Subscription Agreement

This Subscription Agreement (the “Agreement”) sets out the terms and conditions that apply to your purchase of subscriptions to, and your use of, the Services (defined below). This Agreement is a binding contract between Critical Path MEP., a VA corporation (“Critical Path MEP”), and you or the entity or organization you represent.

If you are an individual using the Services for personal purposes: (1) every reference to “Customer” refers to you, and (2) you represent and warrant that you are at least 18 years old, or have otherwise reached the age of majority in your place of residence, and that you have the legal right, power and authority to enter into this Agreement.

If you are using the Services on behalf of an entity or organization you represent: (1) every reference to “Customer” refers to that entity or organization, and (2) you represent and warrant that you are at least 18 years old, or have otherwise reached the age of majority in your place of residence, and that you have the legal right, power and authority to enter into this Agreement on Customer’s behalf.

This Agreement becomes effective and binding on Customer as soon as the earliest of the following occurs: (1) you access or use the Services, (2) you click an “I Accept,” “Sign up,” or similar button or checkbox that refers to this Agreement, or (3) you enter into an Order (defined below) with Critical Path MEP.

1. Orders.

This Agreement governs the terms under which Customer may access and use Critical Path MEP’s Services under one or more Orders. Subject to the terms of the applicable Order, the Services are intended to support Customer’s operation of a digital customer loyalty program for Customer’s business (collectively, but excluding the subscribed Services themselves, “Customer’s Environment”).

2. Access and Use.

2.1.

Subject to the applicable Order and the terms of this Agreement, Critical Path MEP grants Customer the right to access and use the Services, during the Order Term and in accordance with the Documentation, solely for Customer’s Environment.

2.2.

All rights granted by either Party to the other under this Section 2 are limited, non-exclusive and, unless this Agreement expressly states otherwise, non-transferable.

3. Availability.

Critical Path MEP will use commercially reasonable efforts to ensure that the Services are Available at least 99.8% of the time, excluding any unavailability caused by one or more Exceptions (the “Availability Standard”). If actual Availability falls below the Availability Standard for two consecutive months, Customer may terminate the applicable Order during the calendar month immediately following that two-month period by providing written notice to Critical Path MEP. If Customer terminates on that basis, Critical Path MEP will provide Customer with a Pro-Rated Refund (as defined in Section 14.4).

4. Support.

Subject to this Agreement, Critical Path MEP will provide Support to Authorized Users by email. While Critical Path MEP does not guarantee resolution times, it will use reasonable efforts to respond to each Support request submitted by an Authorized User (each, a “Support Request”) within 48 hours. Customer’s sole and exclusive remedy for any claimed failure by Critical Path MEP to provide Support with reasonable skill, care and diligence after a Support Request is submitted will be re-performance of the applicable Support.

5. Security and Privacy.

5.1.

Each Party has responsibilities relating to the security of the Services and Customer Data. Taking into account the nature and type of Customer Data involved, Critical Path MEP will maintain administrative, physical and technical safeguards consistent with applicable industry practice to protect the Services and to prevent accidental loss of, or unauthorized access to, use of, alteration of, or disclosure of Customer Data under its control during each Order Term.

5.2.

Customer is responsible for configuring the Services properly in accordance with the Documentation, enabling single sign-on for Customer’s accounts, and protecting access passwords, keys, tokens and any other credentials used by Customer in connection with the Services (collectively, “Customer Credentials”). Customer agrees to use reasonable efforts to prevent unauthorized access to or use of the Services and must promptly notify Critical Path MEP if Customer believes that (a) any Customer Credentials have been lost, stolen or disclosed to an unauthorized third party, or (b) an unauthorized third party has accessed the Services or Customer Data.

5.3.

Except for limited Personal Information contained in Account Data, Critical Path MEP does not require Personal Information for Customer to access and use the Services. Customer must limit Personal Information in Account Data to only what is necessary to create and administer its Critical Path MEP account. With respect to Customer Data, Customer must not use the Services to Process any Sensitive Information and must use reasonable efforts to minimize the inclusion of other Personal Information in Customer Data. The Documentation includes additional guidance on filtering Personal Information from data, and masking Personal Information in data, before submission to the Services.

5.4.

