fbpx

EVent | MARCH 27

Winning with Win-Loss

REGISTER NOW

LOGIN Get a demo

Terms and Conditions

These Terms and Conditions (these “Terms”) are made between the Klue entity identified in the Authorization Form (“Klue”), and the Customer (each a “party” and together the “parties”). 

  1. Definitions
    1. Acceptable Use Policy” means the Klue Acceptable Use Policy at https://app.klue.com/acceptable-use.
    2. Affiliate” means any entity which directly or indirectly controls, is controlled by, or is under common control with a party. For purposes of this definition, control means direct or indirect ownership or control of more than fifty (50) percent of the voting interests of the subject entity. 
    3. Agreement” means the Terms, together with all exhibits and any current Authorization Form.  
    4. Authorization Form” means a document executed by both Customer and Klue or a Klue Affiliate which describes the Services Customer is purchasing, including the Fees and any other details specifically related to such Services.
    5. Business Day” means any day except Saturday, Sunday, or a statutory holiday in British Columbia, all determined with reference to Pacific Time.
    6. Confidential Information” means (i) any non-public information communicated by a party to the other party in connection with this Agreement that is designated in writing as confidential, (ii) Customer Data, and (iii) the terms and conditions of this Agreement (including pricing and all other terms set out in any Authorization Form).
    7. Customer” means the customer identified in the applicable Authorization Form.
    8. Customer Data” means all content, information and data in any format, that is submitted, uploaded, transmitted or otherwise made available by Customer or Users to or through the Klue Services, including any reports or other output created by Customer with such content through use of the Klue Services; however, to the extent any of the foregoing are combined with data derived or obtained from public sources, that portion of data derived or obtained from public sources is not Customer Data.
    9. Data Protection Laws” has the meaning given to such term in Schedule B, Customer Data Protection Addendum.  
    10. Documentation” means the user and technical help documentation for the Klue Services made available electronically through the Website.
    11. Effective Date” means the effective date designated pursuant to the initial Authorization Form.
    12. Feedback” means suggestions, comments, bug reports, feature or enhancement requests, recommendations or other feedback relating to the Services or Klue’s business provided to Klue by Customer or Users.
    13. Fees” means all amounts payable by Customer to Klue for the Services including implementation fees, ongoing subscription fees and any other fees or charges set out in the applicable Authorization Form.
    14. “Force Majeure Event” means events which are beyond the reasonable control of such party, including but not limited to acts of God, acts of government, flood, fire, pandemics, earthquakes, civil unrest, acts of terror, strikes or other labour problems, or the unavailability of third party-provided cloud hosting services. 
    15. Klue Services” means Klue’s proprietary web-based applications for competitive enablement services for which Customer has subscribed under an Authorization Form, including technical support, but does not include Professional Services.  
    16. Pattern Data” means aggregated and/or anonymized information, data or reports derived from or compiled through the Services, including, but not limited to, data or statistics indicating frequency of use, popularity of or other characteristics of the Services.
    17. Personal Data” has the meaning given to such term in Schedule B, Customer Data Protection Addendum.
    18. Personnel” means employees (including employees of an Affiliate), consultants, independent contractors or subcontractors.
    19. Privacy Policy” means the Klue Privacy Policy at https://app.klue.com/privacy.
    20. Professional Services” means implementation, consulting and training services purchased by Customer under an Authorization Form, which may be further detailed in a statement of work, schedule or similar document signed by both Customer and Klue or its Affiliate, but excluding technical support.  
    21. Services” means the Klue Services and the Professional Services.
    22. Subscription Period” means the implementation and ongoing subscription period specified in an initial Authorization Form and each subsequent renewal period(s). For greater certainty, each renewal period represents a distinct Subscription Period.
    23. User” or “Users” means each individual that Customer or a Customer Affiliate permits to use the Klue Services and to whom Klue grants a User ID.
    24. User ID” means the login access and identification granted by Klue to Users to enable access to the Klue Services.
    25. Website” means https://app.klue.com/ or any other URL designated by Klue for accessing the Klue Services.
  2. Access to and Use of Services
    1. Access. Subject to this Agreement, Klue grants Customer and its Users (i) access to the Klue Services during the Subscription Period, and (ii) a perpetual, limited, non-exclusive license to use, reproduce, access, and store any modifications, compilations, or derivative works created or developed from Customer Data by Klue or the Website in connection with the Klue Services, in each case solely for Customer’s own internal business purposes. Customer may provide Customer’s Affiliate’s Users with access to the Klue Services provided that such access is subject to and in compliance with this Agreement and Customer will at all times remain liable for its Affiliates, Users, and Affiliates’ Users compliance with this Agreement. In addition, Customer Affiliates may purchase Services from Klue hereunder by entering into an Authorization Form with Klue governed by these Terms. Each Authorization Form is a separate obligation of the Customer Affiliate that execute(s) such Authorization Form, and no other Customer entity has any obligation thereunder.
    2. Support and Service Levels. During the Subscription Period, Klue will provide support for the Klue Services in accordance with Exhibit A hereto and will make the Klue Services available in accordance with the service levels specified therein. Klue may alter, but not materially diminish, the functionality and user interfaces of the Klue Services from time to time in its sole discretion.
    3. Acceptable Use. Customer will comply and will ensure that its Users comply with the Acceptable Use Policy and will not use the Klue Services in any way that violates the Acceptable Use Policy, this Agreement or applicable law. 
    4. User IDs. Customer will require all Users to keep their User IDs and related passwords strictly confidential and to not share such information with any unauthorized person. Customer will be responsible for any and all actions taken using its User IDs and passwords. For greater certainty, individual User IDs are specific to individual Users and may not used by any other individuals to access the Klue Services.
    5. Professional Services. If Customer has purchased Professional Services, such services will be set forth in an Authorization Form, a statement of work or other document entered into between the parties.  Any modifications or extensions to a signed Authorization Form or statement of work related to Professional Services must be made pursuant to a project change request or similar amendment mutually agreed to in writing by the parties.  Subject to payment of the applicable Fees, Klue, for and on behalf of itself and its Affiliates, grants Customer, all right, title and interest in and to all interviews and related transcripts, all written summaries, research stories and executive summaries prepared by Klue or its Affiliate for the Customer (the “Deliverables”).  To the extent any Deliverables contain Klue Property (as defined below), Klue grants the Customer a non-exclusive, worldwide, perpetual license for its internal business purposes, to use such Klue Property in connection with the Deliverables.  Without limiting the foregoing, Klue may use aggregated and/or anonymized data or information derived from, or extracts of, any Deliverables, for Klue’s legitimate business purposes, provided that such data or information will not identify Customer or any individual or disclose any Confidential Information attributable to the Customer. 
  3. Customer Data and IP Ownership
