Customer License Agreement
for
Beachhead Solutions® Software
INTRODUCTION.
The Beachhead Solutions Software (“Software”) may be comprised of the following components: (i) the Beachhead Software client; (ii) the Beachhead Console Software: and (iii) Beachhead Server Software. The Software is protected by copyright laws and international copyright treaties, as well as other intellectual property laws and treaties. The Software is licensed, not sold.
Notwithstanding other parties involved in the delivery of the service, the use of and access to the Beachhead Solutions Software and the capture and processing of data by Resellers are pursuant to their published privacy policy, and any data captured directly by Beachhead is pursuant to the Beachhead Privacy Policy as published at: https://beachheadsolutions.com/privacy-policy/
DEFINITIONS:
“Customer” means any entity/persons; end-user or reseller; using or having access to the software (Customer).
“Parties” means Clearwood Consulting (Pty) Ltd. (Clearwood), its Resellers reselling the Subscription Service, and Beachhead Solutions, Inc., collectively (Parties).
- SOFTWARE LICENSE.
This Agreement describes Customer’s rights with respect to the Software and its components and should be read in conjunction with the Beachhead Support and Maintenance commitment hereafter.
- GRANT OF LICENSE. Subject to the terms and conditions of this Agreement, the Parties grant to Customer the non-transferable (unless otherwise approved by the Parties), nonexclusive right, for the Term (as defined in any applicable agreement between Customer and the entity from whom Customer licensed the Software) specified solely for Customer’s own internal business operations, to install, use, access, display and run the authorized number of copies of the Software (as set forth in the agreement between Customer and the entity from whom Customer purchased the Software),
- TO COPY. (i) to copy the Software as reasonably necessary to support its users; (ii) to make a reasonable number of additional copies of the Software solely for archival, emergency back-up, or disaster recovery purposes; and (iii) to copy the on-line help documentation as reasonably necessary to support its users.
- DESCRIPTION OF OTHER RIGHTS AND LIMITATIONS.
The rights granted in Section 1 are subject to the following restrictions: (i) Customer may not reverse engineer, disassemble, decompile, or otherwise attempt to derive the source code of the Software, provided that, if required under applicable law, upon Customer’s request, the Parties shall provide information necessary for Customer to achieve interoperability between the Software and other software for an administrative charge; (ii) Customer may not sublicense or use the Software for commercial time-sharing, rental, or service bureau use, or to train persons other than Users, unless previously agreed to in writing by the Parties; and (iii) with regard to any and all copies of the Software, and related documentation, Customer shall only make exact copies of the versions as originally delivered by the Parties. Customer shall ensure that each copy contains all titles, trademarks, and copyright and restricted rights notices as in the original, and all such copies shall be subject to the terms and conditions of this Agreement. This is not a sale.
- ALL RIGHTS NOT EXPRESSLY GRANTED HEREIN ARE RESERVED BY THE PARTIES.
The Parties reserve all rights not expressly granted to Customer in this Agreement. Without limiting the generality of the foregoing, Customer acknowledges and agrees that except as specifically set forth in this Agreement, Beachhead retains all rights, title, copyrights and interest in and to the Software, documentation, derivative works and deliverables and Customer acknowledges and agrees that it does not acquire any rights, express or implied, thereon.
- COPYRIGHT.
All title and copyrights in and to the Software any accompanying documentation and any copies of the Software are owned by Beachhead. The Software is protected by copyright laws and international treaty provisions. Therefore, Customer must treat the Software like any other copyrighted material.
- U.S. GOVERNMENT RESTRICTED RIGHTS.
The SOFTWARE PRODUCT and Documentation are “Commercial Items,” as that term is defined at 48 C.F.R. §2.101, consisting of “Commercial Computer Software” and “Commercial Computer Software Documentation,” as such terms are used in 48 C.F.R. §12.212 or 48 C.F.R. §227.7202, as applicable. Consistent with 48 C.F.R. §12.212 or 48 C.F.R. §§227.7202-1 through 227.7202-4, as applicable, the Commercial Computer Software and Commercial Computer Software Documentation are being licensed to U.S. Government end users (a) only as Commercial Items and (b) with only those rights as are granted to all other end users pursuant to the terms and conditions herein. Unpublished-rights reserved under the copyright laws of the United States.