Critical Path MEP may Process information regarding Customer’s configuration and use of the Services (“Usage Data”), Customer Data and Account Data: (a) to administer Customer’s account; (b) to provide, maintain and improve the Services and Support, including by responding to Support Requests and resolving other issues; and (c) to deliver insights, service notices, feature announcements and other reporting to Customer and Authorized Users. Critical Path MEP may also Process aggregated and/or anonymized Usage Data (including, for clarity, data that does not allow a third party to identify Customer as the source): (i) to create new services and features, and (ii) to market Critical Path MEP’s services, including through analysis of trends and patterns. Critical Path MEP’s Processing of Usage Data, Customer Data and Account Data will remain subject at all times to its obligations under this Agreement, including its security obligations under Section 5.1 and confidentiality obligations under Section 11; the DPA (as defined in Section 7.1), if applicable; and, with respect to Account Data, the Privacy Policy.

6. Customer Responsibilities and Restrictions.

6.1.

Customer is solely responsible for: (a) Customer’s Environment, including anything necessary to enable Authorized Users to access and use the Services; (b) Account Data, Customer Data and Customer Credentials, including all activities conducted using Customer Credentials, subject to Critical Path MEP’s Processing obligations under this Agreement; (c) providing any notices required to Customer Component providers, Authorized Users, and individuals whose Personal Information may appear in Account Data, Customer Data or Customer Credentials, and obtaining any required consents and authorizations from them; and (d) ensuring that the Services are used only for Customer’s Environment and in compliance with the AUP, Documentation and applicable Third-Party Terms.

6.2.

Nothing in this Agreement grants Customer the right to, and Customer must not, directly or indirectly: (a) allow any person or entity other than Authorized Users to access or use the Services; (b) attempt to obtain unauthorized access to any Service or its related systems or networks; (c) use any Service to access Critical Path MEP Intellectual Property Rights except as expressly permitted under this Agreement; (d) modify, copy, or create derivative works based on a Service or any portion, feature or function of a Service; (e) resell, distribute, sublicense or otherwise make any Service available to a third party, including as part of a managed services offering; (f) except to the extent restricted by Applicable Law, reverse engineer, disassemble or decompile any part of the Services, attempt to discover or recreate the source code, or access or use the Services or Documentation in order to (1) copy ideas, features, functions or graphics, (2) build competing products or services, or (3) conduct competitive analysis; (g) remove, obscure or alter any proprietary notices relating to the Services; (h) transmit or store Malicious Code; (i) use, or permit others to use, the Services in violation of Applicable Law; or (j) use, or allow others to use, the Services in any way other than as described in the applicable Order, the Documentation and this Agreement.

6.3.

Critical Path MEP reserves the right to investigate suspected violations of this Section 6. If Critical Path MEP reasonably believes that a violation has occurred, it may, in addition to any other legal or equitable remedies available to it (including termination under Section 14.2), suspend any Authorized Users suspected of the violation from accessing the Services for as long as reasonably necessary to address the issue. Unless Critical Path MEP reasonably believes the violation is willful, or there is an urgent or emergency situation, Critical Path MEP will provide Customer with advance notice of the suspension (each, a “Suspension Notice”) and will work with Customer in good faith to resolve the suspected violation. For clarity, Critical Path MEP has the right, but not the obligation to Customer (except with respect to the Suspension Notice), to take any of the actions described in this Section 6.3.

7. Compliance with Applicable Laws.

Each Party agrees to comply with all Applicable Laws in performing its obligations and exercising its rights under this Agreement. Without limiting the generality of the foregoing:

7.1.

Each Party will comply with all Applicable Laws relating to the privacy and protection of Personal Information. Without limiting Section 6.1, Customer is solely responsible for providing any legally required notices to, and obtaining any legally required consents and authorizations from, individuals whose Personal Information may be included in Account Data, Customer Data or Customer Credentials. Without limiting Section 5.3, if Customer believes that Customer Data may contain Personal Information of natural persons located in the European Economic Area and Customer wishes to enter into a Data Processing Addendum (“DPA”) under the GDPR, Customer may request one by emailing . Promptly after receiving such a request, Critical Path MEP will send Customer a DPA ready for execution.

7.2.

