Terms and Conditions (October 7, 2021)

Terms and Conditions

Last Updated: October 7, 2021

These Zesty Customer Terms and Conditions (the “Agreement“) constitutes a binding agreement between Zesty Tech Ltd. or the other Zesty entity executing the Order (“Company”) and the customer accepting this Agreement (“Customer”). This Agreement applies to and governs, inter alia, Customer’s access to and use of the Platform (defined below). Company and Customer may be collectively referred to herein as the “Parties“, and each individually as a “Party“.

This Agreement commences and becomes effective (the “Effective Date“) as of the earliest of: (a) the date Customer first clicks “I Agree/I Accept/Sign Up” (or the similar button or checkbox); (b) the date Customer first accesses or uses the Platform, or sets up an Account (defined below); or (c) any effective or commencement date specified in Customer’s initial Order (defined below). But for the avoidance of doubt, no Order is needed in order for this Agreement to take effect.

If you are accepting this Agreement on behalf of your employer or another entity (for example, if you are signing up using an email address from such employer or entity), you represent and warrant that: (i) you have full legal authority to bind your employer or such entity to this Agreement; (ii) you have read and understand the terms and conditions of this Agreement; and (iii) you agree to this Agreement on behalf of your employer or such entity. IF YOU DO NOT ACCEPT THE TERMS AND CONDITIONS OF THIS AGREEMENT, YOU MUST NOT CLICK “I AGREE/I ACCEPT/SIGN UP” (OR THE SIMILAR BUTTON OR CHECKBOX), AND YOU ARE NOT AUTHORIZED TO ACCESS OR USE ANY PART OF THE PLATFORM.

For the avoidance of doubt, this Agreement shall not apply to Customer if Customer has purchased a subscription/license to the Platform through a Company-authorized reseller, distributor, or similar channel partner of the Platform (a “Channel Partner”). In such cases, Customer is granted its subscription/license to the Platform by and through the Channel Partner, and not directly by Company (and accordingly, Customer agrees that it has no contract with Company).

If you are setting up a Free Customer Account, please see Section ‎3 (Free Customers and Evaluation Products) below.

1. DEFINITIONS.

The following capitalized terms have the meanings set forth below:

“Affiliate” means, with respect to a Party, any entity that directly or indirectly controls, is controlled by, or is under common control with such Party, whereby “control” means the possession, directly or indirectly, of the power to direct, or cause the direction of, the management and policies of such person, whether through the ownership of voting securities, by contract, or otherwise.

“Binary” means any distributed component of the Platform (such as the Zesty Disk™ feature), for installation within the Customer Cloud. Unless the context requires otherwise, references in this Agreement to the “Platform” shall be deemed to include the “Binary” as well.

“Content” means any text, data, information, reports, files, images, graphics, software code, or other content.

“Customer Content” means any Content submitted or uploaded to, or transmitted through, the Platform, or otherwise provided or made available to Company, by or on behalf of Customer.

“Customer Cloud” means the Customer’s third party cloud account and environment for which the Platform is being purchased, as specified in the Order.

“Customer Cloud Provider” means the third party cloud service provider of the Customer Cloud.

“Documentation” means the Platform-related operational guides or manuals, which Company provides or makes available to Customer, in any form or medium. Documentation does not include any marketing, or other publicly available, materials. Unless the context requires otherwise, references in this Agreement to the “Platform” shall be deemed to include the “Documentation” as well.

“DPA” means the Data Processing Agreement (or DPA) attached hereto as Schedule B (unless Company specifically instructs Customer in writing to refer to a Data Processing Agreement on the Site).

“Platform Content” means any Content (excluding Customer Content) appearing on or in, or otherwise provided or made available via, the Platform (such as insights).

“Intellectual Property Rights” means any and all rights, titles, and interests (under any jurisdiction or treaty, whether protectable or not, whether registered or unregistered, and whether vested, contingent, or future) in and to inventions, discoveries, works of authorship, designs, software, technical information, databases, know-how, mask works, methods, technology, and other intellectual property, and includes but is not limited to patents, copyrights and similar authorship rights, moral (and similar personal) rights, mask work rights, data and database rights, trade secret rights and similar rights in confidential information and other non-public information, design rights, trademark, service mark, trade name, trade dress and similar branding rights, as well as: (i) all applications, registrations, renewals, reexaminations, extensions, continuations, continuations-in-part, provisionals, substitutions, divisions or reissues of or for the foregoing; and (ii) all goodwill associated with the foregoing.

“Order” means any order form or other ordering document (including without limitation any Internet-based or email-based ordering mechanism or registration process, such as, via Customer’s Account), submitted or entered into by Customer for the purchase of a Subscription. Each Order is hereby incorporated into this Agreement by reference. To the extent of any conflict or inconsistency between the terms and conditions of this Agreement and an Order, the former shall prevail (unless the Order specifically states otherwise).

“Law” means any federal, state, foreign, regional or local statute, regulation, ordinance, or rule of any jurisdiction.

“Platform” means Company’s cloud management and optimization software-as-a-service platform, known as Zesty.

“Pricing Page” means any publicly available web page(s) on the Site where Company publishes its list prices for the Platform, currently available at https://zesty.co/pricing/.

“Professional Services” means Platform-related installation, deployment, configuration, training, customization, integration, or other professional services.

“Subscription Scope” means any Platform usage or consumption limitations and parameters (for example, as to the volume of Users, volume of Binaries, available features and functionalities, etc.) specified in an Order.

“Sensitive Data” means any (i) categories of data enumerated in Article 9(1) of the European Union’s General Data Protection Regulation (Regulation 2016/679, aka the GDPR) or any successor law; (ii) credit, debit or other payment card data subject to the Payment Card Industry Data Security Standards (“PCI DSS”); (iii) Nonpublic Personal Information (NPI) (as defined by the Gramm-Leach-Bliley Act and its implementing rules and regulations) or Personal Health Information (PHI) data (as defined by the Health Insurance Portability and Accountability Act and its implementing rules and regulations); or (iv) any data similar to the foregoing that is protected under foreign or domestic laws.

“Services” means, as the case may be, Support Services, Professional Services, and/or any other services provided by or on behalf of Company pursuant to this Agreement (such as cost optimization actions).

“Site” means the Company’s website currently at https://zesty.co/.

“Support Services” means the standard Platform technical support and maintenance services that Company makes generally available to its customers (or, if applicable, any upgraded technical support and maintenance services purchased under an Order).

“Usage Statistics” means any non-Customer-identifying information, data, reporting, suggestions, analyses, and/or intelligence relating to the operation, support, and/or Customer’s use, of the Platform and/or Platform Content (such as metadata, aggregated data, analytics, security findings or discoveries, etc.).

“User” means Customer’s employees who are authorized by Customer to use the Platform, and for whom Customer (or Company, at Customer’s request) has supplied a user identification and password for the Platform. Customer shall remain primarily responsible and liable for its Users’ compliance with the terms and conditions of this Agreement.

2. ACCOUNT

In order to access the Platform, Customer may be given the opportunity (or otherwise be required) to generate an account by submitting the information requested in the applicable online form or Platform interface (“Account“). If Customer is an entity, it might be required to designate an administrator Account (“Admin Account“) and a user Account for each User (each, a “User Account“). Customer shall ensure that all information submitted during the registration process is, and will thereafter remain, complete and accurate. As between Company and Customer, Customer shall be solely responsible and liable for maintaining the confidentiality and security of its Account credentials, as well as for all activities that occur under or in such Account. Customer shall immediately notify Company in writing of any unauthorized access to, or use of, an Account, or any other breach of security. Personal information received during the Account registration process will be processed by Company in accordance with Company’s privacy policy on the Site.

As an alternative to the above Account registration process, Customer may be able to generate an Account, or otherwise access the Platform, by integrating and logging in via a supported third party platform (a “Third Party Application“). As part of such integration, the Third Party Application may provide us with access to certain information that Customer and its Users have provided to such Third Party Application. The type of such information provided to Company, as well as the manner in which the Third Party Application uses, stores, and discloses such information, is governed solely by the policies of the third party operating the Third Party Application, and Company shall have no liability or responsibility for the privacy practices or other actions of such third parties. Company enables such integration merely as a convenience, and the availability of such integration does not (and shall not be construed to) in any way imply, suggest, or constitute any sponsorship, endorsement, or approval by Company of such Third Party Application or third party, nor any affiliation between Company and such third party. Company shall have no obligation or liability of any kind whatsoever for a Third Party Application or for the third party’s policies, practices, actions, or omissions.

3. FREE CUSTOMERS AND EVALUATION PRODUCTS

3.1. Free Customers. The Platform may enable Customer to set up and configure a free-of-charge Account (a “Free Customer Account“). A Free Customer Account is limited to whatever duration, features, and functionalities Company elects in its sole discretion, and Company reserves the right to add and remove any features and functionalities, as well as terminate a Free Customer Account, at any time, with or without notice.

3.2.Evaluation Products. From time to time, Company may permit Customer to try certain Platform features or functionalities (whether new or existing) at no charge for a free trial or evaluation period (each, an “Evaluation Product“). Evaluation Products may be designated or identified as beta, pilot, evaluation, trial, or the like. Unless configured otherwise by Company, or agreed otherwise (for example, in an Order), the default evaluation period for an Evaluation Product (the “Evaluation Period“) is thirty (30) days. However, Company reserves the right to terminate an Evaluation Period at any time, for convenience, with or without notice.

3.3. General. For the avoidance of doubt, the restrictions set forth in Section ‎4.2 (Restrictions) shall also apply to Evaluation Product and Free Customer Accounts. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED IN THIS AGREEMENT, EVALUATION PRODUCTS AND FREE CUSTOMER ACCOUNTS ARE PROVIDED FOR CUSTOMER’S INTERNAL EVALUATION ONLY (AND NOT FOR PRODUCTION USE), AND COMPANY SHALL HAVE NO OBLIGATION OR LIABILITY OF ANY KIND WHATSOEVER TOWARDS CUSTOMER FOR EVALUATION PRODUCTS OR FREE CUSTOMER ACCOUNTS. TO THE EXTENT THAT APPLICABLE LAW DOES NOT PERMIT THE EXCLUSION OF COMPANY’S LIABILITY TO CUSTOMER FOR AN EVALUATION PRODUCT OR A FREE CUSTOMER ACCOUNT, COMPANY’S AGGREGATE LIABILITY TO CUSTOMER IN RESPECT OF AN EVALUATION PRODUCT AND/OR A FREE CUSTOMER ACCOUNT SHALL NOT EXCEED TEN US DOLLARS (USD$10).