    1. Customer Data. Subject to the license granted to Klue hereunder, Customer owns and will retain all right, title, interest to and ownership of Customer Data. Customer grants Klue and its Personnel a non-exclusive, worldwide, royalty-free, sublicensable, license during the Term to access, use, process, copy, distribute, perform, export, and display Customer Data solely and exclusively for the purposes of (i) providing and supporting the Services, including storing, hosting, and managing Customer Data, and (ii) creating Pattern Data. Solely to the extent that reformatting Customer Data for use in or through the Services constitutes a modification or derivative work, the foregoing license also includes the right to make modifications and derivative works to and from Customer Data.
    2. Customer Responsibility for Customer Data. Customer has sole responsibility for the content, accuracy, quality, integrity, legality, reliability, and appropriateness of all Customer Data and for the compliance of such Customer Data with this Agreement and all applicable laws. Klue will use the Customer Data “as is”, and is not responsible for reviewing, validating or otherwise confirming the accuracy, appropriateness or completeness of Customer Data. Customer may delete or request Klue to delete all or part of the Customer Data at any time.
    3. Pattern Data. Customer acknowledges and agrees that Pattern Data will not be considered and does not constitute Customer Data or Personal Data. Klue shall own all right, title and interest (including all intellectual property rights) in and to any Pattern Data.  For greater certainty, Pattern Data does not identify Customer or Users and does not relate specifically to Customer’s business.  Pattern Data will not be used to train any publicly available AI systems or public large language models.
    4. Feedback. If Customer or Users provide Feedback, Customer grants to Klue a royalty-free, worldwide, transferable, sub-licensable, irrevocable, perpetual, unrestricted and fully paid-up license to use such Feedback for any purpose.
    5. Rights Reserved by Klue. Except as provided herein, the Services are made available to Customer on a limited access basis hereunder, and no ownership rights are granted to Customer. Klue and its Affiliates and/or licensors own and will retain all right, title, and interest, including all intellectual property rights, in and to the Services and the Website including all intellectual property rights in and to all inventions, methodologies, questionnaires, templates, techniques, surveys, knowledge or know-how in connection with the delivery of the Professional Services (the “Klue Property”), and any Pattern Data, as well as any updates, modifications, adaptations, translations, customizations or derivative works thereof or in relation thereto. All rights not expressly granted to Customer herein are reserved by Klue and its Affiliates and/or licensors.
  4. Fees and Taxes
    1. Fees. Customer will pay the Fees to Klue in advance unless otherwise specified in the applicable Authorization Form. Customer will pay all undisputed invoiced amounts in accordance with the terms set out in the Authorization Form. Fees are non-cancelable and non-refundable (except in accordance with Section 10.3).
    2. Access and Usage. Klue may monitor Customer’s utilization of the Klue Services as reasonably necessary to ensure Customer’s compliance with this Agreement and in particular with the number of Users or other applicable metric(s) specified on the Authorization Form (“Permitted Usage”). If Customer’s usage is shown to be in excess of Permitted Usage, Klue will notify Customer and request that usage be brought back into compliance. Additional Fees may apply if not brought back into compliance, effective as of the time that Customer first exceeded Permitted Usage.
    3. Late Payment. For any payment overdue by more than twice the number of days outlined in the Authorization Form, Klue may (i) suspend Customer’s and its Users’ access to the Services, and (ii) charge interest at the rate of one and a half percent (1.5%) compounded monthly, (19.6% annual interest) until all due amounts are paid in full.
    4. Taxes. Fees are exclusive of and Customer will pay all taxes, assessments, charges, fees, and levies that may be levied on or applicable to the Services, including all sales, use, goods and services, value added, excise and withholding taxes, customs duties, and assessments, together with any installments and any interest, fines, and penalties with respect thereto, imposed by any governmental authority, including federal, state, provincial, municipal, and foreign governmental authorities (collectively, “Taxes”), which for clarity does not include any taxes based on Klue’s income. In the event Customer is required under applicable laws to withhold Taxes, Customer will inform Klue in writing as soon as such requirement becomes known, and Customer will assist Klue in obtaining any mitigations, exemptions and/or refunds as may be available under any applicable law. If Customer is still required under laws applicable to Customer to deduct or withhold Taxes from payments to Klue, Customer may deduct the applicable amount (the “Deduction Amount”) from the Fees. Customer will not be required to pay the Deduction Amount to Klue, provided Customer presents Klue with a valid tax receipt verifying payment of the Deduction Amount to the relevant tax authority within ninety (90) days from the date of the invoice. If Customer does not provide this tax receipt within such period, then all Fees, inclusive of the Deduction Amount, will be immediately due and payable.
  5. Confidentiality
    1. Confidential Information. Each party agrees to keep confidential and to protect the confidentiality of all Confidential Information disclosed or made available to such party by the other party.  Each party shall protect the Confidential Information disclosed to such party (the “Receiving Party”) by the other party (the “Disclosing Party”) in the same manner as such party protects the confidentiality of its own similar information and data and shall at all times exercise at least a reasonable degree of care in the protection of such Confidential Information in order to protect it from unauthorized use, access, or disclosure.  The Receiving Party will restrict access to the Confidential Information of the Disclosing Party to only those of its Personnel required to enable the Receiving Party to undertake its obligations pursuant to this Agreement. The Receiving Party shall cause each of its Personnel who may access Confidential Information of the Disclosing Party to agree to confidentiality obligations substantially similar to those in this Agreement. The obligations of confidentiality in this Agreement shall not apply to any information that: (i) is generally publicly available at the time of its communication; (ii) is independently developed by the Receiving Party without reference to the Confidential Information of the Disclosing Party; (iii) becomes generally publicly available through no fault of the Receiving Party subsequent to the Disclosing Party’s communication to the Receiving Party; (iv) is in the Receiving Party’s possession free of any obligation of confidence at the time of the Disclosing Party’s communication to the Receiving Party; or (v) is lawfully communicated to the Receiving Party by a third party free of any obligation of confidentiality. This Section 5 will not be construed to prohibit the disclosure of Confidential Information if such disclosure is required by law or order of a court or other governmental authority. The Receiving Party agrees to give the Disclosing Party prompt notice (to the extent legally permitted) of the receipt of any subpoena or other similar request for such disclosure.  If this Agreement is terminated, each party will return all Confidential Information in its possession or control to the other party.  
  6. Data Protection and Security
    1. Data Protection. To the extent that Klue will be processing any Personal Data subject to Data Protection Laws on Customer’s behalf in connection with this Agreement, the terms of Exhibit B, Data Processing Addendum (the “DPA”), will apply.  Furthermore, Customer agrees that if Customer or any Personal Data submitted by Customer to Klue or its Affiliates, or to the Klue Services is subject to Data Protection Laws, Customer is the data controller of such data and Klue is a data processor of such data, as such terms are defined in the applicable Data Protection Laws. Customer will not collect, provide or otherwise use in any way in relation to the Services any special category or of Personal Data or similar designation as described in Data Protection Laws.  To the extent that Klue collects, accesses, or uses Personal Data in connection with this Agreement outside of the scope of the DPA, the Privacy Policy applies to such collection, access, and use.  
