Data Security Manager Software as a Service™ by Fortanix – DSM SaaS
Fortanix is willing to provide the DSM SaaS only upon the condition that Customer accepts all the terms contained in this Agreement. By (a) clicking on the checkbox marked “I agree” on the registration page or (b) accessing or using the DSM SaaS Services, Customer indicates that Customer understands this Agreement and accepts all of its terms. Any individual person accepting the terms of this Agreement on behalf of Customer represents and warrants that he or she has the authority to bind the Customer to the terms of this Agreement, and, in such event, “Customer” will refer to that company or other legal entity. If Customer does not accept all the terms of this Agreement, then Customer or Customer’s representative must not accept this Agreement and Customer may not use the DSM SaaS Services.
A. Fortanix, either directly or through its affiliates, is in the business of providing encryption and encryption key management services via the DSM SaaS Service (as defined below).
B. Fortanix and Customer are entering into this Agreement to set forth the terms and conditions pursuant to which Customer may gain access to the DSM SaaS Service.
- “Aggregate Data” means information or data derived from Customer’s use of the DSM SaaS Service; provided that it: (a) is not identifiable to any person or entity, (b) is compiled with data from other Fortanix customers such that Customer’s identity cannot be inferred, (c) does not contain Customer’s Confidential Information, and (d) is not distributed or otherwise conveyed in a context that identifies Customer’s identity.
- “Authorized Users” means individuals for whom Customer has purchased a subscription to the DSM SaaS Service and who are authorized by Customer to use the DSM SaaS Service. Authorized Users may include but are not limited to Customer’s employees, affiliates, contractors and agents. Each Authorized User will be associated with a single, unique email address for purposes of accessing (and being identified within) the DSM SaaS Service.
- “Business Contact Information” or “BCI” means business contact data containing personal information (e.g. first and last name, business phone numbers, emails and addresses) of Customer’s (including its affiliates, sublicensees’, agents’ and/or third-party consultants’, and contractors’ ) employees, or of any Authorized User (collectively, “Customer Representatives”), and whose use, processing or transfer is regulated by applicable data protection and privacy laws or regulations as ‘personal data’. Business Contact Information does not include Customer Data.
- “Customer Data” means Customer’s data or information that is input into, loaded, stored, received, retrieved, transmitted through or otherwise processed by Customer as part of its use of the DSM SaaS Service (if any), but explicitly excluding any Business Contact Information. Keys generated by the DSM SaaS Service will not be deemed Customer Data.
- “Documentation” means Fortanix’ then-current documentation for the DSM SaaS Service that is published online at https://support.fortanix.com/hc/en-us.
- “Fortanix Affiliate(s)” means, individually and/or collectively, Fortanix, Inc., and each entity in which Fortanix, Inc. holds the legal, beneficial or equitable ownership, directly or indirectly, of more than fifty percent (50%) of the aggregate of all voting equity interests in such entity.
- “Fees” means the fee specified in a Purchase Order, which fee is required to be paid by Customer in Purchase Order for Customer to use the DSM SaaS Service as permitted herein. Fees may also be referred to in the Purchase Order as Non-Recurring Charges (“NRC”) or Monthly Recurring Charges (“MRC”).
- “Intellectual Property Rights” means any intellectual property in any jurisdiction throughout the world, including any (i) trademarks, service marks, Internet domain names, logos, trade dress, trade names, and any other indicia of source, and all goodwill associated therewith and symbolized thereby; (ii) patents, patent applications and patent disclosures, and inventions and discoveries (whether patentable or not); (iii) processes, technologies, trade secrets, and “know-how”; (iv) copyrights and copyrightable works, moral rights, and mask works; (v) software and software systems (including data, source code, object code, databases and related items such as documentation); and (vi) registrations and applications for any of the foregoing.
- “Key” means an encryption key created and/or managed by the DSM SaaS Service.
- “Key Operation” means an operation from one of the following key management and cryptographic operation categories performed through the DSM SaaS Service, as further described in the Documentation: (1) authentication; (2) security objects; (3) encryption and decryption; (4) sign and verify; (5) digest; and (6) wrapping and unwrapping.
- “Purchase Order” means a Purchase Ordering document prepared by Fortanix which specifies details about the DSM SaaS Service, Usage, Fees and any other details relating to the DSM SaaS Service.
- “Security Credentials” means any and all information provided by Customer or any Authorized User to Fortanix in Purchase Order to establish secure transmissions through the use of the DSM SaaS Service, including but not limited to personal information, information used to identify account names or account numbers, routing information, usernames, passwords, access codes and prompts. Security Credentials that comprise personal information (e.g., first and last name, phone numbers, emails and addresses) are considered Business Contact Information.
- “DSM SaaS Service” means Fortanix DSM SaaS, the encryption key management and encryption service(s) provided by Fortanix, as more particularly described or identified in the applicable Purchase Order.
- “Service Level Agreement” means the service level agreement set forth in Exhibit A which is attached hereto and by this reference made a part hereof.
- “Term” has the meaning ascribed to the term in Section 10.1 (Term).
- “Usage” means the number of Keys and number of Key Operations performed by Customer in connection with the use of the DSM SaaS Service.
- “Zone” means the specific geographic territory in which the DSM SaaS Service may be used, as identified in the applicable Purchase Order.
