Terms of Use

TERMS OF USE AGREEMENT

This Terms of Use Agreement is a legal agreement made between Firmatek, LLC (“Firmatek”) and the entity that has submitted an Order Form for products or services for its internal use as an end user (“Customer”). Capitalized terms not defined in this paragraph shall have the meaning set forth in Section 1. This Terms of Use Agreement consists of the terms and conditions set forth below, all attachments referenced herein, and each accepted Order Form or Statement of Work subsequently signed by the parties, all of which are incorporated herein by this reference. This Agreement governs all access to and use of Services, whether on a free trial or purchased subscription basis, as well as the provision of any Professional Services (as defined below) by Firmatek to Customer. Customer’s Affiliates may independently issue an Order subject to the terms of this Agreement for its internal use as an end user, provided, however, that to the extent Customer purchases Firmatek products or services on behalf of and for use by its Affiliate(s), Customer will ensure that such Affiliate(s) complies with the terms and conditions of this Agreement and Customer shall remain liable for any Affiliate’s act or omission hereunder.

1. DEFINITIONS.

1.1. “Aerial Intelligence Services” or “AIS” means the aerial inventory management and geospatial analysis software solution provided by Firmatek that allows Customers to view high resolution maps and upload and process aerial data captured by an unmanned aerial vehicle using a mobile software application and cloud platform.

1.2. “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. For purposes of this definition, “control” means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

1.3. “Customer Data” means all Customer data submitted, stored, posted, displayed, transmitted or otherwise used together with the Subscription Services.

1.4. “Data Capture Equipment Services” or “DCES” means Firmatek’s equipment leasing service that provides leases of unmanned aerial vehicles and related system accessories.

1.5. “Equipment” means Firmatek Provided Equipment for use with DCES. Subject to the terms and conditions of this Agreement, Firmatek will deliver to Customer the Firmatek Provided Equipment as set forth in the Order Form.

1.6. “Documentation” means the online user instructions and help files made available by Firmatek as part of the Subscription Services, as may be updated from time to time by Firmatek and made available at www.firmatek.com/support.

1.7. “Graphical User Interface” or “GUI” means the software program which provides the interface for Customer to operate the Subscription Services.

1.8. “Kespry Perception Analytics” or “KPA” means the online, web-based visual data analytics platform provided by Firmatek via www.kespry.com or such other websites designated by Firmatek.

1.9. “Offerings” means the products, services and other offerings that Firmatek makes generally available, including without limitation Services, Data Capture Equipment Services and Pilot Service.

1.10. “Order Form” means the order form that is offered to and signed by Customer for Services to be rendered from Firmatek. Customer may purchase additional Subscription or Professional Services from time to time, pursuant to an additional Order Form as may be mutually agreed to by the parties in writing.

1.11. “Pilot Service” means Firmatek’s drone flight service whereby AIS data capture is performed by Firmatek or Firmatek subcontractors.

1.12. “Professional Services” means fee-based consulting services that Firmatek may perform as described in a Statement of Work executed by the parties pursuant to this Agreement.

1.13. “Services” means the Subscription Services, Pilot Service, Data Capture Equipment Services and any Professional Services.

1.14. “Statement of Work” or “SOW” means a statement of work entered into and executed by the parties describing Professional Services to be provided by Firmatek to Customer.

1.15. “Subscription Services” means the AIS and KPA, including: (a) all proprietary technology (software, hardware, processes, algorithms, user interfaces, know-how, techniques, templates, designs and other tangible or intangible technical material or information) of Firmatek, its licensors and service providers used by Firmatek to provide the Subscription Services; and (b) associated support and maintenance services, as may be applicable.

1.16. “Third Party Offerings” means Customer-designated services delivered or performed by third parties independently of Firmatek (which Subscriptions Services rely on to obtain Customer Data) related to the Subscription Services, or other Customer-designated online, web-based CRM, ERP, or other business application subscription services, and any associated offline products provided by third parties, that interoperate with the Subscription Services.

1.17. “Usage Data” means data generated from the usage, configuration, deployment, access and performance of an Offering. For example, this may include such things as information about your operating environment, such as your network and systems architecture, or sessions, such as page loads and session views, duration, or interactions, errors, number of searches, source types and format (e.g., json, xml, csv), ingest volume, number of active and licensed users, or search concurrency. Usage Data does not include Customer Data.

1.18. “Users” means Customer’s employees, consultants, contractors, or agents who are authorized by Customer or its Affiliates to access and use the Subscription Services and who have been supplied user identifications and passwords by Customer for such purpose, in accordance with this Agreement.

2. PURCHASED SERVICES

2.1. Data Capture Equipment Service. If Customer purchases Firmatek’s Equipment Service, please reference DCES supplemental terms set forth below.

2.3. Subscription Services. Firmatek will make any purchased Subscription Services available to Customer pursuant to this Agreement and the relevant Order Form during the term set forth in the Order Form (the “Subscription Term”). Customer agrees that its purchase of Subscription Services are neither contingent on the delivery of any future functionality or features nor dependent on any oral or written public comments made by Firmatek regarding future functionality or features. Customer’s use of the Subscription Services includes the right to access all functionality available in the purchased Subscription Services as of the effective date of this Agreement or such other expressly specified date in the Order Form. Unless otherwise determined by Firmatek at its sole discretion, subsequent enhancements to the Subscription Services made generally available to all subscribing customers will be made available to Customer at no additional charge. Notwithstanding the foregoing, new features, functionality or enhancements to the Subscription Services may be marketed separately by Firmatek and may require the payment of additional fees. Firmatek will determine, in its sole discretion, whether access to such new features, functionality or enhancements will require an additional fee. Unless otherwise set forth in an Order Form, this Agreement will apply to any updates, upgrades and new modules or offerings subsequently provided by Firmatek to Customer as part of any purchased Subscription Services. If Customer purchases AIS, terms that apply only to AIS are set forth in AIS supplemental terms below.

2.4. Professional Services. Firmatek will provide Customer with Professional Services as set forth in mutually executed SOWs or Order Forms. Each SOW should include, at a minimum: (a) a description of the scope of Professional Services, (b) any work product or other deliverables to be provided to Customer (each a “Deliverable”), and (c) the applicable fees and payment terms for such Professional Services. All SOWs shall be deemed part of and subject to this Agreement. If either Customer or Firmatek requests a change to the scope of Professional Services described in a SOW, the party seeking the change shall propose such change by written notice. Promptly following the other party’s receipt of the written notice, the parties shall discuss and agree upon the proposed changes. Executed changes shall be deemed part of, and subject to, this Agreement.

3. SUBSCRIPTION SERVICES.

3.1. FIRMATEK OBLIGATIONS; LICENSE GRANT.

3.1.1. Availability. Firmatek will use commercially reasonable efforts to make the purchased Subscription Services available with minimal downtime 24 hours a day, 7 days a week; provided, however, that the following are excepted from Firmatek’s availability commitments: (a) regularly scheduled downtime (with regard to which Firmatek will endeavor to provide at least 48 hours advance notice), which is currently scheduled for every Wednesday 9pm –3am Thursday Pacific Time and as otherwise set forth in the support policy; or (b) any unavailability caused by circumstances beyond Firmatek’s reasonable control, including without limitation, acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems, Internet service provider failures or delays, or the unavailability or modification by third parties of Third Party Offerings.

3.1.2. License to use Firmatek Technology. During the Term of this Agreement, Firmatek hereby grants Customer a non-exclusive, revocable, limited internal use license to access and use the Subscription Services and provide its Users with access to the Subscription Services. Customer shall be responsible for ensuring that its Users safeguard and protect the Subscription Services and account passwords in the same or more secure manner Users protect Customer’s own product and technology. Firmatek will host the Subscription Services and may update the functionality of the Subscription Services from time to time in its sole discretion as part of its ongoing improvement of the Subscription Services. The Subscription Services may be subject to certain limitations, such as, for example, limits on storage capacity for Customer Data. Any such limitations will be specified either in the Order Form or in the Documentation.

3.1.3. Support. Basic Support is included with Subscription Services. Firmatek Support practices are described in Firmatek Support Policy included as Attachment 3.

3.2. Use and Protection of Usage Data and Customer Data. Subject to this Agreement and the Firmatek Privacy Policy (www.firmatek.com/privacy-policy), including Firmatek’s confidentiality obligations, Customer hereby grants Firmatek a limited, non-exclusive, royalty-free, worldwide license to use the Customer Data and Usage Data and perform all acts with respect to the Customer Data as may be necessary for Firmatek to provide the Services to Customer. To the extent that receipt of the Customer Data requires Firmatek to access and upload Customer Data from a third party service provider, Customer shall be responsible for obtaining and providing relevant account information and passwords, and Firmatek hereby expressly agrees to access and use the Customer Data solely for Customer’s benefit and as set forth in this Agreement. As between Firmatek and Customer, Customer is solely responsible for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Customer Data. Firmatek will maintain reasonable administrative, physical and technical safeguards for the protection, confidentiality and integrity of Customer Data. Firmatek reserves the right to modify its privacy policies in its discretion from time to time, and shall provide notice of such modifications to designated Customer contacts on and through the Firmatek support website. Firmatek will maintain appropriate safeguards with respect to the Personal Data (as defined in Attachment 5 of this Agreement, the Firmatek Data Processing Addendum) and make available to data subjects the rights and legal remedies with respect to the Personal Data as required under Article 46(1) of the GDPR. In this respect, Firmatek agrees to maintain in effect a self-certification under the EU-US and Swiss-US Privacy Shield Frameworks of the US Department of Commerce as set forth in https://www.privacyshield.gov with sufficient scope to address the processing of the Personal Data covered under this Agreement. To the extent such self-certification does not exist, has expired or is otherwise not available to Firmatek, Firmatek agrees to be bound by the terms of the Firmatek Data Processing Addendum.

3.3. Customer’s Responsibilities; License Restrictions and Platform Limitation.

3.3.1. Customer and Users. Customer shall not permit access to or use of the Services by anyone other than designated Users. Customer is responsible for its Users’ compliance with the terms of this Agreement, for its Users’ use of the Services, and for ensuring that Users maintain the confidentiality of their passwords and user names. Customer agrees that it is liable for any acts or omissions of its Users that would otherwise constitute a material breach of this Agreement by any User of the Services (including with respect to unauthorized data uploads).