4.SUBSCRIPTION

4.1. General. Subject to the terms and conditions of this Agreement (including without limitation Customer’s payment of all applicable Fees), Company grants Customer, in connection with each Order, a limited, non-exclusive, non-transferable, non-sublicensable right and license, during the corresponding Subscription Term (defined below), to do the following (collectively, the “Subscription”):

(a) At its own expense, defend Customer against the Infringement Claim; and
(b) Indemnify and hold harmless Customer for any amount finally awarded against or imposed upon Customer by the court (or otherwise agreed in settlement) under the Infringement Claim (provided, however, that any insurance recoveries and/or indemnity or contribution amounts received by the Customer prior to receipt of indemnification by Company, shall reduce the indemnifiable amount to be paid by Company by the amount of such recovery).

For the avoidance of doubt: (i) the Subscription is subject to the applicable Subscription Scope, and Customer shall not use any technical or other means within, or external to, the Platform to exceed or circumvent the Subscription Scope, and (ii) the Binary is only licensed (and not sold) hereunder. Any rights not expressly granted herein are hereby reserved by Company and its licensors, and, except for the Subscription, Customer is granted no other right or license in or to the Platform, whether by implied license, estoppel, exhaustion, operation of law, or otherwise. Customer shall be solely responsible for providing all equipment, systems, assets, access (for ensuring the Platform has access to the Customer Cloud), and ancillary services needed to access and use the Platform, for ensuring their compatibility with the Platform, as well as for obtaining (and maintaining) all consents and licenses necessary to exercise Customer’s rights under the Subscription. Company reserves the right, but not the obligation, to monitor Customer’s use of the Platform.

4.2. Restrictions. As a condition to (and except as expressly permitted by) the Subscription, Customer shall not do (or permit or encourage to be done) any of the following Subscription restrictions (in whole or in part): (a) copy, create public Internet “links” to, “frame”, or “mirror” the Platform or Platform Content; (b) sell, assign, transfer, lease, rent, sublicense, or otherwise distribute or make available the Platform or Platform Content to any third party (such as offering it as part of a time-sharing, outsourcing or service bureau environment); (c) publicly perform, display or communicate the Platform or Platform Content; (d) modify, adapt, translate, or create a derivative work of the Platform or Platform Content; (e) decompile, disassemble, decrypt, reverse engineer, extract, or otherwise attempt to discover the source code or non-literal aspects (such as the underlying structure, sequence, organization, file formats, non-public APIs, ideas, or algorithms) of, the Platform or Platform Content; (f) remove, alter, or conceal any copyright, trademark, or other proprietary rights notices displayed on or in the Platform or Platform Content; (g) circumvent, disable or otherwise interfere with security-related or technical features or protocols of the Platform or Platform Content; (h) use the Platform or Platform Content to develop any service or product that is the same as (or substantially similar to), or otherwise competitive with, either of them; (i) store or transmit any robot, malware, Trojan horse, spyware, or similar malicious item intended (or that has the potential) to damage or disrupt the Platform or Platform Content, or use any robot, spider, scraper, or any other automated means to access the Platform or Platform Content; (j) employ any hardware, software, device, or technique to pool connections or reduce the number of Binaries, servers/machines, Users, or endpoints that directly access or use the Platform or Platform Content (sometimes referred to as ‘virtualisation’, ‘multiplexing’ or ‘pooling’); (k) forge or manipulate identifiers in order to disguise the origin of any Customer Content; (l) take any action that imposes or may impose (as determined in Company’s reasonable discretion) an unreasonable or disproportionately large load on the servers, network, bandwidth, or other cloud infrastructure which operate or support the Platform or Platform Content, or otherwise systematically abuse or disrupt the integrity of such servers, network, bandwidth, or infrastructure; (m) use the Platform or Platform Content in connection with any stress test, competitive benchmarking or analysis, or otherwise publish or disclose, without Company’s prior express written approval, any the results of such activities or other performance data of the Platform; or (n) use the Platform or Platform Content to circumvent the security of another person’s network/information, develop malware, unauthorized surreptitious surveillance, data modification, data exfiltration, data ransom or data destruction.

4.3. Customer Affiliates. Subject to (and without expanding) the Subscription Scope, Customer may permit its Affiliates to exercise Customer’s Subscription rights under an Order, provided that: (a) Customer first informs Company in writing of the identity of such Affiliates (and Company may object to an Affiliate if Company deems such Affiliate a competitor); and (b) such Affiliates, in writing, acknowledge the terms and conditions of this Agreement, agree to comply with the Subscription, and agree that Company shall have no obligation or liability of any kind whatsoever towards such Affiliates. Customer shall remain primarily responsible and liable for such Affiliates’ compliance with the terms and conditions of this Agreement.

4.4. Delivery and Hosting. The Platform is made available to Customer via the Site. The hosting of the Platform (and related processing) will be provided by a third party cloud hosting provider selected by Company (“Hosting Provider“), and accordingly the availability of the Platform shall be in accordance with the Hosting Provider’s then-current uptime commitments; provided, however, that Company will use commercially reasonable efforts to have or contractually require the Platform to be available at an annual uptime of 99.99%. In the event Company decides to host the Platform (or a part thereof) internally on Company’s own servers under this Agreement, then Company shall notify Customer. Unless the Order specifies otherwise, delivery of the Binary shall be by electronic download. The Binary will be deemed accepted once made available for electronic download.

4.5. Usage Statistics. For the avoidance of doubt, it is acknowledged and agreed that Company (alone and/or together with its Affiliates and service providers) may generate and commercially exploit Usage Statistics, as well as use Customer Content for the purpose of enhancing the Platform, and nothing in this Agreement shall be deemed to prohibit or otherwise limit such activities.

4.6. Features and Functionalities. Company may, from time to time, modify and replace the features and functionalities (but not material functionalities to which Customer is entitled under an Order, unless it improves the material functionality), as well as the user interface, of the Platform. Some features and functionalities may in any event be restricted by geography or otherwise, in order forCompany to comply with applicable Law or commitments to third parties. Customer agrees that its purchase hereunder is not contingent on the delivery of any future functionality or feature, or dependent on any oral or written statements made by or on behalf of Company regarding future functionalities or features.

4.7. Optimization Authorization. Customer hereby authorizes Company and its Affiliates to analyze, predict, purchase, modify, and sell RIs and SPs (each as defined below), as well as perform additional cost optimization actions, on Customer’s behalf (the “Optimization Authorization“). For the avoidance of doubt, RIs and SPs are purchased under Customer’s name, and managed by Company.Customer represents and warrants that it has obtained, and will maintain, all necessary consents and licenses necessary to grant the Optimization Authorization.

5. SERVICES

5.1. Support Services. Subject to Customer remaining current all payment obligations under this Agreement, Customer will be entitled to receive the Support Services.

5.2. Professional Services. Company is not obligated to provide any Professional Services. Any Professional Services mutually agreed to between the Parties shall be set out in sequential Professional Services Statements of Work to this Agreement (each, a “Professional Services SOW“). Professional Services shall be charged in accordance with such Professional Services SOW. Each Professional Services SOW shall be deemed incorporated into this Agreement by reference. To the extent of any conflict between the terms and conditions of this Agreement and a Professional Services SOW, the former shall prevail, unless and to the extent that the Professional Services SOW expressly states otherwise.

5.3. General. Services will be performed by Company, its Affiliates, and/or Channel Partners (if applicable), and are provided for the benefit of Customer only. With Customer’s prior written approval (not to be unreasonably withheld, conditioned, or delayed) Company may subcontract Services (in whole or in part) to a third party contractor, and Company shall remain primarily responsible for such contractor’s performance of the Services. Unless expressly agreed otherwise in writing, Services shall be carried out remotely, and any physical attendance at Customer’s offices or other locations requested by Customer, if agreed to by Company, shall be charged at Company’s then-current rates, and Company shall also be entitled to reimbursement for travel and lodging costs and expenses incurred.

6. PAYMENT

6.1. Fees. Customer agrees to pay Company the fees and other charges set forth in each Order (the “Fees”).

6.2. Pricing. Unless the Company issues Customer a written quotation referencing this Agreement (a “Quote”) and specifying a different price, or unless expressly agreed otherwise in an Order, the Fees will be priced according to the then-current Pricing Page.

6.3. Payment Terms. Unless expressly stated otherwise in an Order or this Agreement: (a) all Fees are stated, and are to be paid, in US Dollars; (b) all Fees are shall be paid in advance at the commencement of each billing cycle (except for Fees for overages, which are charged in arrears); (c) all payments and payment obligations under this Agreement are non-refundable, and are without any right of set-off or cancellation; (d) any amount not paid when due will accrue interest on a daily basis until paid in full, at the lesser of the rate of one and a half percent (1.5%) per month and the highest amount permitted by applicable Law; and (e) Company shall be entitled to issue invoices (and any associated reporting) and billing notices via email to the applicable Customer contact email address specified in the Order, via a functionality of the Platform, and/or via a dedicated platform offered by the Hosting Provider.

6.4. Taxes.Amounts payable under this Agreement are exclusive of all applicable sales, use, consumption, VAT, GST, and other taxes, duties or governmental charges, except for taxes based upon Company’s net income. Customer must provide a valid tax exemption certificate if claiming a tax exemption. In the event that Customer is required by any law applicable to it to withhold or deduct taxes for any payment under this Agreement, then the amounts due to Company shall be increased by the amount necessary so that Company receives and retains, free from liability for any deduction or withholding, an amount equal to the amount it would have received had Customer not made any such withholding or deduction.