- DSM SAAS SERVICE PROVISION
- DSM SaaS Service. Subject to Customer’s compliance with this Agreement, Fortanix will provide Customer access to the DSM SaaS Service as described herein, in the Service Level Agreement and on the applicable Purchase Order. Customer may access and use the DSM SaaS Service solely for its internal business purposes and such access and use is expressly limited to the number of Authorized Users, Usage and Zones for which Customer has paid the applicable Fees in accordance with the applicable Purchase Order. Only Authorized Users may access or use the DSM SaaS Service under Customer’s account. Authorized User subscriptions cannot be shared or used by more than one individual but may be permanently reassigned to new Authorized Users. The number of Authorized User subscriptions and Usage purchased may be modified during a given Term upon written agreement of the parties. Customer agrees that Customer’s purchase of subscriptions for the DSM SaaS Service hereunder is neither contingent on the delivery of any future functionality or features nor dependent on any oral or written comments made by Fortanix regarding future functionality or features.
- DSM SaaS Service Restrictions. Customer shall not (and shall not allow or enable anyone else to): (a) make the DSM SaaS Service available to anyone other than Authorized Users; (b) copy, modify or distribute any portion of the DSM SaaS Service or create derivative works therefrom; (c) rent, lease, or provide access to the DSM SaaS Service on a time-share or service bureau basis; (d) reverse engineer, decompile or disassemble any part of the DSM SaaS Service; (e) sell, resell, rent or lease the DSM SaaS Service; (f) use the DSM SaaS Service to store or transmit viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs; (g) interfere with or disrupt the integrity or performance of the DSM SaaS Service; (h) attempt to gain unauthorized access to the DSM SaaS Service or any related systems or networks; (i) export the DSM SaaS Service or the underlying technology in contravention of applicable U.S. and foreign export laws and regulations; (j) repackage, redistribute, or sell the DSM SaaS Service as its own product under its own name and branding; (k) access the DSM SaaS Service in order to build a competitive product or service or to copy any features, functions or graphics thereof; or (l) transfer any of its rights hereunder. Customer acknowledges and agrees that portions of the DSM SaaS Service including but not limited to the source code and the specific design and structure of individual modules or programs, constitute or contain trade secrets of Fortanix and its licensors.
- Acceptable Use Policies. Customer will not use the DSM SaaS Service to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy or Intellectual Property Rights. Notwithstanding the above, Customer acknowledges and agrees that Fortanix is not obligated to monitor or police communications, Customer Data or any other data transmitted through the DSM SaaS Service and that Fortanix will not be responsible for the content of any such communications or transmissions. Customer and its Authorized Users will use the DSM SaaS Service exclusively for authorized and legal purposes, consistent with all applicable laws and regulations. Customer will keep confidential and not disclose to any third parties and will ensure that Authorized Users keep confidential and do not disclose to any third parties, any user identifications, account numbers and account profiles.
- Customer Data. Customer hereby grants to Fortanix a non-exclusive, non-transferable, sublicensable, royalty- free license to store, copy, reproduce, process, transmit, and use as necessary, the Customer Data, solely to the extent needed to provide the DSM SaaS Service to Customer.
- Limited Rights. Customer’s rights to use the DSM SaaS Service will be limited to those expressly granted in this Agreement. Fortanix reserves all rights and licenses in and to the DSM SaaS Service not expressly granted to Customer under this Agreement.
- Customer’s Responsibilities. Customer will: (a) be responsible for meeting Fortanix’ applicable minimum system requirements for access to or use of the DSM SaaS Service, as set forth in the Documentation, (b) be responsible for Authorized Users’ compliance with this Agreement and for any other activity (whether or not authorized by Customer) occurring under Customer’s account, (c) beresponsible for ensuring that the DSM SaaS Service is appropriate Customer’s intended use, (d) be solely responsible for the accuracy, quality, integrity and legality of Customer Data, (e) prevent unauthorized access to or use of the DSM SaaS Service under its account, and notify Fortanix promptly of any such unauthorized access or use, and (f) use the DSM SaaS Service only in accordance with the applicable Documentation, applicable laws and government regulations, and any written instructions provided by Fortanix to Customer from time to time.
- Enforcement. Customer will promptly notify Fortanix of any suspected or alleged violation of this Agreement and will cooperate with Fortanix with respect to: (a) investigation by Fortanix of any suspected or alleged violation of this Agreement, and
(b) any action by Fortanix to enforce this Agreement. Fortanix may suspend or terminate Customer’s or any Authorized User’s access to or use of the DSM SaaS Service upon notice to Customer in the event that Fortanix reasonably determines that Customer or such Authorized User has violated this Agreement or that Customer’s use poses a security risk to the DSM SaaS Service. Fortanix will promptly reinstate Customer’s access to the DSM SaaS Service once the issue causing the suspension has been resolved. Customer will be liable for any violation of this Agreement by any Authorized User.
- Security Credentials. Customer understands that failure to protect Security Credentials may allow an unauthorized person or entity to access the DSM SaaS Service. In addition, Customer acknowledges that Fortanix does not have access to and cannot retrieve lost Security Credentials. Customer acknowledges and agrees that: (a) Customer is solely responsible for collecting, inputting and updating all Security Credentials; (b) Fortanix assumes no responsibility for the supervision, management or control of Customer’s or Authorized User’s Security Credentials; (c) Fortanix assumes no responsibility for any fraudulent or unauthorized use of any portion of the DSM SaaS Service through Customer’s account; and (d) Fortanix disclaims all liability arising out of any use of or failure to protect the Security Credentials or any fraudulent or unauthorized access to or use of any portion of the DSM SaaS Service through Customer’s account.
