This IPA Cloud Services Agreement is entered into between Innovative Product Achievements, LLC (“IPA”) and the entity you represent, or, if you do not designate an entity in connection with your Customer Account, you individually (“Customer”). It consists of the terms and conditions below along with any relevant Orders and the Data Processing Addendum (collectively, the “Agreement”).  By clicking accept or otherwise acknowledging this Agreement today (the “Effective Date”), Customer represents that it has read, understands, and agrees to be bound by this Agreement. Defined terms used in this Agreement have the meanings given in Section 12 below. 

1.    Use of the Services.

Customer may access and use the Services in accordance with this Agreement. Customer’s use of the Services will comply with the terms of this Agreement. To access the Services, Customer must (1) pay all applicable fees and charges for the Services, (2) create one or more Customer Accounts, and (3) have at least one active [THINK IPA DEVICE]. Customer must provide only true, accurate, and reasonably complete information when registering its account or when communicating with or responding to IPA and update such information when and as required to maintain its accuracy and completeness. Failure to do so will be a material breach of this Agreement. The terms governing previous Customer Accounts, regardless of previous agreements, will be superseded and governed by this Agreement. 

2.    Customer Responsibilities.

2.1.    Customer Content. Customer is solely responsible for the development, content, maintenance, accuracy and use of Customer Content. Customer agrees that Customer Content will not violate any of the Policies or any applicable law.

2.2.    Customer Accounts. Customer Accounts and log-in credentials for the Services are for Customer’s internal use only and Customer may not sell, transfer, or sublicense them to any other entity or person except that Customer may disclose its credentials to its agents and subcontractors performing work on behalf of Customer. Except to the extent caused by IPA’s breach of this Agreement, as between the parties, Customer is responsible for all activities that occur through the use of Customer Accounts. 

2.3.    Customer Security and Redundancy Obligations. Customer is responsible for managing its Customer Accounts in a manner consistent with maintaining the security of the Services, any Customer Accounts, and Customer Content. Customer will (1) promptly notify IPA of any unauthorized use of Customer Account, password, or connected equipment, or other breach of security of which it becomes aware, and (2) reasonably cooperate with IPA’s investigation of outages, security problems, or any other suspected breach of this Agreement.

2.4.    Third-Party Users. If Customer uses the Services Offerings to provide services to, or otherwise interact with, Third-Party Users, then Customer, and not IPA, will have the relationships with Third-Party Users (e.g., via executed contracts between Customer and third parties or via online terms of service). Customer, and not IPA, is responsible for Third Party Users’ use of Customer Content and the Services. To the extent that Customer enables Third Party Users to access the Services or Customer Content, Customer will ensure that all Third-Party Users comply with this Section 2 and that all terms of Customer’s agreement with Third-Party Users are not inconsistent with this Agreement. IPA will not provide any support or services directly to a Third-Party User unless IPA has a separate agreement with Customer or a Third-Party User obligating IPA to provide support or services to that Third Party User. 

2.5.    Documentation. IPA will provide any Documentation to Customer regarding use of the Services. Customer will use the Services in compliance with all restrictions and requirements specified in such provided Documentation.

3.    Privacy and Security.

3.1.    Security & Data Privacy. IPA will implement reasonable and appropriate measures for the Services (as determined by IPA) designed to help reduce the risk that Customer Content is accidentally or unlawfully lost, accessed, or disclosed in accordance with the Data Processing Addendum. IPA may modify the Data Processing Addendum from time to time but will continue to provide at least the same level of security as is described in the Data Processing Addendum on the Effective Date.

3.2.    Customer Data. Customer Data will be deleted from IPA servers in accordance with IPA’s standard destruction procedures. Notwithstanding anything to the contrary, Customer authorizes IPA to use Customer Content (1) to provide the Services in accordance with this Agreement, (2) develop, improve and enhance the Services and IPA’s other offerings (“Improvements”); and (3) to create deidentified data sets (“Deidentified Data”) and to use information about Customer’s use of the Services for its own business purposes. IPA will own all right, title, and interest in the Improvements and  Deidentified Data and any derivative works created therefrom\. THE SERVICES ARE NOT INTENDED TO FUNCTION AS A SYSTEM OF RECORD AND CUSTOMER IS SOLELY RESPONSIBLE FOR SECURING AND BACKING UP ANY DATA. IPA AND ITS SUPPLIERS WILL NOT BE RESPONSIBLE OR LIABLE FOR DELETION OF OR FAILURE TO STORE ANY CUSTOMER DATA MAINTAINED OR TRANSMITTED THROUGH USE OF THE SERVICES.