Each Party will comply with all Applicable Laws relating to anti-bribery and anti-corruption, including, where applicable, the U.S. Foreign Corrupt Practices Act of 1977 and the UK Bribery Act 2010. As of the date of this Agreement and as of the date of each Order, Customer represents that it has not received, and has not been offered, any illegal or improper bribe, kickback, payment, gift or thing of value from any employee, agent or representative of Critical Path MEP or its Affiliates in connection with this Agreement. Customer agrees to notify Critical Path MEP promptly if it becomes aware of any violation of the foregoing. This representation does not apply to customary and reasonable gifts or entertainment provided in the ordinary course of business, to the extent permitted by Applicable Law.

7.3.

Each Party will: (a) comply with Applicable Laws administered by the U.S. Commerce Bureau of Industry and Security, the U.S. Treasury Office of Foreign Assets Control, or any other governmental authority that imposes export controls or trade sanctions (“Export Laws”), including laws identifying restricted countries, entities and persons (“Sanctions Targets”); and (b) not directly or indirectly export, re-export or otherwise deliver Services to any Sanctions Target, or broker, finance or otherwise facilitate any transaction in violation of Export Laws. Customer represents that it is not a Sanctions Target and is not otherwise prohibited by Applicable Law, including Export Laws, from receiving the Services under this Agreement.

8. Pricing and Fees.

Customer agrees to pay all fees charged by Critical Path MEP for Customer’s use of the Services in accordance with this Agreement and the applicable Order(s) and Service Plan(s) (collectively, the “Fees”). Unless otherwise stated in an Order: (a) the Fees for Services are listed on the Pricing Page; (b) Fees are payable in U.S. dollars and, subject to Section 6.2, are due at the time the applicable Order is placed; and (c) Support is included in the Fees at no additional cost.

8.2.

If Customer pays Fees by credit card or another digital payment method supported by Critical Path MEP, Customer authorizes Critical Path MEP to charge that payment method for the Services. Customer must keep all billing account information accurate and up to date so Fees can be charged correctly and paid on time. If Customer instructs Critical Path MEP to stop using a previously designated payment method and does not provide an alternative, Critical Path MEP may immediately suspend access to and use of the Services. Any notice from Customer changing its billing account will not affect charges that Critical Path MEP has already submitted before it could reasonably act on the request. Critical Path MEP uses a third-party intermediary to process credit card payments, and that intermediary may not use Customer’s credit card information for any purpose other than Customer’s authorized purchases. Any notice, including by email, from Critical Path MEP’s third-party payment processor declining Customer’s credit card or otherwise relating to Customer’s account will be considered valid notice from Critical Path MEP.

9. Taxes.

All Fees are exclusive of taxes, levies, duties and other governmental charges (collectively, “Taxes”). Customer is solely responsible for all sales, service, value-added, use, excise, consumption and other Taxes imposed on amounts payable by Customer under the Orders and this Agreement, other than Taxes based on Critical Path MEP’s income, revenues, gross receipts, personnel or assets. Without limiting the foregoing, if Customer is required under Applicable Laws outside the US to deduct or withhold any Taxes, Customer must remit those Taxes in accordance with those laws, and the Fees payable will be increased so that Critical Path MEP receives the same amount it would have received had no such deduction or withholding been required.

10. Ownership.

As between the Parties: (a) Customer retains all right, title and interest in and to Customer’s Environment and Customer Data, including all related Intellectual Property Rights; and (b) Critical Path MEP retains all right, title and interest in and to the Services, Documentation and Feedback, including all related Intellectual Property Rights. Except for the rights expressly granted by one Party to the other in this Agreement, each Party reserves all of its rights.

11. Confidentiality.

11.1.

For purposes of this Agreement, “Confidential Information” means any information disclosed by one Party, its Affiliates, business partners, or their respective employees, agents or contractors (collectively, the “Discloser”) that is identified as confidential, whether orally or in writing, or that reasonably should be understood to be confidential based on the nature of the information or the circumstances of disclosure. Confidential Information includes, without limitation: (a) Customer Data; (b) information concerning the Discloser’s or its Affiliates’ technology, customers, business plans, marketing and promotional activities, finances and other business matters; (c) third-party information that the Discloser is required to keep confidential; and (d) the terms of this Agreement and all Orders. Confidential Information does not include information that: (i) was already known to the receiving Party (the “Recipient”) before it was disclosed by the Discloser in connection with this Agreement; (ii) is independently developed by the Recipient without reference to or use of the Discloser’s Confidential Information; (iii) is lawfully obtained by the Recipient from another source without restriction on use or disclosure; or (iv) becomes publicly available through no fault or action of the Recipient.

