Terms and Conditions of Use

These terms of use (this “Agreement”) constitute a legal agreement between you, either as an individual, company or other legal entity (in any capacity referred to herein as “Client”) and Keyfactor, Inc., a Delaware corporation (“Keyfactor”). If you are accepting this Agreement on behalf of your company or organization, you represent that you are authorized to accept these terms on behalf of such company or organization. This Agreement governs your use of Software, Keyfactor-Hosted Services, Client-Hosted Services, Documentation, Keyfactor Services and Professional Services (as those terms are defined below). Keyfactor and Client may be collectively referred to herein as the “Parties”, and each may be referred to individually as a “Party”.

THE SOFTWARE, KEYFACTOR-HOSTED SERVICES, CLIENT-HOSTED SERVICES, DOCUMENTATION, KEYFACTOR SERVICES AND PROFESSIONAL SERVICES ARE PROVIDED BY KEYFACTOR AND CERTAIN THIRD PARTIES, SUBJECT TO THE TERMS AND CONDITIONS OF THIS AGREEMENT, ANY REFERENCED THIRD-PARTY AGREEMENTS AND ANY RIGHTS, OBLIGATIONS, AND LIMITATIONS SET FORTH HEREIN. BY OPERATING, DOWNLOADING, INSTALLING, REGISTERING OR OTHERWISE USING THE SOFTWARE, KEYFACTOR-HOSTED SERVICES, CLIENT-HOSTED SERVICES, DOCUMENTATION, KEYFACTOR SERVICES OR PROFESSIONAL SERVICES, YOU ARE EXPRESSLY AND EXPLICITLY ACKNOWLEDGING AND AGREEING THAT YOU HEREBY AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT ACCEPT ALL THE TERMS AND CONDITIONS SET FORTH HEREIN, DO NOT OPERATE, DOWNLOAD, INSTALL, REGISTER, OPT-IN OR OTHERWISE USE THE SOFTWARE, KEYFACTOR-HOSTED SERVICES, CLIENT-HOSTED SERVICES, DOCUMENTATION, KEYFACTOR SERVICES OR PROFESSIONAL SERVICES.

1. DEFINITIONS

Aggregated Anonymized Data” means data and information derived from Client’s use of the Keyfactor Services that is used by Keyfactor in an aggregate and anonymized manner in order to improve the provision and operation of the Keyfactor Services.

Authorized User(s)” means Client’s employees, consultants, contractors, affiliates and agents (i) who are authorized by Client to access and use the Keyfactor Services under the rights granted to Client pursuant to this Agreement and (ii) for whom access to the Keyfactor Services has been purchased hereunder. For Keyfactor Services that are specifically designed to allow Client’s customers, suppliers or other third parties to access the Keyfactor Services to interact with Client, such third parties will be considered “Authorized Users” subject to the terms of this Agreement.

“CCPA” means the California Consumer Privacy Act of 2018, a sweeping piece of legislation designed to give California consumers increased control over their Personal Information and which requires that affected companies comply with certain requirements, facilitate consumer data requests, update their privacy policies and assure that their vendors comply as well.

Client Data” means, other than Aggregated Anonymized Data, information, data, and other content, including Client Personal Data (as that term is defined in the GDPR) and/or Client Personal Information (as that term may be defined in the CCPA, PIPEDA and/or other U.S. state-based legislation or comparable legislation in Canada), in any form or medium, that is submitted, posted, or otherwise transmitted by or on behalf of Client or an Authorized User through the Keyfactor Services.

Client-Hosted Services” means Keyfactor Services accessed by Client through use of downloaded Software.

Data Protection and Privacy Laws” means all country, federal, state and foreign laws, rules, regulations, directives and governmental or data protection authority decisions, in each case, having the force of law applicable to the collection, processing, use, storage, transmission and/or disclosure of Personal Data, Personal Information, personally identifiable information, sensitive personal information and Special Categories of Personal Data, including, without limitation, the GDPR, PIPEDA, the Privacy and Electronic Communications Directive 2002, as amended (or “ePrivacy Directive”), the (UK) Data Protection Act 2018, the (Swiss) Federal Act on Data Protection of 19 June 1992, the California Consumer Privacy Act of 2018, Title V of the Gramm-Leach-Bliley Act of 1999, Japan’s Personal Information Protection Law, the Massachusetts Standards for the Protection of Personal Information of Residents of the Commonwealth (201 C.M.R. 17.00, et seq.), and the UK Markets in Financial Instruments Directive, all of which as they may be amended and/or superseded from time to time.

Documentation” means Keyfactor’s user manuals, handbooks, and guides relating to the Keyfactor Services provided by Keyfactor to Client either electronically or in hard copy form/end user documentation relating to the Keyfactor Services.

“Effective Date” means the date Client’s subscription begins pursuant to the terms of the applicable Order Form.

“Force Majeure Event” shall have the meaning given in Section 10(c).

“GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, as may be amended from time to time, which lays down rules relating to the protection of natural persons with regard to the processing of Personal Data and rules relating to the free movement of personal data.

Intellectual Property Rights” means copyrights (including rights in software), patents, trademarks, trade names, service marks, business names (including internet domain names), design rights, database rights, semi-conductor topography rights, rights in undisclosed or confidential information (such as know-how, trade secrets and inventions, whether patentable or not) and all other intellectual property or similar proprietary rights of whatever nature (whether registered or not and including applications to register or rights to apply for registration) which may now or in the future subsist anywhere in the universe.