3.3.    Proprietary Information. In connection with Customer’s use of the Services, Customer may have access to certain confidential and/or proprietary information regarding IPA’s operations, technology, products, personnel, plans, systems, strategies, plans, finances, processes, procedures, methods, applications, trade secrets, or other aspects of our business (“Proprietary Information”). Customer acknowledges that IPA would be irreparably and materially harmed if any such Proprietary Information were disclosed to any unauthorized person or used for any purpose other than those described in this Agreement. Customer will protect from unauthorized disclosure, dissemination or use, all Proprietary Information of IPA using at least the same degree of care as Customer employs with respect to Customer’s own information of like importance, but not less than reasonable care. Customer acknowledges that monetary damages would be inadequate to compensate for any breach of this Agreement and therefore agree that, in addition to any and all other remedies, immediate injunctive or other equitable relief are appropriate and available to IPA to prevent any violation, threatened or actual, even if monetary damages are available and readily quantifiable, and without proof of actual damage, and that any claims Customer may assert against IPA will not constitute a defense to such action.

3.4.    Data Processing Location. Customer will ensure that any Customer Content uploaded to the Services may lawfully be transmitted, stored, and processed in the United States, and that Customer has obtained required consent or put in place any necessary additional protections not expressly described in this Agreement prior to using the Services.

4.    Payment & Fees

4.1.    Invoicing. Unless an Order states otherwise, IPA may issue invoices before, on, or after the Start Date of the Services. Customer will pay all amounts due and owing under each of IPA’s invoices within 30 days after receipt. The frequency of invoicing and amount of payment will be set forth in the Order.

4.2.    Disputes. For any disputed amounts, Customer will provide notice to IPA, including the basis for the dispute (including any supporting documentation), and the parties will meet within 30 days of the date of the notice to resolve the dispute. If the parties fail to resolve the dispute within such 30-day period, IPA may, at its option, limit (in full or in part) Customer’s right to access or use the Services until the dispute is resolved. All amounts payable by Customer under this Agreement will be paid to IPA without setoff or counterclaim and without deduction or withholding during the pendency of the dispute. IPA may charge Customer interest at the rate of 1.5% per month (or the highest rate permitted by law, whichever is less) on all late payments.

4.3.    Taxes. Each party will be responsible, as required under applicable law, for identifying and paying all taxes and other governmental fees and charges (and any penalties, interest, and other additions thereto) that are imposed on that party upon or with respect to the transactions and payments under this Agreement. IPA may charge and Customer will pay applicable national, state or local sales or use taxes, value added taxes, goods and services taxes, or similar transaction taxes that Contractor is legally obligated to charge (collectively, “Taxes”).

5.    Changes.

5.1.    To the Services. IPA may change or discontinue any of the Services in its sole discretion. IPA will provide at least three (3) months’ prior notice to Customer if IPA decides to discontinue a Service that it makes generally available to its customers and that Customer is using. IPA will not be obligated to provide notice under this Section if the discontinuation is necessary to address an emergency or threat to the security or integrity of IPA or the Services, to respond to claims, litigation, or loss of license rights related to third-party intellectual property rights, or to comply with the law or requests of a government entity. 

5.2.    New Applications and Services. IPA may make new applications, tools, features, or functionality available from time to time through the Services, the use of which may be contingent upon your agreement to additional terms or a new Order. Availability of new applications and Services will be communicated on our website or by other reasonable means selected by IPA. 

5.3.    Suspension of Access and Use Rights. IPA may suspend Customer’s access to the Services upon notice to Customer if IPA reasonably determines that Customer’s or an End User’s continued use of the Services (1) violates the law, (2) constitutes a material breach of this Agreement; (3) poses a security risk or threat to the function of the Services, IPA, or any third party. IPA will give Customer reasonable advance notice of a suspension and a chance to cure the basis for the suspension unless IPA determines that immediate action is necessary. If the suspension is based on Customer’s breach of its obligations under the Agreement, Customer will remain liable for all fees during the suspension. IPA will restore Customer’s access to the Services promptly after the issue giving rise to the suspension is resolved. IPA notice of suspension to Customer will constitute a notice of material breach under Section 6.2(b).