6.5. Payment Processing. Customer represents and warrants that all payment and billing information provided is (and will remain) complete and accurate, and Customer has obtained all necessary consents to enable the necessary payment method. If applicable, payment of Fees may be processed through a third-party payment processing service (which will receive and process Customer’s billing information), and additional terms may apply to such payments. Customer authorizes Company (and/or its designee) to: (a) request and collect payment (and to otherwise take other billing actions, such as refunds) from Customer on a recurring basis; and (b) make any inquiries Company deems necessary, from time to time, to validate Customer’s designated payment method or financial information, in order to ensure prompt payment of Fees (including, but not limited to, for the purpose of receiving updated payment details from Customer’s payment, credit card, or banking account provider – such as, updated expiry date or card number).

6.6. Usage Audit.Company (or a third party it reasonably designates) shall, from time to time, be entitled to audit Customer’s deployment and use of the Platform (a “Usage Audit”), and Customer shall facilitate such Usage Audit by providing Company with all access reasonably requested by Company (such as, for the purpose of calculating any Fees for overages).

6.7. Non-Utilization Credit SLA. Customer shall be entitled to the Platform-related credits set forth in the Non-Utilization Credit SLA in Schedule A hereto (the “Non-Utilization Credit SLA”). For the avoidance of doubt, the Non-Utilization Credit SLA only applies in respect of Managed RIs and Managed SPs, and shall not apply in respect of any RIs or SPs that were purchased by the Customer or by any third party on its behalf (to the extent that such purchases result in RI non-Utilization or SP non-Utilization of the Managed RIs or Managed SPs).

7. OWNERSHIP

7.1. Company Materials. Company (and/or its licensors, as applicable) is, and shall be, the sole and exclusive owner of all right, title and interest (including without limitation all Intellectual Property Rights) in and to:

(a) The Platform;
(b) Platform Content;
(c) Company’s Confidential Information;
(d) Any feedback, suggestions, or ideas for or about the Platform or Platform Content (collectively, “Feedback”);
(e) Usage Statistics; and
(f) Any and all improvements, derivative works, and/or modifications of/to any of the foregoing, regardless of inventorship or authorship.

Customer shall make, and hereby irrevocably makes, all assignments and/or waivers necessary or reasonably requested by Company to ensure and/or provide Company (and/or its designee(s)) the ownership rights set forth in this paragraph.

7.2. Customer Content. As between the Parties, Customer is, and shall be, the sole and exclusive owner of all Customer Content.

(a) Unless the Platform specifically requests otherwise, Customer shall ensure that no Customer Content includes or links to Sensitive Data.
(b) Customer represents and warrants that: (a) no processing of Customer Content under this Agreement (whether by Company, its Affiliates, or the Hosting Provider) will violate any Law, proprietary right, or privacy right; and (b) it has obtained and will maintain all required consents and licenses, and will maintain all ongoing legal bases under relevant privacy Laws (if applicable), necessary to provide, make available, and otherwise expose Customer Content to Company, its Affiliates, and the Hosting Provider.
(c) Unless otherwise specifically agreed in writing, Customer Data may be hosted and processed by Company and its respective third party service providers in Israel, the United States, or other locations around the world.
(d) The Platform is not intended to, and will not, operate as a data storage or archiving product or service, and Customer agrees not to rely on the Platform for the storage of any Customer Content whatsoever. Customer is solely responsible and liable for the maintenance and backup of all Customer Content.

8. CONFIDENTIALITY

Each Party will protect the other’s Confidential Information (defined below) from unauthorized use, access or disclosure in the same manner as each Party protects its own Confidential Information, but with no less than reasonable care. Except as otherwise expressly permitted pursuant to this Agreement, each Party may use the other Party’s Confidential Information solely to exercise its respective rights and perform its respective obligations under this Agreement, and may disclose such Confidential Information:

(a) solely to its employees and contractors who have a need to know such Confidential Information for the foregoing purposes, and who are bound by terms of confidentiality substantially similar to those set forth herein;
(b) as necessary to comply with an order or subpoena of any administrative agency or court of competent jurisdiction; and/or
(c) as reasonably necessary to comply with any applicable Law.

Notwithstanding anything to the foregoing, Company shall be entitled to disclose Customer’s Confidential Information to Company’s Affiliates, as well as to the Hosting Provider and to Company’s subcontractors under this Agreement.

“Confidential Information” means all information disclosed by one Party to the other Party, regardless of form, which a reasonable person would understand to be confidential given the nature of the information and/or the circumstances of disclosure, and includes, but is not limited to, technical data, computer programs and software code (including firmware and source code), ideas, inventions, algorithms, know-how, analyses, specifications, processes, techniques, formulas, designs and drawings, and other technology and intellectual property. Confidential Information shall not include information that: (A) was already known (without restriction) to the receiving Party at the time of disclosure by the disclosing Party; (B) was or is obtained by the receiving Party from a third party not known by the receiving Party to be under an obligation of confidentiality with respect to such information; (C) is or becomes generally available to the public other than by violation of this Agreement or another valid agreement between the Parties; or (D) was or is independently developed by the receiving Party without the use of the disclosing Party’s Confidential Information. For the avoidance of doubt, and notwithstanding anything to the contrary, the Fees (including any pricing and payment terms) and other commercial terms of an Order shall be deemed Confidential Information of Company.

9. DISCLAIMERS

THE PLATFORM, PLATFORM CONTENT, SERVICES, EVALUATION PRODUCTS, ANY REPORTS OR OUTPUT GENERATED BY THE PLATFORM, AS WELL AS ANY OTHER GOODS AND SERVICES PROVIDED OR MADE AVAILABLE BY OR ON BEHALF OF COMPANY HEREUNDER (COLLECTIVELY, THE “COMPANY MATERIALS“) ARE PROVIDED AND MADE AVAILABLE ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITH ALL DEFECTS, AND ALL EXPRESS, IMPLIED AND STATUTORY CONDITIONS AND WARRANTIES (INCLUDING WITHOUT LIMITATION ANY IMPLIED CONDITIONS OR WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET POSSESSION, NON-INFRINGEMENT, OR QUALITY OF SERVICE, OR THAT OTHERWISE ARISE FROM A COURSE OF PERFORMANCE OR USAGE OF TRADE) ARE HEREBY DISCLAIMED BY COMPANY AND ITS LICENSORS.

COMPANY DOES NOT MAKE ANY REPRESENTATION, WARRANTY, GUARANTEE OR CONDITION: (A) REGARDING THE EFFECTIVENESS, USEFULNESS, RELIABILITY, TIMELINESS, COMPLETENESS, OR QUALITY OF COMPANY MATERIALS; (B) THAT CUSTOMER’S USE OF COMPANY MATERIALS WILL BE UNINTERRUPTED, SECURE OR ERROR-FREE; (C) REGARDING THE OPERATION OF ANY CELLULAR NETWORKS, THE PASSING OR TRANSMISSION OF DATA VIA ANY NETWORKS OR THE CLOUD, OR ANY OTHER CELLULAR OR DATA CONNECTIVITY PROBLEMS; OR (D) REGARDING THE SATISFACTION OF, OR COMPLIANCE WITH, ANY LAWS, REGULATIONS, OR OTHER GOVERNMENT OR INDUSTRY RULES OR STANDARDS. COMPANY WILL NOT BE LIABLE OR OBLIGATED IN RESPECT OF DELAYS, INTERRUPTIONS, SERVICE FAILURES OR OTHER PROBLEMS INHERENT IN USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS OR FOR ISSUES RELATED TO HOSTING PROVIDERS OR PUBLIC NETWORKS. CUSTOMER AGREES THAT COMPANY WILL NOT BE RESPONSIBLE OR LIABLE FOR OVER-PURCHASES OF RIs or SPs DONE BY CUSTOMER, FOR ANY REASON. Customer acknowledges that some Platform Data is collected and compiled automatically, and originates from third party suppliers (such as the Customer Cloud Providers)to which Customer give Company or the Platform access.

THE PROVISIONS OF THIS SECTION(DISCLAIMERS) AND OF SECTION‎10(LIMITATION OF LIABILITY) BELOW ALLOCATE THE RISK UNDER THIS AGREEMENT BETWEEN THE PARTIES, AND THE PARTIES HAVE RELIED ON THESE DISCLAIMERS, EXCLUSIONS, AND LIMITATIONS IN DETERMINING WHETHER TO ENTER INTO THIS AGREEMENT.

10. LIMITATION OF LIABILITY

10.1. EXCEPT FOR BREACHES OF CONFIDENTIALITY UNDER SECTION ‎8(CONFIDENTIALITY), CUSTOMER’S BREACH OF THE SUBSCRIPTION (INCLUDING WITHOUT LIMITATION A BREACH UNDER SECTION ‎4.2(USAGE RESTRICTIONS)), AND/OR GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, IN NO EVENT SHALL EITHER PARTY, ITS AFFILIATES, OR LICENSORS BE LIABLE UNDER, OR OTHERWISE IN CONNECTION WITH, THIS AGREEMENT, FOR:

(a) ANY CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL, OR PUNITIVE DAMAGES;
(b) ANY LOSS OF PROFITS, BUSINESS, OPPORTUNITY, REVENUE, CONTRACTS, ANTICIPATED SAVINGS, OR WASTED EXPENDITURE;
(c) ANY LOSS OF, OR DAMAGE OR INTERRUPTION TO, DATA, NETWORKS, INFORMATION SYSTEMS, REPUTATION, OR GOODWILL; AND/OR
(d) THE COST OF PROCURING ANY SUBSTITUTE GOODS OR SERVICES.

10.2. THE COMBINED AGGREGATE LIABILITY OF COMPANY AND ALL COMPANY AFFILIATES UNDER, OR OTHERWISE IN CONNECTION WITH, THIS AGREEMENT SHALL NOT EXCEED THE AMOUNT OF FEES ACTUALLY PAID BY CUSTOMER TO COMPANY UNDER THIS AGREEMENT IN THE SIX (6) MONTHS IMMEDIATELY PRECEDING THE DATE GIVING RISE TO LIABILITY (OR, IF NO FEES APPLY, ONE HUNDRED US DOLLARS (USD$100)).