3.3.2. Restrictions. Customer and its Users will not: (a) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share or otherwise commercially exploit the Services or make the Services available to any third party, other than to Users or as otherwise authorized under this Agreement; (b) use the Services for any illegal purpose or in violation of any local, state, national, or international law, including but not limited to the collection, recording, transmission or processing of (i) any material that is infringing, obscene, threatening, libelous, obtained in violation of FAA law or otherwise unlawful or tortious, including material that is harmful to children or violates third party privacy rights; or (ii) any data regarding an individual’s financial or economic identity, sexual orientation, religious beliefs, medical or physical identity, including any information comprised of either “Protected Health Information” (“PHI”) subject to and defined by the Health Insurance Portability and Accountability Act (“HIPAA”), or an individual’s first name and last name, or first initial and last name, in combination with any one or more of the following data elements that relate to such individual: Social Security number, driver’s license number or state-issued identification card number, financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to an individual’s financial account (“Personal Information”); (c) use the Services to send, store, publish, post, upload or otherwise transmit any viruses, adware, Trojan horses, worms, time bombs, corrupted files or other computer programming routines that are intended to damage, detrimentally interfere with, surreptitiously intercept or expropriate any systems, data, personal information or property of another; (d) interfere with or disrupt the integrity or performance of the Subscription Services; or (e) attempt to gain unauthorized access to the Subscription Services or its related systems or networks; (f) use or knowingly permit others to use any security testing tools in order to probe, scan or attempt to penetrate or ascertain the security of the Subscription Services; (g) use or access the Services for the purpose of building a similar or competitive product; (h) use, copy or reproduce the Services, or any part thereof other than as expressly authorized in this Agreement; (i) obtain, attempt to obtain, or redistribute any data, materials or information available through the Services through any means not intentionally made available by Firmatek, including by any form of automated access, scraping, or similar process; (j) interfere with security-related features of the Services including by disabling or circumventing any such features; or (k) modify, copy, translate, create an adaptation, compilation or derivative work of or based on, reverse engineer, reverse assemble, disassemble, or decompile the Services or any part thereof or otherwise attempt to discover any source code or modify the Services. Customer acknowledges and agrees that Firmatek shall have no liability to Customer or its Users for any data submitted that is Protected Health Information or Personal Information.

3.3.3. Platform Limitations. The Order Form shall set forth any applicable Subscription Service provisioning limitations that apply to Customer’s use of the Subscription Services.

3.4. Temporary Suspension. Firmatek monitors all use of the Subscription Services for security and operational purposes. Firmatek may temporarily suspend Customer’s or its Users’ access to the Subscription Services in the event that either Customer or its Users are engaged in, or Firmatek in good faith suspects Customer or its User is engaged in, any unauthorized conduct (including any violation of this Agreement, any applicable law or third party right, including the terms of any Third Party Offering on which Customer’s use of the Subscription Services relies). Firmatek will attempt to contact Customer prior to or contemporaneously with such suspension; provided, however, that Firmatek’s exercise of the suspension rights herein shall not be conditioned upon Customer’s receipt of any notification. Customer agrees to (a) notify Firmatek immediately of any unauthorized use of any password or account or any other known or suspected breach of security related to the Subscription Services; (b) report to Firmatek immediately, and use reasonable efforts to immediately stop, any copying or distribution of Customer Data that is known or suspected by Customer or its Users as being unlawful or unauthorized; and (c) not impersonate another User or provide false identity information to gain access to or use the Subscription Services or Firmatek Application. A suspension may take effect for Customer’s entire account, and Customer understands that such suspension would therefore include Affiliate and/or User sub-accounts. Customer agrees that Firmatek will not be liable to Customer or to any Affiliate or User or any other third party if Firmatek exercises its suspension rights as permitted by this Section.

3.5. Third Party Web Sites, Products and Services. The Subscription Services may rely on or require that Customer access Customer-designated Third Party Offerings to obtain Customer Data from such Third Party Offering. Customer’s or its User’s use of third party websites must at all times comply with the terms of service governing such websites. Customer understands and agrees that the availability of the Subscription Services, or certain features and functions thereof, is dependent on the corresponding availability of Third Party Offerings or specific features and functions of Third Party Offerings. Firmatek will not be liable to Customer or any third party in the event that changes in Third Party Offerings cause the unavailability of the Subscription Services or any feature or function thereof. To the extent that Firmatek requires that Customer grant Firmatek authorizations, passwords or other user credentials to a Third Party Offering (“Third Party Offering Access Codes”) to retrieve Customer Data or to enable interoperability with the Subscription Services, Customer shall promptly provide such Third Party Offering Access Codes. Firmatek shall not share, reassign, divulge or disclose any Third Party Offering Access Codes except to Firmatek employees or authorized contractors specifically engaged in the performance of the Services. Third Party Offering Access Codes shall constitute Customer’s Confidential Information under this Agreement.

3.6. Accuracy of Customer’s Contact Information; Email Notices. Customer agrees to provide accurate, current and complete information as necessary for Firmatek to communicate with Customer from time to time regarding the Services, issue invoices or accept payment, or contact Customer for other account-related purposes. Customer agrees to keep any online account information current and inform Firmatek of any changes in Customer’s legal business name, address, email address and phone number. Customer agrees to accept emails from Firmatek at the e-mail address specified by its Users for login purposes. In addition, Customer agrees that Firmatek may rely and act on all information and instructions provided to Firmatek by Users from the above-specified e-mail address. Firmatek may, in its discretion, share Customer contact information with third party service providers for the purposes of providing information about maintenance schedules, or Subscription Service releases or configurations. If Customer chooses to opt-out of such messages, or does not register to receive Support communications, Firmatek shall not be responsible for any issues, errors, defects in the Subscription Services that could have been avoided had the Customer acted on such messaging.

3.7. Federal Government End User Provisions. If Customer or any User is the US Federal Government, Firmatek provides the Services, including related software and technology, solely in accordance with the terms of this Section 3.7. Government technical data and software rights related to the Services include only those rights customarily provided to the public as defined in this Agreement. This customary license is provided in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Software) and, for Department of Defense transactions, DFAR 252.227-7015 (Technical Data – Commercial Items) and DFAR 227.7202-3 (Rights in Commercial Computer Software or Computer Software Documentation). If a government agency has a need for rights not conveyed under these terms, it must negotiate with Firmatek to determine if there are acceptable terms for transferring such rights, and a mutually acceptable written addendum specifically conveying such rights must be included in any applicable agreements.

4. FEES AND PAYMENT TERMS

4.1. Fees.

4.1.1 Schedule. Customer agrees to pay all fees specified in all Order Forms and SOWs using an industry-standard payment method Firmatek supports. Except as otherwise specified in this Agreement or in an Order Form, (a) fees are quoted and payable in United States dollars, (b) except as otherwise set forth in the Order Form or SOW, payment obligations are non-cancelable and fees paid are non-refundable, and (c) the Services purchased cannot be decreased during the relevant Subscription Term specified on the Order Form. All amounts payable under this Agreement will be made without setoff or counterclaim, and without any deduction or withholding. We may add new fees and charges from time to time. If you want to use a different payment card or if there is a change in payment card validity or expiration date, you may edit your information by accessing your account page. It is your responsibility to keep your contact information and payment information current and updated.

4.1.2. Promotions. You acknowledge that the amount billed may vary due to promotional offers, changes to your monthly stockpile package or changes in applicable taxes or other charges, and you authorize us (or our third-party payment processor) to charge your payment method for the corresponding amount.

4.2. Invoices and payment.

4.2.1 Invoices. All Subscription Services fees will be invoiced in advance as set forth in the applicable Order Form. Fees for Professional Services will be invoiced as set forth in an applicable SOW and/or Order Form. Except as otherwise set forth in the applicable Order Form or SOW, Customer agrees to pay all invoiced amounts within thirty (30) calendar days of the invoice date.

4.2.2. Authorization of Payment. By providing a credit card or other payment method that we accept, you represent and warrant that you are authorized to use the designated payment method and that you authorize us (or our third-party payment processor) to charge your payment method for the total amount of your subscription or other purchase (including any applicable taxes and other charges) (collectively, as applicable, an “Order”). If the payment method cannot be verified, is invalid or is otherwise not acceptable, your Order may be suspended or cancelled. You must resolve any problem we encounter in order to proceed with your Order. In the event you want to change or update payment information associated with your Firmatek account, you can do so at any time by logging into your account and editing your payment information.

4.2.3. Third parties. We utilize a designated third-party payment platform to process payment card transactions for your subscriptions and purchase. We are not liable for any loss or damage from errant or invalid transactions processed through the third-party payment platform.

4.3. Overdue Charges. If Firmatek does not receive fees by the due date, then at Firmatek’s discretion, (a) such charges may accrue late interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid; and (b) Firmatek may condition future Services purchases and Order Forms on payment terms shorter than those specified in Section 7.2 (Invoices and Payment).

4.4. Suspension of Service. If any amounts owed by Customer for the Services are thirty (30) or more days overdue, Firmatek may, without limiting Firmatek’s other rights and remedies, suspend Customer’s and its Users’ access to the Services until such amounts are paid in full. We reserve the right to refuse or cancel any Orders placed for Equipment or Services listed at an incorrect price, or containing any other incorrect information or typographical errors, whether or not the Order has been confirmed and whether or not your credit card has been charged. If your credit card has already been charged for the purchase and your Order is canceled, we will promptly issue a credit to your credit card account in the amount of the charge.

4.5. Payment Disputes. Firmatek agrees that it will not exercise its rights under Section 4.3 (Overdue Charges) or 4.4 (Suspension of Service) if the applicable charges are under reasonable and good faith dispute and Customer is cooperating diligently to resolve the dispute.

4.6. Taxes. Customer is solely responsible for the payment of all taxes, assessments, tariffs, duties or other fees imposed, assessed or collected by or under the authority of any governmental body (collectively, “Taxes”) arising from Firmatek’s provision of the Services hereunder, except any taxes assessed on Firmatek’s net income. If Firmatek is required to directly pay Taxes related to Customer’s use or receipt of the Services hereunder, Customer agrees to promptly reimburse Firmatek for any amounts paid by Firmatek. When required by state law, if Firmatek does not lease equipment to Customer, Firmatek will collect and remit sales tax based on the location of beneficial use of the Subscription Services. If tax is not included in Customer’s invoice and Customer does not have a resale or exemption certificate, Customer shall be responsible for calculation and payment of all sales and use taxes, value added taxes (VAT) or similar charges relating to Customer’s use of the Subscription Services.