6.    Term; Termination.

6.1.    Term of Agreement and Orders. This IPA Cloud Services Agreement becomes effective upon execution and remains in effect until terminated in accordance with the terms of this Section 6. After the termination of the last Order in effect under this Agreement, either party may terminate this Agreement with 90 days’ prior written notice.

 

6.2.    Term of Orders. Unless otherwise specified in this Agreement, IPA will provide the Services described in an Order until the end of the applicable Order Term. At the end of the Order Term, the Order will automatically renew for a term of the same length as the original Order (the “Renewal Term”) unless:

(a)    Customer provides IPA with written notice of termination at least 45 days prior to the end of the Order Term or any subsequent Renewal Term; or.

(b)    IPA provides Customer with written notice of termination at least 90 days prior to the end of the Order Term or any subsequent Renewal Term.

 

6.3.    Termination for Cause. Either Customer or IPA may terminate this Agreement or any individual Orders for cause if the other is in material breach of this Agreement or an Order and the material breach remains uncured for a period of 30 days from receipt of Notice by the breaching party. 

 

6.4.    No Other Termination. For the avoidance of doubt, Customer may only terminate an Order pursuant to Section 6.2. Customer’s failure to use the Services provided under an Order for any reason will not entitle Customer to a refund or prevent the Order renewal as set forth in Section 6.2(a).

 

6.5.    Effect of Termination.

(a)    Generally. Upon the Termination Date: (i) except as provided in Section 7.3(b), all of Customer’s rights under this Agreement immediately terminate (ii); Customer remains responsible for all fees and charges Customer has incurred through the Termination Date; (iii) Customer will immediately return or, if instructed by IPA, destroy all IPA Content in Customer’s possession (except for IPA Content that is publicly available on IPA Site); and (iv) Sections 2.1, 2.4, 4, 7, 8, 10.2, and 11 will continue to apply in accordance with their terms.

 

7.    Proprietary Rights.

 

7.1.    Customer Content License. As between Customer and IPA, Customer (or Customer’s licensors) own all right, title, and interest in and to Customer Content. Except as expressly provided in this Agreement, IPA obtains no rights under this Agreement from Customer (or Customer’s licensors) to Customer Content.

 

7.2.    IPA Services License. IPA or its licensors own all rights, title, and interest in and to the Services and all related technology and intellectual property rights. Subject to the terms of this Agreement, IPA grants Customer a limited, revocable, non-exclusive, non-sublicensable, non-transferrable license to do the following: (a) access and use the Services solely in accordance with this Agreement; and (b) copy and use IPA Content solely for Customer’s permitted use of the Services. Except as provided in this Section 7.2, Customer obtains no rights under this Agreement from IPA, its Affiliates, or their licensors to the Services, including without limitation any related intellectual property rights. 

 

7.3.    License Restrictions. Neither Customer nor any Third-Party User may use the Services in any manner or for any purpose other than as expressly permitted by this Agreement. Neither Customer nor any Third-Party User may, or may attempt to (a) modify, alter, tamper with, repair, or otherwise create derivative works of any IPA Content included in the Services (except to the extent IPA Content included in the Services is provided to Customer under a separate license that expressly permits the creation of derivative works), (b) reverse engineer, disassemble, or decompile the Services or apply any other process or procedure to derive the source code of any software included in the Services, (c) deliberately or recklessly interrupt, interfere, or otherwise disrupts the provision of services to other customers or third parties, (d) access or use the Services in a way intended to avoid incurring fees or exceeding usage limits or quotas, € remove, delete, alter, or obscure any trademarks or any copyright, trademark, patent or other intellectual property or proprietary rights notices or (e) resell or sublicense the Services (except as contemplated in Section 2.4). 

 

7.4.    Feedback. Customer is under no duty to provide any suggestions, enhancement requests, or other feedback regarding the Services (“Feedback”). If Customer chooses to offer Feedback to IPA, Customer grants IPA and its Affiliates a perpetual, irrevocable, non-exclusive, worldwide, fully paid, sub-licensable, assignable license to incorporate into the Services or otherwise use any Feedback IPA receives from Customer, provided that such Feedback is used in a manner that is not attributable to Customer. Customer also irrevocably waives in favor of IPA any moral rights which Customer may have in such feedback.