10.3. THE FOREGOING EXCLUSIONS AND LIMITATION SHALL APPLY: (A) TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW; (B) EVEN IF A PARTY HAS BEEN ADVISED, OR SHOULD HAVE BEEN AWARE, OF THE POSSIBILITY OF LOSSES, DAMAGES, OR COSTS; (C) EVEN IF ANY REMEDY IN THIS AGREEMENT FAILS OF ITS ESSENTIAL PURPOSE; AND (D) REGARDLESS OF THE THEORY OR BASIS OF LIABILITY, AND WHETHER IN CONTRACT, TORT (INCLUDING WITHOUT LIMITATION FOR NEGLIGENCE OR BREACH OF STATUTORY DUTY), STRICT LIABILITY, MISREPRESENTATION, RESTITUTION, OR OTHERWISE.

11.INDEMNIFICATION

11.1. Indemnification by Company. In the event that, during the term of this Agreement or the six (6) month period thereafter, a third party makes or institutes any claim, action, or proceeding against Customer alleging that Customer’s authorized access and use of the Platform infringes such third party’s copyright or patent (an “Infringement Claim”), Company shall:

(a) At its own expense, defend Customer against the Infringement Claim; and
(b) Indemnify and hold harmless Customer for any amount finally awarded against or imposed upon Customer by the court (or otherwise agreed in settlement) under the Infringement Claim (provided, however, that any insurance recoveries and/or indemnity or contribution amounts received by the Customer prior to receipt of indemnification by Company, shall reduce the indemnifiable amount to be paid by Company by the amount of such recovery).

Company will have no obligation or liability under this Section (Indemnification by Company) to the extent that the Infringement Claim is based on or results from: (i) a modification to the Platform not made by Company; (ii) the combination of the Platform with any third party product or service; and/or (iii) any Customer instructions or specifications.

Should the Platform (in whole or in part) become, or in Company’s opinion be likely to become, the subject of an Infringement Claim or an injunction prohibiting Customer’s use of the Platform, then Customer permits Company, at Company’s option and expense, to either: (x) obtain for Customer the right to continue using the Platform (or part thereof, as applicable); or (y) replace or modify the Platform (or part thereof, as applicable) so that its use hereunder becomes non-infringing; provided, however, that if (x) and (y) are not, in Company’s opinion, commercially feasible, Company may terminate this Agreement upon written notice to Customer, following which Customer shall be entitled to receive a pro-rated refund of any prepaid Subscription-related Fees hereunder based remaining period of the Subscription Term.

Company’s aggregate liability under this Section (Indemnification by Company) shall be capped at the lower of: (a) ten (10) times the amounts actually paid by Customer to Company under this Agreement; and (b) Two Million US Dollars (US$ 2,000,000). This Section (Indemnification by Company) represents the Company’s sole obligation and liability, and the Customer’s sole remedy, for any allegations or claims of infringement relating to the Platform.

11.2. Indemnification by Customer. If Company or its Affiliates (or their respective directors, officers, or employees) (collectively, “Company Indemnitees“) incur or suffer any loss or liability whatsoever (including but not limited to a fine, penalty, damages award, legal costs and expenses such as attorney’s fees, etc.) under or in connection with any demand, claim, suit, or proceeding made or brought (whether by an individual, organization, or governmental agency) against a Company Indemnitee (each, a “Misuse Claim“), and such Misuse Claim arises directly or indirectly from any breach by Customer under this Agreement and/or from Customer’s use of the Platform, Customer agrees to:

(a) Indemnify and hold harmless the Company Indemnitee(s) for such losses and liabilities; and
(b) Defend the Company Indemnitee(s) against the Misuse Claim, at Customer’s own cost and expense.

11.3. Indemnity Procedure. . As a condition to indemnification under this Section (Indemnification), the indemnified Party agrees: (A) to provide the indemnifying Party with prompt written notice of the Infringement Claim or Misuse Claim, as applicable (the “Claim”); (B) to cede to the indemnifying Party sole control of the defense and settlement of the Claim (except that any settlement shall require the indemnified Party’s prior written consent, not to be unreasonably withheld, conditioned or delayed); (C) to provide the indemnifying Party with all information and assistance reasonably requested by it; and (D) not to admit any liability under (or otherwise compromise the defense of) the Claim. The indemnified Party may participate in the defense of the Claim at its own cost and expense.

12. TERM AND TERMINATION

12.1. Term of Agreement. This Agreement commences on the Effective Date and, unless terminated in accordance herewith, shall continue in full force and effect until all Orders expire or are terminated (the “Term”).

12.2. Term of Orders and Auto-Renewals. An Order commences on the effective date specified therein (or if no effective date is specified, then upon execution) and continues for the initial subscription term specified therein (the “Initial Subscription Term“). Unless specified otherwise in the applicable Order, or unless the Order is terminated in accordance with Section ‎12.3 (Termination of Orders), upon expiration of the Initial Subscription Term, the Order shall automatically renew for successive renewal terms of equal length (each a “Renewal Subscription Term”, and together with the Initial Subscription Term, the “Subscription Term“), unless either Party notifies the other Party in writing that it chooses not to renew (“Non-Renewal Notice“). For an annual Subscription plan, the Non-Renewal Notice must be given at least thirty (30) days prior to the end of the then-current Subscription Term. For a monthly Subscription plan, the Non-Renewal Notice must be given prior to the end of the then-current Subscription Term. At the commencement of each Renewal Subscription Term, Company shall be entitled to invoice Customer for the applicable Fees therefor.

Upon termination request Zesty will stop all cost optimization actions and if applicable, publish the Reserved Instances purchased by Zesty on AWS marketplace.

12.3. Termination of Orders. An Order may be terminated as follows:

(a) In accordance with any termination rights specified therein;
(b) Either Party may terminate an Order for cause upon written notice if the other Party commits a material breach under the Order and/or under this Agreement, and fails to cure such breach within thirty (30) days after receiving written notice from the other Party alleging the breach. The foregoing 30-day cure period shall: (i) not be required if the breach is not curable; and (ii) be reduced to ten (10) days if the material breach in question is non-payment by Customer;
(c) Either Party may terminate an Order upon written notice to the other Party upon the occurrence of any of the following events in respect of such other Party: (i) a receiver is appointed for the other Party or its property, which appointment is not dismissed within sixty (60) days; (ii) the other Party makes a general assignment for the benefit of its creditors; (iii) the other Party commences, or has commenced against it, proceedings under any bankruptcy, insolvency or debtor’s relief Law, which proceedings are not dismissed within sixty (60) days; or (iv) the other Party is liquidating, dissolving or ceasing normal business operations;
(d) Company may terminate an Order for convenience upon thirty (30) days’ prior written notice to Customer. In case of such termination for convenience by Company, Customer shall be entitled to receive a pro-rated refund of any pre-paid and unutilized Fees under such Order based on the remaining period of the then-current Subscription Term; and
(e) Customer may, within the initial five (5) business days of an Order, terminate the Order for convenience upon written notice to Company. In case of such termination for convenience by Customer, Customer shall be entitled to receive a pro-rated refund of any pre-paid and unutilized Fees under such Order based on the remaining period of the Initial Subscription Term.

12.4. Suspension. Company reserves the right to temporarily suspend provision of the Platform: (a) if Customer is seven (7) days or more overdue on a payment; (b) if Company deems such suspension necessary as a result of Customer’s breach of the Subscription (such as a breach under Section‎4.2 (Restrictions)); (c) if Company reasonably determines suspension is necessary to avoid material harm to Company, to its other customers, or to the Platform, including if the Platform’s cloud infrastructure is experiencing denial of service attacks or other attacks or disruptions outside of Company’s control, or (d) as required by Law or at the request of governmental entities.

12.5. Effect of Termination; Survival. Upon termination of this Agreement for any reason: (a) the Subscription shall automatically terminate; (b) Customer shall cease all access and use of the Platform, and shall uninstall and permanently delete all copies of the Binary (and Company shall be entitled to verify same) and certify in a signed writing that it has done so; and (c) Customer shall pay any outstanding Fees and other charges that accrued as of termination, which shall become immediately due and payable, and, if necessary Company shall issue a final invoice therefor. Customer acknowledges that following termination it will have no further access to any Customer Content within the Platform, and that Company may (but shall not be obligated to) delete any Customer Content as may have been stored by Company at any time. Sections ‎‎‎‎7 (Ownership) through ‎‎13 (Miscellaneous) shall survive termination of this Agreement, as shall any right, obligation or provision that is expressly stated to so survive or that ought by its nature to survive. Termination shall not affect any rights and obligations accrued as of the effective date of termination.

13. MISCELLANEOUS

13.1. Entire Agreement. This Agreement (and its Schedules) represents the entire agreement of the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings and statements by the Parties with respect to such subject matter. In entering into this Agreement, neither Party is relying on any representation or statement not expressly specified in this Agreement. Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement, which shall be deemed rejected, void, and of no effect. The section and subsection headings used in this Agreement are for convenience of reading only, and shall not be used or relief upon to interpret this Agreement. This Agreement may be executed in any number of counterparts (including digitally, electronically scanned and e-mailed PDF copies, and any similarly signed and electronically or digitally transmitted copies) each of which will be considered an original, but all of which together will constitute one and the same instrument.

13.2. Modifications to Agreement. Company may, from time to time, amend and modify this Agreement, with notice to Customer via email or via the Platform (an “Agreement Modification“). Except as otherwise indicated below, an Agreement Modification shall automatically take effect and apply to Customer as of the next Renewal Subscription Term (if any). Notwithstanding the foregoing, in some cases (for example, to address compliance with Laws, or as necessary for new features and functionalities) Company may specify that an Agreement Modification will become effective immediately or at a specified date. If the effective date of an Agreement Modification is during Customer’s then-current Subscription Term, and the Agreement Modification is material and adverse (that is, it expands Customer’s obligations and liabilities in a material way), and Customer objects to the Agreement Modification, then, as Customer’s sole remedy, and Company’s sole obligation and liability, Customer may terminate the affected Order upon written notice to Company and receive a pro-rated refund of any pre-paid and unutilized Fees under such Order based on the remaining period of the then-current Subscription Term; provided, however, that in order to exercise this right, Customer must provide Company with written notice of its objection and termination (which notice must include an explicit reference to the Agreement Modification to which Customer objects) within thirty (30) days of Company’s notice of the Agreement Modification. For the avoidance of doubt, an Order is subject to the version of the Agreement in effect at the time of the Order.