5. PROPRIETARY RIGHTS

5.1. Subscription Services. Firmatek, its licensors and its service providers own all right, title and interest in and to the Subscription Services, including all related intellectual property rights. Firmatek reserves all rights not expressly granted to Customer under this Agreement. Neither Customer nor any Users will delete or in any manner alter the copyright, trademark, and other proprietary notices of Firmatek appearing on the Subscription Services or any portion thereof. Additionally, Firmatek shall exclusively own all right, title and interest in and to any and all suggestions, enhancement requests, recommendations or other feedback provided by Customer and its Users relating to the Subscription Services (“Feedback”), and Customer hereby assigns to Firmatek all of its right, title, and interest in and to the Feedback, including all intellectual property rights therein or relating thereto. At Firmatek’s reasonable request and expense, Customer will execute necessary documents and take such further acts as Firmatek may reasonably request to assist Firmatek to acquire, perfect and maintain such Intellectual Property Rights in the Feedback.

5.2. Customer Data. As between Firmatek and Customer, Customer exclusively owns all right, title and interest in and to all Customer Data. Customer Data is deemed Confidential Information under this Agreement.

5.3. Deliverables. As between Firmatek and Customer, Customer shall exclusively own all right, title and interest in and to any deliverables that constitute Customer Data or a modification, translation, abridgment, adaptation or other derivative work of Customer Data (“Customer Deliverables”), and Firmatek hereby assigns and transfers to Customer any right, title and interest that Firmatek may acquire in or to any Customer Deliverables upon receipt of payment in full from Customer. Except for Customer Deliverables, Firmatek shall exclusively own all right, title and interest in and to the deliverables and related intellectual property rights described in applicable SOWs. Subject to this Agreement, Firmatek hereby grants Customer a limited, non-exclusive, non-transferable (except as permitted in connection with an assignment under Section 11.7 of this Agreement) license during the Subscription Term to use the Deliverables solely in connection with Customer’s authorized use of the Subscription Services. Firmatek shall also exclusively own all right, title and interest in and to the proprietary tools, source code samples, templates, libraries, know-how, techniques and expertise (“Tools”) used by Firmatek to develop the Deliverables, and to the extent such Tools are delivered with or as part of the Deliverables, they are licensed, not assigned or transferred, to Customer, on the same terms as the Firmatek owned Deliverables.

5.4. Statistical Information. Firmatek may monitor Customer’s use of the Services and use data related to Customer’s use in an aggregate and anonymous manner, including to compile statistical and performance information related to the provision and operation of the Services. Customer agrees that Firmatek may make such aggregate and anonymous information publicly available, provided that such information does not incorporate any Customer Data and/or identify Customer or its Confidential Information. Firmatek retains all intellectual property rights in such statistical and performance information.

5.5. Surveys and Feedback. We may periodically present you with surveys or solicit your opinion about the Services, Equipment, or support. You acknowledge that your participation in these types of programs is completely voluntary.  By submitting opinions, suggestions, feedback, images, documents, and/or proposals to us through these surveys, any suggestion or feedback webpages, or through any other communication with you, you acknowledge and agree that: (a) the suggestions or feedback you provide will not contain confidential or proprietary information; (b) we are not under any obligation of confidentiality, express or implied, with respect to the suggestions and feedback you provide; (c) we shall be entitled to use or disclose (or choose not to use or disclose) the suggestions and feedback you provide for any purpose, in any way, in any media worldwide (without disclosing your identity); (d) we may have similar ideas to the suggestions and feedback you provide already under consideration or in development; (e) the suggestions and feedback you provide will automatically become our property without any obligation to you; and (f) you are not entitled to any compensation or reimbursement of any kind from us under any circumstances.

6. CONFIDENTIALITY

6.1. Confidential Information. “Confidential Information” means all confidential or proprietary information of a party (“Disclosing Party”) disclosed to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Without limiting the coverage of these confidentiality obligations, the parties acknowledge and agree that: (a) Customer Confidential Information shall include the Customer Data and Third Party Offering Access Codes; (b) Firmatek Confidential Information shall include the Subscription Services, Documentation, the Deliverables and Tools; and (c) Confidential Information of each party shall include, the terms and conditions of this Agreement, pricing and other terms set forth in all Order Forms and SOWs hereunder, as well as marketing plans, budgets, financial information, technology, technical information, methods, processes, techniques, designs, computer programs and other business information disclosed by such party.

6.2. Treatment of Confidential Information. The Receiving Party shall: (a) use the same degree of care to protect the confidentiality of the Disclosing Party’s Confidential Information that it uses to protect its own Confidential Information (but in no event less than reasonable care); and (b) not use or disclose any Confidential Information of the Disclosing party for any purpose outside the scope of this Agreement, except with the Disclosing Party’s permission.

6.3. Exceptions. Confidential Information shall not include information that: (a) is or becomes publicly available without a breach of any obligation owed to the Disclosing Party; (b) is already known to the Receiving Party at the time of its disclosure by the Disclosing Party, without a breach of any obligation owed to the Disclosing Party; (c) following its disclosure to the Receiving Party, is received by the Receiving Party from a third party without breach of any obligation owed to the Disclosing Party; or (d) is independently developed by the Receiving Party without reference to or use of the Disclosing Party’s Confidential Information.

6.4. Compelled Disclosure. The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent required by applicable law, regulation or legal process. The Receiving Party must, however: (a) provide the Disclosing Party with prompt written notice of the requirement to disclose, (b) provide the Disclosing Party with reasonable assistance in the event the Disclosing Party wishes to oppose or contest such disclosure, and (c) limit its disclosure to that strictly required by law, regulation or legal process.

6.5. Injunctive Relief. The Parties agree that any unauthorized disclosure of Confidential Information may cause immediate and irreparable injury to the Disclosing Party and that, in the event of such breach, the Receiving Party will be entitled, in addition to any other available remedies, to seek immediate injunctive and other equitable relief, without bond and without the necessity of showing actual monetary damages.

7. WARRANTIES and DISCLAIMERS

7.1. Warranties. Each party warrants that it has the legal authority to enter into this Agreement. Firmatek warrants to Customer that: (a) the Subscription Services will materially conform to the relevant Documentation, and (b) Professional Services will be performed in a competent and workmanlike manner in accordance with generally accepted industry standards.

7.2. Disclaimers. EXCEPT AS EXPRESSLY SET FORTH IN SECTION 7.1, FIRMATEK AND ITS LICENSORS MAKE NO ADDITIONAL WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE IN CONNECTION WITH THIS AGREEMENT OR THE SERVICES. WITHOUT LIMITING THE FOREGOING, AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, FIRMATEK AND ITS LICENSORS EXPRESSLY DISCLAIM ALL IMPLIED WARRANTIES INCLUDING ANY WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, GOOD-WORKMANSHIP, OR FITNESS FOR A PARTICULAR PURPOSE. FIRMATEK AND ITS LICENSORS DO NOT REPRESENT OR WARRANT THAT: (A) THE USE OF THE SERVICES WILL BE SECURE, TIMELY, UNINTERRUPTED OR ERROR-FREE OR OPERATE IN COMBINATION WITH ANY OTHER HARDWARE, SOFTWARE, SYSTEM OR DATA; (B) THE SERVICES WILL MEET CUSTOMER’S REQUIREMENTS OR EXPECTATIONS; (C) ANY STORED CUSTOMER DATA WILL BE ACCURATE OR RELIABLE; (D) THE QUALITY OF ANY INFORMATION OR OTHER MATERIAL OBTAINED BY CUSTOMER THROUGH THE SERVICES WILL MEET CUSTOMER’S UNCOMMUNICATED REQUIREMENTS OR EXPECTATIONS; OR (E) THE SUBSCRIPTION SERVICES OR THE SERVER(S) THAT MAKE THE SUBSCRIPTION SERVICES AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. THERE ARE NO WARRANTIES WHICH EXTEND BEYOND THE DESCRIPTION OF THE FACE HEREOF. THE SUBSCRIPTION SERVICES MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS. FIRMATEK AND ITS LICENSORS ARE NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGES RESULTING FROM SUCH PROBLEMS.

8. INDEMNIFICATION

8.1. Indemnification by Firmatek. Firmatek, at its expense, will defend and pay any settlement amounts and damages, costs and expenses (including reasonable attorneys’ fees) awarded by a court of final jurisdiction arising out of any third party claim, suit or proceeding alleging that Customer’s use of the Subscription Services in accordance with this Agreement infringes a third party’s United States copyright or patent issued as of the Effective Date. The foregoing obligations shall not apply if such claim arises out of (a) Customer’s use of infringing Customer Data (b) improper use of the Subscription Services in combination with any software, hardware, network or system not supplied by Firmatek where the alleged infringement relates to such combination, (c) any modification or alteration of the Subscription Services other than by Firmatek, (d) Customer’s continued use of the Subscription Services after Firmatek notifies Customer to discontinue use, and (e) Customer’s violation of applicable law. If any claim which Firmatek is obligated to defend has occurred, or in Firmatek’s determination is likely to occur, Firmatek may, in its sole discretion and at its option and expense (i) obtain for Customer the right to use the allegedly infringing item, (ii) substitute a functionality equivalent, non-infringing replacement for such item, (iii) modify such item to make it non-infringing and functionally equivalent, or (iv) terminate this Agreement and refund to Customer any prepaid amounts attributable the period of time between the date Customer was unable to use the Subscription Services due to such claim and the remaining days in the then-current Subscription Term.

8.2. Indemnification by Customer. Customer, at its expense, will defend and pay any settlement amounts or damages awarded by a court of final jurisdiction arising out of any third party claim, suit or proceeding (a) alleging that the Customer Data infringes any trade secret, trademark, copyright, or patent issued as of the Effective Date; or (b) arising from occurrence of the conditions set forth in Section 8.1(a)-(e) above.

8.3. Conditions. The parties’ obligations under this Section 8 are contingent upon the indemnified party (a) giving prompt written notice to the indemnifying party of any claim under this Section, (b) giving the indemnifying party sole control of the defense or settlement of the claim, and (c) cooperating in the investigation and defense of such claim(s). The indemnifying party shall not settle or consent to judgment in any such claim that adversely affects the rights or interests of the indemnified party or imposes additional obligations on the indemnified party, without the prior express written consent of the indemnified party. THE RIGHTS AND REMEDIES SET FORTH IN THIS SECTION 8 ARE THE SOLE OBLIGATIONS OF THE INDEMNIFYING PARTY AND EXCLUSIVE REMEDIES AVAILABLE TO THE INDEMNIFIED PARTY IN THE EVENT OF AN APPLICABLE THIRD PARTY CLAIM.