    2. Security. Klue will maintain industry-standard administrative, physical, and technical safeguards to protect the security, confidentiality, and integrity of Customer Data If Klue becomes aware of a breach of security that affects Customer Data or Personal Data, Klue shall promptly notify Customer and take all actions reasonably necessary to protect the Customer Data from unauthorized use or access and shall promptly correct its security system.
  7. Warranties
    1. Customer Warranty. Customer represents and warrants that Customer Data and its use as authorized by Customer in this Agreement will not violate any applicable laws, privacy rights or any third-party intellectual property rights. 
    2. Klue Warranty. Subject to Section 7.3, Klue represents and warrants that: (i) the  Klue Services will perform substantially in compliance with the Documentation; (ii) Professional Services will be delivered in a professional and workmanlike manner by Personnel with sufficient skill, knowledge and experience to perform the Professional Services and will be delivered in accordance with any applicable Statement of Work; (iii) it owns or otherwise has sufficient rights in the Services to grant to Customer the rights to use the Services as specified pursuant to this Agreement, (iii) Customer Data shall be processed only as expressly set forth in this Agreement; and (iv) Klue’s provision of the Services hereunder will comply with all applicable laws. If the Services fail to comply with the warranty in Section 7.2(i) and (ii), as the case may be, and Customer notifies Klue in writing during the Subscription Period of the nature of such non-compliance, Klue will make commercially reasonable efforts to promptly remedy such non-compliance without charge.  If Klue does not remedy the non-compliance within a reasonable period of time agreed to by the parties, Customer may terminate these Terms as they apply to the relevant Services and receive a pro rated refund for such Services from the date Klue receives such notification.  The foregoing remedy is Customer’s sole and exclusive remedy with respect to such warranties. 
    3. Warranty Disclaimer. EXCEPT AS EXPRESSLY PROVIDED HEREIN, KLUE DOES NOT MAKE ANY OTHER REPRESENTATIONS OR WARRANTIES HEREUNDER AND EXPRESSLY DISCLAIMS ALL OTHER REPRESENTATIONS AND WARRANTIES IN CONNECTION WITH THIS AGREEMENT, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. WITHOUT LIMITING THE GENERALITY OF ANY OF THE FOREGOING, KLUE EXPRESSLY DISCLAIMS ANY REPRESENTATION OR WARRANTY THAT ANY DATA OR INFORMATION PROVIDED TO CUSTOMER IN CONNECTION WITH CUSTOMER’S USE OF THE SERVICES (INCLUDING ALERTS AND RECOMMENDATIONS) IS ACCURATE OR CAN OR SHOULD BE RELIED UPON BY CUSTOMER FOR ANY PURPOSE WHATSOEVER. KLUE FURTHER EXPRESSLY DISCLAIMS ANY LIABILITY THAT MIGHT ARISE FROM CUSTOMER COLLECTING, PROVIDING OR OTHERWISE USING IN RELATION TO THE SERVICES ANY SPECIAL CATEGORY OF PERSONAL DATA AS DESCRIBED IN DATA PROTECTION LAW. KLUE DOES NOT PROVIDE ANY WARRANTIES OR REMEDIES FOR ANY BETA VERSIONS OF THE KLUE SERVICES ORANY FEATURE OF THE KLUE SERVICES IN BETA OR IN A TRIAL VERSION, PROVIDED CUSTOMER IS NOTIFIED THAT THEY ARE ACCESSING A FEATURE OF THE KLUE SERVICES IN BETA OR IN A TRIAL VERSION.  BETA AND TRIAL VERSIONS ARE OPTIONAL AND ARE USED AT CUSTOMER’S OWN RISK.  
  8. Indemnities
    1. Klue IP Indemnity. Subject to Customer’s compliance with Section 8.3, Klue will defend Customer from and against any third-party claim brought against Customer alleging that  the Services (or use thereof) infringe such third-party’s valid patent or copyright or misappropriates such third-party’s trade secret (an “Infringement Claim”) and will pay any damages awarded through a final non-appealable judgment against Customer or agreed to via settlement approved by Klue in connection with any such Infringement Claim. Notwithstanding the foregoing, Klue will have no liability for any Infringement Claim to the extent it arises from: (i) a modification of the Services by or at the direction of any person other than Klue; (ii) Use of the Services in violation of this Agreement (including the Acceptable Use Policy) or applicable law; (iii) use of the Services after Klue notifies Customer to discontinue use because of an infringement or misappropriation claim; or (iv) the combination, operation, or use of the Services with any other software, program, or device not provided or specified by Klue, to the extent such infringement would not have arisen but for such combination, operation or use. If the Services or any part thereof have become, or in Klue’s opinion are likely to become, the subject of any Infringement Claim, Klue may, at its option and expense: (a) procure the right for Customer’s continued use of Services; (b) substitute substantially functionally similar Services; or (c) terminate Customer’s right to continue using the Services upon thirty (30) days’ written notice and refund any prepaid amounts for the terminated portion of the Subscription Period. This Section states Klue’s entire liability and Customer’s exclusive remedy for infringement or misappropriation of the intellectual property of a third party.
    2. Customer Indemnity. Subject to Klue’s compliance with Section 8.3, Customer will defend Klue from and against any third-party claim brought against Klue arising from or related to (i) Customer Data, or (ii) Customer’s breach of this Agreement, (collectively, “Klue Claims”) and will pay any damages awarded through a final non-appealable judgment against Klue or agreed to via settlement approved in writing by Customer in connection with any such Klue Claims.
    3. Conditions of Indemnification. Each Party’s indemnification obligations in this Section 8 are conditioned upon (i) the indemnified party (the “Indemnified Party”) notifying the indemnifying party (the “Indemnitor”) promptly of any threatened or pending indemnified claim (“Claim”), (ii) the Indemnified Party giving the Indemnitor reasonable assistance and information requested by the Indemnitor in connection with the defense or settlement of the Claim, and (iii) the Indemnitor having sole control over the defense of the Claim. The Indemnified Party may participate in the defense of the Claim at the Indemnified Party’s own expense. The Indemnified Party will not, without the prior written consent of the Indemnitor, settle, compromise or consent to the entry of any judgment with respect to any pending or threatened Claim.
  9. Limitations on Liability
    1. IN NO EVENT WILL EITHER CUSTOMER’S OR KLUE’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT (WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY) EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER HEREUNDER IN THE TWELVE (12) MONTHS PRECEDING THE LAST EVENT GIVING RISE TO LIABILITY.   THE FOREGOING LIMITATIONS ON LIABILITY SHALL NOT APPLY TO: (A) A PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 8 OF THIS AGREEMENT; (B) A PARTY’S BREACH OF ITS CONFIDENTIALITY OBLIGATIONS UNDER SECTION 5 OF THIS AGREEMENT; OR (C) CUSTOMER’S PAYMENT OBLIGATIONS UNDER SECTION 4 OF THIS AGREEMENT.
    2. IN NO EVENT WILL EITHER CUSTOMER OR KLUE HAVE ANY LIABILITY TO THE OTHER PARTY OR TO ANY THIRD PARTY FOR ANY LOST PROFITS, REVENUES, GOODWILL OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER, BUSINESS INTERRUPTION OR PUNITIVE DAMAGES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF A PARTY’S REMEDY OTHERWISE FAILS OF ITS ESSENTIAL PURPOSE. THE FOREGOING DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.
    3. THE APPLICABLE MONETARY CAPS SET FORTH IN THIS SECTION 9 SHALL APPLY ACROSS THIS AGREEMENT AND ANY AND ALL SEPARATE AGREEMENT(S) ON AN AGGREGATED BASIS, WITHOUT REGARD TO WHETHER ANY INDIVIDUAL CUSTOMER AFFILIATES HAVE EXECUTED A SEPARATE AGREEMENT IN ACCORDANCE WITH SECTION 2.1.
  10. Term and Termination
