costs, amounts paid in settlement, liabilities, debts, obligations, taxes, liens, losses, expenses, and fees, including court costs and reasonable attorneys’ fees and expenses. 

1.10DataPrivia” means DataPrivia, Inc., a Virginia corporation. 

1.11DataPrivia Parties” means DataPrivia (including its Affiliates, subcontractors and agents) and each of their respective employees, directors and officers. 

1.12 “Disclosing Party” means either Party when it is sharing Confidential Information with the other Party. 

1.13Dispute” means any claim or dispute or controversy (whether in contract, tort or otherwise) arising out of or relating to this Agreement or any related purchase hereunder. 

1.14Documentation” means the applicable written directions and/or policies relating to the MANAGED Services, which may be in paper or electronic format. 

1.15Effective Date” means the date set forth on the signature blocks on this Agreement or on associated documents such as a Statement of Work, a Form of Service, or similar document signed between DataPrivia and the Customer. 

1.16Equipment” means any equipment or hardware provided by DataPrivia for Customer’s use during the Term of this Agreement and the applicable Service Order and/or Statement of Work. 

1.17Force Majeure” means any circumstances beyond a Party’s reasonable control, including, but not limited to, acts of God, fire, flood, war, terrorist act, embargo, strike, riot or the intervention of any governmental authority. 

1.18Indemnified Claims” means any third-party claim or action that the Products, Services or any Customer Reports (excluding third-party products) prepared or produced by DataPrivia and delivered pursuant to this Agreement infringe or misappropriate any third party’s patent, copyright, trade secret, or other intellectual property rights enforceable in the country(ies) in which the Products, Services or any Customer Reports are performed or prepared for Customer by DataPrivia. 

1.19Invoice Due Date” means payment for services and products are to be made upon receipt by Customer unless otherwise approved by DataPrivia. 

1.20IP” means all intellectual property, including patents, copyrights, trademarks, trade secrets and other proprietary information of a Party that may be made available to the other Party in the course of providing or receiving Services under this Agreement. 

1.21Managed Services” means the managed security services described and set forth in a Statement of Work with the Customer. 

1.22NPPI” means any Customer or Customer client non-public personal information. 

1.23Parties” means DataPrivia and Customer, collectively. 

1.24Party” means DataPrivia or Customer, individually. 

1.25Products” means the Documentation, the MANAGED Services, Equipment and the Software, collectively. 

1.26Professional Services” means the services set forth and described in any Statement of Work with the Customer under this Agreement. 

1.27 “Receiving Party” means either Party when Confidential Information is being disclosed to it by the other Party. 

1.28Services” means, collectively, the Managed Services and the Professional Services. 

1.29Service Effective Date” means the first day on which the MSA and SOW or Form of Service has been fully ratified by both parties. 

1.30Software” means all user IDs, tokens, passwords, access, use of the software (in object code format only), and digital signatures necessary to receive the MANAGED Services. 

1.31Statement of Work” means a document substantially in the form of Appendix A attached hereto, that is executed by the Parties that describes the Services to be provided to Customer, and the terms and conditions on which the Services will be provided, from and after the Effective Date for the Statement of Work, and including any attachments to such documents. 

1.32Term” has the meaning set forth in Section 4.1 of this Agreement. 

1.33Works” means all IP in any work, including, but not limited to, all inventions, methods, processes, and computer programs including any source code or object code, (and any enhancements and modifications made thereto) contained within the Services and/or Products. 

Section 2. Services. 

2.1 During the Term and subject to the terms and conditions of this Agreement and as set forth from time to time in a Statement of Work, DataPrivia agrees to provide the Services and Customer agrees to purchase such Services as DataPrivia will provide as defined in a form of service. For the purposes of either Party’s Affiliates performing or purchasing Services hereunder pursuant to a Statement of Work, references to DataPrivia and Customer herein shall be deemed references to such respective Affiliate(s). 

2.2 Conflict of Terms and Conditions. In the event of a conflict between the terms of the Agreement and a Statement of Work, the terms of these documents will be interpreted according to the following order of precedence: (1) Form of Service, (2) Statement of Work and (3) the Agreement. 

Section 3. Fees; Taxes; Invoicing and Payment. 

3.1 Service Fees. Customer agrees to pay DataPrivia for Professional Services or Managed Services in accordance with the applicable Form of Service or Statement of Work. Except as set forth herein, the fees specified in any Form of Service or Statement of Work. Customer is billed according to the terms and conditions of each Form of Service or Statement of Work. 

3.2 Work on Customer Premises. If and to the extent that the Services require DataPrivia to be present at the Customer’s premises, DataPrivia shall communicate the same and Customer shall reimburse DataPrivia for all reasonable, actual out-of-pocket expenses, including, but not limited to, shipping, travel expense, hotel and meals, incurred in connection with the implementation, performance or delivery of the Services. 