- Data Security. Customer acknowledges that no product, hardware, software or service can provide a completely secure mechanism of electronic transmission or communication and that there are persons and entities, including enterprises, governments and quasi-governmental actors, as well as technologies, that may attempt to breach any electronic security measure. Fortanix will have no liability on account of any security breach caused by any such persons, entities, or technologies. Fortanix will implement and maintain appropriate technical and organizational measures designed to protect against unauthorized access to the DSM SaaS Service.
- Trial Service. If Customer is provided access to the DSM SaaS Service or to features or functionality of the DSM SaaS Service free of charge, for evaluation, trial, proof of concept, or similar purposes (a “Trial Service”), Customer must use the Trial Service appropriately in good faith for its intended purpose, and unless otherwise specified or allowed, Customer will not use any production data in connection with its use of the Trial Service. Customer’s use of the Trial Service is only permitted for the period of time specified by Fortanix (unless Fortanix and Customer agree otherwise). Unless Fortanix agrees or unless Customer enters into a Purchase Order for the DSM SaaS Service, Customer will not have access to the Trial Service or to any data in the Trial Service after Customer’s authorized use period ends. Fortanix reserves the right to change any free service to a paid service and charging for the DSM SaaS Service or features or functionality of the service that were previously offered free of charge; provided, however, Fortanix will provide Customer with prior notice and give Customer the opportunity to terminate Customer’s account prior to the effective date of such change. The Trial Service is provided “AS IS” without indemnification, support, service level commitment (SLA), or warranty of any kind, express or implied. Fortanix’s aggregate liability (excluding indirect damages, for which Fortanix expressly disclaims all liability) for any claim arising from Customer’s use of the Trial Service will not exceed $500 USD.
- PURCHASE ORDERING, DELIVERY AND PAYMENT
- Purchase Ordering of DSM SaaS Services. Customer and Fortanix will enter into an Purchase Order describing the DSM SaaS Service, Usage, number of Authorized Users, Fees, and other details relating to Customer’s access to and use of the DSM SaaS Service. Such Purchase Orders may be in written or electronic form. All Purchase Orders will reference this Agreement, and upon acceptance by Fortanix, will become part of this Agreement. In the event of a conflict, the terms and conditions of each Purchase Order will take precedence over the terms and conditions of this Agreement, solely with respect to such Purchase Order.
- Fees. Customer will pay Fortanix the Fees for Customer’s Usage of the DSM SaaS Service in accordance with the pricing and terms set forth in the Purchase Order and this Section 3.
- Payment Terms. Unless otherwise specified in a Purchase Order, all Fees and expenses will be due and payable in advance within thirty (30) days of the date of Fortanix’ invoice. Customer will pay all invoices in full, without reduction or setoff of any kind. Any payment due under this Agreement not received by Fortanix within ten (10) days of the due date will incur interest at a rate of 1.5% per month, or the maximum rate allowed by law, whichever is lower. Customer may, in good faith, dispute any invoice or any part thereof (a “Disputed Amount”) by submitting a written notice of such dispute along with reasonable supporting documentation within sixty (60) days of the date of the initial invoice on which the Disputed Amount appears, failing which Customer waives all rights to dispute such Disputed Amount and to file any claim. The Parties will work together in good faith to resolve the Disputed Amount within thirty (30) days after receipt of Customer’s notice.
- Taxes. All Fees payable under this Agreement are net amounts and are payable in full, in the currency specified in the Purchase Order, without deduction for taxes or duties of any kind. Customer will be responsible for, and will promptly pay, all taxes and duties of any kind (including but not limited to sales, use and withholding taxes) associated with this Agreement or Customer’s receipt or use of the DSM SaaS Service, except for taxes based on Fortanix’ net income. In the event that Fortanix is required to collect any tax for which Customer is responsible, Customer will pay such tax directly to Fortanix. If Customer pays any withholding taxes that are required to be paid under applicable law, Customer will furnish Fortanix with written documentation of all such tax payments, including receipts.
- Indirect Purchases. If Customer purchases an entitlement to the DSM SaaS Service through a third-party Fortanix channel partner (such as an authorized reseller), different terms regarding invoicing, payment and taxes may apply. Customer must pay for all charges incurred for its use of the DSM SaaS Service.
- PROPRIETARY RIGHTS
- Ownership of DSM SaaS Service. As between Fortanix and Customer, the DSM SaaS Service and all Intellectual Property Rights therein or relating thereto are and will remain the exclusive property of Fortanix or its licensors. Subject to the limited rights expressly granted hereunder, Fortanix reserves all rights, title and interest in and to the DSM SaaS Service and any associated software and Documentation, including all related Intellectual Property Rights. No other rights are implied with respect to the DSM SaaS Service, or any related Intellectual Property Rights.
- Ownership of Customer Data. Customer reserves all of its rights, title and interest in and to the Customer Data and all Intellectual Property Rights in the Customer Data. No rights are granted to Fortanix hereunder with respect to the Customer Data other than as expressly set forth herein.