13.3. Feature Specific Terms. Features and functionalities may be accompanied by separate or additional terms and conditions (in each case, “Feature Specific Terms“). Except to the extent expressly stated otherwise within Feature Specific Terms, all Feature Specific Terms apply in addition to (and not instead of) this Agreement.

13.4. Third Party Content. The Platform may present, or otherwise allow Customer to view, access, link to, and/or interact with, Content from third parties and other sources that are not owned or controlled by Company (such Content, “Third Party Content“). The Platform may also enable Customer to communicate with the related third parties. The display or communication to Customer of such Third Party Content does not (and shall not be construed to) in any way imply, suggest, or constitute any sponsorship, endorsement, or approval by Company of such Third Party Content or third party, nor any affiliation between Company and such third party. Company shall have no obligation or liability of any kind whatsoever for Third Party Content or for the third party’s policies, practices, actions, or omissions.If Customer enables or uses Third Party Content with the Platform, Company will allow the Third PartyContent providers to access and use Customer Content as required for the interoperation of the Third Party Content and the Platform. Any Third Party Content provider’s use of Customer Content is subject to the applicable agreement between Customer and the Third Party Content provider.

13.5. Third Party Software. The Platform may include what is commonly referred to as ‘open source’ software. Under some of their respective license terms and conditions, Company may be required to provide Customer with notice of the license terms and attribution to the third party, in which case Company may provide Customer with such information (whether via the Platform, via the Site, or otherwise). Notwithstanding anything to the contrary herein, use of the open source software will be subject to the license terms and conditions applicable to such open source software, to the extent required by the applicable licensor (which terms and conditions shall not restrict the license rights granted to Customer hereunder), and to the extent any such license terms and conditions grant Customer rights that are inconsistent with the limited rights granted to Customer in this Agreement, then such rights in the applicable open source license shall take precedence over the rights and restrictions granted in this Agreement, but solely with respect to such open source software. Company will comply with any valid written request submitted by Customer to Company for exercising any rights Customer may have under such license terms and conditions.

13.6.Assignment. This Agreement may not be assigned by Customer, in whole or in part, without Company’s prior express written consent. Company may assign this Agreement, in whole or in part, without restriction or obligation. Furthermore, any Company obligation hereunder may be performed (in whole or in part), and any Company right (including invoice and payment rights) or remedy may be exercised (in whole or in part), by an Affiliate of Company. Any prohibited assignment will be null and void. Subject to the provisions of this Section (Assignment), this Agreement will bind and inure to the benefit of each Party and its respective successors and assigns.

13.7. Governing Law; Jurisdiction. This Agreement shall be governed by, and construed in accordance with, the laws of the State of New York, USA without regard to any conflicts of laws rules or principles. The United Nations Convention on Contracts for the International Sale of Goods, as well as the Uniform Computer Information Transactions Act (UCITA) (regardless of where or when adopted), shall not apply to this Agreement and are hereby disclaimed. Any claim, dispute or controversy between the Parties will be subject to the exclusive jurisdiction and venue of the courts located in New York County, New York, USA and each Party hereby irrevocably submits to the personal jurisdiction of such courts and waives any jurisdictional, venue, or inconvenient forum objections to such courts. Notwithstanding the foregoing, each Party may seek equitable relief in any court of competent jurisdiction. EACH PARTY IRREVOCABLY WAIVES ITS RIGHT TO TRIAL OF ANY ISSUE BY JURY. EXCEPT TO SEEK EQUITABLE RELIEF, PAYMENT OF FEES, OR TO OTHERWISE PROTECT OR ENFORCE A PARTY’S INTELLECTUAL PROPERTY RIGHTS OR CONFIDENTIALITY OBLIGATIONS, NO ACTION, REGARDLESS OF FORM, UNDER THIS AGREEMENT MAY BE BROUGHT BY EITHER PARTY MORE THAN ONE (1) YEAR AFTER THE DATE ON WHICH THE CORRESPONDING LIABILITY AROSE. Any claims or damages that Customer may have against Company shall only be enforceable against Company, and not any other entity or Company’s officers, directors, representatives, employees, or agents.

13.8. Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be illegal, invalid or unenforceable, then: (a) the remaining provisions of this Agreement shall remain in full force and effect; and (b) the Parties agree that the court making such determination shall have the power to limit the provision, to delete specific words or phrases, or to replace the provision with a provision that is legal, valid and enforceable and that most closely approximates the original legal intent and economic impact of such provision, and this Agreement shall be enforceable as so modified in respect of such jurisdiction. In the event such court does not exercise the power granted to it as aforesaid, then such provision will be ineffective solely as to such jurisdiction, and will be substituted (in respect of such jurisdiction) with a valid, legal and enforceable provision that most closely approximates the original legal intent and economic impact of such provision.

13.9. Publicity. Company may use Customer’s name and logo on Company’s website and in its promotional materials to state that Customer is a customer of the Platform. Moreover: (a) within thirty (30) days of the Effective Date, Customer agrees to provide a quote from one of Customer’s executives about the Platform, for publication in Company’s marketing materials, such as the Site; and (b) Customer agrees to reasonably cooperate with Company in the creation and promotion of a case-study to be published in Company’s marketing materials, such as the Site. For the avoidance of doubt, use and publication of such quotes and case-study shall be at Company’s sole discretion.

13.10. Waiver and Remedies. No failure or delay on the part of either Party in exercising any right or remedy hereunder will operate as a waiver thereof, nor will any single or partial exercise of any such right or remedy preclude any other or further exercise thereof, or the exercise of any other right or remedy. Any waiver granted hereunder must be in writing, duly signed by the waiving Party, and will be valid only in the specific instance in which given. Except as may be expressly provided otherwise in this Agreement, no right or remedy conferred upon or reserved by either Party under this Agreement is intended to be, or will be deemed, exclusive of any other right or remedy under this Agreement, at law, or in equity, but will be cumulative of such other rights and remedies.

13.11. Data Processing Agreement (DPA). To the extent that, in connection with the processing of Customer Data pursuant to this Agreement, Customer requires a data processing agreement: (a) Customer shall execute (and deliver to Company the executed copy of) the DPA; and (b) Company processes any Personal Data (as defined in the DPA) of the Customer and/or its Affiliates solely as Processor (as defined in the DPA), and Customer shall be the Controller (as defined in the DPA). In addition to any further instructions specified in the DPA, this Agreement represents Customer’s instructions for processing of Customer Data.In the event Customer fails to deliver an executed version of the DPA to Company, then: (a) to the maximum extent permitted by law, Customer shall be solely and fully responsible and liable for any breach, violation, infringement, and/or processing of such Personal Data without a data processing agreement; (b) in the event of any demand, claim, or proceeding of any kind related to any such breach, violation, or infringement, and/or any demand, claim, or proceeding related to processing of such Personal Data without a data processing agreement, Customer shall defend, hold harmless and indemnify Company and its Affiliates (as well as their respective employees, officers, directors, subcontractors and agents) from and against any and all losses, penalties, fines, damages, liabilities, settlements, costs and expenses, including reasonable attorneys’ fees incurred or suffered by such persons; and (c) any limitations on, or exclusions of, of Customer’s liability under this Agreement shall not apply in connection with the above subparagraphs (a) and (b).

13.12. No Third Party Beneficiaries. Except as may be otherwise expressly provided in this Agreement (such as Company’s Affiliates), there shall be no third-party beneficiaries of or under this Agreement.

13.13. Relationship. The relationship of the Parties is solely that of independent contractors, neither Party nor its employees are the servants, agents, or employees of the other, and no exclusivities arise out of this Agreement. Nothing in this Agreement shall be construed to create a relationship of employer and employee, principal and agent, joint venture, franchise, fiduciary, partnership, association, or otherwise between the Parties. Except to the extent required by Company in connection with the provision of the Platform and/or the performance of the Company’s obligations hereunder, neither Party has any authority to enter into agreements of any kind on behalf of the other Party and neither Party will create or attempt to create any obligation, express or implied, on behalf of the other Party.

13.14.Force Majeure. Neither Party shall have any liability for any performance (excluding payment obligations) under this Agreement that is prevented, hindered, or delayed by reason of an event of Force Majeure (defined below). The Party so affected shall be excused from such performance to the extent that, and for so long as, performance is prevented, interrupted, or delayed by the Force Majeure. If and when performance is resumed, all dates specified under this Agreement shall be automatically adjusted to reflect the period of such prevention, interruption, or delay by reason of such Force Majeure. For purposes of this Agreement, an event of “Force Majeure” shall be defined as: (a) fire, flood, earthquake, explosion, pandemic or epidemic (or similar regional health crisis), or act of God; (b) strikes, lockouts, picketing, concerted labor action, work stoppages, other labor or industrial disturbances, or shortages of materials or equipment, not the fault of either party; (c) invasion, war (declared or undeclared), terrorism, riot, or civil commotion; (d) an act of governmental or quasi-governmental authorities (including without limitation lockdowns); (e) failure of the internet or any public telecommunications network, hacker attacks, denial of service attacks, virus or other malicious software attacks or infections, shortage of adequate power or transportation facilities; and/or (f) any matter beyond the reasonable control of the affected party. Notwithstanding the foregoing, Customer shall not be entitled to use, or rely on, this Section (Force Majeure) in connection with any Customer breach of the Subscription and/or of Company’s Intellectual Property Rights. For the avoidance of doubt, any problems relating to hosting of the Platform by a third party is beyond the reasonable control of Company.