3.3 Additional Fees; Taxes. Customer shall be responsible, on behalf of itself and its Affiliate(s), for the payment of all taxes and fees assessed or imposed on the Services provided or the amounts charged under this Agreement in any jurisdiction in which the Customer receives the benefit of the Services, including any sales, use, excise, value-added, or comparable taxes, but excluding taxes for which the Customer has provided a valid resale or exemption certificate. Should any payments become subject to withholding tax, the Customer will deduct these taxes from the amount owed and pay the taxes to the appropriate tax authority in accordance with applicable tax laws. Customer will promptly provide DataPrivia with receipts or documents evidencing these tax payments. DataPrivia shall not be liable for any withholding tax, penalty or interest due as a result of Customer’s failure to withhold any applicable tax.  

3.4 Invoicing; Payment and Disputes. DataPrivia will invoice Customer in accordance with the payment terms set forth and detailed on the applicable Form of Service or Statement of Work. All charges, fees, payments, and amounts will be in United States Dollars.  

3.5 Nonpayment. For invoices not paid on or before the Invoice Due Date, DataPrivia reserves the right to charge Customer a late fee of up to ten percent (10%) per month applied against and overdue amounts, or the maximum rate permitted by law, whichever is less. In addition, DataPrivia, without waiving any other rights or remedies to which it may be entitled, has the absolute right to immediately suspend or terminate the Services until such payment is received and may decide not to accept additional orders from Customer and/or seek collection of all amounts due, including reasonable legal fees, including but not limited to attorney’s fees and other court costs, and costs of collections. DataPrivia has no liability to Customer, and Customer agrees to not DataPrivia liable, for any such suspension or termination of Services, or non-acceptance of orders. 

3.6 Purchases by Affiliates. Unless otherwise agreed in writing, any Affiliate of the Customer who submits an order to DataPrivia for Services shall agree to abide by the terms of this Agreement and Customer shall be liable for any failure to comply or other breach hereof by any such Affiliate. DataPrivia, in its sole discretion, may discontinue selling Services to any Affiliate or may require additional payment and/or credit conditions for such Affiliate. 

3.7 Third-Party Purchases. If Customer is purchasing, or subsequently purchases, any third-party products or services through DataPrivia under a Form of Service or Statement of Work, then, as applicable, Customer will comply with the terms and conditions attached to that Form of Service or Statement of Work relating to such third-party product or service. 

Section 4. Term of Agreement. 

4.1 Term of Agreement. The term of this Agreement shall commence on the Effective Date and shall continue for a term of one year (“Term”).  After the initial term, this Agreement shall automatically renew on the anniversary of the Effective Date for an additional one-year term unless or until such time as a party has provided notice to the other that they wish to terminate this Agreement. 

Section 5. Termination. 

5.1 Termination by Notice. Either Party may terminate this Agreement for any reason upon the other Party receiving ninety (90) days written notice from the terminating Party.  

5.2 Termination for Breach. Either Party may terminate this Agreement if the other Party materially defaults in performing any obligation under this Agreement and such default continues un-remedied for a period of thirty (30) days following written notice of default. If this Agreement or any unexpired Statement of Work is terminated for Customer’s breach, Customer agrees to pay to DataPrivia: (i) all unpaid Service fees as set forth in the Statement of Work accrued or performed as of such termination date; plus (ii) for Managed Services only, liquidated damages equal to the Managed Service fees that will become due during the remaining term of the applicable Statement of Work. If Customer terminates this Agreement or any unexpired Form of Service or Statement of Work as a result of DataPrivia’s breach, then to the extent that Customer has prepaid any Service fees, DataPrivia shall refund to Customer such prepaid fees; provided, however, that Customer remains liable to pay to DataPrivia all unpaid Service fees as set forth in the Statement of Work accrued as of, and attributable to the period prior to, such termination date. 

5.3 Termination for Insolvency. This Agreement will terminate, effective upon delivery of written notice by either Party to the other Party upon the following: (a) the institution of insolvency, receivership or bankruptcy proceedings or any other proceedings for the settlement of debts of the other Party; (b) the making of an assignment for the benefit of creditors by the other Party; or (c) the dissolution of the other Party.  

5.4 Effects of Termination. Termination or expiration of a Form of Service or Statement of Work shall not be construed, by implication or otherwise, to constitute termination of this Agreement or any other existing Form of Service or Statement of Work. In the event that this Agreement is terminated, any open Forms of Service or Statements of Works shall also terminate. Upon the expiration or termination of the Term, Customer will return to DataPrivia, all Equipment (other than Customer Purchased Equipment) provided for Customer’s use during the Term of this Agreement and the applicable Statement of Work. If such Equipment is not returned by Customer, Customer is responsible for the then-current replacement costs of such Equipment. If Customer terminates this Agreement and there is an outstanding payment, Customer agrees to immediately pay for all Services provided until this Agreement terminates. Customer will still be responsible for any payments for Services rendered. If DataPrivia terminates this Agreement without cause and there is an outstanding payment, DataPrivia will cease work and not bill Customer for any work completed prior to termination. 

Section 6. Managed Service Software; Restrictions. 