    1. Term. This Agreement will commence on the Effective Date and, unless terminated hereunder, will remain in effect for the duration of any Authorization Form then in effect between the parties or a Customer Affiliate and Klue (including any renewals thereof). Unless either Customer or Klue provides notice of non-renewal at least ninety (90) days prior to the expiration of the then-current Subscription Period, the applicable Subscription Period will automatically renew for a further twelve month period,  and, subject to Section 10.5, at the applicable subscription pricing set out in such Authorization Form. The initial Subscription Period and any renewal Subscription Period are collectively referred to herein as the “Term.”
    2. Termination. Each party shall be entitled to terminate the Agreement or any Authorization Form in effect if: (i) the other party materially breaches any provision of this Agreement, and fails within thirty (30) days after receipt of notice of such material breach to correct such material breach or to commence corrective action reasonably acceptable to the aggrieved party; or (ii) the other party becomes insolvent, makes an assignment for the benefit of its creditors, a receiver is appointed, or a petition in bankruptcy is filed with respect to the party and is not dismissed within ninety (90) days.
    3. Effect of Termination. The following Sections will survive termination of this Agreement for any reason: Section 1 (Definitions), Subsection 2.1 (ii) (Access), Section 2.6 (Professional Services), Section 3 (Customer Data and IP Ownership), Section 4 (Fees and Taxes), Section 5 (Confidentiality), Section 6 (Privacy, Data Protection and Security), Section 7.3 (Warranty Disclaimer), Section 8 (Indemnities), Section 9 (Limitations on Liability), this Section 10.3 (Effect of Termination) and Section 12 (General). On termination of this Agreement, Customer’s access to the Services will cease, except that Customer will have ninety (90) days from the date of the termination notice to extract any Customer Data from the Klue Services. Upon any termination by Customer, Klue shall promptly provide Customer a refund of any prepaid Fees un-used after the effective date of termination.
    4. Termination, Limitation or Suspension of Access. Klue may limit, suspend, or terminate Customer’s access to or use of the Website, and/or the Services in order to: (i) prevent damage to, or degradation of, the integrity or security of the Website, the Klue Services or Klue’s systems; or (ii) comply with any law, regulation, court order, or other governmental request or order. Klue will notify Customer of the reasons for such action in writing in advance unless it reasonably deems emergency circumstances to mandate a sooner limitation, suspension or termination, in which case notice shall be given as soon as reasonably practicable.
    5. Changes in Fees. Klue may, at its sole discretion, change subscription fee rates applicable to the Services to be effective for the next Subscription Period provided that (a) Klue gives advance written notice to Customer of such changes at least thirty (30) days prior to the applicable deadline for Customer’s notice of renewal or non-renewal as required pursuant to section 10.1, (b) changes in fees do not occur more than once in any 12 month period, and (c) changes in fees are part of a broader fee structure change across multiple clients and not changed solely and exclusively for Customer.
  11. Insurance
    1. Klue will, at its own expense, maintain the following insurance in Canadian dollars (CAD):
      1. Commercial general liability Insurance with limits of at least five million dollars ($5,000,000) per occurrence and in the annual aggregate inclusive of products/completed operations, bodily injury and property damage; 
      2. Non-owned automobile liability coverage up to one million dollars ($1,000,000) dollars;
      3. Professional errors and omissions liability insurance including technology products and services liability, cyber liability, privacy breach liability with limits of at least five million dollars ($5,000,000) per occurrence and in the annual aggregate; and intellectual property infringement liability with a maximum limit of two million dollars ($2,000,000);
      4. Employer’s liability insurance with at least two million dollars ($2,000,000) per occurrence for bodily injury to Klue’s employees; and 
      5. Workers compensation insurance for the region in which Services are performed for Customer.
    2. Klue will provide Customer with certificates of insurance evidencing the foregoing coverage upon Customer’s request.  The limits set forth in this section in no way alter the limitations of liability applicable to Klue under this Agreement.
  12. General. 
    1. Assignment. This Agreement is not transferable or assignable without the prior written consent of the other party; provided however each party may assign this Agreement to an Affiliate or in connection with a merger, consolidation, purchase of all or substantially all of its assets or stock or similar transaction without receiving the other party’s prior written consent. The terms of this Agreement shall be binding upon and inure to the benefit of each party’s successors and permitted assignees. 
    2. Entire Agreement. These Terms, together with the attached Exhibits and applicable Authorization Forms, constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes all other agreements of any kind related thereto. Klue may update these Terms from time to time and will advise Customer of any such material updates by email, by placing a notice on the Website, or by otherwise providing an in-product notification. Customer’s continued use of the Services will be deemed acceptance of such updates. The terms of any Customer purchase order or other ordering document will not apply, even if delivered after execution of the Agreement. Except where otherwise specifically indicated with reference to this Section 12, in the event of any conflict or inconsistency, the following order of precedence applies: (a) Exhibit B, (b) the applicable Authorization Form, (c) these Terms, and (d) any other exhibit or other attachment hereto. 
    3. Force Majeure. Except for payment obligations, neither party will be liable to the other for any delay or failure to perform any obligation under this Agreement if the delay or failure is due to events which are beyond the reasonable control of such party, including but not limited to acts of God, acts of government, flood, fire, pandemics, earthquakes, civil unrest, acts of terror, strikes or other labour problems, or the unavailability of third party-provided cloud hosting services  (“Force Majeure Event”). 
    4. Marketing. Unless Customer provides Klue with written notice to the contrary, Customer also grants Klue the right to use its name and logo on Klue’s website and marketing materials to identify Customer as a customer of Klue. 
    5. Governing Law and Jurisdiction.  This Agreement and any action related thereto shall be governed by and construed in accordance with the laws of the Province of British Columbia, Canada and the Canadian federal laws applicable therein without regard to conflicts of law principles.  
    6. Independent Contractor. The parties’ relationship is that of independent contractors, and neither party is an agent or partner of the other, by virtue of this Agreement or otherwise. 
    7. Notices. Any notice (except for notices concerning changes to subprocessors which will be handled in accordance with the DPA) under this Agreement must be given in writing. The parties’ respective addresses are as indicated in the current Authorization Form or as otherwise subsequently notified in accordance herewith. Either party may provide notice to the other party by email, by registered or certified mail.  Klue may also provide notice on the Website or otherwise providing an in-product notification. All notices shall be effective (a) if mailed, on the fifth Business Day following such mailing; or (b) if sent by email, posted on the Website, or otherwise provided in-product, on the Business Day of the date of such transmission, posting or provision, provided that for delivery by email, no automated or other response is received indicating non-delivery or the absence of the recipient. 
    8. Severability. Any provision hereof found by a tribunal or court of competent jurisdiction to be illegal or unenforceable shall be automatically conformed to the minimum requirements of law and all other provisions shall remain in full force and effect.
    9. Counterparts.  The parties agree that this Agreement may be executed in separate counterparts, by signing and returning signed copies by email, and by way of electronic signatures, each of which is deemed an original, and together shall constitute one agreement.