 

8.    Defense and Indemnity

 

8.1.    Indemnification by IPA. IPA will defend, indemnify, and hold harmless Customer, its Affiliates, and its and their respective directors, officers, employees, successors, assigns and agents, from and against all claims, allegations, demands, suits, and proceedings by a third party, and all resulting losses, penalties, obligations, judgments, liabilities, damages, settlements, costs and expenses (including reasonable attorneys’ fees and expenses) (each, a “Third-Party Claim”), to the extent arising out of or relating to: (a) IPA’s fraud, gross negligence or willful misconduct in the performance of Services; (b) IPA’s infringement or misappropriation of any copyright, patent, trademark, trade secret or other proprietary right of any third party by the provision or use of the Service, Services, or any other item or service provided by IPA pursuant to this Agreement; or (c) IPA’s violation of any applicable law, rule, or regulation.

 

8.2.    Indemnification by Customer. Customer will defend, indemnify, and hold harmless IPA, its Affiliates, and its and their respective directors, officers, employees, successors, assigns and agents, from and against all Third-Party Claims to the extent arising out of related to: (a) Customer’s fraud, gross negligence, or willful misconduct in its performance of its obligations under this Agreement; (b) Customer’s infringement or misappropriation of any copyright, patent, trademark, trade secret or other proprietary right of any third party, including any information contained within the Customer Content; (c) any violation by Customer of Section 3.3; (d) the use of the Customer Account or any Services by a Third-Party User or any other entity to whom Customer gives access to the services; or (e) Customer’s violation of any applicable law, rule, or regulation.

 

8.3.    IP Combinations. IPA will have no obligation or liability under Section 8.1(b) arising from infringement by Customer’s combination of the Services with any other product, service, software, data, content, or method not provided by or approved by IPA. In addition, IPA will have no obligations or liability arising from Customer’s or any Third-Party User’s use of the Services after IPA has notified Customer to discontinue such use. For any claim covered by Section 8.1(b), IPA will, at its election, either: (i) procure the rights to use that portion of the Services alleged to be infringing; (ii) replace the alleged infringing portion of the Services with a non-infringing alternative; (iii) modify the alleged infringing portion of the Services to make it non-infringing; or (iv) terminate the allegedly infringing portion of the Services or this Agreement.

 

8.4.    Process. The obligations under this Section 8 will apply only if the party seeking defense, payment, or indemnity from another party: (a) gives that party prompt Notice of the claim; (b) permits that party to control the defense and settlement of the claim; and (c) reasonably cooperates with that party (at that party’s expense) in the defense and settlement of the claim. In no event will IPA or Customer agree to any settlement of any claim that involves any commitment, other than the payment of money, without the written consent of the other.

 

9.    IPA Warranties and Warranty Disclaimers.

 

9.1.    IPA Warranties. IPA represents and warrants to Customer that the Services will perform substantially in accordance with the Documentation.

 

9.2.    Mutual Warranties. Customer and IPA each represents and warrants to the other that (a) it has full power and authority to enter into and perform this Agreement, (b) the execution and delivery of this Agreement has been duly authorized, (c) it will comply with all applicable laws, rules, regulations and ordinances in the performance of this Agreement (and, in the case of Customer, the use of the Services), and (d) its performance hereunder does not breach any other agreement to which it is bound.

 

9.3.    Warranty Disclaimers. EXCEPT AS EXPRESSLY SET FORTH IN SECTION 9.1 AND SECTION 9.2, AND EXCEPT TO THE EXTENT PROHIBITED BY LAW, IPA, ITS AFFILIATES AND ITS LICENSORS MAKE NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, REGARDING THE SERVICES OR ANY THIRD-PARTY CONTENT, AND DISCLAIM ALL OTHER WARRANTIES, INCLUDING ANY IMPLIED OR EXPRESS WARRANTIES (A) OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR QUIET ENJOYMENT, (B) ARISING OUT OF ANY COURSE OF DEALING OR USAGE OF TRADE, AND (C) THAT THE SERVICES OR THIRD-PARTY CONTENT WILL BE UNINTERRUPTED, ERROR FREE, OR FREE OF HARMFUL COMPONENTS, AND (D) THAT ANY CONTENT, INCLUDING CUSTOMER CONTENT OR THIRD-PARTY CONTENT, WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED.