Beachhead Solutions, Inc., 1150 S Bascom Avenue, Suite 7, San Jose CA 95128.
- RESTRICTIONS – EXPORT – MISSION CRITCAL APPLICATIONS.
Customer acknowledges that the Software licensed hereunder is subject to the export control laws and regulations of the U.S.A., and any amendments thereof. Customer confirms that with respect to the Software, Customer will not export or re-export it, directly or indirectly, to any countries that are subject to U.S.A. export restrictions. Customer further acknowledges that the Software may include technical data subject to export and re-export restrictions imposed by U.S.A. law. Customer may not use the Software Products to operate life support, or other mission critical application where human life or property may be at stake.
- WARRANTIES – DISCLAIMERS.
Thee Parties warrant that it will correct Material Errors free of charge during a warranty period commencing on the date of delivery of the Software to Customer and ending 30 days thereafter. For purposes of this Agreement, “Material Error” means a documented replicable and material failure of the Software to operate substantially in accordance with its user documentation or specifications for such Software published by Beachhead to make a claim under this warranty, Customer must provide the Parties during the warranty period with a description of the Material Error and assistance in replicating it. If the parties are unable to correct the Material Error within 30 days after it is reported/escalated to Beachhead by Clearwood, then Customer will be entitled to a refund of the amounts paid to Reseller for such Software upon return of the Software to Clearwood and Beachhead. The foregoing warranty does not include services with respect to the following: (i) third-party software or custom programs developed by anyone other than Beachhead, (ii) Programs which have been altered by anyone other than Beachhead, (iii) problems caused by Customer’s negligence, hardware malfunction, or other causes beyond the control of the Parties, or (iv) Programs installed in an operating environment which is not supported by Beachhead. The warranty service to be provided under this Section 7 does not include the providing of Updates or Upgrades. The Parties may require, however, the installation of an Update as a condition of providing warranty service. If using Beachhead’s Software on any compatible device, Customer must regularly utilize a reputable and reliable back-up solution for any such device.
The warranties provided in this Section 7 are the sole warranties offered by the Parties with respect to the Software. THE PARTIES SPECIFICALLY DISCLAIMS ALL OTHER WARRANTIES FOR THE PROGRAM, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. No oral or written information or advice given by the Parties shall create a warranty or in any way increase the scope of the Parties liability for the Software.
- LIMITATION OF PRODUCT LIABILITY.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL BEACHHEAD, ITS SUPPLIERS, CLEARWOOD AND ITS RESELLERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR ANY OTHER PECUNIARY LOSS) ARISING OUT OF THE USE OF OR INABILITY TO USE THE SOFTWARE PRODUCT OR THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT SERVICES, EVEN IF THE PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CUSTOMER ACKNOWLEDGES THAT THE SOFTWARE PRODUCT IS INTENDED TO DESTROY OR RENDER DATA INACESSIBLE ON COMPUTERS/DEVICES UNDER CERTAIN CONDITIONS SPECIFIED BY USERS, AND THE PARTIES SHALL NOT BE LIABLE FOR THE LOSS OF SUCH DATA. IN ANY CASE, THE PARTIES ENTIRE LIABILITY UNDER ANY PROVISION OF THIS AGREEMENT SHALL BE LIMITED TO THE GREATER OF THE AMOUNT ACTUALLY PAID BY CUSTOMER FOR THE SOFTWARE PRODUCT OR US$5.00; PROVIDED HOWEVER, IF CUSTOMER HAS ENTERED INTO A HOSTED SERVICES AGREEMENT, THE PARTIES ENTIRE LIABILITY REGARDING HOSTED SERVICES SHALL BE GOVERNED BY THE TERMS OF THAT AGREEMENT. BECAUSE SOME STATES AND JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY, THE ABOVE LIMITATION MAY NOT APPLY TO CUSTOMER.
SUPPORT AND MAINTENANCE
- SUPPORT
- Introduction. This Hosted Services Agreement (and the Services described herein) shall apply only if the Customer has purchased such Services from a Clearwood appointed Beachhead authorized reseller and has registered such services with Clearwood and Beachhead. Services shall be provided for a term specified in the Subscription Agreement between Customer and Reseller, to which this is an exhibit. The Parties reserves the right to change the terms of this Agreement from time to time, with or without notice to Customer.