9. LIMITATION OF LIABILITY

9.1. Limitation of Liability. EXCEPT FOR BREACH OF INTELLECTUAL PROPERTY RIGHTS, BREACH OF THE LICENSES GRANTED HEREIN AND INDEMNIFICATION OBLIGATIONS, IN NO EVENT SHALL EITHER PARTY’S LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, EXCEED IN AGGREGATE THE TOTAL AMOUNTS PAID BY CUSTOMER HEREUNDER IN THE TWELVE (12) MONTHS PRECEDING THE INCIDENT. THE FOREGOING SHALL NOT LIMIT CUSTOMER’S PAYMENT OBLIGATIONS UNDER SECTION 7 (FEES AND PAYMENT TERMS).

9.2. Exclusion of Consequential and Related Damages. EXCEPT FOR BREACH OF INTELLECTUAL PROPERTY RIGHTS, BREACH OF THE LICENSES GRANTED HEREIN AND INDEMNIFICATION OBLIGATIONS, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, PUNITIVE, SPECIAL, EXEMPLARY, INCIDENTAL, CONSEQUENTIAL OR OTHER DAMAGES OF ANY TYPE OR KIND (INCLUDING LOSS OF DATA, REVENUE, PROFITS, USE OR OTHER ECONOMIC ADVANTAGE) ARISING OUT OF, OR IN ANY WAY CONNECTED WITH THE SERVICE AND/OR THIS AGREEMENT, INCLUDING BUT NOT LIMITED TO THE USE OR INABILITY TO USE THE SERVICES, OR FOR ANY CONTENT OBTAINED FROM OR THROUGH THE SERVICES, ANY INTERRUPTION, INACCURACY, ERROR OR OMISSION, REGARDLESS OF CAUSE, EVEN IF FIRMATEK AND/OR ITS LICENSORS HAVE BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR COULD HAVE REASONABLY FORESEEN THEM.

10. TERM AND TERMINATION

10.1. Subscription Services Term; Renewal. Customer’s subscription rights to use the Subscription Services begins on the start date specified in the Order Form and continues for the period thereafter as set forth therein (each a “Subscription Term”). THEREAFTER, THE EXPIRING SUBSCRIPTION SERVICES WILL AUTOMATICALLY RENEW (EACH A “RENEWAL TERM”) AT THE LIST FEE PRICES IN EFFECT AT THE TIME OF ANY SUCH RENEWAL, UNLESS EITHER PARTY GIVES THE OTHER PARTY WRITTEN NOTICE OF NON-RENEWAL AT LEAST SIXTY (60) DAYS PRIOR TO THE END OF THE APPLICABLE SUBSCRIPTION TERM OR ANY RENEWAL TERM.

10.2. Termination for Cause. This Agreement and applicable Order Forms and SOWs may be terminated by either party for cause as follows: (a) upon thirty (30) days written notice if the other party breaches or defaults under any material provision of this Agreement and does not cure such breach prior to the end of such thirty (30) day period, (b) effective immediately and without notice if the other party ceases to do business, or otherwise terminates its business operations, except as a result of an assignment permitted hereunder. Firmatek may temporarily cease performance of its obligations during any cure period.

10.3. Retrieval of Customer Data. In the event of termination or expiration of the Subscription Term under an Order Form, Firmatek shall make Customer Data available for download by Customer in the format in which it is stored in the Subscription Services, provided Customer requests such return of Customer Data and pays all outstanding charges hereunder in full within 30 days after the termination or expiration effective date. After such 90-day period, Firmatek shall have no obligation to maintain or provide any Customer Data and may thereafter, unless legally prohibited, delete all Customer Data in its systems or otherwise in its possession or under its control.

10.4. Survival. Except to the extent expressly provided to the contrary herein, Sections 2 through 10 and any attachments shall survive the termination of this Agreement.

11. GENERAL

11.1. Relationship. Firmatek and Customer are independent contractors, and this Agreement does not create a partnership, joint venture, employment or agency relationship between the parties. This is a non-exclusive arrangement.

11.2. Entire Understanding; Modifications. This Agreement, including all Order Forms and SOWs hereto, constitute the entire agreement between the parties and supersede all prior and contemporaneous agreements, proposals or representations, oral or written, regarding the subject matter covered by this Agreement. Except as set forth in this Agreement, no modifications, amendments or waivers shall be effective unless mutually agreed by the parties in writing. To the extent of any conflict or inconsistency between the provisions of this Agreement and any Order Form or SOW, the terms of such Order Form or SOW shall prevail, but only with respect to the specific Services purchased under such Order Form or SOW. Notwithstanding any language to the contrary therein, no terms or conditions stated in Customer’s purchase order or in any other ordering documentation shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void.

11.3. Waiver. No waiver of any breach of this Agreement, and no course of dealing between the parties, shall be construed as a waiver of any subsequent breach of this Agreement.

11.4. Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, the provision shall be modified and interpreted by the court so as best to accomplish the intent of the original provision to the fullest extent possible. The invalidity or unenforceability of any provision shall not affect any of the other provisions of this Agreement.

11.5. Governing Law and Venue. This Agreement shall be governed by and construed under the laws of the United States and the State of Texas excluding its conflict of law rules. The parties agree that the United Nations Convention on Contracts for the International Sale of Goods is specifically excluded from application to this Agreement. The state and federal courts located in Bexar County, Texas will have exclusive jurisdiction to adjudicate any dispute relating to this Agreement. Each party hereby irrevocably consents to the exclusive jurisdiction of such courts.

11.6. Publicity. Firmatek may reference and use Customer’s name and trademarks and may disclose the nature of the Services provided hereunder in Firmatek business development and marketing efforts, including without limitation its web site.

11.7. Assignment. Customer may not assign this Agreement, Order Forms or SOWs to any third party without the prior written consent of Firmatek, such consent not to be unreasonably withheld. Any purported assignment in violation of this Section shall be void. this Agreement shall bind and inure to the benefit of the parties, their respective successors and permitted assigns. There are no third party beneficiaries to this Agreement.

11.8. Notices. Firmatek may give notice to Customer by means of a general notice through the Subscription Services interface, electronic mail to Customer’s e-mail address on record in Firmatek’s account information, or by written communication sent by first class postage prepaid mail or nationally recognized overnight delivery service to Customer’s address on record in Firmatek’s account information. Customer may give notice to Firmatek by written communication sent by first class postage prepaid mail or nationally recognized overnight delivery service addressed to Firmatek, LLC, 304 W Kirkwood Ave, Suite 100, Bloomington, Indiana 47404, Attention: Gant Elmore. Notice shall be deemed to have been given upon receipt or, if earlier, two (2) business days after mailing, as applicable. All communications and notices to be made or given pursuant to this Agreement shall be in the English language.

11.9. Export. The Services utilize software and technology that may be subject to United States and foreign export controls. Customer acknowledges and agrees that the Subscription Services shall not be used, and none of the underlying information, software, or technology may be transferred or otherwise exported or re-exported to countries as to which the United States maintains an embargo (collectively, “Embargoed Countries”), or to or by a national or resident thereof, or any person or entity on the U.S. Department of Treasury’s List of Specially Designated Nationals or the U.S. Department of Commerce’s Table of Denial Orders (collectively, “Designated Nationals”). The lists of Embargoed Countries and Designated Nationals are subject to change without notice. By using the Subscription Service, Customer represents and warrants that it is not located in, under the control of, or a national or resident of an Embargoed Country or Designated National. The Subscription Services may use encryption technology that is subject to licensing requirements under the U.S. Export Administration Regulations, 15 C.F.R. Parts 730-774 and Council Regulation (EC) No. 1334/2000. Customer agrees to comply strictly with all applicable export laws and assume sole responsibility for obtaining licenses to export or re-export as may be required. Firmatek and its licensors make no representation that the Service is appropriate or available for use in other locations. Each party shall be solely responsible for its required compliance with all applicable laws, including without limitation export and import regulations of other countries. Any diversion of the Customer Data contrary to law is prohibited. None of the Customer Data, nor any information acquired through the use of the Service, is or will be used for nuclear activities, chemical or biological weapons, or missile projects.

11.10. Force Majeure. Except for performance of a payment obligation, neither party shall be liable under this Agreement for delays, failures to perform, damages, losses or destruction, or malfunction of any equipment, or any consequence thereof, caused or occasioned by, or due to fire, earthquake, flood, water, the elements, labor disputes or shortages, utility curtailments, power failures, explosions, civil disturbances, governmental actions, shortages of equipment or supplies, unavailability of transportation, acts or omissions of third parties, or any other cause beyond its reasonable control. If the force majeure event continues for more than thirty (30) calendar days, then either party may terminate this Agreement for convenience upon written notice to the other party.

11.11. Entire Agreement. This Agreement constitutes the entire agreement between Firmatek and Customer with respect to the subject matter hereof, and supersedes all prior agreements, understandings and negotiations, both written and oral, between the Parties with respect to such subject matter. No waiver, amendment or modification of any provision of this Agreement shall be enforceable against either Party unless it is in writing and signed by both Parties. Notwithstanding the foregoing, Firmatek may amend the terms and conditions of this Agreement or any other documents and policies referenced herein at any time, including without limitation by posting such revised terms on its website Firmatek.com or the location of such other document or policy. Such amended terms and conditions shall be binding on Customer on the effective date of such change and shall supersede any prior version (including this Agreement). Except for the exclusive remedies specified herein, each Party will have all rights and remedies available to it at law or in equity for the protection of its rights hereunder, including an injunction enjoining the breach or threatened breach of this Agreement. This Agreement is not governed by the United Nations Convention of Contracts for the International Sale of Goods or the Uniform Computer Information Transactions Act, the application of each of which is hereby expressly excluded.

 

Attachment 1 SUPPLEMENTAL AGREEMENT FOR KESPRY AERIAL INTELLIGENCE SERVICE (“AIS”)

Capitalized terms used but not defined herein shall have the meaning ascribed to them in the Agreement.