- Aggregate Data. Notwithstanding anything to the contrary herein, Customer acknowledges and agrees that Fortanix may collect anonymized or aggregated data regarding the usage and performance of the DSM SaaS Service and create Aggregate Data. Aggregate Data is, and will remain, the exclusive property of Fortanix and Fortanix may use Aggregate Data without restriction for any purpose, including, but not limited to, research and development, improvement of DSM SaaS Service and other Fortanix service and product offerings, sales, licensing, advertising, marketing and promotional purposes.
- Feedback. Any suggestions, enhancement requests, recommendations or other feedback provided by Customer, including Authorized Users, relating to the operation or features of the DSM SaaS Service are referred to as “Feedback”. Customer acknowledges and agrees that all Feedback will be the sole and exclusive property of Fortanix, and Customer hereby irrevocably transfers and assigns to Fortanix and agrees to irrevocably assign and transfer to Fortanix all of Customer’s right, title, and interest in and to all Feedback, including all Intellectual Property Rights therein. At Fortanix’ request and expense, Customer will execute documents and take such further acts as Fortanix may reasonably request to assist Fortanix to acquire, perfect and maintain its Intellectual Property Rights and other legal protections for the Feedback.
- REPRESENTATIONS AND WARRANTIES
- Mutual Representations and Warranties. Each Party represents and warrants to the other Party that: (a) it is duly organized, validly existing and in good standing under its jurisdiction of organization and has the right to enter into this Agreement and (b) the execution, delivery and performance of this Agreement and the consummation of the transactions contemplated hereby are within the corporate powers of such Party and have been duly authorized by all necessary corporate action on the part of such Party and constitute a valid and binding agreement of such Party.
- Warranty Disclaimer. EXCEPT AS OTHERWISE SET FORTH IN THIS AGREEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE DSM SAAS SERVICE IS PROVIDED “AS IS,” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS , IMPLIED OR STATUTORY. NEITHER FORTANIX NOR ANY OF ITS LICENSORS MAKES ANY REPRESENTATIONS OR WARRANTIES OF ANY KIND WHATSOEVER, IN CONNECTION WITH THE DSM SAAS SERVICE. WITHOUT LIMITING THE FOREGOING, FORTANIX DISCLAIMS ANY WARRANTY THAT THE DSM SAAS SERVICE WILL BE ERROR FREE, THAT CUSTOMER’S ACCESS TO OR USE OF THE DSM SAAS SERVICE WILL BE UNINTERRUPTED OR THAT THE DSM SAAS SERVICE WILL MEET CUSTOMER’S NEEDS OR BUSINESS REQUIREMENTS. EXCEPT AS EXPRESSLY PROVIDED HEREIN AND TO THE FULLEST EXTENT PERMITTED BY LAW FORTANIX FURTHER DISCLAIMS ANY AND ALL WARRANTIES WITH RESPECT TO THE DSM SAAS SERVICE, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR SATISFACTORY QUALITY. FORTANIX FURTHER DISCLAIMS ANY AND ALL WARRANTIES ARISING FROM COURSE OF DEALING , COURSE OF PERFORMANCE OR USAGE OF TRADE. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM FORTANIX OR ELSEWHERE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THIS AGREEMENT.
- Indemnification by Customer. Customer will defend Fortanix against any claim by a third party that: (i) such third party has suffered injury, damage or loss resulting from Customer’s or any Authorized User’s access to or use of the DSM SaaS Service; or (ii) Customer or any Authorized User has used the DSM SaaS Service in a manner that violates this Agreement, and indemnify Fortanix from all fines, damages, and costs finally awarded against Fortanix by a court of competent jurisdiction or a government agency, or agreed to in settlement.
- Indemnification by Fortanix. Fortanix will defend Customer against any claim by a third party that the DSM SaaS Service infringes any patent, trademark, or copyright of that third party, or misappropriates a trade secret of that third party (but only to the extent that the misappropriation is not a result of Customer’s actions), under the laws of: (a) the United States, (b) Canada, (c) European Economic Area member states, (d) the United Kingdom, (e) Australia, (f) New Zealand, or (g) Japan, and indemnify Customer from all fines, damages, and costs finally awarded against Customer by a court of competent jurisdiction or a government agency, or agreed to in settlement, provided that the foregoing shall not apply to the extent: (i) there is a combination, operation or use of the DSM SaaS Service with any product, system, device, method or data not recommended or provided by Fortanix, if such infringement would have been avoided but for such combination, operation or use; (ii) there is a modification of the DSM SaaS Service by anyone other than Fortanix, if such infringement would have been avoided but for such modification; or (iii) Customer’s access to or use of the DSM SaaS Service is not compliant with this Agreement.
- Injunction. If Customer’s access to or use of the DSM SaaS Service is, or in Fortanix’ opinion is likely to be, affected by a claim by a third party alleging infringement of such third party’s Intellectual Property Rights, then Fortanix will at its sole option and expense: (i) replace or modify the DSM SaaS Service to make it non-infringing and of equivalent functionality; (ii) procure for Customer the right to continue using the DSM SaaS Service under the terms of this Agreement; or (iii) if Fortanix is unable to accomplish either (i) or (ii) despite using its reasonable efforts, then Fortanix may terminate Customer’s rights and Fortanix’ obligation under this Agreement with respect to such DSM SaaS Service and refund to Customer a pro-rata portion of the pre-paid Fees (if any) for such DSM SaaS Service for the remaining duration of the Term.