11.2.

The Recipient must not: (a) use the Discloser’s Confidential Information for any purpose outside the scope of this Agreement without the Discloser’s prior written consent; or (b) disclose the Discloser’s Confidential Information to any person or entity other than the Recipient’s employees, agents, contractors and service providers who (i) are subject to non-use and non-disclosure obligations at least as protective as those in this Agreement, and (ii) need to know the Confidential Information for the Recipient to exercise its rights or perform its obligations under this Agreement. Notwithstanding the foregoing, the Recipient may disclose the Discloser’s Confidential Information to the extent required by Applicable Law or a valid binding order of a governmental authority, such as a subpoena or court order, provided that, where permitted by Applicable Law, the Recipient uses reasonable efforts to give the Discloser advance notice sufficient to allow the Discloser an opportunity to intervene or seek protective relief. If the Recipient breaches or threatens to breach its obligations under this Section, the Discloser will be entitled to seek injunctive relief and other equitable remedies.

12. Disclaimers.

12.1.

EXCEPT AS EXPRESSLY STATED IN THIS AGREEMENT, NEITHER PARTY MAKES ANY WARRANTY OR GUARANTEE OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY EXPRESSLY DISCLAIMS ALL WARRANTIES, WHETHER IMPLIED, EXPRESS OR STATUTORY, INCLUDING ANY IMPLIED WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, AS WELL AS ANY WARRANTIES ARISING FROM COURSE OF DEALING, USAGE OR TRADE PRACTICE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.

12.2.

EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT, ALL SERVICES, SUPPORT AND OTHER MATERIALS ARE PROVIDED BY Critical Path MEP ON AN “AS IS” AND “AS AVAILABLE” BASIS. Critical Path MEP MAKES NO REPRESENTATIONS OR WARRANTIES, AND HAS NO SUPPORT OBLIGATION OR LIABILITY, WITH RESPECT TO ANY CUSTOMER COMPONENT. WITHOUT LIMITING THE OTHER TERMS OF THIS SECTION 13, Critical Path MEP DOES NOT WARRANT THAT THE SERVICES, DOCUMENTATION, ANCILLARY TOOLS OR ANY OTHER MATERIALS, OR THE RESULTS OF THEIR USE, WILL: (a) SATISFY CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS; (b) OPERATE WITHOUT INTERRUPTION; (c) ACHIEVE ANY INTENDED RESULT; (d) BE ERROR-FREE; OR (e) BE COMPATIBLE WITH, WORK WITH, OR CONTINUE TO WORK WITH CUSTOMER COMPONENTS. ANY CHANGES TO CUSTOMER COMPONENTS, INCLUDING THEIR UNAVAILABILITY, OR TO THIRD-PARTY TERMS DURING AN ORDER TERM WILL NOT AFFECT CUSTOMER’S OBLIGATIONS UNDER THE APPLICABLE ORDER OR THIS AGREEMENT.

13. Term and Termination.

13.1.

This Agreement will remain in effect until the expiration or earlier termination of the last Order then in effect.

13.2.

When an Order expires or is terminated earlier: (a) subject to Section 14.4, all rights granted to Customer regarding the Services under that Order will end as of the effective date of expiration or termination; and (b) subject to Section 14.4, Critical Path MEP will have no obligation to continue providing the Services to Customer or any Authorized Users after that effective date.

13.3.

If an Order is terminated early by Customer under Section 3, or by Critical Path MEP under Section 14.2: (a) Customer will not be required to pay any additional amounts specified in the Order after the effective date of termination; and (b) Critical Path MEP will refund to Customer a pro rata portion of any prepaid but unused amounts for the Services under the applicable Order, based on the remaining part of the current Order Term (a “Pro-Rated Refund”). In all other circumstances, Customer will not be entitled to any refund of Fees already paid, regardless of whether Customer used the Services to the extent reflected in the Orders or otherwise, and any unpaid Fees will become immediately due and payable.

13.4.

Provided that Customer has paid all amounts owed under this Agreement, and subject to any shorter retention periods under the applicable Service Plan, one Authorized User designated by Customer may, for up to 30 days following the effective date of termination of this Agreement, continue to access and download Customer Data that was available to Authorized Users through the Services immediately before termination. That designated Authorized User’s access and use will remain subject to this Agreement, except that the Authorized User may only access or use the Services to download Customer Data.