6.1 Software Provided. DataPrivia will provide to Customer all Software and the applicable Documentation, or a combination thereof, for access and use, and for Customer’s Affiliates to access and use, during the Term, the Products delivered to Customer, subject to the restrictions set forth below as required by the Customer to receive the Manage Services. 

6.2 Software Use Purposes and Restrictions. Except as set forth in a Form of Service or Statement of Work, Customer and/or Customer’s Affiliate will use the Software, Services, Equipment and/or the Documentation for its internal purposes.  Prohibited actions and uses shall include but not be limited to:  

6.2.1 sell, rent, license, assign, distribute, or transfer any of the Products;  

6.2.2 decipher, decompile, disassemble, reconstruct, translate, reverse engineer, or discover any source code of the Software;  

6.2.3 copy any Software or Documentation, except that Customer may make a reasonable number of copies of the Documentation for its internal use (provided Customer reproduces on such copies all proprietary notices of DataPrivia or its suppliers); or  

6.2.4 remove from any Software, Documentation or Equipment any language or designation indicating the confidential nature thereof or the proprietary rights of DataPrivia or its suppliers.  

6.3 Third-Party Restrictions. Except as set forth in a Statement of Work, Customer shall not, and will not permit third-parties to,  

6.3.1 use any Software or Equipment on a time-sharing, outsourcing, service bureau, hosting, application service provider, or managed service provider basis;  

6.3.2 alter any aspect of any Software or Equipment; or  

6.3.3 assign, transfer, distribute, or otherwise provide access to any of the Products to any third-party or otherwise use any Product with or for the benefit of any third-party, unless otherwise permitted under Section 15.1,  

Section 7. Proprietary Rights. 

7.1 Customer’s Proprietary Rights. Customer represents and warrants that it has the necessary rights, power, and authority to transmit Customer Data to DataPrivia under this Agreement or any Forms of Service or Statement of Work. As between Customer and DataPrivia, Customer will own all rights, title, and interest in and to any Customer Data, all of Customer’s IP that is made available to DataPrivia in the course of providing Services under this Agreement and any Forms of Service or Statement of Work, and all confidential or proprietary information of Customer or Customer Affiliates, including, but not limited to, Customer Data, Customer Reports, and other Customer files, documentation and related materials, in each case under this clause, obtained by DataPrivia in connection with this Agreement provided that it does not violate any Compliance Mandates. 

7.2 Limited, Non-Exclusive License. During the Term, Customer grants to DataPrivia a limited, non-exclusive license to use the Customer Data solely for the purposes contemplated by this Agreement and for DataPrivia to perform the Services as contemplated hereunder. This Agreement does not transfer or convey to DataPrivia or any third party any rights, title, or interest in or to the Customer Data or any associated IP rights, but only a limited right of use as granted in and revocable in accordance with this Agreement.  

7.3 DataPrivia’s Proprietary Rights. DataPrivia will own all rights, title, and interest in and to the Software, Equipment, and Documentation. This Agreement does not transfer or convey to Customer or any third party any rights, title, or interest in or to the Software, Equipment, or Documentation or any associated IP rights, but only a limited right of use as granted in and revocable in accordance with this Agreement. DataPrivia will retain ownership of all copies of the Documentation. DataPrivia agrees to transfer all rights, title, and interest to any Customer Equipment (not including any DataPrivia IP loaded onto such equipment) purchased by Customer pursuant to a Service Order. In addition, except as set forth in Sections 7.1 and 7.4, Customer agrees that DataPrivia is the owner of all rights, title, and interest in all IP in any Works, developed by DataPrivia in connection with the performance of any Services and of general applicability across DataPrivia’s customer base, and Customer hereby assigns to DataPrivia all rights, title, and interest in any copyrights that Customer may have in and to such Work; provided, however, that such Works shall not include information or data belonging, referencing, or pertaining to Customer or Customer Affiliates. Without limiting the foregoing, DataPrivia will own all rights, title, and interest in all IP in any advisory data, threat data, vulnerability data, analyses, summaries, bulletins, and information made available to Customer. During the Term, DataPrivia grants to Customer a limited, non-exclusive license to use such Works solely to receive the Services hereunder for Customer’s or Customer’s Affiliate’s internal security purposes only. 

7.4 Grant of License Rights.  DataPrivia grants to Customer a limited, non-exclusive license to use DataPrivia IP that is used to develop Software, Equipment, or Documentation for Customer or works solely to receive the Services hereunder the Customer’s or Customer’s Affiliate’s internal purposes only.  Such license shall be continual and binding on the parties, its successors, assigns, agents and heirs.  The Licensed IP granted in Section 7 shall be utilized in accordance with the license grants above and not for any third party outsourcing, commercial time-sharing, business process outsourcing, information technology outsourcing, software as a service, third party administrator or service bureau arrangement.  DataPrivia does not have the right or authority to give, transfer, or convey any licenses, rights, titles or interest in any third party IP, software or products that may be used to fulfill Services to Customers. 