1. DEFINITIONS

1.1. AIS Visual Information: means the totality of output provided to Customer by AIS, including but not limited to 3D models, point clouds, georeferenced orthophotos, and elevation maps based on Flight Data captured by Customer personally or by Firmatek or any other third party during a Flight for rendering into Visual Information. Visual Information is hereby incorporated by reference into the definition of Customer Data in the Agreement, and Customer hereby consents to the collection, use, and transfer of Customer Data in accordance with the Firmatek Privacy Policy, as updated from time to time, and is set forth at www.firmatek.com/privacy-policy.

1.2. Flight Data: means the data gathered during Flight and any other information that is related to the operation of the AIS, including but not limited to raw sensor data, telemetry data, flight and application logs, diagnostic information, performance information and software usage information. Firmatek owns all right, title, and interest in and to the Flight Data.

2. TERMS

2.1. Generally. AIS is comprised of the embedded drone software (“Drone Software”), web-connected mobile software application (“Mobile Application”) and web-based AIS GUI (“AIS Platform”). To use AIS, Customer must i) install the Drone Software on a personal drone or lease a DCES Drone on which the Drone Software has been pre-installed (in either case, the “Drone”), ii) use the Mobile App on a personal tablet or lease a DCES tablet (in either case, the “Tablet”) to plan and conduct automated aerial flights (each a “Flight”) to capture Flight Data, and iii) upload the Flight Data into the AIS Platform for processing and rendering of Visual Information within the GUI. Customer may also use AIS if Firmatek has performed any or all of the previous actions for Customer.

2.2. License Grant. Subject to the restrictions set forth in the Agreement, Firmatek grants Customer a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to install and use one copy of the Mobile Application in object code format on one iOS device that Customer owns or controls, solely for use with the Drone Software and AIS Platform.

2.3. Separate Terms May Apply. Customer acknowledges that third party terms and fees may apply to the use and operation of the mobile device in connection with use of the Mobile Application, such as carrier terms of services, and fees for phone service, data access or messaging capabilities, and that Customer is solely responsible for payment of such fees.

2.4. Open Source. The Drone Software or Mobile Application (together, “Software”) may contain open source software which may have its own applicable license conditions. This AIS Supplement does not purport to limit Customer’s rights under such open source software license agreements. All open source software is provided WITHOUT ANY WARRANTY, including but not limited to, the IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, FITNESS FOR A PARTICULAR PURPOSE, LOSS OF USE, LOST DATA OR QUALITY OF SERVICE. Copyrights to the open-source software are held by the copyright holders indicated in the copyright notices in the corresponding source files.

2.5. Updates. Firmatek may, in its reasonable discretion, update the Software, AIS Platform and any associated Documentation. Updates to the Software may be applied automatically via the Internet; however, it is Customer’s responsibility to ensure that the Equipment and the device running the Software Application are periodically connected to the Internet in order to receive such updates, and to otherwise ensure that the Embedded Software and the Software Application are updated in a timely fashion when Firmatek notifies Customer that updates are available.

2.6. Restrictions. In addition to the restrictions set forth in the Agreement, Customer shall not remove any proprietary notices or labels on or in any part of the Software, and Customer agrees to reproduce any copyright and other proprietary right notices on any permitted copies of the Software.

2.7. Proprietary Rights;

2.7.1. Use of Customer Data. Customer owns the copyright in the Visual Information generated and displayed by the authorized use of the AIS Platform hereunder (but not, for the avoidance of doubt, the Flight Data embedded in such Visual Information, the format of the Visual Information, or Firmatek or third party trademarks displayed with the Visual Information). Customer hereby grants Firmatek a worldwide, non-exclusive, fully paid-up, royalty-free license to reproduce, modify, display, and otherwise use the Visual Information to provide AIS to Customer. Except as set forth in this Section 2.7, Firmatek shall not share Visual Information with third parties without obtaining prior written authorization from Customer. Without limiting the generality of the foregoing, notwithstanding anything to the contrary herein, Firmatek may (i) use Flight Data and Visual Information to provide, support, and improve AIS and Firmatek’s other products and services, (ii) provide Flight Data and Visual Information to its third party service providers, who may use such data on behalf of Firmatek and to improve their respective products and services, and (iii) use, sell, license, distribute, and disclose any and all Flight Data in an aggregated form, in a manner that does not identify Customer or any individual consistent with Firmatek’s Privacy Policy. Firmatek has no obligation under this AIS Agreement to deliver to Customer, or anyone else, any Flight Data other than Flight Data displayed in the Visual Information generated by the authorized use of AIS hereunder. Upon request and without additional cost, Firmatek will make available to Customer all available collected Visual Information during the term of the Agreement, and at the conclusion of the Agreement consistent with Section 10.3 therein.

2.7.2. Intellectual Property. You agree that you shall not apply or file for any intellectual property protection (including without limitation, patent protection), in any jurisdiction, incorporating any of the Data, without Firmatek’s prior written consent, which consent Firmatek may grant or withhold in its sole discretion. You shall restrict access and use of the Data to your employees engaged in performing under these Terms in connection with the Purpose. You shall ensure that such employees who will access or use the Data are informed of and bound by these Terms prior to their performance of evaluation and/or other activities in connection with the Purpose.

2.8. Location Based Services. The Software Application provides features that enable Firmatek to tailor Customer’s experience based on its location (“Location-based Services”). To use Location-based Services, Customer must allow Firmatek access to the User’s position through the Tablet, which Firmatek may accomplish through a variety of means, including GPS location, if available. If Customer chooses to disable location-based services, Customer will not be able to utilize certain features of the Mobile Application. By authorizing Firmatek to access Customer’s location, Customer agrees and acknowledges that (i) device data collected by Firmatek from Customer is directly relevant to Customer’s use of the Mobile Application and (ii) Firmatek may provide Location-based Services related to Customer’s then-current location for the next 24 hours.

2.9. Customer-Provided Equipment.

This Section 2.9 shall only apply to the extent that that the Order Form provides that Customer will obtain its own equipment for use with AIS.

2.9.1. General. Unless Customer elects to lease equipment from Firmatek under the Data Capture Equipment Service, Customer is responsible for obtaining the equipment and ancillary services necessary for use of AIS, including UAVs, tablet computers, and mobile connectivity services (“Customer-Provided Equipment, or “CPE”) and for all losses or damage that may result to such CPE, even if used with AIS.

2.9.2. Insurance. Customer shall obtain aviation insurance with global coverage for all uses and all risks of ground and flight including commercial general liability and products and completed operations liability with limits of not less than $1,000,000 per occurrence and annual aggregate, with Firmatek named as an additional insured for liability arising from Customer’s operation of the CPE and AIS. Customer agrees to waive its rights of recovery and subrogation against Firmatek, and such insurance shall be considered primary, non-contributory, and not excess coverage. Such insurance must (i) be maintained with an insurance company rated by A.M. Best as “A” or better; and (ii) be evidenced by a certificate of insurance prior to use of AIS and no less frequently than annually thereafter upon the anniversary date of the applicable policy, throughout the duration of this Agreement. Such certificate of insurance will be provided to Firmatek upon request.

2.10. Terms Regarding Apple. Customer acknowledges that this AIS Supplement is between Customer and Firmatek only, not with Apple, and Apple is not responsible for the Mobile Application and the content thereof. Apple has no obligation whatsoever to furnish any maintenance and support services with respect to the Mobile Application. In the event of any failure of the Mobile Application to conform to any applicable warranty, then Customer may notify Apple and Apple will refund the purchase price for the relevant Mobile Application to Customer; and, to the maximum extent permitted by applicable law, Apple has no other warranty obligation whatsoever with respect to the Mobile Application. Apple is not responsible for addressing any claims by Customer or any third party relating to the Mobile Application or Customer’s possession and/or use of the Mobile Application, including, but not limited to: (i) product liability claims; (ii) any claim that the Mobile Application fails to conform to any applicable legal or regulatory requirement; and (iii) claims arising under consumer protection or similar legislation. Apple is not responsible for the investigation, defense, settlement and discharge of any third party claim that the Mobile Application or Customer possession and use of the Mobile Application infringes that third party’s intellectual property rights. Customer agrees to comply with any applicable third party terms, when using the Mobile Application. Apple, and Apple’s subsidiaries, are third party beneficiaries of this AIS Agreement, and upon Customer acceptance hereof, Apple will have the right (and will be deemed to have accepted the right) to enforce this AIS Supplement against Customer as a third party beneficiary of this AIS Supplement.

 

Attachment 2 SUPPLEMENTAL AGREEMENT FOR DATA CAPTURE EQUIPMENT SERVICE (“DCES”)

Capitalized terms used but not defined herein shall have the meaning ascribed to them in the Agreement.

1. Firmatek Provided Equipment.

This DCES Supplement has been incorporated into the Agreement between Firmatek and Customer for the purpose of Subject to the terms and conditions of this Agreement, Firmatek may lease the equipment as set forth in the Order Form (the “Firmatek Provided Equipment” or “FPE”). YOU ACKNOWLEDGE AND AGREE THAT THE EQUIPMENT MAY NOT BE NEW. ALL CONTENT, EQUIPMENT, SERVICES, DATA AND OTHER INFORMATION ON OR ACCESSIBLE FROM OR THROUGH THIS SITE ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS.

1.1. Title. Title to FPE is retained by Firmatek. Customer will not transfer, sell, assign, sublicense, pledge, or otherwise dispose of, encumber, or suffer a lien or encumbrance upon or against FPE. Customer will not use FPE with any parts or accessories that are not provided by Firmatek (either at the time the FPE is initially delivered or in connection with support). Customer agrees to return the FPE to Firmatek at the end of the term of this Agreement.

1.2. Shipping and Delivery.

1.2.1. Time Frame. The FPE will be shipped to you within a reasonable time (typically within 30 days) after placement of your Order on this Site. All deliveries of FPE under these Terms are F.O.B. destination. The FPE will be shipped using a reliable courier service with full insurance for the replacement value of the FPE. In the case of inclement weather or other events beyond our control that interfere with our ability to deliver your Order, we will attempt to deliver your Order as soon as reasonably possible. In some cases, delivery may occur prior to the scheduled delivery date.

1.2.2. Costs. You agree to pay the Equipment shipping and handling charges insurance, import duties, customs, returns, non-delivery, and other similar costs, shown at the time you make a purchase. We reserve the right to increase, decrease, add or eliminate shipping and handling charges from time to time, but we will provide advance notice of the charges applicable to you before you make your purchase. Custom shipping methods and insurance options may be available upon request.