13.5.

The provisions of Sections 5.4, 6.2, 7, 9 through 16, and 18 through 28, together with any other provisions that by their nature are intended to survive expiration or termination, will survive any expiration or termination of this Agreement.

14. Indemnification.

14.1.

Subject to Sections 14.2 and 14.4, Critical Path MEP will defend, indemnify and hold harmless Customer, its Participating Affiliates (as defined in Section 19), and their respective employees, contractors, agents, officers and directors (collectively, “Customer Indemnitees”) from and against any and all claims, damages, obligations, losses, liabilities, costs, debts and expenses, including reasonable attorneys’ fees (collectively, “Losses”), arising out of or relating to any legal claim, suit, action or proceeding (each, an “Action”) brought by a third party alleging that Customer’s permitted use of the Services under this Agreement infringes that third party’s US patent or copyright, or misappropriates that third party’s trade secrets (each, a “Customer Infringement Claim”).

14.2.

If the Services become, or in Critical Path MEP’s judgment are likely to become, the subject of a Customer Infringement Claim, Critical Path MEP may, at its discretion and expense: (a) obtain for Customer the right to continue using the Services; (b) modify the Services so that they no longer infringe or misappropriate; or (c) terminate this Agreement and all Orders and provide a Pro-Rated Refund. Critical Path MEP will have no indemnification obligation for any Customer Infringement Claim to the extent it arises out of any of the following (collectively, “Customer-Controlled Matters”): (i) Customer’s Environment, including any Connections to Customer Components, whether enabled through APIs, Ancillary Tools or otherwise; (ii) Account Data, Customer Data or Customer Credentials, including activities conducted using Customer Credentials, subject to Critical Path MEP’s Processing obligations under this Agreement; or (iii) Customer’s or an Authorized User’s use of the Services in breach of an Order, Service Plan or this Agreement. SECTIONS 14.1 AND 14.2 SET FORTH Critical Path MEP’S ENTIRE LIABILITY, AND CUSTOMER’S EXCLUSIVE REMEDIES, FOR ANY CLAIM OF INTELLECTUAL PROPERTY INFRINGEMENT OR MISAPPROPRIATION.

14.3.

Subject to Section 14.4, Customer will defend, indemnify and hold harmless Critical Path MEP, its Affiliates, and their respective employees, contractors, agents, officers and directors (collectively, “Critical Path MEP Indemnitees”) from and against any and all Losses arising out of or relating to any Action brought by a third party arising from or related to Customer-Controlled Matters.

14.4.

Any Customer Indemnitee or Critical Path MEP Indemnitee (each, an “Indemnitee”) seeking indemnification must promptly notify the other Party (each, an “Indemnifying Party”) in writing of any Action for which indemnification is sought under Section 14.1 or 14.3, as applicable, and must cooperate with the Indemnifying Party at the Indemnifying Party’s expense. The Indemnifying Party will promptly assume control of the defense and investigation of the Action and will engage counsel of its choosing to handle and defend it at its own expense. The Indemnitee may participate in and observe the proceedings, with counsel of its own choosing, at its own expense. A Party’s failure to perform its obligations under this Section 14.4 will not relieve the Indemnifying Party of its obligations under Section 14.1 or 14.3, as applicable, except to the extent the Indemnifying Party can show that it was materially prejudiced by that failure. The Indemnifying Party may not settle any Action without the Indemnitee’s written consent if the settlement would require the Indemnitee to take any action or make any payment.