- Procedure. The indemnified Party will: (a) promptly notify the indemnifying Party in writing of any such claim;(b) grant the indemnifying Party sole control of the defense and settlement of the claim, provided that indemnifying Party may not settle any claim or take any other action to the extent such settlement or other action would materially adversely impact the indemnified Party’s rights, obligations or business operations without the indemnified Party’s prior written consent (not to be unreasonably withheld, conditioned or delayed); and (c) provide the indemnifying Party, at the indemnifying Party’s expense, with all assistance, information and authority reasonably required for the defense and settlement of the claim.
- Sole Remedy.THE FOREGOING SECTIONS IN THIS SECTION 6 SET FORTH FORTANIX’S SOLE AND EXCLUSIVE OBLIGATIONS, AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDIES, WITH RESPECT TO INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS OF ANY KIND BY THE DSM SAAS SERVICE OR ANY ACCESS TO OR USE THEREOF.
- CONFIDENTIAL INFORMATION
- Definition.“Confidential Information” means any business or technical information disclosed by one Party to the other Party in connection with the Parties’ performance under this Agreement that: (i) if disclosed in writing, is marked “confidential” or “proprietary” at the time of disclosure; (ii) if disclosed orally, is identified as “confidential” or “proprietary” at the time of disclosure, and is summarized in a writing sent by the disclosing Party to the receiving Party within thirty (30) days after any such disclosure; or(iii) under the circumstances, a person exercising reasonable business judgment would understand to be confidential or proprietary. For clarity, the DSM SaaS Service, Aggregate Data, and related Documentation, are Fortanix’ Confidential Information, Customer Data is Customer’s Confidential Information, and the terms of this Agreement constitute Confidential Information of both Parties.
- Exclusions. The obligations and restrictions set forth in Section 7.3 will not apply to any information that the receiving Party demonstrates, by written evidence: (i) is or becomes generally known to the public through no fault of or breach of this Agreement by the receiving Party; (ii) is rightfully known by the receiving Party at the time of disclosure; (iii) is independently developed by the receiving Party without use of the disclosing Party’s Confidential Information; or (iv) the receiving Party rightfully obtains from a third party who has the right to disclose such information without breach of any confidentiality obligation to the disclosing Party.
- Use and Disclosure Restrictions. A receiving Party will not use the disclosing Party’s Confidential Information except as necessary for the performance or enforcement of this Agreement and will not disclose such Confidential Information to any third party except to those of its employees and subcontractors who have a bona fide need to know such Confidential Information for the performance or enforcement of this Agreement; provided that each such employee and subcontractor is bound by a written agreement that contains use and disclosure restrictions consistent with the terms set forth in this Section. Notwithstanding the foregoing, Fortanix may disclose Confidential Information to the Fortanix Affiliates as required to perform or enforce this Agreement, subject to the terms and conditions of this Agreement. Each receiving Party will protect the disclosing Party’s Confidential Information from unauthorized use and disclosure using efforts equivalent to the efforts that the receiving Party ordinarily uses with respect to its own confidential information and in no event less than a reasonable standard of care. The provisions of this Section 7.3 will remain in effect during the Term and for a period of three (3) years after the expiration or termination of this Agreement; provided that, to the extent any Confidential Information constitutes a trade secret, the receiving Party’s obligations under Section 7 will continue until such Confidential Information ceases to be a trade secret.
- Permitted Disclosures. The provisions of this Section 7 will not restrict either Party from disclosing Confidential Information pursuant to the Purchase Order or requirement of a court, administrative agency, or other governmental body; provided that the Party required to make such a disclosure gives reasonable notice to the other Party to enable it to contest such Purchase Order or requirement or limit the scope of such request. The Party responding to such a Purchase Order or requirement will only disclose that information that is expressly required.
- LIMITATION OF LIABILITY
- Exclusion of Damages. IN NO EVENT WILL FORTANIX BE LIABLE FOR ANY SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES, OR FOR LOSS OR DISRUPTION OF USE, DATA, BUSINESS OR PROFITS, OR FOR THE COST OF PROCURING SUBSTITUTE PRODUCTS OR SERVICES ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE ACCESS, USE, OPERATION OR PERFORMANCE OF THE DSM SAAS SERVICE, WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED UPON CONTRACT, WARRANTY, TORT (INCLUDING WITHOUT LIMITATION, NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, AND WHETHER OR NOT FORTANIX HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.
- Total Liability. SUBJECT TO SECTION 8.1, FORTANIX’S TOTAL AGGREGATE LIABILITY ARISING UNDER THIS AGREEMENT, FROM ALL CAUSES OF ACTION AND ALL THEORIES OF LIABILITY, SHALL NOT EXCEED THE AMOUNTS PAID TO FORTANIX BY CUSTOMER UNDER THE APPLICABLE PURCHASE ORDER FOR THE SPECIFIC DSM SAAS SERVICE GIVING RISE TO A CLAIM FOR LIABILITY HEREUNDER, DURING THE TWELVE MONTHS PRECEDING THE CLAIM.
- DATA PROTECTION AND PRIVACY
- Applicability. To the extent Fortanix received BCI regarding residents of the European Economic Area (“EEA”), the United Kingdom, and Switzerland, the terms of this Sections 9 apply.