13.15. Notices. Except as may be specified otherwise in this Agreement, all notices, consents, or other communications provided for in connection with this Agreement shall be in writing, and shall be deemed given upon: (a) personal delivery; (b) the second business day after mailing via either U.S. mail or mailing via registered or certified mail with postage prepaid and return receipt requested; (c) upon delivery confirmation by nationally recognized overnight delivery service (“Courier“); (d) the second business day after sending confirmed by facsimile; (e) the first business day after sending by email. Notwithstanding the foregoing, Customer agrees that Company may also give Customer notices via Customer’s Account and/or via postings on or through the functionality of the Platform (and such notices shall be deemed given immediately). Notices by Customer to Company must be given by Courier or U.S. mail to: Lincoln 20, Tel Aviv, Israel, Attn: Legal Department.

13.16. Export Compliance. Customer shall be solely responsible for obtaining all required authorizations and licenses from applicable government authorities under Export Control Laws, in connection with Customer’s use of the Platform. Customer represents and warrants that: (a) it is not a resident of, and will not access or use the Platform in, a country that the U.S. government has embargoed for use of the Platform, and that Customer is not a person or entity named on the U.S. Treasury Department’s list of Specially Designated Nationals or any other applicable trade sanctioning regulations of any jurisdiction; and (b) its country of residence and/or incorporation (as applicable) is the same as the country specified in the contact and/or billing address provided to Company. Customer shall not transfer, export, re-export, import, re-import or divert the Platform in violation of any Export Control Laws (defined below), and shall not transfer, export, re-export, import, re-import or divert any the Platform to Lebanon, Syria, Iran, Iraq, Sudan, Yemen, Cuba, or North Korea (or other countries specifically designated in writing by Company from time to time). In the event of a breach under this Section (Export Compliance), Customer agrees to indemnify and hold harmless Company and all Company Affiliates (and their respective directors, officers, and employees) for any fines and/or penalties imposed upon Company or a Company Affiliate (or such persons) as a result of such breach. “Export Control Laws” means all applicable export and re-export control Laws applicable to Customer and/or Company or its Affiliates, as well as the United States’ Export Administration Regulations (EAR) maintained by the US Department of Commerce, trade and economic sanctions maintained by the US Treasury Department’s Office of Foreign Assets Control, and the International Traffic in Arms Regulations (ITAR) maintained by the US Department of State.

13.17. Expense. Except as may be expressly stated otherwise in this Agreement, each Party shall pay its own costs and expenses incurred in connection with the negotiation, preparation, signature and performance of this Agreement (and any documents referred to in it).

13.18. Government Users. If Customer is a U.S. government entity, or this Agreement otherwise becomes subject to the Federal Acquisition Regulations (FAR), Customer acknowledges that the Platform constitutes “commercial computer software” and “commercial computer software documentation” as such terms are used in FAR 12.212, DFARS 252.227-7014 and DFARS 227.7202. In accordance with FAR 12.211-12.212 and DFARS 227.7102-4 and 227.7202-4, as applicable, the rights of the U.S. Government to use, modify, reproduce, release, perform, display, or disclose commercial computer software, commercial computer software documentation, and technical data furnished in connection with the Platform shall be as provided in this Agreement. If a government agency needs additional rights, it must negotiate a mutually acceptable signed written addendum to this Agreement specifically granting those rights.

13.19. Customer Resources. Except for the Platform, Customer shall be solely responsible: (a) for providing all hardware, software, systems, assets, facilities, and ancillary goods and services needed for Customer to access and use the Platform; (b) for ensuring their compatibility with the Platform; and (c) for obtaining (and maintaining) all consents and licenses necessary to exercise Customer’s rights under the Subscription, as well as configuring all permissions (such as IAM permissions) to allow the Platform to operate. In the event Company is legally or contractually required to modify or replace features or functionalities of the Platformin order to ensure the Platform complies with the terms of service or privacy policies of various platforms, networks and/or websites, Customer shall be responsible for making all necessary changes to Customer’s hardware, software, systems, assets, and facilities in order to continue using the Platform.

13.20. Subpoenas. Nothing in this Agreement prevents Company from disclosing Customer Content to the extent required by Law, subpoenas, or court orders, but Company will use commercially reasonable efforts to notify Customer where permitted to do so.

13.21. Anti-Corruption. Customer agrees that it has not received or been offered any illegal or improper bribe, kickback, payment, gift or thing of value from any of Company’s employees or agents, or otherwise from any Channel Partners, in connection with this Agreement. If Customer learns of any violation of the above restriction, Customer shall use reasonable efforts to promptly notify Company.

SCHEDULE A

Non-Utilization Credit SLA

1. DEFINITIONS

1.1. “Managed RI” means an RI that was purchased by Company and wasn’t modified, converted, exchanged or sold by the Customer.
1.2. “Managed SP” means an SP that was purchased by Company.
1.3. “Managed Savings” means the total savings generated by the cost optimization actions performed by Company.
1.4. “RI” means a reserved instance.
1.5. “SP” means a savings plan.
1.6. “RI Utilization” means a Managed RI that was applied to the usage under an account or sub-account in the Customer’s organization.
1.7. “SP Utilization” means a Managed SP that was applied to the usage under an account or sub-account in the Customer’s organization.
1.8. “RI non-Utilization” means Managed RIs that were not utilized by the Customer.
1.9. “SP non-Utilization” means Managed SPs that were not utilized by the Customer.
1.10. “Non-Utilization Credits” means the monetary credits(to be applied for future use) awardedby Company to Customer, as a result of RI non-Utilization and/or SP non-Utilization. These credits will be creditedagainst theamounts payable by Customer in the next billing cycle/invoice.

2. CREDITS

2.1 Credits Eligibility. Eligibility of Non-Utilization Credits is assessed on a calendar monthly basis. Customer will be entitled to Non-Utilization Credits for any reduction of the machines (from a single family type within the same region) where there are Managed RIs and/or Managed SPs (a “Reduction“); provided, however, that to be eligible for Non-Utilization Credits for any such Reduction in excess of thirty percent (30%) (the “Excess Portion“), Customer must provide Company at least thirty (30) days’ prior written notice of such Reduction. Failure to provide such notice shall render the Excess Portion ineligible for Non-Utilization Credits.
For the avoidance of doubt, each of the following shall be treated as a Reduction: (a) SP non-Utilization and/or RI non-Utilization resulting from Customer (whether itself or via a third party) purchasing RIs and/or SPs; and (c) SP non-Utilization and/or RI non-Utilization resulting from Customer disconnecting from the Platform.

2.2. Maximum Credits. The aggregate maximum Non-Utilization Credits to be issued by Company to Customer for any and all RI non-Utilizationand/or SP non-Utilization that occurs in a single calendar month, shall be capped at one hundred percent (100%) of the Fees due by Customer to Company during the applicable month (the “Monthly Credits Cap“). For the avoidance of doubt, Non-Utilization Credits in excess of the Monthly Credits Cap shall not carry forward to any subsequent months. THE CUSTOMER HEREBY ACKNOWLEDGES AND AGREESTHAT THE RIGHT TO RECEIVE NON-UTILIZATION CREDITS CONSTITUTES CUSTOMER’S SOLE REMEDY, AND COMPANY’S SOLE LIABILITY, FOR ANY RI NON-UTILIZATION, SP NON-UTILIZATION, OVERPROVISIONING, OR DOWNTIME EVENTS.

2.3. Other SLA Exclusions. THIS NON-UTILIZATION CREDIT SLA DOES NOT APPLY TO ANY SP NON-UTILIZATION AND/OR RI NON-UTILIZATION: (I) EXPLICITLY EXCLUDED HEREUNDER; (II) CAUSED BY FACTORS BEYOND COMPANY’S REASONABLE CONTROL; (III) RESULTING FROM THE CUSTOMER’S SOFTWARE OR SYSTEMS, AS WELL AS ANY EVENTS CAUSED BY THE CUSTOMER’S OWN MANAGEMENT OR MISUSE OF THE PLATFORM; (IV) RESULTING FROM ABUSES OR OTHER BEHAVIORS ON BEHALF OF THECUSTOMER ORUNRELATED THIRD PARTIES THAT VIOLATE THE AGREEMENT; AND/OR (V) RESULTING FROM DOWNTIME OF THE HOSTINGPROVIDER AND/OR CUSTOMER CLOUD PROVIDER.

SCHEDULE B

Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) forms part of the Zesty Customer Terms and Conditions (the “Agreement”). You acknowledge that you on behalf of your organization (collectively, “You”, “Your”, “Client”, or “Data Controller”) have read and understood and agree to comply with this DPA, and are entering into a binding legal agreement withZestyTech Ltd. on behalf of itself and its Affiliates(“Zesty”, “Us”, “We”, “Our”, “Service Provider” or “Data Processor”) to reflect the Parties’ agreement with regard to the Processing of Personal Data (as such terms are defined below) of GDPR-protected individuals. Both parties shall be referred to as the “Parties” and each, a “Party”.

WHEREAS, Zesty shall provide the products and services set forth in the Agreement (collectively, the “Services”) for Client, as described in the Agreement;and WHEREAS, The Services may entail the processing of personal data in accordance with the General Data Protection Regulation (EU) 2016/679 EU and its corresponding implementation laws in the EU Member States (collectively, the “Data Protection Laws and Regulations”); and

WHEREAS, In the course of providing the Services pursuant to the Agreement, we may process Personal Data on Your behalf, in the capacity of a “Data Processor”; and the Parties wish to set forth the arrangements concerning the processing of Personal Data within the context of the Services and agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.

NOW THEREFORE, in consideration of the mutual promises set forth herein and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged by the Parties, the parties, intending to be legally bound, agree as follows:

1. INTERPRETATION AND DEFINITIONS

1.1. The headings contained in this DPA are for convenience only and shall not be interpreted to limit or otherwise affect the provisions of this DPA.