 

10.    Limitations of Liability.

 

10.1.    Liability Disclaimers. NEITHER IPA NOR CUSTOMER, NOR ANY OF THEIR AFFILIATES OR LICENSORS, WILL BE LIABLE TO THE OTHER UNDER ANY CAUSE OF ACTION OR THEORY OF LIABILITY, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, FOR (A) INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, (B) THE VALUE OF CUSTOMER CONTENT, (C) LOSS OF PROFITS, REVENUES, CUSTOMERS, OPPORTUNITIES, OR GOODWILL, OR (D) UNAVAILABILITY OF THE SERVICES.

 

10.2.    Damages Cap. NOTWITHSTANDING ANYTHING TO THE CONTRARY, IPA’s AGGREGATE LIABILITY UNDER THIS AGREEMENT AND ANY OF ITS RESPECTIVE AFFILIATES OR LICENSORS, WILL NOT EXCEED THE LESSER OF (A) THE AMOUNTS PAID BY CUSTOMER TO IPA UNDER THIS AGREEMENT FOR THE SERVICES THAT GAVE RISE TO THE LIABILITY DURING THE 12 MONTHS BEFORE THE LIABILITY AROSE, OR (B) USD $500,000; PROVIDED, HOWEVER THAT NOTHING IN THIS SECTION 10 WILL LIMIT CUSTOMER’S OBLIGATION TO PAY IPA FOR CUSTOMER’S USE OF THE SERVICES PURSUANT TO SECTION 4, OR ANY OTHER PAYMENT OBLIGATIONS UNDER THIS AGREEMENT.

 

11.    Miscellaneous.

 

 

11.1.    Assignment. Neither Customer nor IPA may assign or otherwise transfer this Agreement or any of its rights and obligations under this Agreement without the prior written approval of the other; except that either Customer or IPA may assign or otherwise transfer this Agreement without the consent of the other (a) in connection with a merger, acquisition or sale of all or substantially all of its assets, or (b) to any Affiliate or as part of a corporate reorganization, or (c) in the case of IPA, with respect to specific IPA Services Accounts, to an Affiliate. Effective upon such assignment or transfer, subject to the assignee/transferee’s consent, the assignee/transferee is deemed substituted for the assignor/transferor as a party to this Agreement and the assignor/transferor is fully released from all of its obligations and duties to perform under this Agreement. Subject to the foregoing, this Agreement will be binding upon, and inure to the benefit of the parties and their respective permitted successors and assigns.

 

11.2.    Counterparts; Facsimile. This Agreement may be executed by facsimile or by electronic signature in a format approved by IPA, and in counterparts, each of which (including signature pages) will be deemed an original, but all of which together will constitute one and the same instrument.

 

11.3.    Entire Agreement. This Agreement and all Orders are the entire agreement between Customer and IPA regarding the subject matter of this Agreement. This Agreement supersedes all prior or contemporaneous representations, understandings, agreements, or communications between Customer and IPA regarding the subject matter of this Agreement. 

 

11.4.    Force Majeure. Except for payment obligations, no party will be liable for any delay or failure to perform any obligation under this Agreement where the delay or failure results from any cause beyond its reasonable control, including acts of God, labor disputes or other industrial disturbances, electrical or power outage, utilities or telecommunications failures, earthquake, storms or other elements of nature, blockages, embargoes, riots, acts or orders of government, acts of terrorism, or war.

 

11.5.    Governing Law; Venue. The laws of the State of Delaware will govern any dispute between the parties without reference to conflict of law rules. Any dispute relating in any way to the Services or this Agreement will only be adjudicated in a state or federal court located in New Castle County, Delaware. Each party consents to exclusive jurisdiction and venue in these courts. Notwithstanding the foregoing, any party may seek injunctive relief in any state, federal, or national court of competent jurisdiction for any actual or alleged infringement of intellectual property or other proprietary rights.

 

11.6.    Independent Contractors. IPA and Customer are independent contractors, and this Agreement will not be construed to create a partnership, joint venture, agency, or employment relationship. Neither Customer nor IPA, nor any of their respective Affiliates, is an agent of the other for any purpose or has the authority to bind the other.

 

11.7.    Nondisclosure; Publicity. If the parties have an NDA, then the NDA is incorporated by reference into this Agreement, except that the security provisions in Section 3, not the NDA, apply to Customer Content. Except to the extent permitted by applicable law, neither Customer nor IPA will issue any press release or make any other public communication with respect to this Agreement or Customer’s use of the Services. IPA and Customer agree that the contents of this Agreement are not publicly known and will not be disclosed by them.