15. Limitations of Liability.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, AND EXCEPT AS OTHERWISE PROVIDED IN THIS SECTION 15: (a) NEITHER PARTY, NOR ITS AFFILIATES OR THEIR RESPECTIVE EMPLOYEES, AGENTS, CONTRACTORS, OFFICERS OR DIRECTORS, WILL BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING DAMAGES FOR BUSINESS INTERRUPTION, LOST PROFITS, LOST GOODWILL, LOSS OF USE, LOSS OF DATA OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR RELATING TO THIS AGREEMENT; AND (b) IN NO EVENT WILL EITHER PARTY’S TOTAL AGGREGATE LIABILITY UNDER THIS AGREEMENT EXCEED THE FEES PAID TO Critical Path MEP BY CUSTOMER UNDER THE APPLICABLE ORDER(S), INCLUDING ANY PRIOR ORDERS FOR THE SAME SERVICES, DURING THE 12 MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO LIABILITY. THESE EXCLUSIONS AND LIMITATIONS (COLLECTIVELY, THE “EXCLUSIONS”) APPLY REGARDLESS OF WHETHER THE ALLEGED LIABILITY IS BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR ANY OTHER THEORY, EVEN IF THE NON-BREACHING PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE EXCLUSIONS DO NOT APPLY TO A PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 14, CUSTOMER’S BREACH OF SECTION 6.2, OR CUSTOMER’S PAYMENT OBLIGATIONS TO Critical Path MEP UNDER THIS AGREEMENT. THE TERMS OF THIS SECTION 15 ALLOCATE THE RISKS BETWEEN THE PARTIES, AND THE PARTIES HAVE RELIED ON THESE EXCLUSIONS IN DECIDING TO ENTER INTO THIS AGREEMENT AND IN SETTING THE PRICING FOR THE SERVICES.

16. Publicity.

Except as required by Applicable Law or stock exchange rules, neither Party may issue or release any announcement, statement, press release or other publicity or marketing materials relating to this Agreement, or use the other Party’s marks or logos, without the other Party’s prior written consent. However, Critical Path MEP may, subject to its non-attribution obligations under Section 5.4, include Customer’s name and logo in lists of Critical Path MEP customers, on its public website, and in other promotional materials. Critical Path MEP will promptly stop using Customer’s name and logo for those purposes after receiving Customer’s request at .

17. Notices.

Subject to change in accordance with this Section: (a) Critical Path MEP’s physical address for notices is Critical Path MEP., 4531 Centralia Rd, and its email address for notices is ; and (b) Customer’s physical and email addresses for notices are the addresses associated with its Order(s). Any notice required or permitted under this Agreement must be in writing and will be deemed properly given: (i) one business day after being sent by overnight courier to the recipient Party’s physical address; (ii) three business days after being sent by registered mail, return receipt requested, to the recipient Party’s physical address; or (iii) one business day after being sent by email to the recipient Party’s email address, provided that (1) the sender does not receive a delivery failure message or out-of-office reply, and (2) any notice concerning an indemnifiable Action must be sent by courier or mail under clause (i) or (ii). Either Party may update its notice address(es) by notifying the other Party in accordance with this Section.

18. Customer Affiliates.

If an Affiliate of Customer has not entered into its own Order or separate agreement directly with Critical Path MEP, Customer may authorize that Affiliate (each, a “Participating Affiliate”) to access and use the Services under an existing Order between Customer and Critical Path MEP. In that case, references to “Customer” in the applicable Order and this Agreement will be deemed to refer to both Customer and the Participating Affiliate. Customer and its Participating Affiliates will be jointly and severally responsible for complying with this Agreement and all Orders under it. As between Customer and Critical Path MEP, Customer accepts full responsibility for the acts and omissions of its Participating Affiliates.

19. Assignment.

As long as Customer is current on all amounts due, Customer may assign this Agreement in connection with any merger, consolidation or reorganization involving Customer, whether or not Customer is the surviving entity, or in connection with a sale of all or substantially all of Customer’s business or assets related to this Agreement to an unaffiliated third party. Subject to the foregoing, Customer may not assign any of its rights or obligations under this Agreement, whether by operation of law or otherwise, without the prior written consent of Critical Path MEP, and any purported assignment made in violation of this Section is void. This Agreement is binding upon and inures to the benefit of the Parties and their respective permitted successors and assigns.

20. U.S. Government Customers.

The Services and Documentation are provided to the U.S. Government as “commercial items,” “commercial computer software,” “commercial computer software documentation,” and “technical data” with the same rights and restrictions generally applicable to the Services and Documentation. If Customer or any Authorized User is using Services and Documentation on behalf of the U.S. Government and these terms fail to meet the U.S. Government’s needs or are inconsistent in any respect with federal law, Customer and Customer’s Authorized Users must immediately discontinue use of the Services and Documentation. The terms listed above are defined in the Federal Acquisition Regulation and the Defense Federal Acquisition Regulation Supplement.