This Agreement shall be subject to the Parties Span of Control defined as follows: The Parties shall only be responsible for incidents within its Span of Control. “Span of Control” means all components of the Software including Beachhead Client-Based Software and Beachhead Server Software. The following dependencies, factors and occurrences shall specifically NOT be considered as being within the Span of Control of the Parties: 1) Corruption or loss of data solely attributable to, or originating in client devices; 2) Any outages attributable to networks utilized by Customer, third party networks or third party service providers; 3) Any outages or interruptions in service due to hardware failures; 4) Any interruptions in services or corruption or loss of data attributable to third party software, or interoperability of Software therewith not attributable to Software; 5) Any interruptions in services or corruption or loss of data attributable to modifications to the Software made by Customer, (or any third party); and 6) Any failure of performance hereunder due to causes beyond the Parties reasonable control, including, but not limited to, acts of God, denial of service attacks, fire, explosion, vandalism, terrorism, fiber optic cable cut, storm or other similar catastrophes, and law, order, regulation, direction, action or request of the United States or South African government, or of any other government body, including state and local governments having jurisdiction over either of the parties, or of any department, agency, commission, court, bureau, corporation or other instrumentality of any one of more of said governments, or of any civil or military authority, national emergencies, insurrections, riots, wars, or strikes or lock-outs, work stoppages or other labour difficulties. Notwithstanding the foregoing, The Parties shall act in all instances as solution integrator on behalf of Customer and as such all coordination activities shall fall within the Resellers Span of Control.
- Service and Support
Resellers may provide to Customers service support as detailed directly with Customer and outside the scope of this agreement.
Clearwood will provide to its Reseller in local South African time zone during standard business hours escalation support services. Beachhead will provide support to Clearwood during 6:00 AM to 5:00 PM Pacific Time on Beachhead’s normal business days, telephone and email customer service support to assist in resolving problems, obtaining clarification relative to Beachhead’s services and reporting suspected defects or errors in its services.
The Parties will work diligently for the prompt resolution of defects and errors of the service and will respond to Customer by using a dedicated contact telephone number or email address for each support call.
In the case of a system down condition attributable to the Parties, the Parties may utilize other means of communication for reporting of errors and conditions.
Beachhead will respond to and complete correction of errors, defects and malfunctions, in accordance with the following schedule:
- Severity 1:Causes data corruption or system crash or you cannot make effective use of our services;
- Severity 2:Feature does not work as documented; no reasonable work around exists, and you have a critical need of the feature;
- Severity 3:Feature doesn’t work as documented, but a reasonable work around exists, or you can wait for the next release for a fix;
- Severity 4:Enhancement request.
Support Escalations for “Severity 1” calls to Beachhead by Clearwood and/or Reseller:
Beachhead shall make an initial response to a Severity 1 normal support call within four working hours after receipt. Severity 1 calls will be handled on priority. Beachhead will use reasonable efforts to provide a fix, work around, or to patch Severity 1 bugs within twenty-four (24) to forty-eight (48) hours after the bug is replicated by Beachhead and confirmed as a bug by Beachhead.
Other Support Escalations to Beachhead by Clearwood and/or Reseller:
Provided that support calls are received within Beachhead’s normal support hours; Beachhead will make an initial response to Severity 2 support calls within four hours after receipt. Beachhead will make reasonable efforts to provide a fix or work around for Severity 2 bugs within three (3) business days.
Provided that support calls are received within Beachhead’s normal maintenance hours; Beachhead will make an initial response to Severity 3 maintenance calls within one (1) business day after receipt. Beachhead will make reasonable efforts to identify a resolution to Severity 3 bugs within thirty (30) days and to incorporate Severity 3 fixes in the next upcoming release of the product.
Provided that maintenance calls are received within Beachhead’s business hours; Beachhead will make an initial response to Severity 4 maintenance calls within one (1) to two (2) business days after receipt. Severity 4 issues will be dealt with on a case-by-case basis.
Customers agree to appoint one person as the principle point of contact for the communication of bugs and errors to its Reseller for the receipt of bug and error fixes, workarounds, and updates, if any. Additionally, customers may appoint another person as a back-up of the principle contact.