“Keyfactor Cloud Service” means the combination of hardware and software owned, licensed, subscribed to, or managed by Keyfactor to which Keyfactor grants Client and Authorized Users access as part of the Keyfactor-Hosted Services that are described in an Order Form.

“Keyfactor-Hosted Services” means Keyfactor Services accessed by Client through the Keyfactor Cloud Service.

Keyfactor IP” means the Keyfactor Services, the Documentation, and any and all intellectual property provided to Client or any Authorized User in connection with the foregoing, including, but not limited to the Keyfactor platforms and related integration. For the avoidance of doubt, Keyfactor IP includes Aggregated Anonymized Data and any information, data, or other content derived from Keyfactor’s monitoring of Client’s access to or use of the Keyfactor Services but does not include Client Data.

“Keyfactor Services” means the services described in an Order Form.

“Order Form” means ordering documentation used to purchase Software, Keyfactor-Hosted Services, Client-Hosted Services, Keyfactor Services or Professional Services.

“Personal Data” means any information relating to an identified or identifiable natural person (i.e., Data Subject) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

“PIPEDA” means the Personal Information Protection and Electronic Documents Act, as may be amended from time to time, a Canadian Act to support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances, by providing for the use of electronic means to communicate or record information or transactions.

“Professional Services” means the professional services described in any Statement of Work that may be agreed to between you and Keyfactor. Professional Services shall be limited to training, implementation and implementation related services as well as any comparable services to which the Parties may agree from time to time. In the event Client desires to engage Keyfactor to provide consulting services, data management services or for the creation of custom deliverables, Client and Keyfactor shall enter into an amendment to this Agreement and a new Order Form for such services.

“Software” means downloadable software utilized for providing Client-Hosted Services.

Statement of Work” means a document that establishes the scope of Professional Services to be performed, defines the context, describes specific tasks, activities and deliverables, and identifies the responsibilities of the Parties.

“Term” shall have the meaning given in Section 8(a).

Third-Party Products” means a product of a company other than Keyfactor that may be purchased or licensed through Keyfactor as a convenience to Client.

2. ACCESS AND USE

A. Access to the Keyfactor Services. The Keyfactor Services may be provided as either Client-Hosted Services or Keyfactor-Hosted Services, as designated in the applicable Order Form. Keyfactor shall provide to Client the passwords and network links, as applicable, necessary to enable Client to access the Keyfactor Services. Subject to and conditioned on Client’s payment of fees and compliance with all other terms and conditions of this Agreement, Keyfactor hereby grants Client a non-exclusive, non-transferable [except in compliance with Section 10(g)] internal license to access and use the Keyfactor Services during the Term, solely for use by Authorized Users in accordance with the terms and conditions herein. Where the Keyfactor Services have been offered as a Keyfactor-Hosted Service, that license will extend to the use of the Keyfactor Cloud Services environment for the term of that Keyfactor Service as set forth in the Order Form. If Client is subscribing to Client-Hosted Services, subject to the terms and conditions of this Agreement, Keyfactor grants Client a non-exclusive, non-sublicensable and non-transferable license to install and use the Software during the Term in accordance with this Agreement and the Documentation. Client-Hosted Services may only be downloaded to the number of Client’s servers authorized in the Order Form, and they may not be replicated.

B. Documentation License. Subject to the terms and conditions contained in this Agreement, Keyfactor hereby grants to Client a non-exclusive, non-sublicensable, non-transferable [except in compliance with Section 10(g)] license to use the Documentation during the Term solely for Client’s internal business purposes in connection with its use of the Keyfactor Services. Client may, for the purposes of training, translation, Client’s internal backup, operational support or internal distribution, as well as any other business purpose reasonably related to the Client’s use of the Keyfactor Services under the Agreement, copy or allow others to copy any part of the Documentation or other printed material provided with the Keyfactor Service.

C. Use Restrictions. Client shall not use the Keyfactor Services for any purpose beyond the scope of the access granted in this Agreement. Client shall not at any time, directly or indirectly, and shall not permit any person to:

    1. Copy, modify, or create derivative works of the Keyfactor Services or Documentation, in whole or in part;
    2. Rent, lease, lend, sell, license, sublicense, assign, distribute, publish, transfer, or otherwise make available the Keyfactor Services or Documentation;
    3. Reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to any software component of the Keyfactor Services, in whole or in part;
    4. Remove any proprietary notices from the Keyfactor Services or Documentation;
    5. Use the Keyfactor Services or Documentation in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable law;
    6. Permit the use of the Keyfactor Services, including any data, information or reports generated by the Keyfactor Services, by anyone who is not an Authorized User; or
    7. Falsely imply any sponsorship or association with Keyfactor.

Keyfactor reserves the right to take appropriate measures—up through and including termination of the Services—following Client’s or an Authorized User’s violation of any provision of this section. Should Client fail to address and resolve such violation upon the expiration of thirty (30) days’ notice, Keyfactor shall terminate its Agreement with Client and reserves the option to pursue any additional remedies available.

D. Hosting Restrictions. Client agrees that it will not knowingly or intentionally use or permit the use of the Keyfactor Services—including by uploading, emailing, posting, publishing or otherwise transmitting any material, whether Client Data, Keyfactor Service-generated work product or report, third-party content, or other data—for any purpose that may:

    1. Menace or harass any person or cause damage or injury to any person or property;
    2. Involve the publication of any material that it knows to be false, defamatory, harassing or obscene;
    3. Violate privacy rights or promote bigotry, racism, hatred or harm;
    4. Constitute unsolicited bulk e-mail, “junk mail”, “spam” or chain letters;
    5. Constitute an infringement of intellectual property or other proprietary rights;
    6. Frame, scrape, link or mirror any content forming a part of the Keyfactor Service, other than Client’s own intranets or otherwise for its own internal use;
    7. Result in the upload to the Keyfactor Service or use of the Keyfactor Service to send or store viruses, worms, time-bombs, Trojan horses or other harmful or malicious code; or
    8. Otherwise violate applicable laws, ordinances or regulations.