21. Independent Parties; No Third-Party Beneficiaries.

The Parties expressly understand and agree that their relationship is that of independent contractors. Nothing in this Agreement shall constitute one Party as an employee, agent, joint venture partner or servant of another. This Agreement is for the sole benefit of the Parties hereto and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer on any other person any legal or equitable right, benefit or remedy of any nature whatsoever under or by reason of this Agreement.

22. Force Majeure.

Neither Party shall be liable or responsible to the other Party, nor be deemed to have defaulted under or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement (except for any obligations to make payments), when and to the extent such failure or delay is caused by acts of God; flood, fire or explosion; war, terrorism, invasion, riot or other civil unrest; embargoes or blockades in effect on or after the date of this Agreement; or national or regional emergency (each of the foregoing, a “Force Majeure Event”), in each case, provided the event is outside the reasonable control of the affected Party, the affected Party provides prompt notice to the other Party, stating the period of time the occurrence is expected to continue, and the affected Party uses diligent efforts to end the failure or delay and minimize the effects of such Force Majeure Event.

23. Governing Law; Venue.

Except to the extent the issue arising under this Agreement is governed by US federal law, this Agreement shall be governed by and construed and enforced in accordance with the laws of the State of VA, without giving effect to the choice of law rules of that State. Any legal action or proceeding arising under or relating to this Agreement shall be brought exclusively in the state or federal courts located in Chester, VA, US, and the Parties expressly consent to personal jurisdiction and venue in those courts. The Parties agree that the United Nations Convention on Contracts for the International Sale of Goods are specifically excluded from application to this Agreement.

24. Miscellaneous.

This Agreement, together with all Orders, and the AUP, is the complete and exclusive statement of the agreement between the Parties and supersedes all proposals, questionnaires and other communications and agreements between the Parties (oral or written) relating to the subject matter of this Agreement. Any terms and conditions of any other instrument issued by Customer in connection with this Agreement which are in addition to, inconsistent with or different from the terms and conditions of this Agreement shall be of no force or effect. Additionally, this Agreement supersedes any confidentiality, non-disclosure, evaluation or trial agreement previously entered into by the Parties with respect Customer’s or an Affiliate’s evaluation of the Services or otherwise with respect to the Services. Except as otherwise provided in Section 30, this Agreement may be modified only by a written instrument duly executed by authorized representatives of the Parties. The failure of a Party to exercise or enforce any condition, term or provision of this Agreement will not operate as a waiver of such condition, term or provision. Any waiver by either Party of any condition, term or provision of this Agreement shall not be construed as a waiver of any other condition, term or provision. If any provision of this Agreement is held invalid or unenforceable, the remainder of the Agreement shall continue in full force and effect. The headings in this Agreement are for reference only and shall not affect the interpretation of this Agreement. For purposes of this Agreement, the words “include,” “includes” and “including” are deemed to be followed by the words “without limitation”; the word “or” is not exclusive; and the words “herein,” “hereof,” “hereby,” “hereto” and “hereunder” refer to this Agreement as a whole.

25. Definitions.

Capitalized terms not otherwise defined in this Agreement shall have the respective meanings assigned to them in this Section 26.

“Account Data” means information about Customer that Customer provides to Critical Path MEP in connection with the creation or administration of its Critical Path MEP account, such as first and last name, user name and email address of an Authorized User or Customer’s billing contact. Customer shall ensure that all Account Data is current and accurate at all times during the applicable Order Term, and shall in no event include Sensitive Information in Account Data.

“Affiliate” means, with respect to a Party, a business entity that directly or indirectly controls, is controlled by or is under common control with, such Party, where “control” means the direct or indirect ownership of more than 50% of the voting securities of a business entity.

“Applicable Laws” means any and all governmental laws, rules, directives, regulations or orders that are applicable to a particular Party’s performance under this Agreement.

“Authorized User” means an individual employee, agent or contractor of Customer or a Participating Affiliate for whom subscriptions to Services have been purchased pursuant to the terms of the applicable Order and this Agreement, and who has been supplied user credentials for the Services by Customer or the Participating Affiliate (or by Critical Path MEP at Customer’s or a Participating Affiliate’s request).

“Available” means the Services are available for access and use by end users over the internet; “Availability” has a correlative meaning. Availability is assessed from the point where the Services are made available from Critical Path MEP’s hosting provider and measured in minutes over the course of each calendar month during the Order Term. Customer may request Availability information by submitting a Support Request.