- Processing. Fortanix will process BCI as Data Controller (as defined under European, United Kingdom, and Switzerland data protection and privacy laws or regulations) for the following purposes:
- the provision of the DSM SaaS Service;
- account administration, billing and accounting reconciliation;
- operational maintenance and support activities;
- fraud detection and prevention and,
- subject to BCI having been previously anonymized, customer and market analysis and reporting.
- Communications. On the basis of Fortanix’ legitimate interest, Fortanix will communicate to Customer by voice, letter or e-mail for the purposes of keeping it informed of products and services that may be of interest, and Fortanix will do so appropriately in compliance with applicable data protection and privacy laws or regulations.
- Contact. Enquiries concerning the use, processing and/or transfer of BCI, in particular access, rectification and deletion requests, by Customer Representatives, should be submitted to PrivacyOffice@eu.Fortanix.com
- Retention. Fortanix will retain BCI for no longer than necessary to fulfill the above-listed purposes for which BCI are processed.
- Safeguards. Fortanix will implement and maintain the Security Measures to protect BCI against accidental or unlawful destruction, alteration or any unauthorized disclosure or access and against other unlawful forms of processing.
- Transfers. Transfers of BCI for the purposes set out above under Section 9.2 to the United States or to any other country located outside the EEA, the United Kingdom, and Switzerland that is not deemed a country of adequate protection, are legitimized as and where required in accordance with applicable data protection and privacy laws or regulations in order to afford such transfer of BCI an adequate level of protection. These measures include (i) the entry into appropriate inter-company data transfer agreements based on the European Standard Contractual Clauses (adjusted to address transfers from the United Kingdom); and/or (ii) the implementation of Binding Corporate Rules as defined under applicable European, United Kingdom, and Switzerland regulations; and/or (iii) equivalent means of compliance.
- Notification. If and where relevant under applicable law, Customer undertakes to inform Customer Representatives (i) that their BCI may be collected, used, processed and transferred by virtue of the performance of, and in accordance with, the Agreement; and (ii) of their rights regarding the processing of their BCI in accordance with this clause.
- Customer Data. With regard to all Customer Data that is personal data (as defined under European, United Kingdom, and Switzerland data protection and privacy laws or regulations) (such Customer Data, “Customer Personal Data”), the Parties acknowledge and agree that (i) Fortanix does not, will not, and has no right to, access, store, monitor or otherwise perform any operation or control of, or on, any Customer Personal Data in connection with the provision of and the DSM SaaS Service, and does not, and will not, and has no right to, perform any processing of Customer Personal Data for, on behalf, or under the instructions of, Customer; and (ii) as a result, Fortanix does not act as Data Processor or Data Controller (as defined under European, United Kingdom, and Switzerland data protection and privacy laws and regulations) with respect to such Customer Personal Data.
- TERM AND TERMINATION
- Term. Subject to earlier termination by either Party in accordance with the terms of this Agreement, the Agreement will commence on the Effective Date and, will remain in force and effect for as long as Customer has an outstanding Purchase Order (the “Term”). This Agreement will automatically terminate when the last remaining Purchase Order expires or terminates.
- Termination for Cause. Either Party may terminate this Agreement or any Purchase Order upon written notice if the other Party materially breaches this Agreement and fails to correct the breach within thirty (30) days following written notice specifying the breach; provided that the cure period for any default with respect to payment will be five (5) business days. In addition, Fortanix may, at its sole option, suspend or terminate Customer’s or any Authorized User’s access to or use of the DSM SaaS Service, or any portion thereof, immediately: (a) if Fortanix suspects that any person other than Customer or an Authorized User is using or attempting to use Security Credentials, (b) if Fortanix suspects that Customer or an Authorized User is using the DSM SaaS Service in a way that violates this Agreement and/or could expose Fortanix or any other entity to harm or legal liability, or (c) if Fortanix in its sole discretion believes it is required to do so by law.
- Termination for Insolvency. If Customer becomes, as applicable under local law, unable to pay its debts as they become due, ceases to do business, enters into a deed of arrangement, undergoes judicial management, commences the process of liquidation, has a receiver appointed or begins winding up or similar arrangements, then Fortanix may terminate this Agreement upon thirty (30) days’ written notice.
- Rights and Obligations Upon Expiration or Termination. Upon expiration or termination of this Agreement, Customer’s and Authorized Users’ right to access and use the DSM SaaS Service will immediately terminate, Customer and its Authorized Users will immediately cease all access and use of the DSM SaaS Service, all Fees payable up to termination will become immediately due and payable, and each Party will return or destroy and make no further use of any Confidential Information, materials, or other items (and all copies thereof) belonging to the other Party.
- Payment Upon Termination. If this Agreement is terminated by Fortanix in accordance with Sections 10.2 (Termination for Cause) or 10.3 (Termination for Insolvency), Customer will pay any unpaid Fees covering the remainder of the Term of all Purchase Orders. In no event will termination relieve Customer of its obligation to pay any Fees payable to Fortanix for the period prior to the effective date of termination.
- Survival. The rights and obligations of the Parties under Sections 1, 2.5, 3.2, 3.3, 3.4, 4, 5.2, 6, 7, 8, 9, 10.4, 10.5, 10.6, and 11 will survive the expiration or any termination of this Agreement.