In addition to any other rights afforded to Keyfactor under this Agreement, Keyfactor reserves the right, but has no obligation, to take remedial action (up through and including removing offensive material, disabling access to such material and/or terminating its Agreement with Client). Keyfactor shall not be liable for any losses in business, customers, revenue, time, etc., that Client may incur should Keyfactor take such action. Client shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness and ownership of all Client Data.

E. Reservation of Rights. Keyfactor reserves all rights not expressly granted to Client in this Agreement. Except for the limited rights and licenses expressly granted under this Agreement, nothing in this Agreement grants, by implication, waiver, estoppel, or otherwise, to Client or any third party any Intellectual Property Rights or other right, title, or interest in or to the Keyfactor IP.

F. Suspension. Notwithstanding any provision in this Agreement to the contrary, Keyfactor may suspend Client’s and any Authorized User’s access to any portion or all of the Keyfactor Services if Keyfactor determines that:

    1. Client’s or an Authorized User’s access to or use of the Keyfactor Services is the source of a threat to or attack upon any Keyfactor IP;
    2. Client’s or any Authorized User’s use of the Keyfactor IP materially: (a) violates the license terms; or (b) disrupts or poses a security risk to the Keyfactor IP or to any other Client or vendor of Keyfactor;
    3. Client, or any Authorized User, is using the Keyfactor IP for fraudulent or illegal activities;
    4. Subject to applicable law, Client has ceased to continue its business in the ordinary course, made an assignment for the benefit of creditors or similar disposition of its assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution, or similar proceeding; or
    5. Keyfactor’s provision of the Keyfactor Services to Client or any Authorized User is prohibited by applicable law.

In the event of a suspension of service pursuant to this Section 2, Keyfactor shall immediately provide written notice of the service suspension to Client and provide updates regarding resumption of access to the Keyfactor Services following any service suspension. Keyfactor shall resume providing access to the Keyfactor Services immediately after it receives confirmation that the event giving rise to the service suspension is cured. Keyfactor will have no liability for any damage, liabilities, losses (including any loss of data or profits), or any other consequences that Client or any Authorized User may incur as a result of a service suspension in accordance with this Section 2.

3. CLIENT RESPONSIBILITIES

A. General. Client is responsible and liable for all uses of the Keyfactor Services and Documentation that arise out of Client’s provision of access to such Services and Documentation to Client’s employees and other Authorized Users. The foregoing clause applies whether Client provides direct or indirect access to Keyfactor Services to such Authorized Users and whether Client’s provision of such access or use is permitted in conformity with or in violation of the provisions of this Agreement. Without limiting the generality of the foregoing, Client is responsible for all acts and omissions of Authorized Users as it relates to their access to and use of Keyfactor Services. Any act or omission by an Authorized User that would constitute a breach of this Agreement if undertaken by Client will be deemed a breach of this Agreement by Client. Client shall use commercially reasonable efforts to make all Authorized Users aware of this Agreement’s provisions as applicable to such Authorized User’s use of the Keyfactor Services and shall use commercially reasonable efforts to cause Authorized Users to comply with such provisions.

B. Third-Party Products. Keyfactor may from time to time make Third-Party Products available to Client. For purposes of this Agreement, such Third-Party Products are subject to their own terms and conditions and the applicable flow through provisions referred to in the applicable Order Form. If Client does not agree to abide by the terms and conditions of use applicable to any such Third-Party Products, then Client should refrain from purchasing, licensing, installing or using such Third-Party Products.

C. Payment of Fees. Client agrees to pay all fees in accordance with each Order Form. If Client purchases Keyfactor Services through a reseller, Client agrees that it will pay the reseller in keeping with the fee structure and timeframe established and agreed upon in the contract between Client and the reseller. Client further acknowledges and agrees, however, that Keyfactor may terminate Client’s rights to use Keyfactor Services if: (i) Client fails to pay the reseller for such Services as agreed; or (ii) the reseller fails to tender payment for such Services to Keyfactor more than sixty (60) days after payment to Keyfactor becomes due and owing.

4. CONFIDENTIAL INFORMATION

From time to time during the Term, either Party may disclose or make available to the other Party information about its business affairs, products, customers, services, confidential intellectual property, trade secrets, third-party confidential information, Personal Information, Personal Data and other sensitive or proprietary information. Such information, all of which the Parties shall treat as confidential, may be disclosed or made available to the receiving Party in any of the following formats: orally, in writing or media-based; electronic, paper-based or other form; and marked “confidential” or unmarked, designated confidential or not so designated, or identified as “confidential” or not so identified (collectively, “Confidential Information”). Confidential Information does not mean and shall not include information that, at the time of disclosure is:

  • a) In the public domain in the absence of the receiving Party’s breach of any obligation owed to the disclosing Party and in the absence of any wrongdoing by the receiving Party or any third party;
  • b) Rightfully in the possession of the receiving Party prior to disclosure by the disclosing Party;
  • c) Lawfully obtained by the receiving Party on a non-confidential basis from a third party; or
  • d) Independently developed by the receiving Party without reference to the disclosing Party’s Confidential Information.