1.3 Effect of Termination. Upon the expiration or earlier termination of this Agreement, Customer will return the Equipment to Firmatek at Customer’s expense. Customer will ship the Equipment to Firmatek using a reliable courier service with full insurance for the replacement value of the Equipment. The Equipment will be returned in as good a condition as when provided to Customer, ordinary wear and tear excepted.

2. Equipment Operation.

2.1. Authorization. Firmatek authorizes Customer to use the Equipment with AIS solely in order to conduct aerial surveys on property that Customer is authorized to fly over and capture aerial sensor data and telemetry information from such surveys, and to transmit that data to Firmatek for processing. Customer, and not Firmatek, is the operator of the AIS and Equipment. Customer assumes full responsibility for: (i) the proper use of AIS and the Equipment; and (ii) verifying the results obtained from the use of AIS. Customer acknowledges and agrees that it is Customer’s responsibility to (a) comply with all laws, rules and regulations pertaining to the operation of unmanned aerial vehicles in the jurisdiction where AIS and Equipment are used, including any operator licensure or certification requirements, (b) secure the consent of the property owner to use the Equipment and AIS on such property if Customer is not the owner or leaseholder, and (c) operate AIS and the Equipment safely. For the safety of the Equipment, its operators, and bystanders, Customer agrees to read and understand the Documentation and all applicable laws, rules and regulations prior to using AIS and the Equipment and to follow all safety instructions, and to cause its employees and agents using AIS and Equipment to do the same. IMPROPER OPERATION OF THE EQUIPMENT CAN CAUSE SERIOUS PERSONAL INJURY AND PROPERTY DAMAGE. IN NO EVENT WILL ANY FIRMATEK PARTY BE LIABLE FOR PERSONAL INJURY.

2.2. Certified Operators. Only employees of Customer who are Certified Operators (as defined by Firmatek training protocols) may operate the FPE. For an additional fee, Firmatek may provide aircraft operations insurance with FPE but damages caused by unauthorized operators will not be covered under the policy.

2.3. Damage. Where the FPE is damaged due to Customer’s negligence, unauthorized modifications or repairs, or improper operation of the FPE, Firmatek may assess Customer a deductible or replacement fee as determined by the Order Form. By way of example, and not as a limitation, failing to comply with alerts warnings, and notifications from the drone, Mobile Application, or other flight planning application, failing to use an up to date version of the drone software, Mobile Application, or other flight planning application, or failing to follow best practices or legal requirements while operating the FPE, which results in damage to the FPE will result in Firmatek assessing Customer the deductible or replacement fee. For avoidance of doubt, Customer understands and acknowledges that the FPE is not insured against loss or damage under the aircraft operations insurance described in Section 1.3, and the fees set forth in this Section shall be payable by Customer regardless of any such insurance coverage.

3. Equipment Availability

All of our Equipment and Services are subject to availability, and we reserve the right to impose to discontinue offering certain Equipment and Services and to substitute Equipment and Services without prior notice.

4. Restrictions on Use.

Customer may not, without Firmatek’s prior written consent: (i) use AIS and the Equipment to provide for-fee services to third parties; (ii) resell or sublease AIS, or subcontract or assign this Agreement, in whole or in part, to any third party; (iii) modify, repair, or have a third party modify or repair AIS or the Equipment or any component thereof; or (iv) allow any person to operate AIS and unless such person is an employee of Customer and such person is a Certified Operator.

5. Support and Updates.

During the term of this Agreement, Firmatek will provide Customer with reasonable ongoing support as set forth in the Agreement.

 

Attachment 3 Firmatek Support Policy

1. Firmatek Support Description.

1.1. Customer shall be responsible for providing basic support to its users, including receipt of initial customer support calls and basic problem identification and diagnosis. In the event that Customer, after providing basic support, is unable to resolve technical issues, Firmatek shall provide Customer with reasonable back-up support in accordance with the following Firmatek Support Policy (the “Policy”).

1.2. Firmatek support services (“Support”) are intended to assist Customer in troubleshooting and resolving specific issues relating to Customer and its users’ use of the Firmatek Subscription Services. Firmatek will partner with Customer in the resolution of issues directly involving the Subscription Services that Customer is unable to resolve. Customer is expected to undertake and complete reasonable troubleshooting tasks as recommended by Firmatek support staff.

1.4. Firmatek Support does not include assistance with or support for non-Firmatek products, services or technologies, including databases, computer networks, communications systems, computers, hard drives, networks or printers.

1.5. Firmatek makes Support available to Customer through a variety of contact methods, which include access to online knowledge base, email Support requests, and telephone Support during scheduled Support hours listed below. Firmatek reserves the right to request access to a Customer project workspace to help troubleshoot any issues. Providing technical Support does not imply that Firmatek will fix all Firmatek application software defects or make changes to the Firmatek software application.

1.6. Customer specifically consents to and grants United States-based Firmatek Support teams the express right to access, troubleshoot and provide technical Support services related to Customer Data (as defined in the Terms of Use) that is stored, managed and processed in Firmatek’s data center(s) hosted by Firmatek’s third party service providers.

2. Support Package

2.1. Basic Support; Customer receives Support by way of email and telephone, as otherwise provided in accordance with this Policy. Support is available Monday through Friday, 8:00am to 5:00pm Central Time, (excluding US Federal holidays).

3. Contacting Firmatek Support.

3.1. Online Support Portal and Forums. Customer will have access to the Firmatek Support Portal, which provides access to the Firmatek Knowledge Base, Firmatek Documentation, and an online form for submitting Support tickets. The Firmatek Support Portal is located at www.firmatek.com/support.

3.2. Email Support. Firmatek will provide Customer with access to Support via email. Support tickets are created for all requests received at support@firmatek.com.

3.3. Telephone Support. Firmatek will provide Customer with access to Support by way of telephone contacts. The telephone contact number for Firmatek Support will be provided to Customer as of the date Customer commences its first access to the Firmatek Subscription Services. If a Firmatek representative is not available to take Customer’s call, Customer may leave a detailed message with a description of the Support issue and Customer’s phone number and email address. Voicemails will be converted into Support tickets and emailed to the Support personnel on duty.

4. Support Coverage.

Telephone and email Support is available Monday through Friday (Central Time), 8am to 5pm Central, excluding US Federal holidays (the “Coverage Period”).

5. How Requests are Logged and Tracked.

For each specific Support request, the Firmatek Support team creates a Support ticket and assigns a Support request number. If Customer calls or emails with several different issues, Firmatek may create different Support request numbers to track each individual issue. Responses to Firmatek Support emails are automatically logged with the original request.

6. Response Times.

For any issue with the Firmatek Subscription Services reported to Firmatek during the Coverage Period, Firmatek will make commercially reasonable efforts to provide an initial Response in a reasonably timely manner, replicate the issue, and develop a workaround to resolve such issue. All Support calls and emails will be routed directly to the Firmatek Support specialists on duty.

 

Attachment 4 Firmatek Service Level Commitment

1. Availability.

The Subscription Services will be available at least 95% of each month during the Subscription Term, excluding “Scheduled Downtime” and “Other Causes” (“Service Level Commitment”). The Firmatek Services are available when Users are able to successfully login to the application and access their project(s).

1.1. “Scheduled Downtime” means the downtime resulting from either a Force Majeure event(s) or for regular maintenance, improvements, and upgrades.

1.2. “Other Causes” means: (a) downtime caused solely by Customer’s use of the Subscription Services other than in accordance with the Terms of Use and any applicable Supplemental Terms; (b) lack of availability or untimely response time from Customer with regard to incidents that require Customer’s participation for source identification and/or resolution; (c) the impairment or unavailability of minor features or functionality that do not adversely affect the end user experience or productivity, such as cosmetic defects or pending requests for functionality or configuration changes not included in the core Subscription Services offering; (d) system impairment or unavailability caused by scheduled routine activities such as the loading of new data; and (e) Customer’s computers or network equipment and any third party activities, equipment or software not within Firmatek’s direct control.

2. Scheduled and Unscheduled Maintenance.

2.1. Regularly scheduled maintenance time does not count as downtime. Maintenance time is considered regularly scheduled if it is communicated in accordance with Section 4 below at least forty-eight (48) hours in advance of the maintenance time. Firmatek hereby provides notice that, on a weekly basis, 11:00pm Friday – 3:00am Saturday Pacific Time is reserved for routine scheduled maintenance for use as needed.

2.2. In emergency conditions, Firmatek in its sole discretion may take the Subscription Services down for unscheduled maintenance and, in that event, will attempt to notify Customer in advance. Such unscheduled maintenance will not be counted against the Service Level Commitment.

3. Downtime Measured. Customer will notify Firmatek of any downtime experience within forty-eight (48) hours of the incident, and Customer must obtain a “support ticket” reference number in order to track Support results and to qualify for calculation against the Service Level Commitment hereunder. The measurement of record for availability of the Services shall be Firmatek’s system logs and other records.
4. Updates/Notice. Notices of maintenance and support updates will be sufficient if posted on the Firmatek support page in a timely manner.

 

Attachment 5 Data Security Schedule

This Data Security Schedule (“Schedule”) is incorporated by reference into Firmatek’s Data Processing Addendum (“DPA” or “Agreement”) between Firmatek and Customer in Section 4 of these Terms of Use. Capitalized terms used herein and not defined have the meaning ascribed to such terms in the Agreement including the Data Processing Addendum.

Any Personal Data that is provided to Firmatek will be subject to the protections as set forth in the Agreement. The protections for Customer Network Data are as set below.

While handling Customer Data, Firmatek will maintain a written information security program of policies, procedures and controls governing the processing, storage, transmission and security of Customer Data (the “Security Program”). The Security Program includes industry-standard practices designed to protect Customer Data from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access. Firmatek tests, assesses and  evaluates the effectiveness of the Security Program and may periodically review and update the Security Program to address new and evolving security technologies, changes to industry standard practices, and changing security threats, although no such update will materially reduce the commitments, protections or overall level of service provided to Customer as described herein.

1. DEFINITIONS

1.1. “Customer Data” means Customer Network Data and Personal Data.

1.2. “Customer Network Data” means the network traffic session information in the Customer’s network collected, aggregated and processed by the Kespry Cloud Service. Customer Network Data does not include Kespry Data or Personal Data. Customer Data is considered Customer’s Confidential Information and shall be protected in accordance with the terms of the Agreement.