- Uptime Guarantee
The portions of our software application services which are operated by Beachhead will have at least 99.4% uptime, as measured monthly, excluding planned downtime (Maintenance Windows).
Maintenance Window means any time Beachhead temporarily suspends operation of the hosting servers to perform scheduled maintenance. Maintenance Windows will be scheduled to occur weekly on Saturdays anytime from Midnight to 4:00 am U.S. Pacific Time. Maintenance Windows shall not exceed two (2) hours without prior notice. Should Maintenance Windows be scheduled to occur other than the above stated schedule, or for longer than two hours or at some other time of the day or week than as stated above (collectively “Exceptional Outage”), Beachhead shall provide Customer with at least seventy-two (72) hours notification prior to such Exceptional Outage.
- General Terms
- Supported Operating Environment
The Beachhead Software only operates properly in the operating environments as specified in the Product Documentation, which is available via the Beachhead Customer support site (BeachheadSecure Console). Beachhead may expand the number of supported platforms, or not, at its own discretion. Modifications to these operating environments may adversely affect the operation of the Software.
- Responsibilities for Product Use
Customer acknowledges and agrees it is responsible to obtain, install and otherwise remain current with all Updates in a Timely Manner (Timely Manner shall be defined as installed within 364 days from the date of release of such Update). The Parties reserves the right to withhold Support for versions of the Software which have not had the latest Update(s) installed in a timely manner. If Customer elects not to install the latest Update(s), then the Parties shall only be obligated to provide Support for 180 days commencing immediately upon the commercial availability of such Update(s).
- MAINTENANCE
- Beachhead Maintenance Commitment.
Beachhead shall provide updates to the Software as applicable. All updates shall be considered part of the Software and subject to the terms and conditions of this Agreement. Additional license terms may accompany updates. By installing, copying, or otherwise using any update, Customer agrees to be bound by the terms accompanying each such update. If Customer does not agree to the additional license terms accompanying such updates, do not install, copy, or otherwise use such updates. “Update” shall mean a subsequent release of Software that Beachhead makes generally available at no additional charge, and shall include all (i) bug fixes, patches, and maintenance releases, and, so long as Customer is a current subscriber to the Services, (ii) new point releases denoted by a change to the right of the first decimal point (e.g., v6.0 to 6.1), and (iii) new major version releases denoted by a change to the left of the first decimal point (e.g., v5.0 to 6.0) that are not Upgrades. “Upgrade” shall include any release, option, future product, or any upgrade in features, functionality, or performance of the Software which Beachhead licenses separately or offers only for an additional fee.
If Customer does not agree to the terms of this Agreement, Customer may not use the Software.
Data Processing Addendum for GDPR
This Data Processing Addendum (“Addendum”) is effective on the first date that Customer provides to the Parties with Personal Data (as defined below) subject to the GDPR and forms part of the “Subscription Service” (“Agreement”) by and between the organisation accepting the agreement (“Customer”) and Supplier/Reseller (Reseller) and between the Reseller and the Distributor Clearwood Consulting (Pty) Ltd. (Clearwood) and between the Distributor the OEM/manufacturer Beachhead Solutions, Inc. (“Beachhead”), and sets forth the terms and conditions relating to the privacy, confidentiality, and security of any EU Personal Data associated with the Services provided to the Parties pursuant to the Agreement. All terms defined or used in the Agreement shall have the same meaning in this Addendum unless otherwise specified.
Whereas the Customer may provide the Parties with access to identifiable information about individuals located in the European Union to act as a Processor in connection with the Services performed by the Parties on behalf of Customer pursuant to the Agreement; and
Whereas Customer requires that the Parties preserve and maintain the privacy and security of such EU Personal Data as a processor according to this Addendum.
Now therefore, in consideration of the mutual covenants and agreements in this Addendum and the Agreement as for other good and valuable consideration, the sufficiency of which is hereby acknowledged, Reseller and Clearwood and Beachhead agree as follows:
Section I – DEFINITIONS
- “Controller” means any person or organisation that, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
- “Customer(s)” means Reseller’s customers including customers’ employees.
- “Parties” means the Reseller (Reseller), and/or the distributor Clearwood Consulting (Pty) Ltd. (Clearwood), and/or Beachhead Solutions, Inc., collectively (Parties).