7.5 Customer Reports and Limitation of Liability. Customer owns all rights, title, and interest in and to any Customer Reports. The provision by Customer of any Customer Report or any information therein to any unaffiliated third party shall not entitle such third party to rely on the Customer Report or the contents thereof in any manner or for any purpose whatsoever, and DataPrivia specifically disclaims all liability for any damages whatsoever (whether foreseen or unforeseen, direct, indirect, consequential, incidental, special, exemplary or punitive) arising from or related to reliance by any third party on any Customer Report or any contents thereof. 

7.6 Return of Proprietary Information. Upon termination of this Agreement, each Party will, at the request of the other Party and to the extent practicable, return, or upon the other Party’s request, destroy, all copies of the other Party’s IP and/or Confidential Information, including any Customer Data, in such Party’s possession, custody, or control. For Customer purchased equipment, Customer shall erase, destroy and cease use of all Software located on such Customer purchased equipment upon the expiration or termination of the Term. After termination of this Agreement, Customer shall allow DataPrivia to enter Customer’s property and allow access to Customer’s networks and devices to examine for any IP and/or Confidential Information. Customer shall allow DataPrivia to undertake this search anytime within thirty (30) days from the date of termination of this Agreement. 

Section 8. Customer Responsibilities.  

8.1 Cooperation. Customer acknowledges that DataPrivia’s performance and delivery of the Services are contingent upon Customer providing safe and hazard-free access to its personnel, facilities, equipment, hardware, network, and information as deemed reasonably necessary for DataPrivia to perform or implement the Services, and Customer’s timely decision-making, providing the requested information, and granting of approvals or permissions. Customer will promptly obtain and provide to DataPrivia any required licenses, approvals, or consents necessary for DataPrivia’s performance of the Services. DataPrivia will be excused from its failure to perform its obligations under this Agreement to the extent such failure is caused by Customer’s or Customer’s Affiliates delay in performing or failure to perform its responsibilities under this Agreement. 

8.2 Connecting to Managed Devices. If and to the extent that DataPrivia is providing managed or co-managed Managed Services, the obligations of DataPrivia to comply with the Statement of Work applicable to the Managed Services are dependent on DataPrivia’s ability to connect directly to the Customer devices on the Customer’s network through an authenticated server in DataPrivia’s secure operations center. If and to the extent that DataPrivia is required to connect to Customer devices via a non-standard means, such as Customer’s VPN or other indirect connection, then, to the extent that DataPrivia’s provision of Managed Services requires access to such managed or co-managed devices in connection with any incident response or help desk request, DataPrivia makes no guarantees or gives any assurances of compliance with the Statement of Work with respect thereto, and has no responsibility or liability for any failure to perform or delay in performing its obligations under a Statement of Work to the extent such failure or delay is caused by such indirect access. 

8.3 Incident Response.  Upon becoming aware of a Security Incident, Customer shall notify DataPrivia and all other appropriate individuals/organizations without undue delay and provide timely information relating to the Security Incident as it becomes known or as is reasonably requested.  In the event that DataPrivia discovers the security incident, DataPrivia will work with Customer to identify the extent of the compromise and assist with any necessary notifications associated with such security incident.  The discovery and/or use of unauthorized software shall constitute a security incident.  Customer’s failure or refusal to report any security incident that requires reporting will be grounds for termination of this Agreement by DataPrivia. 

8.4 Backup Systems.  All customers engaging with DataPrivia will have a backup system. 

Section 9. Confidentiality. 

9.1 Obligation to Maintain Confidentiality. In the performance of the Services, Customer and DataPrivia may have access to or be exposed to Confidential Information of the other Party. Confidential Information may not be shared with third parties unless such disclosure is to personnel of DataPrivia or Customer, including employees, agents, and subcontractors, on a “need-to-know” basis in connection with its performance of this Agreement, so long as such personnel have agreed to treat such Confidential Information under terms at least as restrictive as those herein. The Receiving Party agrees to take the necessary precautions to maintain the confidentiality of Confidential Information by using at least the same degree of care as the Receiving Party employs with respect to its own Confidential Information of a like-kind nature, but in no case less than a commercially reasonable standard of care to maintain confidentiality. The obligations with respect to Confidential Information shall continue for the amount of time specified by statute from the date of disclosure. 

9.2 NPPI Exposure. If DataPrivia is exposed to any NPPI while performing the Services hereunder, DataPrivia agrees to maintain the confidentiality of and protect such NPPI in accordance with the Gramm-Leach-Bliley Act of 1999, the Fair Credit Reporting Act, HIPAA, and all other regulations applicable to the Services being performed hereunder. DataPrivia shall maintain information security policies and procedures for NPPI, consistent with prevailing United States industry standards. 

  1. Disclosure of Confidential Information. The Receiving Party shall, and shall ensure that each Receiving Party Representative, keep the Confidential Information confidential. Except as otherwise required by law, the Receiving Party and Receiving Party Representatives may not disclose any Confidential Information to any person or entity other than a Receiving Party Representative who needs to know the Confidential Information for the purposes of its business with the Disclosing Party, a Receiving Party Representative who signs a confidentiality agreement, with the Disclosing Party’s prior written authorization, or use the Confidential Information for any purposes other than those specified in this agreement.  