“Exceptions” means any of: (a) Customer’s breach of this Agreement, an Order or the AUP; (b) Customer’s failure to configure and use the Services in accordance with the Documentation; (c) failures of, or issues with, Customer’s Environment; (d) Force Majeure Events; (e) Critical Path MEP’s suspension of Authorized Users’ access to the Services pursuant to Section 8.3 or 15.2; or (f) maintenance during a window for which Critical Path MEP provides notice by email or through the Services in advance.

“Feedback” means bug reports, suggestions or other feedback with respect to the Services or Documentation provided by Customer to Critical Path MEP, exclusive of any Customer Confidential Information therein.

“GDPR” means the General Data Protection Regulation 2016 / 679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing of Directive 95/46/EC.

“Intellectual Property Rights” means any and all registered and unregistered rights granted, applied for, or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection, or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world.

“Malicious Code” means viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs.

“Order” means a separate order for Services pursuant to this Agreement: (a) completed and submitted by Customer online at the Critical Path MEP site and accepted by Critical Path MEP or (b) executed by Critical Path MEP and Customer.

“Order Term” means, with respect to each Order, the initial subscription term for the Services specified in the applicable Order and all Renewal Order Terms, if any. In the event an Order does not specify a fixed term, then the Order Term will run from the Order’s effective date until the end of the calendar month in which either Party gives notice of termination in accordance with Section 20, unless the Order is otherwise terminated earlier in accordance with this Agreement or the Order.

“Party” means each of Critical Path MEP and Customer.

“Personal Information” means information relating to an identified or identifiable natural person that is protected by Applicable Laws with respect to privacy where the individual resides.

“Pricing Page” means the publicly available web page(s) where Critical Path MEP publishes its list prices for Services.

“Privacy Policy” means Critical Path MEP’s standard Privacy Policy, currently available at https:///privacy-policy.

“Process” means to perform an operation or set of operations on data, content or information, including to submit, transmit, post, transfer, disclose, collect, record, organize, structure, store, adapt or alter; “Processing” has a correlative meaning.

“Sensitive Information” means the following categories of Personal Information: (a) government-issued identification numbers, including Social Security numbers; (b) financial account data; (c) biometric, genetic, health or insurance data; (d) financial information; (e) data revealing race, ethnicity, political opinions, religion, philosophical beliefs or trade union membership; (f) data concerning sex life or sexual orientation; and (g) data relating criminal convictions and offenses. Without limiting the foregoing, the term “Sensitive Information” includes Personal Information that is subject to specific or heightened requirements under Applicable Law or industry standards, such as Social Security numbers in the US, protected health information under the U.S. Health Insurance Portability and Accountability Act, nonpublic personal information under the U.S. Gramm-Leach-Bliley Act, cardholder data under the PCI Data Security Standard, and special categories of personal data under the GDPR.

“Service Plan” means the packaged plan and associated features, as detailed at the Pricing Page, for the hosted Critical Path MEP service to which Customer subscribes.

“Services” means the hosted services to which Customer subscribes through, or otherwise uses following, an Order that are made available by Critical Path MEP online via the applicable login page and other web pages designated by Critical Path MEP. Critical Path MEP may make such changes to the Services as Critical Path MEP deems appropriate from time to time, provided such changes do not materially decrease the features or functionality of the Services as they existed at the effective date of this Agreement. 

“Support” means Critical Path MEP’s standard customer technical support for the Services, currently provided exclusively via email.

26. Counterparts.

Any written Order may be executed in counterparts, each of which shall be deemed an original, but all of which together shall be deemed to be one and the same agreement. Delivery of an executed counterpart of a signature page to an Order by fax or by email of a scanned copy, or execution and delivery through an electronic signature service (such as DocuSign), shall be effective as delivery of an original executed counterpart of the relevant Order.

27. Changes to this Agreement.

Critical Path MEP may modify this Agreement at any time by posting a revised version at https:///subscription-agreement, which modifications will become effective as of the first day of the calendar month following the month in which they were first posted; provided, however, that if an Order specifies a fixed term of 12 months or longer, the modifications will instead be effective immediately upon the start of the next Renewal Order Term. In either case, if Customer objects to the updated Agreement, as its sole and exclusive remedy, Customer may choose not to renew, including canceling any terms set to auto-renew. For the avoidance of doubt, any Order is subject to the version of the Agreement in effect at the time of the Order.