1.3. “Kespry Cloud Service” mean the software applications that are provided as a cloud service by Firmatek.

1.4. “Kespry Data” shall mean the data generated as a result of the classification and analysis by the Kespry Cloud Service. Kespry Data does not include Customer Data.

2. CUSTOMER NETWORK DATA

The data center hosting Customer Network Data is compliant with the requirements as stated in the following standards: ISO9001:2015, ISO/IEC 27001:2013, ISO/IEC 27017:2015 and ISO/IEC 27018:2014 (or the then current substantially equivalent standards).

3. PHYSICAL SECURITY MEASURES.

3.1. Access Restrictions. The data center facilities will have appropriate physical access restrictions and monitoring as well as fire detection and fire suppression systems, as set forth at https://aws.amazon.com/compliance/data-center/controls/. Physical access is controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. AWS (and by extension Firmatek) updates the applicable physical security measures on a regular basis.

3.2. Power. The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and Uninterruptible Power Supply (UPS) units provide back- up power in the event of an electrical failure for critical and essential loads in the facility.

4. TECHNICAL SECURITY MEASURES.

4.1. Access Administration. Access to the Customer Data by Authorized Persons is protected by authentication and authorization mechanisms. User authentication is required to gain access to the Kespry Cloud Service. Access privileges are based on the principles of “need to know” and “least privileges” and on job requirements and are revoked upon termination of employment or consulting relationships.

4.2. Logging and Monitoring. The production infrastructure log activities are centrally collected and are secured to prevent tampering.

4.3. Firewall System. An industry-standard firewall is installed and managed to protect Firmatek systems by residing on the network to inspect all ingress connections routed to the Kespry Cloud Service.

4.4. Endpoint protection. Firmatek periodically updates endpoint protection software on regular intervals.

4.5. Change Control. Firmatek ensures that changes to platform, applications and production infrastructure are evaluated to minimize risk.

4.6. Data Separation. Customer’s cloud environment is identified by a unique client ID and deployment ID. Authentication in the upload and query ensures customers do not access one another’s data.

4.7. Encryption. Customer Network Data shall be encrypted in transit when it traverses from the Customer's Kespry mobile application to the Kespry Cloud Service. Customer Network Data is encrypted at rest.

4.8. Data Management. Each data center includes full redundancy (N+1) and fault tolerant infrastructure for electrical, cooling and network systems. The production database servers are replicated in near real time to a mirrored data center in a different geographic region.

4.9. Data Backup. Customer Network Data that is created fewer than 90 days prior to the query data is accessible in the Kespry Cloud Service via a user interface. Customer Network Data will be stored in raw form for 13 months­­­­­­­­­­­­­­­­, and then purged from the Kespry Cloud Service.

5. ADMINISTRATIVE SECURITY MEASURES.

5.1. Personnel Security. Firmatek performs background screening on Authorized Employees who have access to Customer Data in accordance with Firmatek’s then current applicable standard operating procedure and subject to applicable laws.

5.2. Incident Monitoring and Management.

Firmatek will monitor, analyze and respond to security incidents in a timely manner. Firmatek’s security group will escalate and engage response teams as may be necessary to address an incident.

5.2.1. Breach Notification. Firmatek will report to Customer any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data (a “Breach”) without undue delay following determination by Firmatek that a Breach has occurred.

5.2.2. Customer Obligations. Customer will maintain accurate contact information in the customer support portal and provide any information that is reasonably requested to resolve any security incident, including identify its root cause(s) and prevent a recurrence. Customer is solely responsible for determining whether to notify the relevant supervisory or regulatory authorities and impacted Data Subjects and for providing such notice.

6. USE OF AGGREGATE DATA.

Firmatek may collect, use and disclose quantitative data derived from Customer’s use of the Firmatek Services for industry analysis, benchmarking, analytics, research, marketing, and other business purposes in support of the provision of the Firmatek Services. Any such data will be in aggregate form only and such use will not disclose Customer Data.

7. LIMITATIONS.

This Schedule does not apply to: (i) data in Customer’s network or a third-party network or (ii) any data processed by Customer or its users in violation of the Agreement or this Schedule.

Customer agrees that it is solely responsible for its use of the Kespry Cloud Service, including securing its account authentication credentials (as applicable), and that Firmatek has no obligation to protect Customer Network Data that Customer elects to store or transfer outside of Firmatek’s and Authorized Person’s systems (e.g., offline or on- premises storage).

 

 

 

Attachment 6 Data Processing Addendum

This Data Processing Addendum (“DPA”) forms part of the Terms of Use Agreement (“EULA”) or other written or electronic agreement (both collectively referred herein as “Commercial Agreement” or “Agreement”) between Firmatek  and Customer to reflect our agreement about the processing of Personal Data (as defined in Section 1) in connection with Firmatek products and services (“Firmatek Services” or “Services”) in accordance with requirements of applicable Data Protection Laws (as defined in Section 1). References to the Agreement shall include this DPA.

 

This DPA includes the Data Processing Terms and the attached annexes (the Standard Contractual Clauses in Schedule 2, Appendices 1 & 2). This DPA will be effective on the date of the last signature. If Customer makes any deletions or other revisions to this DPA, and such deletions or revisions have not been expressly authorized by Firmatek, then this DPA shall be null and void.

 

 

Customer	Firmatek
Address shall be the address of Customer as set forth in the Agreement	Address shall be the address of Firmatek as set forth in the Agreement
Customer’s signature on the Agreement shall constitute its agreement to this DPA	Firmatek’s signature on the Agreement shall constitute   its agreement to this DPA

 

Data Processing Terms

1. Definitions

Capitalized terms used herein and not defined have the meaning ascribed to such terms in the Agreement. The terms “Process/Processing,” “Data Controller,” “Member State,” “Data Processor,” and “Data Subject” will have the meanings ascribed to them in the GDPR.

1.1. “Authorized Employees” means Firmatek’s employees who have a need to know or otherwise access Personal Data to enable Firmatek to perform its obligations under this DPA.

1.2. “Authorized Persons” means (i) Authorized Employees; and (ii) Firmatek’s Subprocessors.

1.3. “Data Protection Laws” means all laws and regulations, including the GDPR, and other laws and regulations of the European Union, the European Economic Area and their member states, applicable to the Processing of Personal Data under the Agreement.

1.4. “Data Security Schedule” is the document that sets forth Firmatek’s technical and organizations security measures, described in Section 5 of the Terms of Usewhich may be updated from time to time.

1.5. “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC.

1.6. “Firmatek Services or “Services” means the network security solution, customer support services or any other services provided under the Agreement where Firmatek Processes Customer’s Personal Data.

1.7. “Framework” means the Personal Data, categories of Data Subjects, activities, and security measures described inSchedule 1

1.8. “Personal Data” will have the meaning ascribed to the term in the GDPR, as such Personal Data is received by Firmatek by or on behalf of Customer and Processed in connection with the Firmatek Services.

1.9. “Personal Data Breach” means a breach of security of the Firmatek Services leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.

1.10. “Standard Contractual Clauses” or “Clauses” means the agreement by and between Firmatek and Customer and attached hereto as Terms and Conditions pursuant to the European Commission’s decision of 5 February 2010 on Standard Contractual Clauses under Directive 95/46/EC of the European Parliament and of the Council for the transfer of Personal Data to Data Processors established in third countries that do not ensure an adequate level of data protection.

1.11. “Subprocessor” means any Processor engaged by Firmatek to Process the Personal Data provided by Customer to Firmatek as part of the Firmatek Services. For the avoidance of doubt, colocation data center facilities and transit providers are not Subprocessors under this DPA.

1.12. “Technical and Organizational Security Measures” or “Security Measures” means those measures aimed at protecting Personal Data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, in particular where the Processing involves the transmission of data over a network, and against all other unlawful forms of Processing.

 

2. Applicability of this DPA. This DPA applies only to the extent that Firmatek Processes Personal Data of Data Subjects located in the EU/EEA on behalf of Customer.
3. Governing Terms

3.1.1 General terms and conditions of the Services are specified in the Agreement.

3.1.2. The Services are governed both by the terms of the Agreement and those of this DPA, including the Data Security Schedule, to the extent Customer has purchased any Product that includes Cloud Services as defined in the Data Security Schedule.

3.1.3. If there is a conflict between any provision or component of the Agreement and a provision or component of this DPA as applied to the Framework, the terms of this DPA will prevail over the conflicting terms in the Agreement.

3.2. Details of the Processing.

3.2.1. Customer, as a Data Controller, appoints Firmatek, as a Data Processor, to Process the Personal Data on Customer’s behalf (as applicable). In some circumstances, Customer may be a Data Processor; in this case, Customer appoints Firmatek as a Subprocessor. In both cases, Firmatek remains a Processor with respect to Customer for the Processing activities under this DPA.

3.2.2. Firmatek shall not, at any time, transfer or allow any Subprocessor or other person to transfer Personal Data across borders except as permitted under this DPA.

3.3. Firmatek’s Responsibilities

3.3.1. Firmatek shall Process the Personal Data only for the purposes set forth in the Agreement or this DPA and only in accordance with the documented instructions from Customer, as set forth in Terms and Agreement, as modified in writing from time to time by the parties, unless required to do otherwise by applicable law to which Firmatek is subject. In such a case, Firmatek shall inform Customer of that legal requirement before Processing, unless that law prohibits the provision of such information on important grounds of public interest.

3.3.2 Firmatek shall ensure that its relevant employees, agents and contractors receive appropriate training regarding their responsibilities and obligations with respect to the processing, protection, and confidentiality of the Personal Data.

3.4. Security

3.4.1. Firmatek will implement and maintain appropriate Technical and Organizational Security Measures to protect against Personal Data Breaches and to preserve the security and confidentiality of Personal Data processed by Firmatek on behalf of Customer in the provision of the Firmatek Services. These Security Measures are subject to appropriate technical progress and development. Firmatek may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Firmatek Services and that Firmatek shall notify Customer promptly of any materially adverse variation in the Security Measures that may threaten the security of Personal Data.

 

3.4.2. Customer agrees that it is solely responsible for its use of the Firmatek Services, including securing its account authentication credentials (as applicable), and that Firmatek has no obligation to protect Personal Data that Customer elects to store or transfer outside of Firmatek’s and Authorized Person’s systems (e.g., offline or on- premises storage).