- “EU Personal Data” means personally identifiable information about individuals located in the European Union and may include, but is not limited to, the following: (i) categories of data subjects: prospective customers, customers, business partners, and vendors; and (ii) types of personal data: name, title, position, email address, location, IP address, device name, computer user name, encryption certificates.
- “GDPR” means the European Union General Data Protection Regulation.
- “Privacy Shield” means the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework.
- “Process(es)” or “Processing” of EU Personal Data means any operation or set of operation that is performed on EU Personal Data, whether by automated means, such as collection, recording, organisation, storage, adaptation, alteration, retrieval, consultation, use, disclosure, or dissemination, and erasure or destruction.
- “Processor” means any natural or legal person, public authority, agency, or other body that
processes EU Personal Data on behalf of Controller.
Section II – PRIVACY, CONFIDENTIALITY, AND INFORMATION SECURITY
- Authority to Process EU Personal Data
- Customer agree that Customer is the Controller and Reseller and Clearwood and Beachhead is the Processor of EU Personal Data, except when Customer is a Processor of EU Personal Data, then Reseller, Clearwood and Beachhead is a sub-processor.
- The Parties will process EU Personal Data only with Customer’s instruction a) on behalf of and for the benefit of Customer and/or its Customers in accordance with the terms of the Agreement; b) for the purposes of Processing EU Personal Data in connection with the Agreement; and c) to carry out its obligations pursuant to this Addendum, the Agreement, and by law.
- Customer will have the exclusive authority to determine the purposes for and means of Processing EU Personal Data.
- This Addendum and the Agreement are Customer’s complete instructions to the Parties for the Processing of EU Personal Data. Any alternative or additional instructions may only be effected by written amendment to this Addendum.
- Disclosure of and Access to EU Personal Data
- The Parties will hold in confidence all EU Personal Data;
- The Parties will a) provide at least the same level of privacy protection for EU Personal Data received from Customer as is required by the GDPR, and the Privacy Shield principles that may be found on the Privacy Shield website; b) promptly notify Customer if at any time the Parties determines that it can no longer meet its obligation to provide the same level of protection as is required by the GDPR; and c) take reasonable and appropriate steps to remediate the Processing of such EU Personal Data if, at any time, Customer notifies the Parties that Customer has reasonably determined that the Parties are not Processing the EU Personal Data in compliance with the GDPR.
iii. Beachhead will only transfer EU Personal Data outside the country in which Reseller, or its personnel, or its Customers, or Customers’ personnel, originally delivered it to Beachhead for Processing (or, if it was delivered to a location inside the European Economic Area (EEA) or Switzerland), outside the EEA or Switzerland where adequate data privacy safeguards are in place, such as binding corporate rules, the Model Clauses, or the Privacy Shield principles unless required by law, in which case, Beachhead will, unless such prior disclosure is prohibited, notify Reseller of such requirement before processing.
- Clearwood and Beachhead will not share, transfer, disclose, or otherwise provide access to any EU Personal Data to any third party or contract any of Beachhead’s rights or obligations concerning EU Personal Data to a third party unless Customer or Reseller has authorized Clearwood and Beachhead to do so in writing, except as required by law. Where Clearwood and Beachhead, with the consent of Reseller or Customer, provides to a third party access to EU Personal Data or contracts such rights or obligations to a third party, Clearwood and Beachhead will, with each third party, a) enter a written agreement that imposes obligations on the third party that are consistent with the GDPR; b) transfer the EU Personal Data to the third party only for the limited and specified purposes as instructed by Reseller or Customer; c) require the third party to notify Clearwood and Beachhead if the third party determines that it can no longer meet its obligation to provide the same level of protection as required by the GDPR; and d) upon notice, take reasonable and appropriate steps to stop and remediate unauthorized Processing. Customer hereby provides consent for Reseller, Clearwood and Beachhead to third party sub-processors to provide the Services including, but not limited to, Rackspace, Twilio, contingent workers, etc. To the extent that Clearwood and Beachhead makes any changes regarding its use of sub-processors or third parties, it shall inform Customer with the right to object to such change. To the extent that Reseller or its Customer has a reasonable objection to such change in sub-processors, the parties shall cooperate to address the objection in a reasonable manner.