The receiving Party shall not disclose the disclosing Party’s Confidential Information to any person or entity, except to the receiving Party’s employees or other Authorized Users who need to know the Confidential Information in order to enable the receiving Party to exercise its rights or perform its obligations under this Agreement. The receiving Party is, however, permitted to disclose relevant aspects of such Confidential Information to its officers, employees, attorneys and auditors by a public accounting firm and/or law enforcement agencies, on a need-to-know-basis, in order to perform its obligations under the Agreement, provided that the receiving Party obligates all such persons or entities to protect the Confidential Information to at least the same extent as required under this Section 4 (including during the terms of their employment or engagement and thereafter). The receiving Party shall implement technical, managerial, organizational and operational measures to mitigate risks and implement the controls necessary to protect the confidentiality of the other Party’s Confidential Information. Such controls shall be no less protective than those measures it uses to protect the confidentiality of its own confidential or proprietary information of a similar nature (and, in no event, less than commercially reasonable measures). The receiving Party shall give the disclosing Party notice immediately upon learning of any unauthorized use or disclosure of Confidential Information. Notwithstanding the foregoing, each Party may disclose Confidential Information to the limited extent required:

  • a) To comply with the order of a court, other governmental or regulatory body, or as otherwise necessary to comply with applicable law, provided that the Party making the disclosure pursuant to the order shall first have given sufficient written notice to the other Party to allow such Party an opportunity to obtain a protective order. Failing that, the Party making the disclosure shall also make a commercially reasonable effort to obtain a protective order on behalf of the other Party. To the extent not prohibited by law, the receiving Party shall promptly provide to the disclosing Party notice of all available details of the legal requirement and shall reasonably cooperate with the disclosing Party’s efforts to challenge the disclosure, seek an appropriate protective order, or pursue such other legal action as the disclosing Party may deem appropriate.; or
  • b) To enforce a Party’s rights under this Agreement, including to make required court filings.

On the expiration or termination of this Agreement, the receiving Party shall, at the disclosing Party’s written election, promptly return to the disclosing Party all copies, whether in written, electronic, or other form or media, of the disclosing Party’s Confidential Information, and/or destroy all such copies and upon request of the disclosing Party certify in writing to the disclosing Party that such Confidential Information has been destroyed. Each Party’s obligations of non-disclosure with regard to Confidential Information are effective as of the Effective Date and will expire five (5) years from the date first disclosed to the receiving Party; provided, however, that, with respect to any Confidential Information that constitutes a trade secret (as determined under applicable law), such obligations of non-disclosure will survive the termination or expiration of this Agreement for as long as such Confidential Information remains subject to trade secret protection under applicable law.

Where the receiving Party may be considered a Processor or Sub-Processor (as those terms may be defined and/or understood under the GDPR), such receiving Party shall implement appropriate technical and organizational measures to provide an adequate level of security and protect Personal Data against unauthorized or unlawful processing or a Personal Data Breach as those terms are defined in the GDPR.

5. INTELLECTUAL PROPERTY OWNERSHIP; FEEDBACK

A. Keyfactor IP. Client acknowledges that, as between Client and Keyfactor, Keyfactor owns all right, title, and interest, including all Intellectual Property Rights, in and to the Keyfactor IP, including, but not limited to, the Keyfactor platforms and related integrations.

B. Client Data. Keyfactor acknowledges that, as between Keyfactor and Client, Client owns all right, title, and interest, including all Intellectual Property Rights, in and to Client DataClient hereby grants to Keyfactor a non-exclusive, royalty-free, worldwide license to reproduce, distribute, transmit, store and otherwise use and display Client Data and perform all acts with respect to Client Data as may be necessary for Keyfactor to provide the Keyfactor Services to Client, and a non-exclusive, perpetual, irrevocable, royalty-free, worldwide license to reproduce, distribute, modify, and otherwise use and display Client Data incorporated within the Aggregated Anonymized Data.

C. Trademarks and Logos. Except where otherwise stated in an Order Form, Client hereby grants Keyfactor the right to utilize Client’s name, logo and/or trademarks—as well as statements and/or testimonials about Client’s experience(s) with Keyfactor and Keyfactor Services—for reference purposes and in connection with certain promotional materials that Keyfactor may disseminate to the public (e.g., advertising, print marketing and online marketing materials). Keyfactor may utilize Client’s name, logo and trademarks without providing notice to Client of its intent to do so or requesting Client’s consent.

D. Feedback. From time to time, Client may choose to submit comments, information, questions, data, ideas, description of processes, or other information to Keyfactor, including in the course of receiving support or maintenance (“Feedback”). Keyfactor may in connection with any of its products or services freely use, copy, disclose, license, distribute and exploit any Feedback in any manner without any obligation, royalty or restriction based on intellectual property rights or otherwise. No Feedback will be considered Client’s Confidential Information, and nothing in this Agreement limits Keyfactor’s right to independently use, develop, evaluate, or market products, whether incorporating Feedback or otherwise.