- Subcontracting and Transfer. Fortanix may permit any of its Affiliates, independent contractor or other third party, to perform any of Fortanix’ obligations hereunder, provided that Fortanix remains primarily liable for the performance of its obligations. Fortanix may transfer this Agreement or any of its rights and obligations hereunder to an Affiliate or to an entity which is acquiring all or substantially all of Fortanix’s business or assets with prior notice to Customer, and in all such events the person or entity to whom this Agreement is assigned by Fortanix must agree in writing to be bound by all of the terms of this Agreement. This Agreement will be binding upon and inure to the benefit of all successors and permitted transferees of the Parties, who will be bound by all of the obligations of their predecessors or transferors.
- Governing Law. This Agreement and any disputes arising under, in connection with, or relating to this Agreement will be governed by the laws of the State of California, excluding its conflicts of law rules. Any litigation pertaining to the interpretation or enforcement of this Agreement shall be filed in and heard by the state or Federal courts located in Santa Clara, California, and the parties hereby submit to the jurisdiction of and waive any venue objections against such courts. If any legal action is brought by either Party arising from, or related to, the subject matter of this Agreement, the prevailing Party will be entitled to an award of its reasonable attorneys' fees and costs. English language shall be the applicable language and translation of the Agreement and the Purchase Order.
- Severability. If for any reason a court of competent jurisdiction finds any provision of this Agreement invalid or unenforceable, that provision of the Agreement will be enforced to the maximum extent permissible, and the other provisions of this Agreement will remain in full force and effect.
- Waiver. A failure by either Party to enforce any provision of this Agreement will not constitute a waiver of future enforcement of that or any other provision. Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a Party at law or in equity.
- Relationship of Parties. The Parties to this Agreement are independent contractors and this Agreement will not establish any relationship of partnership, joint venture, employment, franchise, or agency between the Parties. Neither Party will have the power to bind the other or incur obligations on the other’s behalf without the other’s prior written consent.
- Notice. All notices required or permitted under this Agreement will be in writing and will be deemed given: (a) when delivered personally; (b) two (2) business days after deposit with an internationally recognized express courier, with written confirmation of receipt; or (c) five (5) business days after having been sent by registered or certified mail, return receipt requested, postage prepaid. All such notices, approvals, consents and other communications will be sent to the address as may be specified by either Party to the other Party in this Agreement or on the Purchase Order
- Force Majeure. Neither Party will be responsible or liable to the other Party for any failure or delay in its performance under this Agreement (except for Customer’s payment obligations) due to causes beyond its reasonable control, including, but not limited to, labor disputes, strikes, lockouts, shortage of or inability to obtain energy, or supplies, war, terrorism, riot or acts of God (each a “Force Majeure”). In the event of a Force Majeure, the Party that is unable to perform or whose performance is delayed will promptly notify the other Party of the Force Majeure and will use its commercially reasonable efforts to resume performance, provided that if either Party is prevented or delayed from performing its obligations under this Agreement due to a Force Majeure for a period of sixty (60) consecutive days or more, either Party may terminate this Agreement or any impacted Purchase Order upon written notice to the other Party.
- Export Control. Each Party will comply with (and Customer will ensure that any Authorized Users comply with) applicable export/re-export, sanctions, import and customs laws and regulations (including U.S. sanctions and export regulations) (“Sanctions Laws”). In addition, Customer will not be listed on, nor owned or controlled by an entity or person which is subject to, nor located in or organized under the laws of a country subject to, U.S. or E.U. embargo. Notwithstanding any other provision in this Agreement, Fortanix reserves the right to terminate this Agreement immediately upon written notice to the Customer if Fortanix reasonably determines that Customer is not in compliance with this Section or is causing Fortanix to be exposed to violations under Sanction Laws.
- Entire Agreement. This Agreement, including all exhibits (and any attachments or schedules thereto) and Purchase Orders, constitutes the complete and exclusive understanding and agreement between the Parties regarding its subject matter and supersedes all prior or contemporaneous agreements or understandings, written or oral, relating to its subject matter. The provisions of the Purchase Order will supersede the provisions of this Agreement to the extent of any express inconsistency. Except as set forth in Section 11.11, this Agreement may be modified or any rights under it waived only by a written document executed by both Parties.
- Counterparts. This Agreement may be executed in counterparts, each of which will be deemed an original, but all of which together will constitute one and the same instrument.
- Modification. The parties hereby agree that this Agreement contains the entire agreement between the parties and this Agreement shall not be modified, changed or amended in any way except through a written amendment signed by all the parties hereto
- Third Parties. There are no third-party beneficiaries to this Agreement.
- Affiliate Adoption. A Customer Affiliate and/or an Fortanix Affiliate may adopt the terms of this Agreement by entering into a Purchase Order which references this Agreement. The parties agree that the entities identified in a Purchase Order adopt the terms of this Agreement as if they were the original contracting parties thereto. For clarity, the contracting parties may be Customer, Fortanix, Customer Affiliate, and/or Fortanix Affiliate.
FORTANIX DSM SAAS SERVICE LEVEL AGREEMENT
The purpose of this Service Level Agreement (“SLA”) is to define the measurable performance levels of the DSM SaaS Service and specify the remedies available to Customer if Fortanix fails to achieve these levels. This SLA only applies to the paid Production version of the Fortanix DSM SaaS Service, the SLA doesn’t apply to the Trial version of the DSM SaaS
All capitalized terms used in this SLA but not defined will have the meaning ascribed to the term in the Agreement. The following additional definitions apply to this SLA.