v. July 12, 2023

© 2023 Klue Labs Inc. All rights reserved.

EXHIBIT A: SUPPORT AND SERVICE LEVELS

SupportKlue will provide technical support for the Klue Services in English via email, video conference and in-product chat during the following times: 

Monday-Friday 6am-6pm Pacific Time
Support Resolution TimesKlue shall use commercially reasonable efforts to respond to and resolve all support incidents or queries that prevent the core operation of the Klue Services within 1 Business Day, and all other support incidents or queries within 2 Business Days.
Service LevelsKlue will provide the Klue Services in accordance with the following service levels: 

Monthly Uptime Availability of at least 99%, excluding Scheduled Downtime and unavailability due to a Force Majeure Event. 
Scheduled DowntimeScheduled Downtime will take place on weekends or between 8:00 p.m. to 8:00 a.m. Pacific Time on weekdays. Klue will provide Customer with at least twenty-four (24) hours advance notice of Scheduled Downtime. Scheduled Downtime will be no more than eight (8) hours per calendar month.  
Service CreditsIn the event that Klue does not achieve the Monthly Uptime Availability in any calendar month, Customer shall be entitled to the following service credits as Customer’s sole and exclusive remedy for Klue’s failure to achieve such Monthly Uptime Availability: 

A credit of 10% of the subscription Fees for the applicable calendar month, provided Customer notifies Klue of such failure to achieve Monthly Uptime Availability within thirty (30) days of such failure. Any credit hereunder is not a refund, requires Customer to have paid any outstanding invoices, cannot be exchanged into a cash amount and expires upon termination of the Agreement.
Chronic Service OutagesIn the event that Klue fails to meet the Monthly Uptime Availability or Scheduled Downtime exceeds eight (8) hours in a given month in three (3) months out of any six (6) month period or, Customer may terminate this Agreement or the applicable Authorization Form. Klue will refund to Customer any pre-paid unapplied Fees for the remaining Subscription Period of the then terminated subscription to the Klue Services.
MonitoringKlue shall monitor the Klue Services and provide availability reporting to Customer as requested. Customer can monitor Klue’s uptime at https://kluestatus.com/. 
EscalationsIn the event of an emergency support incident or other exceptional circumstances, Customer may escalate a support incident or query to:

Customer Success: support@klue.com

EXHIBIT B: DATA PROCESSING AGREEMENT

KLUE CUSTOMER DATA PROTECTION ADDENDUM

This Data Protection Addendum, including all attachments (“DPA” or “Addendum”) forms part of the Agreement between the Klue entity identified in the Agreement (“Klue”) and “Customer” as defined therein, each a “Party” and collectively the “Parties.” This DPA applies exclusively to Klue’s processing of Personal Data in accordance with Customer’s instructions in the capacity of its role as Data Controller in relation to the provision of Klue’s Services to Customer as specified in the Agreement.  Capitalized terms not defined in this DPA, shall have the meaning defined in the Agreement.