6. LIMITED WARRANTY AND WARRANTY DISCLAIMER

A. Keyfactor represents and warrants to Client that the Keyfactor Services will perform in substantial compliance with the Keyfactor Service Description set forth in the Product Documentation located at  https://software.keyfactor.com/ for a period of ninety (90) days from the Effective Date. Keyfactor makes its Product Documentation available to authenticated customers and partners both online and in electronic soft-copy format (i.e., PDF). To make a claim under this warranty, Client must notify Keyfactor in writing within the applicable 90-day warranty period that the Keyfactor Service is not operating in conformity with the Keyfactor Product Documentation. Such notice shall include the nature of the defect, description of the defective Keyfactor Service and any other relevant information. In the event of a breach of this limited warranty, Keyfactor will use commercially reasonable efforts to repair the Keyfactor Service so that it will operate in compliance with the Keyfactor Service Description. Following a breach of this warranty, Keyfactor shall either correct or provide a “workaround” for the reported malfunction upon Client’s written request. Should the malfunction cause an ongoing material failure of the Client’s production instances of the Keyfactor Service—and should such failure to conform to the Keyfactor Service Description persist without correction or work-around for more than forty-five (45) days after Client’s written notice to Keyfactor of a warranty claim under this Section 6(a)—then Client may elect to terminate this Agreement without liability for the balance of the term that Keyfactor was to have provided the Services. In such an event, Keyfactor shall issue a full refund to Client for all pre-paid Keyfactor Services not yet delivered. Such refund shall constitute Client’s sole and exclusive remedy for the service failure. All limited warranties on the Keyfactor Service are granted only to Client and are non-transferable.

B. Keyfactor warrants that no component of the Keyfactor Services shall contain malicious code or software. Should Keyfactor determine or discover that malicious code or software is present in the Keyfactor Services, Keyfactor shall promptly inform Client of its discovery of the irregularity. In such case, Keyfactor shall make commercially reasonable efforts to remove the malicious code or software. Keyfactor shall bear and be exclusively liable for the costs associated with removing the malicious code or software. Keyfactor’s successful removal of the malicious code or software, moreover, shall constitute Client’s exclusive remedy under the warranty—whether such malicious code or software was: (i) present at the time of delivery of the Keyfactor Services to Client; (ii) introduced at the time of installation of the Keyfactor Services; or (iii) introduced by or through Keyfactor’s subsequent act or omission.

C. EXCEPT FOR THE LIMITED WARRANTY SET FORTH IN THIS SECTION 6: (I) KEYFACTOR DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. KEYFACTOR SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE; AND (II) KEYFACTOR MAKES NO WARRANTY OF ANY KIND THAT THE KEYFACTOR IP, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET CLIENT’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, OR ERROR FREE.

7. INDEMNIFICATION

A. Keyfactor’s Indemnification of Client.

  1. Keyfactor shall indemnify, defend, and hold harmless Client from and against any and all losses, damages, liabilities, costs (including reasonable attorneys’ fees) (”Losses”) incurred by Client resulting from any third-party claim, suit, action, or proceeding (”Third-Party Claim”) arising out of an allegation that the Keyfactor Services, or any use of the Keyfactor Services in accordance with this Agreement, infringes or misappropriates such third party’s Intellectual Property Rights, provided that Client promptly notifies Keyfactor in writing of the claim, cooperates with Keyfactor, and allows Keyfactor to exercise sole authority to control the defense and settlement of such claim.
  2. If such a claim is made or appears possible, Client agrees to permit Keyfactor, at Keyfactor’s sole discretion, to: (a) modify or replace the Keyfactor Services, or component or part thereof, thereby rendering it non-infringing; or (b) obtain the right for Client to continue use of the Keyfactor Services. If Keyfactor determines that it cannot make either alternative available through commercially reasonable efforts, Keyfactor may terminate this Agreement, in its entirety or with respect to the affected component or part, effective immediately on written notice to Client.
  3. This Section 7(a) will not apply to the extent that the alleged infringement arises out of: (a) Client’s or an Authorized User’s use of the Keyfactor Services in combination with data, software, hardware, equipment, or technology not provided by Keyfactor or authorized by Keyfactor in writing; (b) Client’s or an Authorized User’s modifications to the Keyfactor Services that are neither not developed nor authorized by Keyfactor; (c) Client’s, an Authorized User’s or an invitee’s performance of unauthorized work on or in connection with the Keyfactor Services at Client’s or an Authorized User’s detailed instruction or in accordance with the Client’s or an Authorized User’s specified design; (d) Client’s or an Authorized User’s unauthorized access, use, processing, storage and/or transfer of Client Data; or (e) Client’s or an Authorized User’s unauthorized or infringing access, use, processing, storage and/or of transfer of Third-Party Products.

B. Client’s Indemnification of Keyfactor.

Client shall indemnify, hold harmless, and, at Keyfactor’s option, defend Keyfactor from and against any Losses resulting from any Third-Party Claim that Client Data, or any use of Client Data in accordance with this Agreement, infringes or misappropriates such third party’s Intellectual Property Rights and any Third-Party Claims based on Client’s or any Authorized User’s:

  • Negligence or willful misconduct;
  • Use of the Keyfactor Services in a manner not authorized by this Agreement;
  • Use of the Keyfactor Services in combination with data, software, hardware, equipment or technology not provided by Keyfactor or authorized by Keyfactor in writing; or
  • Modifications to the Keyfactor Services not made by Keyfactor

provided that Client may not settle any Third-Party Claim against Keyfactor unless Keyfactor consents to such settlement, and further provided that Keyfactor shall have the right, at its option, to defend itself against any such Third-Party Claim or to participate in the defense thereof by counsel of its own choice.