- Clearwood and Beachhead will promptly inform Reseller in writing on any requests with respect to EU Personal Data received from Reseller’s Customers, consumers, employees, or other associates. Customer will be responsible for responding to any such request, but the Parties will reasonably cooperate with Customer to address any such request or a request by an individual about whom the Parties hold EU Personal Data for access, rectification, objection, portability, restriction, erasure, or export of his or her EU Personal Data.
- Taking into account the state of the art; the costs of implementation; and the nature, scope, context, and purposes of Processing, as well as the risk of varying likelihood and severity of the rights and freedoms of natural persons, the Parties will implement appropriate technical and organisational measures to protect the EU Personal Data from loss; misuse; and unauthorized access, disclosure, alteration, and destruction. To this effect, the Parties will limit internal access to EU Personal Data so that it is only accessible on a need-to-know basis, to fulfill performance of the Services on behalf of Customer, by employees who have agreed to comply with the privacy and security obligations that are substantially similar to those require by this Addendum.
vii. Subject to applicable law, the Parties will notify Customer immediately in writing of any subpoena or other judicial or administrative order by a government authority or proceeding seeking access or disclosure of EU Personal Data. Customer may, if it so chooses, seek a protective order, and the Parties will reasonably cooperate with Customerin such action, provided Customer reimburses the Parties for all costs, fees, and legal expenses associated with the action. The Parties will have the right to approve or reject any settlements that affect the Parties.
- The Parties will comply with applicable data protection and privacy laws including, but not limited to, the GDPR, to the extent that such laws apply to the Parties in its role as a Processor.
- Customer certifies that it has:
- Obtained the required and/or written consent, affirmative opt-in, other written authorization (“Consent”) from applicable individuals, and/or customers in the European Union or has other legitimate legal bases for delivering or making accessible EU Personal Data to the Parties(as well as its sub-processors), and such Consent or other legitimate basis allows the Parties (and its sub-processors) to Process the EU Personal Data pursuant to the terms of the Agreement and this Addendum; and
- Ensured that the delivery and disclosure to the Parties of EU Personal Data is in compliance with the GDPR as Controller and all laws applicable to Customer and otherwise complies with applicable privacy and data protection laws.
- Beachhead will assist Clearwood and Clearwood will assist Reseller in ensuring that its secure Processing obligations, as Controller, under the GDPR are met, which may include assisting Reseller or Customer in a consultation with supervisory authority where a data protection impact assessment indicates that the intended Processing would result in a high risk. Upon request, Beachhead will make available to Clearwood or Reseller or Customer the information necessary to demonstrate compliance with the GDPR and will allow for and contribute to audits, including inspection, to confirm the Parties compliance with this Addendum by Customer or another auditing mandated by Customer. All expenses resulting from this Subsection E shall be incurred by Customer unless the Parties are found materially noncompliant, and EACH PARTY (Beachhead, Clearwood and Reseller) shall maintain its own and separate compliance and bear its own costs for it.
- Upon termination of the Agreement, the Parties shall either return all EU Personal Data Processed on behalf of Customer or destroy or delete the EU Personal Data, including all any existing copies, unless the Parties have a legal obligation to maintain such EU Personal Data.
Data Processing Addendum for POPIA
This Data Processing Addendum (“Addendum”) is effective on the first date that Customer provides to the Parties Personal Data (as defined below) subject to South Africa’s Protection of Personal Information Act (“POPIA”) and forms part of the “Subscription Service” or “Customer License Agreement” (“Agreement”) by and between the organisation accepting the agreement (“Customer”) and Supplier/Reseller (Reseller) and between the Reseller and the Distributor Clearwood Consulting (Pty) Ltd. (Clearwood) and between the Distributor the OEM/manufacturer Beachhead Solutions, Inc. (“Beachhead”), and sets forth the terms and conditions relating to the privacy, confidentiality, and security of South African personal information associated with the Services provided to Customer to the Agreement. All terms defined or used in the Agreement shall have the same meaning in this Addendum unless otherwise specified.