  1. Definitions. For purposes of this Addendum:
    1. Adequate Country” means a country that has been designated by the European Commission and UK Information Commissioner’s Office as providing an adequate level of protection for personal data. 
    2. Data Protection Laws” means all applicable laws, regulations, and other legally binding requirements in any jurisdiction relating to privacy, data protection, data security, breach notification, or the Processing of Personal Data, including without limitation, to the extent applicable, the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. and any associated regulations and amendments, including, the California Privacy Rights Act amendments (“CCPA”); the General Data Protection Regulation, Regulation (EU) 2016/679 (“GDPR”); the Swiss Federal Act on Data Protection (“FADP”); the United Kingdom Data Protection Act of 2018 (“UK GDPR”); the Canadian Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) (“PIPEDA”); and the Brazilian General Personal Data Protection Law (Law No. 13.709/2018, as amended by Law No. 13.853/2019) (“LGPD”). 
    3. Data Subject,” “Processor,” “Service Provider,” “Controller,” and “Business” shall be defined as provided in applicable Data Protection Laws.
    4. EU SCCs” means the Standard Contractual Clauses issued pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, located http://data.europa.eu/eli/dec_impl/2021/914/oj, and completed as set forth in Section 7 below.
    5. Personal Data” includes “personal data,” “personal information,” “personally identifiable information,” and similar terms, and such terms shall have the same meaning as defined by applicable Data Protection Laws that Klue is processing on behalf of Customer in connection with the Agreement. 
    6. Process” and “Processing” mean any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, creating, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
    7. Security Incident” means any known accidental or unlawful acquisition, destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data occurring on Klue’s systems or otherwise under Klue’s control.
    8. UK SCCs” means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (available as of the Effective Date at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf).
  2. Scope and Purposes of Processing.
    1. Customer is the data controller and appoints Klue as a data processor to process the Personal Data. The scope, nature, purposes, and duration of the processing, the types of Personal Data Processed, and the Data Subjects concerned are set forth in this Addendum, including its Schedule A. The details provided in Schedule A are deemed to satisfy any requirement to provide such details under any Data Protection Law.
    2. Klue will Process Personal Data solely: (1) to fulfill its obligations to Customer under the Agreement, including any future Authorization Form, including this Addendum; (2) on Customer’s behalf; and (3) in compliance with Data Protection Laws.  Klue will not “sell” Personal Data (as such term in quotation marks is defined in applicable Data Protection Laws), “share” or Process Personal Data for purposes of “cross-context behavioral advertising” or “targeted advertising” (as such terms in quotation marks are defined in applicable Data Protection Laws), or otherwise Process Personal Data for any purpose other than for the specific purposes set forth herein or outside of the direct business relationship with Customer.
    3. Klue will not attempt to re-identify any pseudonymized, anonymized, aggregate, or de-identified Personal Data without Customer’s express written permission;
    4. Klue will not attempt to link, identify, or otherwise create a relationship between Personal Data and non-Personal Data or any other data without the express authorization of Customer.
    5. Klue will comply with any applicable restrictions under Data Protection Laws on combining the Personal Data with personal data that Klue receives from, or on behalf of, another person or persons, or that Klue collects from any interaction between it and any individual;
    6. Klue will provide the same level of protection for the Personal Data as is required under the CCPA applicable to Customer.
    7. Customer retains the right, upon notice, to take reasonable and appropriate steps to stop and remediate unauthorized use of Personal Data, including any use of Personal Data not expressly authorized in this DPA.
  3. Personal Data Processing Requirements.
    1. Klue will:
      1. Keep all Personal Data that it processes on behalf of Customer strictly confidential. Klue shall ensure that any person it authorizes to process the Personal Data, including Klue’s Personnel, is subject to a strict duty of confidentiality. Klue shall not permit any person to process the Personal Data who is not under such a duty of confidentiality. 
      2. Taking into account the nature of the processing, assist Customer to ensure that Customer may at any time respond to request(s) from Data Subjects exercising their rights under Data Protection Laws. Further, any such Data Subject request received by Klue will be referred to Customer promptly.
      3. Provide reasonable assistance to and cooperation with Customer for Customer’s consultation with regulatory authorities in relation to the Processing or proposed Processing of Personal Data in relation to this DPA, and promptly notify Customer of (i) any third-party complaints regarding the Processing of Personal Data; or (ii) any government requests for access to or information about Klue’s Processing of Personal Data in connection with this DPA, unless otherwise prohibited by Data Protection Laws. Klue will provide Customer with reasonable cooperation and assistance in relation to any such request. If Klue is prohibited by applicable Data Protection Laws from disclosing the details of a government request to Customer, Klue shall inform Customer that it can no longer comply with Customer’s instructions under this Addendum without providing more details and await Customer’s further instructions.  Klue shall use reasonable and available legal mechanisms to challenge any demands for data access through national security process that it receives, as well as any non-disclosure provisions attached thereto.
      4. Provided that Customer is itself unable to do so without Klue’s assistance and Klue is able to do so in accordance with Data Protection Laws, Klue shall provide reasonable assistance to Customer with any data protection impact assessments which Customer reasonably considers to be required by Data Protection Law, in each case solely in relation to processing of Personal Data by Klue as governed by this DPA and taking into account the nature of such processing and the nature of the Personal Data processed by Klue. 
      5. Promptly notify Customer if it determines that (i) it can no longer meet its obligations under this DPA or applicable Data Protection Laws; or (ii) in its opinion, an instruction from Customer infringes applicable Data Protection Laws.
      6. Klue affirms it understands its obligations under this Addendum (including without limitation the restrictions under Sections 2 and 3 and that it will comply with them. 
    2. Customer will:
      1. Customer represents and warrants that it has and shall maintain throughout the Term all necessary rights, consents and authorizations to provide the Personal Data to Klue in its capacity as Controller and to authorize Klue to process this Personal Data as contemplated by this DPA and the Agreement and/or other processing instructions provided to Klue.
      2. Customer shall comply with all applicable Data Protection Laws.
      3. Customer shall not provide any Personal Data to Klue except through agreed mechanisms. For example, Customer shall not provide any Personal Data to Klue via email.
      4. Customer will not collect, provide or otherwise use in any way in relation to the Services any special category or of Personal Data or similar designation as described in Data Protection Law.
      5. Customer shall immediately inform Klue if a data subject has revoked their right for Klue to process their Personal Data.
  4. Data Security. Klue will implement appropriate administrative, technical, physical, and organizational measures to protect Personal Data (“Security Measures”).  These Security Measures shall at a minimum comply with applicable law and include the measures identified in Schedule A, Annex II.  Customer acknowledges that Klue’s security measures are subject to technical progress and development and that Klue may update or modify the Security Measures from time to time. Klue and Customer agree that the measures set out in Schedule A, Annex II provide an appropriate level of security for the processing of Personal Data, accounting for the risks presented by the Processing outlined in the Agreement and this DPA.
  5. Security Incident. Upon becoming aware of a Security Incident, Klue shall inform Customer without undue delay (and, in any event, within 72 hours) and shall provide timely information and cooperation as Customer may require in order for Customer to fulfil its data breach reporting obligations under, and in accordance with the timelines required by applicable Data Protection Law. Klue shall further take reasonable measures and actions necessary to remedy and mitigate the effects of the Security Incident in accordance with its severity and shall keep Customer informed of relevant developments in connection with the Security Incident. Except as required by applicable Data Protection Laws, Klue shall not make any public statements concerning a Security Incident that mentions the Customer either directly or indirectly without Customer’s prior written consent.  Klue shall co-operate with Customer and take reasonable commercial steps as are requested by Customer to assist in the investigation, mitigation and remediation of each such Security Incident. 
  6. Sub-processors
    1. Customer  grants a general authorization to Klue to engage or replace sub-processors to perform parts of the Service, provided that prior to receiving any Personal Data of Customer, sub-processors will be under written agreements that are substantially similar in scope as are imposed on Klue under this Agreement and, in particular, to the extent Klue engages sub-processors to process Personal Data that originates from the European Economic Area (“EEA”), Switzerland or the United Kingdom, in a country that is not an Adequate Country, all such processing shall be governed by contracts between Klue and its sub-processors incorporating Standard Contractual Clauses pursuant to which Klue is the data exporter and the sub-processor is the data importer. Klue shall be liable for the acts and omissions of its sub-processors to the same extent Klue would be liable if performing the services of each sub-processor directly under the terms of this DPA. Klue may continue to use those sub-processors already engaged by Klue as at the date of this Agreement listed at the following URL: https://help.app.klue.com/sub-processors.