- “Downtime” means a five-minute period during which at least ten Valid Requests are received and during which the Error Rate is 10% or more. For purposes of clarity, there is no Downtime if the Error Rate temporarily exceeds 10% during such five-minute period, provided that the aggregate Error Rate during a five-minute period does not exceed 10%.
- “Error Rate” means the percentage of total Valid Requests received in a period of time that result in a Response Error, excluding any Response Errors that are Excused Errors. Error Rate is determined by Fortanix’ server-side health monitoring. Expressed another way, Error Rate is calculated as follows:
- “Excluded Operation” means an operation from one of the following user, administrator and account management categories performed through the DSM SaaS Service, as described in the published API documentation: (1) apps;(2) groups; (3) accounts; (4) users; (5) logs; and (6) plug ins.
- “Excused Error” means a Response Error that is due to: (a) circumstances beyond Fortanix’ reasonable control including without limitation, denial of service attacks, natural disasters, changes resulting from government, political, or other regulatory actions or court orders, strikes or labor disputes, acts of civil disobedience, acts of war, acts against parties, and other force majeure items; (b) Customer’s act or omission, or the act or omission of any third-party partner with whom Customer connects; (c) any service failure of a third party system which Customer is using in conjunction with the DSM SaaS Service, including but not limited to those provided by an Internet service provider, network service provider, or cloud service provider; (d) Customer-provided content, data or information or programming errors by Customer; (e) lack of availability by Customer or a failure of Customer to respond in a timely manner to incidents that require its participation for source identification and/or resolution, including meeting Customer responsibilities for any prerequisite services; or (f) Customer’s breach of any of its material obligations under the Agreement.
- “Included Operation” means an operation from one of the following key management and cryptographic operation categories performed through the DSM SaaS Service, as described in the published API documentation: (1) authentication; (2) security objects;(3) encryption and decryption; (4) sign and verify; (5) digest; and (6) wrapping and unwrapping.
- “ARC Credit” means a credit of a percentage of the current annual bill paid by Customer for the DSM SaaS Service to be applied to future annual payments by Customer for the DSM SaaS Service that is offered due to a failure to meet the Monthly Uptime Objective, as further described in Section 3.
- “Monthly Uptime Objective” means 99.95 %.
- “Monthly Uptime Percentage” means the percentage of time in a month that the DSM SaaS Service is available to the Customer, calculated as:
- “Response Error” means a response by the DSM SaaS Service to a Valid Request within ten seconds of receipt of such Valid Request of HTTP Status 50x and with one of the following codes: (i) "Internal Error", (ii) "Unknown" or (iii) "Unavailable".
- “Valid Request” means a request issued by Customer to the DSM SaaS Service to perform an Included Operation that conforms to the then-current Documentation, and that would normally result in a non-error response. For purposes of clarity, requests for Excluded Operations are not deemed Valid Requests and are not subject to this SLA.
- Customer Responsibilities
Customer must: (i) provide and keep current valid contact information that includes phone number(s) and email address(es) for both a primary contact and an operational/technical contact (e.g., network engineer or routing engineer); (ii) provide technical configuration details; and (iii) comply with all technical specifications and policies as provided by Fortanix from time to time.
Customer must not: (a) conduct any illegal activities through the DSM SaaS Service; (b) conduct any activity that interferes with or impairs the equipment or connectivity of any other customer on the DSM SaaS Service; (c) obtain or attempt to obtain unauthorized access to the DSM SaaS Service, or circumvent or attempt to circumvent any applicable security features; or (d) reverse assemble, reverse compile or reverse engineer the DSM SaaS Service, or otherwise attempt to discover any DSM SaaS Service source code or underlying proprietary information.
This SLA will apply to Customer’s use of the DSM SaaS Service. If Customer violates any provision set forth herein, in the Agreement or in the applicable Purchase Order, Fortanix may take reasonable action to correct any problem such violation may cause, including suspending or, upon written notice, terminating Customer’s use of the DSM SaaS Service.
- ARC Credits
If the Monthly Uptime Percentage does not meet or exceed the Monthly Uptime Objective in any given month, Customer will be eligible to receive ARC Credits as specified below:
Monthly Uptime Percentage Minutes of Downtime (based on 30 day average) ARC Credit ≥ 95 to < 99.95% 23 minutes to ≤ 36 hours 0.8% < 95% > 36 hours 2.0%
The ARC Credits listed above are Customer’s sole and exclusive remedy for any failure of the DSM SaaS Service, including, without limitation, any failure to meet the Monthly Uptime Objective.
- ARC Credit Requests
To receive an ARC Credit, as described above, Customer must notify Fortanix Help Desk within five (5) days of any Downtime in any particular month and request a credit within thirty (30) days of the end of each month during which the Monthly Uptime Percentage failed to meet the Monthly Uptime Objective. All periods of Downtime must be verified by Fortanix. Failure to comply with this requirement will result in waiver of Customer’s right to receive an ARC Credit. The ARC Credits can accumulate within the Term of Agreement. Approved credits will be applied by Fortanix to Customer’s next invoice for the DSM SaaS Service following the approval of the ARC Credit. All unused ARC credits will expire after the term or termination of the Agreement/Purchase Order, without the possibility for the reimbursement.
NEW TO Data Security Manager™?