C. Sole Remedy/Limitation of Liability.

THIS SECTION 7 SETS FORTH CLIENT’S SOLE REMEDIES AND KEYFACTOR’S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED, OR ALLEGED CLAIMS THAT THE SERVICES INFRINGE, MISAPPROPRIATE, OR OTHERWISE VIOLATE ANY INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY. EXCEPT FOR BREACH OF CONFIDENTIALITY OBLIGATIONS, INTELLECTUAL PROPERTY CLAIMS, GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY UNDER OR IN CONNECTION WITH THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY:

  1. CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES
  2. INCREASED COSTS, DIMINUTION IN VALUE OR LOST BUSINESS, PRODUCTION, REVENUES, OR PROFITS
  3. LOSS OF GOODWILL OR REPUTATION
  4. USE, INABILITY TO USE, LOSS, INTERRUPTION, DELAY OR RECOVERY OF ANY DATA, OR BREACH OF DATA OR SYSTEM SECURITY
  5. COST OF REPLACEMENT GOODS OR SERVICES

IN EACH CASE REGARDLESS OF WHETHER KEYFACTOR WAS ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE.

EXCEPT FOR BREACH OF CONFIDENTIALITY OBLIGATIONS, INTELLECTUAL PROPERTY CLAIMS, GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, NEITHER PARTY’S AGGREGATE LIABILITY TO THE OTHER PARTY ARISING OUT OF OR RELATED TO THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE SHALL EXCEED THE TOTAL AMOUNTS PAID TO KEYFACTOR UNDER THIS AGREEMENT IN THE TWELVE (12) MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

8. TERM AND TERMINATION

A. Term. The initial term of this Agreement begins on the Effective Date set forth in the Order Form and, unless terminated earlier pursuant to this Agreement’s express provisions, will continue in effect for the specified number of years from such date described therein (i.e., the “Initial Term”). Upon expiration of the Initial Term of the Keyfactor Services, the Term shall automatically renew for successive periods of twelve (12) months

  1. Keyfactor may terminate this Agreement, effective on written notice to Client, if Client breaches any of its obligations under Section 2 (Access and Use) or Section 4 (Confidential Information).
  2. Either Party may terminate this Agreement, effective on written notice to the other Party, if the other Party materially breaches this Agreement, and such breach: (a) is incapable of cure; or (b) being capable of cure, remains uncured thirty (30) days after the non-breaching Party provides the breaching Party with written notice of such breach.
  3. Either Party may terminate this Agreement, effective immediately upon written notice to the other Party, if the other Party: (a) becomes insolvent or is generally unable to pay, or fails to pay, its debts as they become due; (b) files or has filed against it, a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law; (c) makes or seeks to make a general assignment for the benefit of its creditors; or (d) applies for or has appointed a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business.

C. Effect of Expiration or Termination. Upon expiration or earlier termination of this Agreement, Client shall immediately discontinue use of the Keyfactor IP. Without limiting Client’s obligations under Section 2 (Access and Use) or Section 4 (Confidential Information) of this Agreement, Client shall, at Keyfactor’s written election, delete, destroy, and/or return all copies of the Keyfactor IP. Client shall also, upon Keyfactor’s request, certify in writing to Keyfactor that the Keyfactor IP has been deleted or destroyed.

Keyfactor shall, whether upon expiration or earlier termination of this Agreement, immediately discontinue use of the Client Data. Without limiting Keyfactor’s obligations under Section 4 of this Agreement, Keyfactor shall, at Client’s written election, delete, destroy, and/or return all copies of the Client Data. Keyfactor shall also, upon Client’s request, certify in writing to Client that the Client Data has been deleted or destroyed.

D. Survival. This Section 8 and Sections 1, 4, 5, 6, 7, 9, and 10 survive any termination or expiration of this Agreement. No other provisions of this Agreement survive the expiration or earlier termination of this Agreement.

9. SECURITY / PRIVACY

Keyfactor implements security procedures to help protect Client Personal Data and Client Personal Information against security attacks. Subject to Keyfactor’s taking commercially reasonable measures to secure Client Personal Information as well as appropriate technical and organizational measures to secure Client Personal Data for transport, however, Client understands that use of the Keyfactor Services necessarily involves transmission of Client Personal Data and Client Personal Information over networks that are not owned, operated or controlled by Keyfactor. Notwithstanding the foregoing, Keyfactor acknowledges and confirms that it has in place and will maintain throughout the term of this Agreement appropriate technical and organizational measures to help secure Client Personal Data against accidental, unauthorized or unlawful processing, destruction, loss, damage or disclosure as well as adequate security programs and procedures to ensure that unauthorized persons or parties do not have access to any equipment used to process such information or data. Keyfactor also agrees that it shall:

  1. Scan the Keyfactor Services for any code or device which is designed or intended to impair the operation of any computer or database or prevent or hinder access to, or the operation of, any program or data, using detection software generally accepted in the industry;
  2. Secure its computing environments according to generally accepted industry standards to ensure that the Keyfactor Services cannot be accessed by any unauthorized person or malicious software; and
  3. Promptly remedy and notify Client of any security breach of Client Personal Information or Personal Data Breach of Client Personal Data about which Keyfactor becomes aware.