    2. Klue will inform Customer of any intended changes concerning the addition or replacement of sub-processors being used in the Service in order to give the Customer the opportunity to object in accordance with Data Protection Laws. Klue may inform Customer by placing a notice on the Website or otherwise providing an in-product notification and such notice will be deemed to have been received on the date posted or otherwise provided. Customer may subscribe to notifications at www.klue.com/sub-processor-notifications.  If Customer objects in writing to a particular sub-processor processing Personal Data within ten (10) days of receipt of such notice and can reasonably demonstrate that the new sub-processor is unable to process Personal Data in compliance with the terms of this DPA or applicable Data Protection Laws, Customer, as its sole and exclusive remedy, may terminate without penalty the applicable Authorization Form(s) by providing written notice to Klue. If no objection is received within such ten (10) day period, such sub-processor shall be deemed approved. 
    3. Notwithstanding the above notice requirements, all Klue Affiliates are deemed to be approved sub-processors.
    4. Notwithstanding the above notice requirement, Klue may replace a sub-processor immediately and without prior notice if such replacement is urgent, necessary to provide the Services, and the surrounding circumstances are beyond Klue’s reasonable control. In the event of such an emergency replacement, Klue will notify Customer as soon as reasonably practicable, and Customer shall retain the right to object to such replacement under the terms of this DPA.
    5. Notwithstanding the above notice requirement, Klue may engage additional sub-processors for beta or trial version services, provided Klue provides notice of the additional sub-processor in the beta or trial version notice.
  7. Data Transfers.
    1. At all times Klue shall provide an adequate level of protection for Personal Data, wherever processed, in accordance with the requirements of the Data Protection Law. Canada is an Adequate Country and, as a Canadian company, Klue shall comply with the privacy laws of Canada in processing Personal Data pursuant to this Agreement. Further, to the extent Klue engages sub-processors to process Personal Data that originates from the EEA in a country that is not an Adequate Country, all such processing shall be governed by contracts between Klue and such sub-processors incorporating Standard Contractual Clauses pursuant to which Klue is the data exporter and the applicable sub-processor is the data importer. 
    2. To the extent legally required, by signing this Addendum, Customer and Klue are deemed to have signed the EU SCCs, which form part of this Addendum and (except as described in Section 7(c) and (d) below) will be deemed completed as follows:  
      1. Module 2 of the EU SCCs applies to transfers of Personal Data from Customer (as a controller) to Klue (as a processor);
      2. Clause 7 (the optional docking clause) is included;
      3. Under Clause 9 (Use of sub-processors), the Parties select Option 2 (General written authorization). The initial list of sub-processors is set forth in Schedule B of this Addendum and Klue shall update that list and provide a notice to Customer in advance of any intended additions or replacements of sub-processors as provided in Section 6.
      4. Under Clause 11 (Redress), the optional language requiring that Data Subjects be permitted to lodge a complaint with an independent dispute resolution body shall not be deemed to be included;
      5. Under Clause 17 (Governing law), the Parties choose Option 1 (the law of an EU Member State that allows for third-Party beneficiary rights).  The Parties select the laws of Ireland;
      6. Under Clause 18 (Choice of forum and jurisdiction), the Parties select the courts of Ireland; 
      7. Annex I(A) and I(B) (List of Parties) is completed as set forth in Schedule A of this Addendum; 
      8. Under Annex I(C) (Competent supervisory authority), the Parties shall follow the rules for identifying such authority under Clause 13 and, to the extent legally permissible, select the Irish Data Protection Commission.
      9. Annex II (Technical and organizational measures) is completed with Schedule A of this Addendum; and
      10. Annex III (List of Subprocessors) is not applicable as the Parties have chosen General Authorization under Clause 9, however a list of Klue’s Subprocessors is available in Schedule B.
    3. With respect to Personal Data transferred from the United Kingdom for which United Kingdom law (and not the law in any EEA jurisdiction or Switzerland) governs the international nature of the transfer, the UK SCCs form part of this Addendum and takes precedence over the rest of this Addendum as set forth in the UK SCCs. Undefined capitalized terms used in this provision shall mean the definitions in the UK SCCs. For purposes of the UK SCCs, they shall be deemed completed as follows:  (i) the Parties’ details shall be the Parties and their affiliates to the extent any of them is involved in such transfer; (ii) the Key Contacts shall be the contacts set forth in Schedule A; (iii) the Approved EU SCCs referenced in Table 2 shall be the EU SCCs as executed by the Parties; (iv) Annex 1A, 1B, II, and III shall be set forth in Schedules A and B below; (v) either Party may end this Addendum as set out in Section 19 of the UK SCCs; and (vi) by entering into this Addendum, the Parties are deemed to be signing the UK SCCs and agree that the Addendum will be governed by the laws of England and Wales and enforced by the courts and relevant supervisory authorities in England and Wales.
    4. For transfers of Personal Data that are subject to the FADP, the EU SCCs form part of this Addendum as set forth in Section 7(b) of this Addendum, but with the following differences to the extent required by the FADP: (i) references to the GDPR in the EU SCCs are to be understood as references to the FADP insofar as the data transfers are subject exclusively to the FADP and not to the GDPR; (ii) references to personal data in the EU SCCs also refer to data about identifiable legal entities until the entry into force of revisions to the FADP that eliminate this broader scope; (iii) the term “member state” in EU SCCs shall not be interpreted in such a way as to exclude Data Subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the EU SCCs; and (iv) the relevant supervisory authority is the Swiss Federal Data Protection and Information Commissioner (for transfers subject to the FADP and not the GDPR), or both such Commissioner and the supervisory authority identified in the EU SCCs (where the FADP and GDPR apply, respectively).
  8. Audits. Upon Customer’s written request, and no more than once annually, Klue will provide Customer with our most recent security review reports and/or certifications (such as, for example, SOC2 reports) applicable to Klue’s Processing of Personal Data pursuant to the Agreement. If Customer provides a reasonable, written objection that the information provided is not sufficient to demonstrate Klue’s compliance with this DPA or if requested by an applicable supervisory authority, Customer may conduct an audit, or select a mutually-agreed upon third-party to conduct an audit, of Klue’s practices related to Processing Personal Data in compliance with this DPA, at Customer’s sole expense (an “Audit”). Customer will provide Klue with thirty (30) days prior written notice of its intention to conduct an Audit.  Before any Audit, the parties will mutually agree upon the scope, timing, and duration of the Audit, as well as the Klue reimbursement rate for which Customer will be responsible, provided that the scope of any Audit shall not include areas already addressed through third party audits provided to Customer.  Customer and its third-party representatives will conduct any Audit: (i) acting reasonably, in good faith, and in a proportional manner, taking into account the nature and complexity of the Services; and (ii) in a manner that will result in minimal disruption to Klue’s business operations. Neither Customer nor its third-party representatives will be entitled to receive data or information of other Klue customers or any other Klue Confidential Information that is not directly relevant for the authorized purposes of the Audit in accordance with this provision. Customer will promptly provide Klue with the Audit results upon completion of the Audit. All Audit related materials will be considered “Confidential Information” subject to the confidentiality provisions of the Agreement.
  9. Return or Destruction of Personal Data. Upon termination or expiry of the Agreement, Klue shall destroy, delete or deidentify all Personal Data (including all copies of the Personal Data) in its possession or control, including any Personal Data subcontracted to a third party for processing. This requirement will not apply to the extent that Klue is required by Data Protection Law to retain some or all of the Personal Data, in which event Klue shall isolate and protect the Personal Data from any further processing except to the extent required by such Data Protection Law. 
  10. Limitation of Liability. The total liability of each of Klue and Customer arising out of or related to this DPA, whether in contract, tort, or other theory of liability, shall not, when taken together in the aggregate, exceed the applicable limitations of liability set forth in the Agreement.
  11. General Terms.
    1. The provisions of this Addendum survive the termination or expiration of the Agreement for so long as Klue or its Subprocessors Process the Personal Data.  
    2. If there is a conflict between the Agreement and this DPA, the terms of this DPA will prevail.  In the event of a conflict between this DPA and the EU SCCs or UK SCCs, the terms of the EU SCCs or UK SCCs, as relevant, will control.
    3. Any claims brought under this DPA shall be subject to the terms and conditions, including but not limited to, the exclusions and limitations, set forth in the Agreement.
    4. The DPA shall be governed by laws of the same jurisdiction as this Agreement, except where and to the extent applicable Data Protection Laws require that the DPA be governed by the laws of another jurisdiction, in which case the DPA shall be governed by the laws of Ireland.