9.4 No Reverse Engineering. The Receiving Party may not reverse engineer, decode, disassemble, or decompile any prototypes, software, or other tangible objects that embody the Disclosing Party’s Confidential Information and that are provided to the Receiving Party under this agreement. 

9.5 Ownership Rights. Each Party acknowledges that the Confidential Information is, and at all times will be, the Disclosing Party’s sole property, even if suggestions made by a Receiving Party are incorporated into the Confidential Information. Neither Party obtains any rights, by license or otherwise, in the other Party’s Confidential Information.  

9.6 No Warranty. ALL CONFIDENTIAL INFORMATION IS PROVIDED “AS IS.” NEITHER PARTY MAKES ANY WARRANTIES, EXPRESS, IMPLIED, OR OTHERWISE, REGARDING THE ACCURACY, COMPLETENESS, OR PERFORMANCE OF ANY SUCH INFORMATION. 

9.7 Equitable Relief.  The Parties acknowledge that a breach of this agreement may cause irreparable harm to the Disclosing Party and monetary damages may not be a sufficient remedy for an unauthorized disclosure of the Confidential Information. If a Receiving Party discloses Confidential Information in violation of this Agreement, a Disclosing Party may, without waiving any other rights or remedies and without posting a bond or other security, seek an injunction, specific performance, or other equitable remedy to prevent competition or further disclosure, and may pursue other legal remedies. 

Section 10. Non-Solicitation. Customer acknowledges and agrees to not directly or indirectly on Employee’s behalf, or in the service of, or on behalf of others, in any capacity, induce or attempt to induce any customer, employee, or other Affiliate to leave DataPrivia during the time of this Agreement and the following five (5) years from the date of termination of this Agreement. 

Section 11. Limited Warranty and Limitation of Liability; Disclaimer.  

11.1 Limited Warranty. DATAPRIVIA WARRANTS THAT THE SERVICES WILL BE PERFORMED IN A GOOD AND WORKMANLIKE MANNER. EXCEPT AS EXPRESSLY STATED IN THE PRECEDING SENTENCE, DATAPRIVIA MAKES NO EXPRESS OR IMPLIED WARRANTIES WITH RESPECT TO ANY OF THE PRODUCTS, SERVICES, OR CUSTOMER REPORTS, INCLUDING BUT NOT LIMITED TO, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, PERFORMANCE, SUITABILITY OR NON-INFRINGEMENT, OR ANY WARRANTY RELATING TO THIRD-PARTY PRODUCTS OR THIRD-PARTY SERVICES. CERTAIN CONSULTING SERVICES THAT DATAPRIVIA PERFORMS FOR ITS CUSTOMERS FOLLOW A DEFINED METHODOLOGY, RATHER THAN BEING DRIVEN BY A SPECIFIC RESULT OR DELIVERABLE. DUE TO THIS INHERENT PROPERTY OF THESE CERTAIN CONSULTING SERVICES, DATAPRIVIA CANNOT GUARANTEE THE OUTCOME OF ITS TESTING, ASSESSMENT, FORENSICS, OR REMEDIATION METHODS AS ALL SUCH METHODS HAVE RELIABILITY LIMITATIONS INCLUDING, BUT NOT LIMITED TO: (I) RESULTS PRODUCED DIFFERING FROM INITIAL CUSTOMER EXPECTATION, (II) MISSING CERTAIN COMPLIANCE GAPS AND (III) MISSING CERTAIN SECURITY GAPS. DATAPRIVIA CANNOT GUARANTEE THAT A WEAKNESS, NONCOMPLIANCE ISSUE OR VULNERABILITY WILL BE DISCOVERED IF EVIDENCE OF SUCH IS NOT ENCOUNTERED DURING THE PERFORMANCE OF THE CONTRACTED ENGAGEMENT. DATAPRIVIA USES A SAMPLING METHODOLOGY WHICH ATTEMPTS TO REDUCE THE COST TO ITS CUSTOMERS WHILE MINIMIZING THE IMPACT TO THE ACCURACY AND RELIABILITY OF THE RESULTS. CUSTOMER ACKNOWLEDGES AND ACCEPTS THAT LIMITATIONS AND INHERENT RISKS EXIST FROM APPROACHES USED BY DATAPRIVIA TO DELIVER THE CONSULTING SERVICES. DATAPRIVIA SHALL HAVE NO LIABILITY FOR THE KNOWLEDGE OF WHAT DATA THE CUSTOMER HAS OR ITS ACTUAL OR INTENTED USE. 

11.2 Limitation of Liability.   

11.2.1 NEITHER DATAPRIVIA NOR CUSTOMER WILL BE LIABLE FOR ANY INCIDENTAL, INDIRECT, PUNITIVE, SPECIAL, OR CONSEQUENTIAL DAMAGES, ARISING OUT OF OR IN CONNECTION WITH THE SERVICES PROVIDED BY DATAPRIVIA OR DATAPRIVIA AFFLIATES.  