The Parties acknowledge that, in addition to other data protection legislation that may govern Keyfactor’s processing of Client Personal Information, personally identifiable information or Client Personal Data (as those terms are defined in applicable regulatory frameworks), the GDPR, the CCPA and/or PIPEDA may apply to some or all of the Client Personal Data or Client Personal Information. Client Data may include Personal Information and/or Personal Data such as names, contact details, location data, online identifiers (e.g., IP addresses), among other types of Personal Information and/or Personal Data. Consequently, the Parties agree to the following:

  1. Keyfactor may, by way of example and without limitation, be acting as the Processor of such Client Personal Data as that term is defined under the GDPR. Keyfactor shall comply with all applicable Data Protection and Privacy Laws in the processing of Client Personal Data. Keyfactor shall not process Client Personal Data other than on Client’s documented instructions unless processing is required by applicable laws to which Keyfactor is subject, in which case Keyfactor shall, to the extent permitted by applicable law, inform Client of that legal requirement before the relevant processing of that Client Personal Data.
  2. Keyfactor shall give Client prior written notice of the appointment of any new Sub-Processor that would possess access to Client Personal Data, including full details of the processing to be undertaken by the Sub-Processor. If, within fourteen (14) days of Keyfactor’s issuance of such notice, Client should notify Keyfactor in writing that it objects to the proposed appointment, Keyfactor shall work with Client in good faith to make available a commercially reasonable change in the provision of the Keyfactor Services which circumvents the use of that proposed Sub-Processor. Where Keyfactor cannot effectuate such a change within fourteen (14) days of Keyfactor’s receipt of Client’s notice, Client may, by written notice to Keyfactor with immediate effect, terminate the Agreement to the extent that it relates to the Keyfactor Services that require the use of the proposed Sub-Processor.
  3. Keyfactor shall ensure that the arrangement between Keyfactor and any Sub-Processor that is governed by a written contract includes terms that offer at least the same level of protection for Client Personal Data as those set out in this Agreement.
  4. Keyfactor shall, taking into account the nature of the processing and by appropriate technical and organizational measures, assist Client with responding to data subjects’ requests to exercise their rights under the Data Protection and Privacy Laws. Keyfactor shall promptly notify Client if it receives a request from a data subject under any Data Protection and Privacy Law in respect of Personal Data contained in Client Data. Keyfactor shall also refrain, with the exception of acknowledging receipt of the same, from responding to such requests except on the documented instructions of Client or as required by applicable laws to which Keyfactor is subject. In such an event, Keyfactor shall, to the extent permitted by applicable laws, inform Client of that legal requirement before Keyfactor responds to the request.
  5. Keyfactor shall, taking into account the nature of the processing and the information available to Keyfactor, provide reasonable assistance to Client in ensuring compliance with the Parties’ obligations pertinent to securing Client Personal Data, breach notification matters and data protection impact assessments, where and to the extent applicable.
  6. Keyfactor represents and warrants that it will perform the Services in a manner that complies with applicable laws and regulations. Keyfactor will also notify Client in writing and without undue delay if it becomes aware of a Personal Data Breach involving Client Personal Data.
10. MISCELLANEOUS

A. Entire Agreement. This Agreement, and any other document(s) incorporated herein by reference, constitute the sole and entire agreement of the Parties with respect to the subject matter of this Agreement. Such Agreement supersedes all prior and contemporaneous understandings, agreements, and representations and warranties, whether written or oral, with respect to such subject matter. In the event of any inconsistency between the statements made in the body of this Agreement and any other documents incorporated herein by reference, the provisions in the body of this Agreement shall govern.

B. Notices. All notices, requests, consents, claims, demands, waivers, and other communications hereunder (each, a “Notice”) must be in writing and addressed to the Parties at the addresses set forth in the applicable Order Form (or to such other address as a Party may designate by giving Notice to the other Party from time to time in accordance with this Section). All Notices must be delivered: (1) by personal delivery, nationally recognized overnight courier (with all fees pre-paid); or (2) email (with confirmation of receipt; or (3) via certified or registered mail (in each case, return receipt requested, postage pre-paid). Except as otherwise expressly provided in this Agreement, a Notice is effective only: (1) upon receipt and acknowledgment by the receiving Party; and (2) if the Party giving the Notice has complied with the requirements of this Section.

C. Force Majeure. In no event shall either Party be liable to the other Party, or be deemed to have breached this Agreement, for any failure or delay in performing its obligations under this Agreement, if and to the extent such failure or delay is caused by any circumstances beyond such Party’s reasonable control. Such circumstances shall include, though not necessarily be limited to, acts of God, communication line failures, power failures, flood, fire, earthquake, explosion, other natural or man-made disasters, all occurrences similar to the foregoing, war, terrorism, invasion, riot or other civil unrest, strikes, labor stoppages or slowdowns, other industrial disturbances, acts or failures to act of any governmental or regulatory body (whether civil or military, domestic or foreign), governmental regulations superimposed after the fact, or passage of law or any action taken by a governmental or public authority, including imposing an embargo (any of the foregoing, a “Force Majeure Event”). The affected Party shall notify the other Party in writing within ten (10) days after the beginning of any such event that would affect its performance. Notwithstanding the foregoing, if a Party’s performance of its obligations under this Agreement is delayed for a period exceeding thirty (30) days from the date that such Party issues notice to the other Party about the occurrence of a Force Majeure Event, the non-affected Party shall have the right, without any liability to the other Party, to terminate this Agreement.

D. Equitable Relief. Each Party acknowledges and agrees that a breach by such Party of any of its obligations under Section 4 (Confidential Information) or, in the case of Client, Section 2 (Access and Use), would cause the other Party irreparable harm for which monetary damages would not be an adequate remedy. The Parties further agree that, in the event of such a breach, the other Party would be entitled to pursue equitable relief, including, where and to the extent permitted under applicable law, a restraining order, an injunction, specific performance and any other relief that may be available from a court of competent jurisdiction. The Party seeking relief would possess the right to do so without the necessity of: posting a bond or other security; proving actual damages; or proving that monetary damages are not an adequate remedy. Such remedies are not exclusive and would be available to the Party seeking relief in addition to all other remedies that may be available at law, in equity or otherwise.