Whereas the Customer acting in the capacity of a “Responsible Party”, as defined by POPIA and herein, may provide to Reseller and CLEARWOOD, a company located in South Africa and Beachhead, a company located in the United States of America, with access to identifiable information about individuals (“Data Subject(s)” as defined by POPIA and herein) located in South Africa to act as a processer of data (“Operator” as defined by POPIA and herein) in connection with the Services performed by the Parties on behalf of Customer pursuant to the Agreement; and
Whereas Customer requires that the Parties preserve and maintain the privacy and security of such South African Personal Data belonging to Data Subjects as according to this Addendum;
Now therefore, in consideration of the mutual covenants and agreements in this Addendum and the Agreement as for other good and valuable consideration, the sufficiency of which is hereby acknowledged, Customer and the Parties agree as follows:
Section I – DEFINITIONS
- “Responsible party” means any person or organisation that, alone or jointly with others, determines the purposes and means of the Protected Personal Information.
- “Data Subject(s)” means any natural or juristic persons whose data is being processed such as Resellers, reseller employees, customers, including customers’ employees.
- “Parties” means Reseller (Reseller), and/or the distributor Clearwood Consulting (Pty) Ltd. (Clearwood), and/or Beachhead Solutions, Inc., collectively (Parties).
- “Protected Personal Information” means personally identifiable information (PII) about individuals located in the South Africa and may include, but is not limited to, the following: (i) categories of data subjects: prospective customers, customers, business partners, and vendors; and (ii) types of personal data: name, title, position, email address, phone number/s, location, IP address, device name, computer user name, device/computer mac address, encryption certificates/keys.
- “POPIA” means South Africa’s Protection of Personal Information Act.
- “Process(es)” or “Processing” of South African Protected Personal Information means any operation or set of operation that is performed on Protected Personal Information whether by automated means, such as collection, recording, organisation, storage, adaptation, alteration, retrieval, consultation, use, disclosure, or dissemination, and erasure or destruction.
- “Operator” means any natural or legal person, public authority, agency, or other body that
processes Protected Personal Information on behalf of Responsible Party.
Section II – PRIVACY, CONFIDENTIALITY, AND INFORMATION SECURITY
- Authority to process South African Protected Personal Information
- The Parties agree that Customer is the Responsible Party, and Reseller and Clearwood and Beachhead is the Operator for purposes of Protected Personal Information.
- The Parties will Process Protected Personal Information only with Customer’s written instruction (by execution of this Addendum) a) on behalf of and for the benefit of Customer and/or its Data Subjects in accordance with the terms of the Agreement; b) for the purposes of Processing Protected Personal Information in connection with the Agreement; and c) to carry out its obligations pursuant to this Addendum, the Agreement, and by law.
- Customer will have the exclusive authority to determine the purposes for and means of Processing Protected Personal Information.
- This Addendum and the Agreement are Customer’s complete instructions to the Parties for the Processing of Protected Personal Information for the purpose of the “Subscription Service”. Any alternative or additional instructions may only be effected by written amendment to this Addendum.
- Disclosure of and Access to Protected Personal Information
- The Parties will hold in confidence all Protected Personal Information.
- The Parties will a) provide at least the same level of privacy protection for Protected Personal Information received from Customer as is required by POPIA; b) promptly notify Customer if at any time the Parties determines that it can no longer meet its obligation to provide the same level of protection as is required by POPIA; and c) take reasonable and appropriate steps to remediate the Processing of Protected Personal Information if, at any time, Customer notifies Reseller, and Reseller notifies CLEARWOOD and Beachhead that Customer has reasonably determined that the Parties are not Processing the Protected Personal Information in compliance with POPIA.
iii. The Parties will only transfer Protected Personal Information outside the country in which Customer, or Customers’ personnel, or Data Subjects, originally delivered it to the parties for where adequate data privacy safeguards are in place, such as binding corporate rules unless required by law, in which case, Reseller will, unless such prior disclosure is prohibited, notify Customer of such requirement before processing.