11.2.2 NEITHER PARTY SHALL HAVE LIABILITY FOR THE FOLLOWING, WHETHER DIRECT OR INDIRECT: (A) LOSS OF REVENUE, INCOME, PROFIT, OR SAVINGS, (B) LOST OR CORRUPTED DATA OR SOFTWARE, LOSS OF USE OF SYSTEM(S) OR NETWORK, OR THE RECOVERY OF SUCH, (C) LOSS OF BUSINESS OPPORTUNITY, (D) BUSINESS INTERRUPTION OR DOWNTIME, OR (E) DATAPRIVIA’S PRODUCTS, SERVICES, OR THIRD-PARTY PRODUCTS NOT BEING AVAILABLE FOR USE BY CUSTOMER.   

11.2.3 DATAPRIVIA’S AGGREGATE LIABILITY (WHETHER IN CONTRACT, TORT, OR OTHERWISE) FOR ALL CLAIMS OF LIABILITY ARISING OUT OF, OR IN CONNECTION WITH ANY SERVICE PROVIDED PURSUANT TO THIS AGREEMENT SHALL NOT EXCEED: (A) WITH RESPECT TO CONSULTING SERVICES, THE AMOUNTS PAID BY CUSTOMER FOR THE SPECIFIC SERVICE(S) GIVING RISE TO SUCH CLAIM DURING THE PRIOR TWELVE (12) MONTH PERIOD WITH RESPECT TO THE MANAGED SERVICES; AND (B) WITH RESPECT TO MANAGED SERVICES, THE AMOUNT OF THE STATEMENT OF WORK THAT IS THE SOURCE OF SUCH LIABILITY, WITH RESPECT TO THE CONSULTING SERVICES. EACH PARTY ACKNOWLEDGES THAT THESE LIMITATIONS APPLY EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR THE REMEDIES FAIL OF THEIR ESSENTIAL PURPOSE AND THAT, WITHOUT THESE LIMITATIONS, THE FEE FOR THE SERVICES PROVIDED HEREUNDER WOULD BE HIGHER. 

11.2.4 THE FOREGOING LIMITATIONS, EXCLUSIONS, AND DISCLAIMERS SHALL APPLY, REGARDLESS OF WHETHER THE CLAIM FOR SUCH DAMAGES IS BASED IN CONTRACT, WARRANTY, STRICT LIABILITY, NEGLIGENCE, TORT, OR OTHERWISE. INSOFAR AS APPLICABLE LAW PROHIBITS ANY LIMITATION HEREIN, THE PARTIES AGREE THAT SUCH LIMITATION WILL BE AUTOMATICALLY MODIFIED, BUT ONLY TO THE EXTENT TO MAKE THE LIMITATION PERMITTED TO THE FULLEST EXTENT POSSIBLE UNDER SUCH LAW.  THE PARTIES AGREE THAT THE LIMITATIONS ON LIABILITIES SET FORTH HEREIN ARE AGREED UPON ALLOCATIONS OF RISK CONSTITUTING IN PART THE CONSIDERATION FOR DATAPRIVIA’S SALE OF SERVICES OR PRODUCTS TO CUSTOMER, AND SUCH LIMITATIONS WILL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY AND EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LIABILITIES. 

Section 12. Indemnification.  

12.1 Customer Indemnification for Infringement or Misappropriation. DataPrivia shall defend, indemnify, and hold harmless Customer from any and all Damages arising out of or resulting from any Indemnified Claims.  If a claim of infringement or misappropriation under this Section 11 occurs, or if DataPrivia determines that a claim is likely to occur, DataPrivia shall, at its option: (i) obtain a right for Customer to continue using such Product, Service, or Customer Reports; (ii) modify such Product, Service, or Customer Report to make it non-infringing; (iii) replace such Product, Service, or Customer Report with a non-infringing equivalent; or (iv) refund any pre-paid fees for the allegedly infringing Product, Services, or Customer Report that have not been performed. Notwithstanding the foregoing, DataPrivia shall have no obligation under this Section for any claim resulting or arising from modifications of the Products, Services, or Customer Reports that were not performed by or on behalf of DataPrivia, or the combination, operation or use of the Product, Service, or Customer Reports in connection with a third-party product or service, the combination of which causes the infringement. This provision is for the sole and exclusive, obligations of either Party for intellectual property rights infringement or misappropriation. 

12.2 DataPrivia Indemnification for Infringement or Misappropriation. Customer shall defend, indemnify, and hold DataPrivia harmless from any and all Damages arising out of or resulting from any third-party claim or action (i) alleging that the Customer Data infringes a United States copyright or misappropriates any trade secrets enforceable under the laws of the United States or was improperly provided to DataPrivia in violation of Customer’s privacy policies or applicable laws (or regulations promulgated thereunder), (ii) alleging that the Customer is using the Products, Services and/or Customer Reports in a manner prohibited under this Agreement, or (iii) relating to tax liabilities that are the Customer’s responsibility. This provision is for the sole and exclusive, obligations of either Party for intellectual property rights infringement or misappropriation. 