E. Severability. Should any provision of this Agreement be held invalid, illegal or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability shall not affect the validity, legality or enforceability of any other term or provision of this Agreement, nor shall it invalidate or render unenforceable such term or provision in any other jurisdiction. Following a determination by any court or tribunal of competent jurisdiction that any term or other provision of this Agreement is invalid, illegal, or unenforceable, the Parties shall negotiate in good faith to modify such term or provision so as to achieve their original intent as closely as possible and in order that the transactions contemplated hereunder be consummated as originally contemplated to the greatest extent possible.

F. Governing Law; Submission to Jurisdiction. This Agreement is governed by and construed in accordance with the laws of the State of Ohio without giving effect to any choice or conflict of law provision or rule that would require or permit the application of the laws of any jurisdiction other than those of the State of Ohio. Any legal suit, action, or proceeding arising out of or related to this Agreement or the licenses granted hereunder will be instituted exclusively in the federal courts of the United States or the courts of the State of Ohio, in each case located in the city of Cleveland and County of Cuyahoga, and each Party irrevocably submits to the exclusive jurisdiction of such courts in any such suit, action, or proceeding.

G. Assignment. Neither Party may assign any of its rights or delegate any of its obligations hereunder, in each case whether voluntarily, involuntarily, by operation of law or otherwise, without the prior written consent of the other Party, such consent not to be unreasonably withheld or delayed. Any purported assignment or delegation in violation of this Section will be invalid. No assignment or delegation will relieve the assigning or delegating Party of any of its obligations hereunder. This Agreement is binding upon, inures to the benefit of the Parties and their respective permitted successors and assigns.

H. Export Regulation. The Keyfactor Services utilize software and technology that may be subject to United States export control laws, including the United States Export Administration Act and its associated regulations. Client shall not, directly or indirectly, export, re-export, or release the Keyfactor Services or the underlying software or technology to, or make the Keyfactor Services or the underlying software or technology accessible from, any jurisdiction or country to which export, re-export, or release is prohibited by law, rule, or regulation. Client shall comply with all applicable federal laws, regulations, and rules, and complete all required undertakings (including obtaining any necessary export license or other governmental approval), prior to exporting, re-exporting, releasing, or otherwise making the Keyfactor Services or the underlying software or technology available outside the United States.

I. Prohibition on Corrupt Practices. Each of the Parties represents, warrants, and undertakes that it shall not engage in corrupt, unfair or fraudulent practices in connection with the provision or use of the Keyfactor Services hereunder. Such practices shall include, though not be limited to, any circumstance in which a Party or an individual counted among its personnel or Authorized Users, either directly or indirectly, accepts bribes or makes offers, payments, or promises to pay money, gifts, or anything of value to any person, including, but not limited to, an executive, official, employee or agent of the following:

  1. A governmental department, agency or instrumentality;
  2. A wholly or partially government-owned or controlled or privately-owned or controlled company or business;
  3. A political party (collectively, with (1) and (2) above, “Public Officials”); or
  4. Any person about whom the Party or Authorized User knows or has reason to know will offer, pay or give all or a portion of such money, gift, or thing of value, whether directly or indirectly, to a Public Official, for the purpose of influencing any act, decision or failure to act by such person or other Public Officials or securing an improper advantage in order to obtain, retain or direct business.

Each Party agrees that it will notify the other Party within five (5) business days should it discover that a member of its personnel or other Authorized User has tendered an offer, promise, or payment in violation of this Section. Each Party agrees that it will record any and all payments to governmental entity for permits, licenses, expediting charges, or any similar fees, and retain original receipts of all purchases from such governmental entities as well as, where available, scheduled rate cards for such fees.

In addition to the foregoing, Keyfactor represents and warrants that:

  1. The information provided to Client for the purpose of fulfilling its anti-bribery and corruption obligations is complete, accurate and not misleading;
  2. It is not subject to sanctions; and
  3. It is not the subject of any allegations of bribery or corruption

Keyfactor hereby agrees to notify Client immediately on learning Keyfactor or its personnel, directly or indirectly, are subject to regulatory enforcement or scrutiny, judicial or law enforcement investigation or litigation of any kind relating to corrupt (including bribery), unfair or fraudulent practices, including, but not limited to, in connection with the provision of Keyfactor Services hereunder.

J. Maintaining Adequate Procedures. It shall be a requirement that Keyfactor has in place and maintains its own adequate training, policy and procedures for the prevention of corrupt, unfair or fraudulent practices in connection with the provision of the Keyfactor Services hereunder. Keyfactor hereby agrees to:

  1. Implement and maintain adequate training, policies and procedures for the prevention of corrupt (including bribery), unfair or fraudulent practices that meet or exceed the requirements to comply with applicable anti-bribery and corruption laws, rules and regulations; and
  2. Notify Client of the absence or failing of training, policies and/or procedures relating to the prevention of corrupt (including bribery), unfair or fraudulent practices in connection with the provision of the Keyfactor Services hereunder.

K. Amendment and Modification; Waiver. No amendment to or modification of this Agreement is effective unless it is in writing and signed by an authorized representative of each Party. No waiver by any Party of any of the provisions hereof will be effective unless explicitly set forth in writing and signed by the Party so waiving. Except as otherwise set forth in this Agreement:

  1. No failure to exercise, or delay in exercising, any rights, remedy, power, or privilege arising from this Agreement will operate or be construed as a waiver thereof; and
  2. No single or partial exercise of any right, remedy, power, or privilege hereunder will preclude any other or further exercise thereof or the exercise of any other right, remedy, power, or privilege.