Schedule A

ANNEX I

A.   LIST OF PARTIES

Data exporter(s):   The exporter (Controller) is Customer and Customer’s contact details and signature are as provided in the Agreement.

Data importer(s):   The importer (Processor) is Klue and Klue’s contact details and signature are as provided in the Agreement. 

B.   DESCRIPTION OF TRANSFER

Categories of data subjects whose personal data is transferred:  

  • Customer’s Users who are assigned user accounts for the Services; 
  • Individuals whose personal data Customer transfers to Klue in order for Klue to provide the part of the Services. 

Categories of personal data transferred: 

The categories of Personal Data depend on the Services that the Customer subscribes for, so these categories may vary. Generally speaking, the Personal Data processed is limited to information for security authentication and customer support purposes. The following Personal Data is collected from or provided by individuals who are assigned User IDs for the Service for the purpose of creating a user account for the Service: business email address, username, job title/role and encrypted password. In addition, when a user logs into the Service and uses the Service, the Service collects the following information: IP address, browser type, language preferences, cookies data, device type, operating system, and location. This is in addition to any category of Personal Data that Customer voluntarily provides relating to either Users or third parties to support Klue’s provisioning of competitive enablement services.

Sensitive data transferred (if applicable): N/A

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis):  On a continuous basis as needed to provide the Services to Customer during Term.

Nature of the processing:  The nature of the processing is to perform the obligations in connection with delivering the Services, as further set out in the Agreement between the parties.

Purpose(s) of the data transfer and further processing:  The purposes of the data transfer is to provide the Services chosen by Customer in connection with the Agreement.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period:  The data will be retained for Term or such other time period needed to accomplish the purposes of Processing, unless otherwise required by applicable law.

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing:  Please see Schedule B for a list our Subprocessors and the nature of the services they provide. All transfers will last for the duration of the Agreement between the parties.

C.   COMPETENT SUPERVISORY AUTHORITY

The data exporter’s competent supervisory authority will be determined in accordance with the GDPR, and where possible, will be the Irish Data Protection Commissioner.

ANNEX II – TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.

Klue’s Information Security Program includes specific security requirements for its personnel and all Subprocessors or agents who have access to Personal Data (“Data Personnel”). Klue’s security requirements cover the following areas:

  1. Physical Access Controls: Klue shall take reasonable measures, such as security Personnel and secured buildings and premises, to prevent unauthorized persons from gaining physical access to Personal Data.
  2. System Access Controls: Klue shall take reasonable measures to prevent Personal Data from being used without authorization. These controls may vary based on the nature of the processing undertaken and may include, among other controls, authentication via passwords and/or two-factor authentication, documented authorization processes, documented change management processes, and/or logging of access on several levels.
  3. Data Access Controls: Klue shall take reasonable measures to provide that Personal Data is accessible and manageable only by properly authorized staff, direct database query access is restricted, and application access rights are established and enforced to ensure that persons entitled to use a data processing system only have access to the Personal Data to which they have privilege of access; and, that personal data cannot be read, copied, modified, or removed without authorization in the course of processing.
  4. Transmission Controls: Klue shall take reasonable measures to ensure it is possible to check and establish to which entities the transfer of Personal Data by means of data transmission facilities is envisaged so Personal Data cannot be read, copied, modified, or removed without authorization during electronic transmission or transport.
  5. Input Controls: Klue shall take reasonable measures to provide that it is possible to check and establish whether and by whom Personal Data has been entered into data processing systems, modified, or removed. Klue shall take reasonable measures to ensure that (i) the Personal Data source is under the control of Customer; and (ii) Personal Data integrated into Klue’s systems is managed by secured file transfer between Klue and data subject.
  6. Data Backup: Klue shall ensure that backups are made on a regular basis, are secured, and are encrypted when storing personal data to protect against accidental destruction or loss when hosted by Klue.
  7. Logical Separation: Klue shall ensure that data from Customer is logically segregated on Klue’s systems to ensure that Personal Data that is collected for different purposes may be processed separately.Information Security Policies and Standards. Klue will maintain written information security policies, standards and procedures addressing administrative, technical, and physical security controls and procedures. These policies, standards, and procedures shall be kept up to date, and revised whenever relevant changes are made to the information systems that use or store Personal Data. 

For transfers to (sub-) processors, also describe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter

The processors and sub-processors of Klue are contractually obligated to implement technical and organisational measures no less protective than those provided by Klue under this DPA.

Schedule B

KLUE SUB-PROCESSORS

The Parties agree that the following list of Sub-processors are approved: https://help.app.klue.com/sub-processors

Want to see Klue in action?

Let’s do it. Tell us a bit about yourself and we’ll set up a time to wow you.

Klue-Logo-white.svg

Status Media Kit Privacy | © 2023 Klue Labs Vancouver, BC