- The Parties will not share, transfer, disclose, or otherwise provide access to any Protected Personal Information to any third party or contract any of the Parties rights or obligations concerning Protected Personal Information to a third party unless Customer has authorized the Parties to do so in writing, except as required by law. Where the Parties, with the consent of Customer, provides to a third party access to Protected Personal Information or contracts such rights or obligations to a third party, the Parties will, with each third party, a) enter a written agreement that imposes obligations on the third party that are consistent with POPIA; b) transfer Protected Personal Information to the third party only for the limited and specified purposes as instructed by Customer; c) require the third party to notify the Parties if the third party determines that it can no longer meet its obligation to provide the same level of protection as required by POPIA; and d) upon notice, take reasonable and appropriate steps to stop and remediate unauthorized Processing. Customer hereby provides consent for the Parties to third party, sub-processors to provide the Services including, but not limited to, Rackspace, Twilio, and contingent workers. To the extent that Parties makes any changes regarding its use of sub-processors or third parties, it shall inform Customer with the right to object to such change. To the extent that Customer has a reasonable objection to such change in sub-processors, the parties shall cooperate to address the objection in a reasonable manner.
- Reseller will promptly inform Customer in writing on any requests with respect to Protected Personal Information received from Reseller’s Customers, consumers, employees, or other Data Subjects. Reseller will be responsible for responding to any such request, but CLEARWOOD and Beachhead will reasonably cooperate with Reseller to address any such request or a request by an individual about whom the Parties holds Protected Personal Information for access, rectification, objection, portability, restriction, erasure, or export of his or her Protected Personal Information.
- Taking into account the state of the art; the costs of implementation; and the nature, scope, context, and purposes of Processing, as well as the risk of varying likelihood and severity of the rights and freedoms of natural and/or juristic persons, the Parties will implement appropriate technical and organisational measures to protect the Protected Personal Information from loss; misuse; and unauthorized access, disclosure, alteration, and destruction. To this effect, the Parties will limit internal access to Protected Personal Information so that it is only accessible on a need-to-know basis, to fulfill Reseller’s performance of the Services on behalf of Customer, by employees or contingent workers who have agreed to comply with the privacy and security obligations that are substantially similar to those require by this Addendum.
vii. Subject to applicable law, Reseller or the Parties will notify Customer immediately in writing of any subpoena or other judicial or administrative order by a government authority or proceeding seeking access or disclosure of Protected Personal Information. Customer may, if it so chooses, seek a protective order, and the Parties will reasonably cooperate with Reseller in such action, provided Customer reimburses the Parties for all costs, fees, and legal expenses associated with the action. The Parties will have the right to approve or reject any settlements that affect the Parties.
- The Parties will comply with applicable data protection and privacy laws including, but not limited to, POPIA and the EU’s GDPR, to the extent that such laws apply to the Parties in its role as an Operator.
- Customer certifies that it has:
- Obtained the written or appropriate consent, affirmative opt-in, other written authorization (“Consent”) from its Data Subjects or applicable individuals, and/or customers in South Africa or has other legitimate legal bases for delivering or making accessible Protected Personal Information to the Parties (as well as its sub-processors), and such Consent or other legitimate basis allows the Parties (and its sub-processors) to Process the Protected Personal Information pursuant to the terms of the Agreement and this Addendum; and
- Ensured that the delivery and disclosure to the Parties of Protected Personal Information is in-compliance with POPIA as the Responsible Party and all laws applicable to Customer and otherwise complies with applicable privacy and data protection laws.
- The Parties will assist Customer in ensuring that its secure Processing obligations, as Responsible Party, under POPIA are met, which may include assisting Customer in a consultation with supervisory authority where a data protection impact assessment indicates that the intended Processing would result in a high risk. Upon request, the Reseller will make available to Customer the information necessary to demonstrate compliance with POPIA and will allow for and assist with audits, including inspection, to confirm the Parties’ compliance with this Addendum by Customer or other auditing mandated by Customer. All expenses resulting from this Subsection E shall be incurred by Customer unless Reseller and CLEARWOOD and Beachhead is found materially noncompliant pursuant to delivery of this Subscription Service.
- Upon termination of the Agreement, the Parties shall either return all Protected Personal Information Processed on behalf of Customer or destroy or delete the Protected Personal Information, including all any existing copies, unless the Parties have a legal obligation to maintain such Protected Personal Information.
IN WITNESS WHEREOF, the Customer acknowledge its agreement to the foregoing by due acceptance of this electronic (click-wrap) Agreement by its respective authorized representative.
If Customer does not agree to the terms of this Agreement, Customer may not use the Software.