12.3 Bodily Injury Indemnification. Each Party agrees to indemnify and hold harmless the other Party from any third-party claim or action for personal bodily injuries, including death, resulting from the indemnifying Party’s gross negligence or willful misconduct resulting from the Services (excluding Third-Party Products) provided hereunder.  This section states each Party’s exclusive remedies for any third-party claim or action, and nothing in this Agreement or elsewhere will obligate either Party to provide any greater indemnity to the other. 

12.4 DataPrivia Affiliate Indemnification. Customer agrees to indemnify and hold harmless DataPrivia from any claim or action for personal bodily injuries, including death, resulting from an Affiliate’s gross negligence or willful misconduct resulting from the Services. 

Section 13. Export Laws. Each Party, at its own expense, will comply with all applicable laws, orders and regulations of any governmental authority with jurisdiction over its activities in connection with this Agreement. Parties will also comply with all vendor export procedures and measures.  Each Party will furnish to the other Party, any information required to enable the other Party to comply with applicable laws and regulations related to the Products. DataPrivia and Customer acknowledge that Products licensed or sold under this Agreement are subject to the export control laws and regulations of the United States or those of other countries from which they were supplied and in which they are used and agree to abide by those laws and regulations. 

Section 14. Additional National Security Obligations. In the provision of the Services by DataPrivia to Customer facilities located outside of the United States, Customer Data may be transferred outside of the country in which such Customer location is situated and therefore become subject to the laws of the United States of America (e.g. the Bank Secrecy Act) or other jurisdictions, which laws may require governmental disclosure thereunder.   

In addition, certain Services or Products to be provided hereunder as well as certain transactions hereunder may be subject to United States anti-boycott, export control, sanctions laws, and any applicable foreign export and import laws or regulations consistent with U.S. law, including, but not limited to, laws which may penalize or prohibit (i) transactions involving persons, companies, or entities involved in activities related to the proliferation of nuclear, missile, or chemical/biological weapons, or missiles that deliver such weapons; (ii) transactions involving any person, company, or other entity appearing on any applicable list of prohibited Parties maintained by the United States Government; (iii) transactions involving countries against which the United States maintains economic sanctions or embargos under statute, Executive Order, or regulations issued by the Office of Foreign Assets Control (“OFAC”), 31 C.F.R. Subtitle B, Chapter V, as amended from time-to-time; and (iv) transactions involving any person, company, or entity acting or purporting to act, directly or indirectly, on behalf of, or an entity owned or controlled by, any party identified in (i) through (iii) above. Customer represents and warrants (x) that neither it nor any Affiliates or agents receiving Products is, (or at any time during the Term will be), any person, company, or entity described above and (y) that it will comply with all such applicable laws and regulations described above and will require each Affiliate and agent of Customer receiving the Products to comply with the foregoing.  If DataPrivia becomes aware of any violation or alleged violation of any of the foregoing requirements of clause (x) or (y) above, DataPrivia will have the right to terminate Customer’s right to receive the Products and Services for cause without affording Customer an opportunity to cure such non-compliance. 

Section 15. Government Sales. If and to the extent, Customer intends to supply any DataPrivia Products or Services (either directly or through other higher-tier contractors) to or use any Products or Services in providing products or services to, a Federal Government Entity, the following Restricted Rights provision shall apply. 

Restricted Rights: DataPrivia Products and Services, other than the supporting Documentation, provided to Federal Government agencies are provided with LIMITED RIGHTS, as those terms are defined in the Federal Acquisition Regulation (“FAR”) at FAR clauses 52.227-14 and 52.227-19. Use, duplication, or disclosure of restricted rights Products by the Federal Government is subject to the restrictions as set forth in subparagraph “(c)” of the Commercial Computer Software – Restricted Rights clause at FAR 52.227-19. In the event the sale is to a Department of Defense agency, the government’s rights in software, supporting documentation, and technical data are governed by the restrictions in the Technical Data Commercial Items clause at DFARS 252.227-7015 and DFARS 227.7202. In no event shall Customer grant any higher tier contractor or the Federal Government rights in any DataPrivia Products greater than those set forth in this provision. 

Customer represents and warrants that it is not a national, provincial, Federal, state, county or municipal government or any governmental agency, department, subdivision, instrumentality, body, corporation or other arm or extension thereof of any of the foregoing and, in executing and delivering this Agreement and receiving the Products and Services hereunder, is not acting under the authority or color of authority of any of the foregoing. 

Section 16. General Terms.  