3.5. Subprocessors

Firmatek may engage Subprocessors (including Firmatek’s affiliates) to provide aspects of the Firmatek Services and related technical support services, provided that such Subprocessors provide sufficient guarantees to implement appropriate Technical and Organizational Security Measures in accordance with this DPA. Customer consents to Firmatek and its affiliates subcontracting the Processing of Personal Data located in the Firmatek Services to Subprocessors in accordance with this DPA and the Clauses. Any such Subprocessors will be permitted to obtain Personal Data only to deliver the services Firmatek has retained them to provide, and they are prohibited from using Personal Data for any other purpose. The Subprocessors currently engaged by Firmatek are identified in Schedule 1.

3.6 Data Subjects’ Requests

3.6.1. Firmatek shall assist Customer, at no additional cost, as reasonably practicable, in the fulfilment of Customer's obligation to respond to requests by Data Subjects for exercising their rights under GDPR Articles 15 to 22 [Right Of Access, Right To Rectification, Right To Erasure, Right To Restriction Of Processing, Right To Data Portability, Right To Object, And Right Not To Be Subject To Decisions Based Solely On Automated Processing, Including Profiling]. Firmatek shall respond to Customer’s request for assistance in responding to a request from a Data Subject under GDPR Articles 15 to 22 promptly and in any event within five (5) business days after receiving Customer’s written notice.

3.6.2. If the Data Subject makes the request directly to Firmatek, Firmatek shall promptly inform Customer by providing a copy of the request. Customer shall be responsible for responding to the Data Subject’s request, and Firmatek shall assist as set forth above.

3.7 Oversight.

3.7.1. Firmatek shall deal promptly and properly with all inquiries from Customer relating to its Processing of the Personal Data.

3.7.2. Firmatek shall make available to Customer all information and written documents necessary to demonstrate compliance with the obligations set forth in this DPA, and allow for and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer or government authorities as permitted in the GDPR.

3.7.3. Firmatek shall promptly inform Customer if, in its opinion, an instruction infringes applicable law, the GDPR or other data protection provisions.

3.7.4. Firmatek shall promptly notify Customer about: (i) any legally binding request for disclosure of the Personal Data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation, and (ii) any request received directly from any Data Subject, without responding to that request, unless it has been otherwise authorized to do so.

4. Safeguards for Cross-border Transfers. Firmatek will during the term of this DPA:

4.1. Maintain appropriate safeguards with respect to the Personal Data and make available to Data Subjects the rights and legal remedies with respect to the Personal Data as required under Article 46(1) of the GDPR.

4.2. Be bound by the terms of the Standard Contractual Clauses Controller to Processor attached to this DPA  as Terms and Conditions.

4.3. Use commercially reasonable efforts to require its Subprocessors performing under this DPA to do the same.

5. Liability Limitation

If Firmatek and Customer enter into Standard Contractual Clauses as described above, then the total combined liability of Firmatek towards Customer, on the one hand, and Customer toward Firmatek, on the other hand, under or in connection with the Agreement and all those Clauses combined will be limited to the maximum monetary or payment-based liability amount set out in the Agreement.

 

 

 

DATA Processing Details

Nature and purpose of the Processing

Firmatek will Process Personal Data only as necessary to perform the Services pursuant to the Agreement, as further specified in the applicable Documentation, and as further instructed by Customer through its use of the Services.

Duration of the Processing

The duration of the Processing corresponds to the duration of the Agreement.

 

1. Categories of Personal Data to be Processed. The Processing concerns the following categories of Personal Data:

• Contact information including first and last name, title, position, company, email address, phone number, physical business address
• Login and account information, including screen name, unique user ID, excluding any passwords.
• Purchase history and invoicing information
• MAC addresses (as applicable through a customer support case)

 

2. Types of Firmatek Personal Data:

• Personal data (name, address, and title)
• Contact details (telephone number, mobile phone number, email address, fax number, work address data)
• Customer history
• System access / usage / authorization data

 

3. Special categories of Personal Data (if appropriate). Firmatek does not process any special categories of Personal Data.

 

4. List of Subprocessors Used by Service Provider. A list of Firmatek’s Subprocessors can be accessed below in Section 5 of the Terms of Use. Please contact Firmatek’s privacy team at privacy@firmatek.com with any questions regarding our Subprocessors.

 

Customer	Firmatek
Address shall be the address of Customer as set forth in the Agreement	Address shall be the address of Firmatek as set forth in the Agreement
Customer’s signature on the Agreement shall constitute its agreement to this DPA	Firmatek’s signature on the Agreement shall constitute its agreement to this DPA

 

Commission Decision C (2010)593

Standard Contractual Clauses (processors)

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection

 

Name of the data exporting organization: Customer

Address: As set forth in the Agreement

Tel.: As set forth in the Order | e-mail: As set forth in the Order

(the data exporter)

 

And

 

Name of the data importing organization: Firmatek

Address: 10010 San Pedro Ave, Suite 850, San Antonio, TX 78216

Tel. 1-210-651-4990 | e-mail: privacy@firmatek.com

(the data importer)

 

each a “party”; together “the parties”, HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

 

Clause 1

Definitions

For the purposes of the Clauses:

• 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
• 'the data exporter' means the controller who transfers the personal data;
• 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
• 'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
• 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
• 'technical and organizational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of

Clause 2

Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3

Third-party beneficiary clause.

The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and

• to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party
  • The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
  • The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the
  • The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law

 

Clause 4

Obligations of the data exporter

The data exporter agrees and warrants:

• that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
• that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
• that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures specified in Appendix 2 to this contract;
• that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
• that it will ensure compliance with the security measures;
• that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
• to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
• to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
• that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

2. that it will ensure compliance with Clause 4(a) to (i).

 

Clause 5

Obligations of the data importer

The data importer agrees and warrants:

• to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
• that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
• that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
• that it will promptly notify the data exporter about:
  • any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
  • any accidental or unauthorised access, and
  • any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
• to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
• at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
• to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
• that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
• that the processing services by the subprocessor will be carried out in accordance with Clause 11;
• to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data

Clause 6

Liability

• The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage
• If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such
• The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own
• If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the

Clause 7

Mediation and jurisdiction

• The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
  • to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
  • to refer the dispute to the courts in the Member State in which the data exporter is
• The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international

Clause 8

Cooperation with supervisory authorities

• The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection
• The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
• The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5.

Clause 9

Governing Law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

 

Clause 10

Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11

Subprocessing

• The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.
• The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the
• The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is
• The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a The list shall be available to the data exporter's data protection supervisory authority.

Clause 12

Obligation after the termination of personal data processing services

• The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
• The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph

 

On behalf of the data exporter: Customer Address: As set forth in the Agreement

Other information necessary in order for the contract to be binding (if any):

 

 

 

 

The Data Exporter’s signature on the Agreement shall constitute its agreement to these Standard Contractual Clauses

 

On behalf of the data importer: Firmatek, LLC

Address: 10010 San Pedro Ave, Suite 850, San Antonio, TX 78216

Other information necessary in order for the contract to be binding (if any): N/A

 

 

 

The Data Importer’s signature on the Agreement          shall constitute its agreement to these Standard Contractual Clauses

 

APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES

This Appendix forms part of the Clauses and must be completed and signed by the parties.

The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.

Data exporter

The data exporter is (please specify briefly your activities relevant to the transfer) :

Data exporter is “Customer.”

Data importer

Data importer is “Firmatek, LLC.”

Data subjects

The personal data transferred concern the following categories of data subjects (please specify):

• Employees, agents, advisors, independent contractors of data exporter (who are natural persons)

Categories of data

The categories of data are as listed on Schedule 1 to this DPA.

Special categories of data (if appropriate)

The special categories of data (if any) are as listed on Schedule 1 to this DPA.

Processing operations

Any basic processing activities and processing of personal data by data importer is solely for the performance of the Services as further described in the Agreement.

The personal data transferred may be subject to the following basic processing activities: collect, store, retrieve, consult, use, erase or destruct, disclose by transmission, disseminate or otherwise make available data exporter’s data as described herein, as necessary and required to provide Services in accordance with the Agreement or the data exporter’s instructions.

 

Data Exporter	Data Importer
Customer	Firrmatek, LLC
Address shall be the address of Customer as set forth in the Agreement	Address shall be the address of Firmatek, LLC. as set forth in the Agreement
The Data Exporter’s signature on the Agreement shall constitute its agreement to these Standard Contractual Clauses	The Data Importer’s signature on the Agreement shall constitute its agreement to these Standard Contractual Clauses

 

APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES

This Appendix forms part of the Clauses and must be completed and signed by the parties.

Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c): please see the Data Security Schedule.

Data Importer will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Personal Data provided to Data Importer, as described in the Data Security Schedule, which are incorporated into this Appendix 2 by reference and are binding on Data Importer. Data Importer will not materially decrease the overall security has described herein during the period of Processing.

 

Data Exporter	Data Importer
Customer	Firmatek, LLC
Address shall be the address of Customer as set forth in the Agreement	Address shall be the address of Firmatek, LLC. as set forth in the Agreement
The Data Exporter’s signature on the Agreement shall constitute its agreement to these Standard Contractual Clauses	The Data Importer’s signature on the Agreement shall constitute its agreement to these Standard Contractual Clauses

 

 

Remainder of Page Intentionally Left Blank

 

 

Attachment 7 FIRMATEK SUBPROCESSORS

The following subprocessors are authorized by Firmatek, LLC to process personal data and assist the operations necessary to provide Firmatek services as described in the Order and these Terms and Conditions.

Entity Name	Country	Purpose
Salesforce	United States	To provide account information to Firmatek in the scope of providing support to customers
Auth0 (Okta)	United States	To provide an identity management solution for user registration, login and password resets
AWS	United States	To host customer data for certain service offerings
Segment	United States	For internal reporting for customer data
Atlassian	United States	To provide account information to Firmatek in the scope of providing support to customers

 

If you are a current Firmatek customer with a data processing agreement in place with Firmatek, you may subscribe to receive notification of a new subprocessor before Firmatek authorizes such subprocessor to process personal data in connection with the provision of the applicable service. You can subscribe to receive e-mail notifications for changes to the Firmatek subprocessor list by emailing the following information to privacy@firmatek.com:

• Customer Name
• Customer Address
• Customer E-mail
• Executed copy of the Customer-Kespry Data Processing Addendum
• Please title your request “Kespry Subprocessor Notification Request.”

 

To edit your e-mail notification information, please submit a request to privacy@firmatek.com with the subject title “Change in Contact Information.