1.2. References to clauses or sections are references to the clauses or sections of this DPA unless otherwise stated.

1.3. Words used in the singular include the plural and vice versa, as the context may require.

1.4. Capitalized terms not defined herein shall have the meanings assigned to such terms in the Agreement.
Definitions:

(A) “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
(B) “AuthorizedAffiliate” means any of Client’s Affiliate(s) which (a) is subject to the Data Protection Laws And Regulations of the European Union, the European Economic Area and/or their member states, Switzerland and/or the United Kingdom, and (b) is permitted to use the Services pursuant to the Agreement between Client and Zesty, but has not signed its own agreement with Zesty and is not a “Client” as defined under the Agreement.
(C) “Controller” or “DataController” means the entity which determines the purposes and means of the Processing of Personal Data. For the purposes of this DPA only, and except where indicated otherwise, the term “Data Controller” shall include Client and/or the Client’s Authorized Affiliates.
(D) “DataProtectionLawsandRegulations” means all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their Member States, Switzerland and the United Kingdom, applicable to the Processing of Personal Data under the Agreement.
(E) “DataSubject” means the identified or identifiable person to whom the Personal Data relates.
(F) “MemberState” means a country that belongs to the European Union and/or the European Economic Area. “Union” means the European Union.
(G) “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
(H) “PersonalData” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
(I) “Process(ing)” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
(J) “Processor” or “DataProcessor” means the entity which Processes Personal Data on behalf of the Controller.
(K) “SecurityDocumentation” means the Security Documentation applicable to the specific Services purchased by Client, as updated from time to time, and accessible athttps://zesty.co/security-overview/, or as otherwise made reasonably available by Zesty.
(L) “Sub-processor” means any Processor engaged by Zesty and/or Zesty.
(M) “SupervisoryAuthority” means an independent public authority which is established by an EU Member State pursuant to the GDPR.

2. PROCESSING OF PERSONAL DATA

2.1. Roles of the Parties. The Parties acknowledge and agree that with regard to the Processing of Personal Data, (i) Client is the Data Controller, (ii) Zesty is the Data Processor and that (iii) Zesty may engage Sub-processors pursuant to the requirements set forth in Section 5 “Sub-processors” below.

2.2. Client’s Processing of Personal Data. Client shall, in its use of the Services, Process Personal Data in accordance with the requirements of Data Protection Laws and Regulations. For the avoidance of doubt, Client’s instructions for the Processing of Personal Data shall comply with Data Protection Laws and Regulations. Client shall have sole responsibility for the means by which Client acquired Personal Data. Without limitation, Client shall comply with any and all transparency-related obligations (including, without limitation, displaying any and all relevant and required privacy notices or policies) and shall have any and all required legal bases in order to collect, Process and transfer to Zesty the Personal Data and to authorize the Processing by Zesty of the Personal Data which is authorized in this DPA. Client shall defend, hold harmless and indemnify Zesty, its Affiliates and subsidiaries (including without limitation their directors, officers, agents, subcontractors and/or employees) from and against any liability of any kind related to any breach, violation or infringement by Client and/or its authorized users of any Data Protection Laws and Regulations and/or this DPA and/or this Section.

2.3. Zesty’s Processing of Personal Data.

2.3.1. Subject to the Agreement, Zesty shall Process Personal Data in accordance with Client’s documented instructions for the following purposes: (i) Processing in accordance with the Agreement and this DPA and to provide the Services; (ii) Processing for Client to be able to use the Services; (iii) Processing to comply with other documented reasonable instructions provided by Client (e.g., via email) where such instructions are consistent with the terms of the Agreement; (iv) Processing as required by Union or Member State law to which Zesty is subject; in such a case, Zesty shall inform the Client of the legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
2.3.2. To the extent that Zesty cannot comply with a request from Client and/or its authorized users (including, without limitation, any instruction, direction, code of conduct, certification, or change of any kind), Zesty (i) shall inform Client, providing relevant details of the problem, (ii) Zesty may, without any kind of liability towards Client, temporarily cease all Processing of the affected Personal Data (other than securely storing those data), and (iii) if the Parties do not agree on a resolution to the issue in question and the costs thereof, each Party may, as its sole remedy, terminate the Agreement and this DPA with respect to the affected Processing, and Client shall pay to Zesty all the amounts owed to Zesty or due before the date of termination. Client will have no further claims against Zesty (including, without limitation, requesting refunds for Services) due to the termination of the Agreement and/or the DPA in the situation described in this paragraph (excluding the obligations relating to the termination of this DPA set forth below).
2.3.3. Zesty will not be liable in the event of any claim brought by a third party, including, without limitation, a Data Subject, arising from any act or omission of Zesty, to the extent that such is a result of Client’s instructions.
2.3.4. If Client provides Zesty with instructions, requests, suggestions, comments or feedback (whether orally or in writing) with respect to the Services, Client acknowledges that any and all rights, including intellectual property rights, therein shall belong exclusively to Zesty and that such shall be considered Zesty’s intellectual property without restrictions or limitations of any kind, and Client hereby irrevocably and fully transfers and assigns to Zesty any and all intellectual property rights therein and waives any and all moral rights that Client may have in respect thereto.

2.4. Details of the Processing. The subject-matter of Processing of Personal Data by Zesty is the performance of the Services pursuant to the Agreement. The duration of the Processing, the nature and purpose of the Processing, as well as the types of Personal Data Processed and categories of Data Subjects under this DPA are further specified in ANNEX 1 (Details of the Processing) to this DPA.

3. RIGHTS OF DATA SUBJECTS

3.1. Data Subject Request. Zesty shall, to the extent legally permitted, promptly notify Client if Zesty receives a request from a Data Subject to exercise the Data Subject’s right of access, right to rectification, erasure (“right to be forgotten”), restriction of Processing, data portability, right to object, or its right not to be subject to automated individual decision making (“Data Subject Request”). Taking into account the nature of the Processing, Zesty shall assist Client by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Client’s obligation to respond to a Data Subject Request under Data Protection Laws and Regulations. In addition, to the extent Client, in its use of the Services, does not have the ability to address a Data Subject Request, Zesty shall upon Client’s request provide commercially reasonable efforts to assist Client in responding to such Data Subject Request, to the extent Zesty is legally permitted to do so and the response to such Data Subject Request is required under Data Protection Laws and Regulations. To the extent legally permitted, Client shall be responsible for any costs arising from Zesty’s provision of such assistance.

4. ZESTY'S PERSONNEL

4.1. Confidentiality.Zesty shall ensure that its personnel engaged in the Processing of Personal Data have committed themselves to confidentiality and non-disclosure.

4.2. 4.2. Zesty may disclose and Process the Personal Data (a) as permitted hereunder (b) to the extent required by a court of competent jurisdiction or other Supervisory Authority and/or otherwise as required by applicable Data Protection Laws and Regulations (in such a case, Zesty shall inform the Client of the legal requirement before the disclosure, unless that law prohibits such information on important grounds of public interest), or (c) on a “need-to-know” basis under an obligation of confidentiality to its legal counsel(s), data protection advisor(s) and accountant(s).

5. AUTHORIZATION REGARDING SUB-PROCESSORS

5.1. Appointment of Sub-processors. Client acknowledges and agrees that Zesty may engage third-party Sub-processors in connection with the provision of the Services.

5.2. List of Current Sub-processors and Notification of New Sub-processors.

5.2.1. Zesty shall make available to Client the current list of Sub-processors used by Zesty via https://www.Zesty.co/gdpr . Such Sub-processor list shall include the identities and details of those Subprocessors and their country of location (“Sub-processor List”). The Sub-processor List as of the date of execution of this DPA, or as of the date of publication (as applicable), is hereby, or shall be (as applicable), authorized by Client. In any event, the Sub-processor List shall be deemed authorized by Client unless it provides a written reasonable objection for reasons related to the GDPR within ten (10) business days following the publication of the Sub-processor List. Client may reasonably object for reasons related to the GDPR to Zesty’s use of an existing Sub-processor by providing a written objection to info@zesty.co. In the event Client reasonably objects to an existing Subprocessor, as permitted in the preceding sentences, Client may, as a sole remedy, terminate the applicable Agreement and this DPA with respect only to those Services which cannot be provided by Zesty without the use of the objected-to Sub-processor by providing written notice to Zesty provided that all amounts due under the Agreement before the termination date with respect to the Processing at issue shall be duly paid to Zesty . Client will have no further claims against Zesty due to (i) past use of approved Sub-processors prior to the date of objection or (ii) the termination of the Agreement (including, without limitation, requesting refunds) and the DPA in the situation described in this paragraph.
5.2.2. Zesty shall provide notification of any new Sub-processor(s) before authorizing such new Sub-processor(s) to Process Personal Data in connection with the provision of the Services.

5.3. Objection Right for New Sub-processors. Client may reasonably object to Zesty’s use of a new Sub-processor for reasons related to the GDPR by notifying Zesty promptly in writing within three (3) business days after receipt of Zesty’s notice in accordance with the mechanism set out in Section 5.2 and such written objection shall include the reasons related to the GDPR for objecting to Zesty’s use of such new Sub-processor. Failure to object to such new Sub-processor in writing within three (3) business days following Zesty’s notice shall be deemed as acceptance of the new Sub-Processor. In the event Client reasonably objects to a new Sub-processor, as permitted in the preceding sentences, Zesty will use reasonable efforts to make available to Client a change in the Services or recommend a commercially reasonable change to Client’s use of the Services to avoid Processing of Personal Data by the objected-to new Sub-processor without unreasonably burdening the Client. If Zesty is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Client may, as a sole remedy, terminate the applicable Agreement and this DPA with respect only to those Services which cannot be provided by Zesty without the use of the objected-to new Sub-processor by providing written notice to Zesty provided that all amounts due under the Agreement before the termination date with respect to the Processing at issue shall be duly paid to Zesty. Until a decision is made regarding the new Sub-processor, Zesty may temporarily suspend the Processing of the affected Personal Data. Client will have no further claims against Zesty due to the termination of the Agreement (including, without limitation, requesting refunds) and/or the DPA in the situation described in this paragraph.

5.4. Agreements with Sub-processors. Zesty shall respect the conditions referred to in Articles 28.2 and 28.4 of the GDPR when engaging another processor for Processing Personal Data provided by Client. In accordance with Articles 28.7 and 28.8 of the GDPR, if and when the European Commission lays down the standard contractual clauses referred to in such Article, the Parties may revise this DPA in good faith to adjust it to such standard contractual clauses.