16.1 Independent Contractor Relationship; Agreement Assignment; Subcontracting. The Parties are independent contractors, and no agency, partnership, joint venture or employer-employee relationship is intended or created by this Agreement. Neither Party will have any rights, power or authority to bind the other Party or to act or create an obligation, express or implied, on behalf of another Party except as specified in this Agreement. Neither Party will use the other Party’s name (except internal use only), trademark, logos, or trade name without the prior written consent of the other Party.  DataPrivia has the right to assign, subcontract or delegate in whole or in part this Agreement, or any rights, duties, obligations or liabilities under this Agreement, by operation of law or otherwise, provided that DataPrivia shall remain responsible for the performance of Services under this Agreement. Otherwise, neither Party may assign this Agreement without the prior written permission of the other Party. This Agreement and the terms and provisions hereof shall be binding upon the Parties hereto and their respective successors and permitted assigns. 

16.2 Entire Agreement. This Agreement constitutes the entire agreement between the Parties and supersedes all other prior and contemporaneous agreements and understandings, both written and oral, between the Parties, unless incorporated by reference. 

16.3 Governing Law. The Parties agree this Agreement will be governed by the laws of the Commonwealth of Virginia without regard to its conflict-of-law provisions. 

16.4 Jurisdiction. The Parties agree that any claims or disputes concerning this Agreement will be adjudicated in appropriate courts in the City of Lynchburg, Virginia. 

16.5 Force Majeure. Neither Party shall be liable to the other Party for any failure to perform any of its obligations (except payment obligations) under this Agreement during any period in which such performance is delayed by a Force Majeure. In such event, however, the delayed Party must promptly provide the other Party with written notice of the Force Majeure. The delayed Party’s time for performance will be excused for the duration of the Force Majeure, but if the Force Majeure events lasts longer than thirty (30) days, the other Party may immediately terminate the applicable Service Order and/or Statement of Work by giving written notice to the delayed Party. 

16.6 Dispute Resolution. The Parties will attempt to resolve any Dispute through face-to-face negotiation with persons fully authorized to resolve the Dispute.  Parties when engaging to resolve the Dispute may do so through mediation utilizing a mutually agreeable mediator, rather than through litigation. The existence or results of any negotiation or mediation will be treated as confidential. Notwithstanding the foregoing, either Party will have the right to obtain from a court of competent jurisdiction a temporary restraining order, preliminary injunction, or other equitable relief to preserve the status quo, prevent irreparable harm, avoid the expiration of any applicable limitations period, or preserve a superior position with respect to other creditors, although the merits of the underlying Dispute will be resolved in accordance with this paragraph. The parties must exhaust all forms of mediation and arbitration prior to filing any action other than those listed above upon the other party with a court of law. 

16.7 Dispute Reasonable Costs and Reasonable Expenses. If a claim or dispute arises, the prevailing Party is entitled to claim all reasonable costs and reasonable expenses, including, but not limited to, attorney’s fees and court costs, related to the claim or dispute from the non-prevailing Party. 

16.8 Notices. Any notice required or permitted under this Agreement must be in writing and delivered by personal delivery, electronic mail, or U.S. mail, and delivered to the Parties at the addresses below: 

DataPrivia, Inc.

Attn: Legal

1942 Thomson Drive, Lower Level  

Lynchburg, Virginia 24501 

[email protected] 

The Customer shall provide their legal contact information at the time of agreement formation.

16.9 Waiver by DataPrivia. 

16.9.1 No Waiver by DataPrivia of any breach by Customer of any provisions of this Agreement will be deemed a waiver of any preceding or succeeding breach of the same or any other provisions. 

16.9.2 No such waiver will be effective unless in writing, and then only to the extent expressly stated in writing. 

16.9.3 No delay or failure by DataPrivia to exercise any right contained here and no partial exercise of any such right will constitute a waiver of that or any other right unless otherwise provided here. 

16.10 No Publicity. The Parties shall keep the existence of this Agreement, and the transactions or discussions contemplated by this Agreement, strictly confidential, except as required by law and except as the Parties otherwise may agree in writing before a disclosure. 

16.11 Compliance.  The parties will comply fully at all times with applicable national anti-briery rules, including, without limitation, the U.S. Foreign Corrupt Practices Act.  The parties will not offer, make, promise to make, or authorize the making of any gift or payment of money or anything of value either directly or indirectly for purposes of (a) influencing any act or decision of any government official or political party; (b) inducing an Official to do or omit to do any act in violation of the lawful duty of that Official; or (c) inducing an Official to use influence with a non-U.S. government or instrumentality to facilitate a party’s performance of its obligations under any Order.  The Parties and their affiliates must at all times keep complete and accurate books and records. 

16.12 Severability. If any provision, clause, or portion of this Agreement is held, by a court or other tribunal of competent jurisdiction, to be illegal void, or unenforceable, all of the remainder of the provisions will be unaffected and will be given full force and effect to the fullest possible extent. 

16.13 Survival.  The terms and provisions of Sections 5, 6, 7, 9, 10, 11, 13, 14, 15, and 16 will survive any termination of this Agreement. 

16.14 Counterparts This Agreement may be executed in one or more counterparts, delivered electronically, each of which shall be deemed an original and all of which shall be taken together and deemed to be one instrument. 

16.15 Descriptive Headings. The descriptive headings used here are for convenience of reference only and they are not intended to have any effect whatsoever in determining the rights or obligations of the Parties.