6. SECURITY

6.1. Controls for the Protection of Personal Data Zesty shall maintain all industry-standard technical and organizational measures required pursuant to Article 32 of the GDPR for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Personal Data), confidentiality and integrity of Personal Data, as set forth in the Security Documentation which are hereby approved by Client. Zesty regularly monitors compliance with these measures. Upon the Client’s request, Zesty will assist Client, at Client’s cost, in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of the processing and the information available to Zesty.

6.2. Audits. Upon Client’s written request at reasonable intervals, and subject to the confidentiality obligations set forth in the Agreement and this DPA, Zesty shall make available to Client that is not a competitor of Zesty (or Client’s independent, third-party auditor that is not a competitor of Zesty) information about Zesty’s compliance with this DPA. At Client’s cost and expense, Zesty shall allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller (who is not a direct or indirect competitor of Zesty) provided that the parties shall agree on the scope, timing and conditions of such audits and inspections. Any information provided under this Section and any audits or inspections and the results therefrom, including the documents reflecting the outcome of the audit and/or the inspection, shall only be used by Client to assess compliance with this DPA, and shall not be used for any other purpose or disclosed to any third party without Zesty’s prior written approval and, upon Zesty’s first request, Client shall return all records or documentation in Client’s possession or control provided by Zesty’s in the context of the audit and/or the inspection.

7. PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION

Zesty maintains security incident management policies and procedures specified in Security Documentation and, to the extent required under applicable Data Protection Laws and Regulations, shall notify Client without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, including Personal Data, transmitted, stored or otherwise Processed by Zesty or its Sub-processors of which Zesty becomes aware (a “Personal Data Incident”). Zesty shall make reasonable efforts to identify the cause of such Personal Data Incident and take those steps as Zesty deems necessary and reasonable in order to remediate the cause of such a Personal Data Incident to the extent the remediation is within Zesty’s reasonable control. The obligations herein shall not apply to incidents that are caused by Client or Client’s users. In any event, Client will be the party responsible for notifying supervisory authorities and/or concerned data subjects (where required by Data Protection Laws and Regulations).

8. RETURN AND DELETION OF PERSONAL DATA

Subject to the Agreement, Zesty shall, at the choice of Client, delete or return the Personal Data to Client after the end of the provision of the Services relating to processing, and shall delete existing copies unless applicable law requires storage of the Personal Data. In any event, to the extent required or allowed by applicable law, Zesty may retain one copy of the Personal Data for evidence purposes and/or for the establishment, exercise or defense of legal claims and/or to comply with applicable laws and regulations. If the Client requests the Personal Data to be returned, the Personal Data shall be returned in the format generally available for Zesty’s customers of the Services.

9. AUTHORIZED AFFILIATES

9.1. Contractual Relationship. The Parties acknowledge and agree that, by executing the DPA, the Client enters into the DPA on behalf of itself and, as applicable, in the name and on behalf of its Authorized Affiliates, thereby establishing a separate DPA with Zesty. Each Authorized Affiliate agrees to be bound by the obligations under this DPA. All access to and use of the Services by Authorized Affiliates must comply with the terms and conditions of the Agreement and this DPA and any violation of the terms and conditions therein by an Authorized Affiliate shall be deemed a violation by Client.

9.2. Communication. The Client shall remain responsible for coordinating all communication with Zesty under the Agreement and this DPA and shall be entitled to make and receive any communication in relation to this DPA on behalf of its Authorized Affiliates.

10. OTHER PROVISIONS

10.1. GDPR. With effect from 25 May 2018, the Parties will Process the Personal Data in accordance with the GDPR requirements directly applicable to each Party in the context of the provision and use of the Services.

10.2. Collaboration with Clients’ Data Protection Impact Assessments. With effect from 25 May 2018, upon Client’s request, Zesty shall provide Client, at Client’s cost and expense, with reasonable cooperation and assistance needed to fulfil Client’s obligation under the GDPR to carry out a data protection impact assessment related to Client’s use of the Services, to the extent Client does not otherwise have access to the relevant information, and to the extent such information is available to Zesty. Zesty shall provide, at Client’s cost, reasonable assistance to Client in the cooperation or prior consultation with the Supervisory Authority in the performance of its tasks relating to Section 10.2 of this DPA, to the extent required under the GDPR.

10.3. Transfer mechanisms for data transfers.

(a) Transfers to countries that offer adequate level of data protection:
Personal Data may be transferred from the EU Member States, the three EEA member countries (Norway, Liechtenstein and Iceland) and the United Kingdom (collectively, “EEA”) to countries that offer adequate level of data protection under or pursuant to the adequacy decisions published by the relevant data protection authorities of the EEA, the Union, the Member States or the European Commission (“Adequacy Decisions”), without any further safeguard being necessary.
(b) Transfers to other countries:
If the Processing of Personal Data includes transfers from the EEA to countries which do not offer adequate level of data protection or which have not been subject to an Adequacy Decision (“Other Countries”), the Parties shall comply with Article 46 of the GDPR, including, if necessary, executing the standard data protection clauses adopted by the relevant data protection authorities of the EEA, the Union, the Member States or the European Commission or comply with any of the other mechanisms provided for in the GDPR for transferring Personal Data to such Other Countries.

10.4. For clarity, responsibility for compliance with the obligations corresponding to Data Controllers under Data Protection Laws and Regulations shall rest with Client and not with Zesty. Zesty may, at Client’s cost, provide reasonable assistance to Client with regards to such obligations.

11. TERMINATION

This DPA shall automatically terminate upon the termination or expiration of the Agreement under which the Services are provided. Sections 2.3.3, 2.3.4 and 12 shall survive the termination or expiration of this DPA for any reason.

12. RELATIONSHIP WITH

In the event of any conflict between the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail over the conflicting provisions of the Agreement.

Notwithstanding anything to the contrary in the Agreement and/or in any agreement between the parties: (A) Zesty’s (including Zesty’saffiliates’ and subsidiaries’) entire, total and aggregate liability, for any breach of this DPA and/or Data Protection Laws and Regulations, including, if any, any indemnification obligation under the Agreement regarding data protection or privacy, shall be limited to the amounts paid to Zesty under the Agreement. This limitation of liability is cumulative and not per incident; (B) In no event will Zesty and/or Zesty’s affiliates or subsidiaries and/or their third-party providers, be liable under, or otherwise in connection with this DPA for: (i) any indirect, exemplary, special, consequential, incidental or punitive damages; (ii) any loss of profits, business, or anticipated savings; (iii) any loss of, or damage to data, reputation, revenue or goodwill; and/or (iv) the cost of procuring any substitute goods or services; and (C) The foregoing exclusions and limitations on liability set forth in this Section shall apply: (i) even if Zesty or Zesty’s affiliates or subsidiaries or their third-party providers, have been advised, or should have been aware, of the possibility of losses or damages; (ii) even if any remedy in this DPA fails of its essential purpose; and (iii) regardless of the form, theory or basis of liability (such as, but not limited to, breach of contract or tort).

13. AMENDMENTS

This DPA may be amended at any time by a written instrument duly signed by each of the Parties.

14. LEGAL EFFECT

This DPA shall only become legally binding between Client and Zesty when the formalities steps set out in the Section “INSTRUCTIONS ON HOW TO EXECUTE THIS DPA” below have been fully completed.

15. SIGNATURE

The Parties represent and warrant that they each have the power to enter into, execute, perform and be bound by this DPA.

You, as the signing person on behalf of Client, represent and warrant that you have, or you were granted, full authority to bind the Client and, as applicable, its Authorized Affiliates, to this DPA. If you cannot, or do not have authority to, bind the Client and/or its Authorized Affiliates, you shall not supply or provide Personal Data to Zesty.

By signing this DPA, Client enters into this DPA on behalf of itself and, to the extent required or permitted under applicable Data Protection Laws and Regulations, in the name and on behalf of its Authorized Affiliates, if and to the extent that Zesty processes Personal Data for which such Authorized Affiliates qualify as the/a “data controller”.

Link to DPA Document

ANNEX 1 TO DPA – DETAILS OF THE PROCESSING

Zesty will Process Personal Data as necessary to perform the Services pursuant to the Agreement, as further instructed by Client in its use of the Services.
Nature and Purpose of Processing
1. Providing the Service(s) to Client.
2. Setting up profile(s) for users authorized by Client.
3. For Client to be able to use the Services.
4. For Zesty to comply with documented reasonable instructions provided by Client where such instructions are consistent with the terms of the Agreement.
5. Performing the Agreement, this DPA and/or other contracts executed by the Parties.
6. Providing support and technical maintenance, if agreed in the Agreement.
7. Resolving disputes.
8. Enforcing the Agreement, this DPA and/or defending Zesty’s rights.
9. Management of the Agreement, the DPA and/or other contracts executed by the Parties, including fees payment, account administration, accounting, tax, management, litigation; and
10 Complying with applicable laws and regulations, including for cooperating with local and foreign tax authorities, preventing fraud, money laundering and terrorist financing.
11. All tasks related with any of the above.

Duration of Processing

Subject to any Section of the DPA and/or the Agreement dealing with the duration of the Processing and the consequences of the expiration or termination thereof, Zesty will Process Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.

Duration of Processing

Client may submit Personal Data to the Services, the extent of which is determined and controlled by Client in its sole discretion, and which may include, but is not limited to the following categories of Personal Data__1. First name
2. Last name
3. Address
4. Phone number
5. Email address and email communications
6. Payment information
7. Cloud provider meta data (such as: names, types, locations and IP address, to the extent that it is consider personal data).
8. Any other Personal Data or information that the Client decides to provide to the Zesty or the Services.
The Client and the Data Subjects shall provide the Personal data to Zesty by supplying the Personal data to Zesty’s Service.
In some limited circumstances Personal Data may also come from others sources, for example, in the case of anti-money laundering research, fraud detection or as required by applicable law. For clarity, Client shall always be deemed the “Data Controller” and Zesty shall always be deemed the “Data Processor” (as such terms are defined in the GDPR).

Categories of Data Subjects

Client may submit Personal Data to the Services, the extent of which is determined and controlled by Client in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:

Employees, agents, advisors, freelancers of Client (who are natural persons).