 

11.8.    Notice.
(a)    General. Except as otherwise set forth in Section 11.8(b), to give notice to a party under this Agreement, each party must contact that other party as follows: (i) by facsimile transmission; or (ii) by personal delivery, overnight courier or registered or certified mail. Notices must be sent to the fax number of the other party listed on the Cover Page to this Agreement or addressed to the address of the other party listed on the Cover Page to this Agreement, or such other fax number or address as a party may subsequently provide in writing to the other party. Notices provided by personal delivery will be effective immediately. Notices provided by facsimile transmission or overnight courier will be effective one business day after they are sent. Notices provided by registered or certified mail will be effective three business days after they are sent.

(b)    Electronic Notice. IPA may provide notice to Customer (i) under Section 5 by (A) sending a message to the Notice Email or

 

(B) posting a notice on IPA Site, (ii) under Section 6 by sending a message to the Notice Email. Any notices provided by posting on IPA Site will be effective upon posting and notices provided by email will be effective when IPA sends the email.

 

11.9.    No Third-Party Beneficiaries. Except as set forth in Section 9, this Agreement does not create any third-party beneficiary rights in any individual or entity that is not a party to this Agreement.

 

11.10.    No Waivers. The failure by a party to enforce any provision of this Agreement will not constitute a present or future waiver of such provision nor limit such party’s right to enforce such provision at a later time. All waivers by a party must be provided in a Notice to be effective.

 

11.11.    Severability. If any portion of this Agreement is held to be invalid or unenforceable, the remaining portions of this Agreement will remain in full force and effect. Any invalid or unenforceable portions will be interpreted to give effect to the intent of the original portion. If such construction is not possible, the invalid or unenforceable portion will be severed from this Agreement, but the rest of the Agreement will remain in full force and effect.

 

12.    Definitions. 

Defined terms used in this Agreement with initial letters capitalized have the meanings given below:

“Affiliate” means any entity that directly or indirectly controls, is controlled by or is under common control with that party.

“Customer Account” means any account that (a) is listed on the Order, as that list may be updated from time to time as described in an Order, (b) is opened by Customer or Customer’s Third-Party Users to make use of the Services.

“IPA Content” means Content that IPA or any of its Affiliates makes available related to the Services or on the IPA Site to allow access to and use of the Services, including software; APIs; WSDLs; sample code; software libraries; command line tools; proofs of concept, templates, and other related technology (including but not limited to any of the foregoing that are provided by any IPA personnel). IPA Content does not include the Services or Third-Party Content.

“IPA Marks” means any trademarks, service marks, service or trade names, logos, and other designations of IPA and its Affiliates that IPA may make available to Customer in connection with this Agreement.

“Customer Content” means content that Customer or any End User transfers to IPA for processing, storage or hosting by the Services in connection with an IPA Services Account and any computational results that Customer or any End User derive from the foregoing through its use of the Services.

“Documentation” means the instructions, user guides and any other guides for the Services provided by IPA as may be updated by IPA from time to time.

“Order” means an order or statement of work governed by this Agreement and which provides specifics about the Services provided under this Agreement at a Site.

“Pendant” means an individual, wearable life-safety device sold by IPA for use with the Services. This term covers both pendants intended for both location services and fall detection services, as well as any future functionality developed by IPA.

“Policies” means the Privacy Notice and any other policies either referenced or attached to the Orders.

“Privacy Notice” means the privacy notice located at https://www.IPA.com/support/privacy-policy-terms-of-use/ (and any successor or related locations designated by IPA), as may be updated by IPA from time to time.

“Service(s)” means access to and use of IPA cloud-based services for the purpose or monitoring and managing IPA-branded life-safety devices as may further be defined in the Order.

“Site” means a location designated by the Customer at which the Customer will make use of the Services.

“Termination Date” means the effective date of termination provided in a Notice in accordance with Section 6.

“Third-Party User” means any individual or entity that is not an employee or agent of Customer that either (a) accesses or uses Customer Content, or (b) otherwise accesses or uses the Services under a Customer Account. The term “Third-Party User” does not include individuals or entities when they are accessing or using the Services or any Content under their own IPA account, rather than under Customer’s Customer Account.
 
DATA PROCESSING ADDENDUM
This Data Processing Addendum (the “DPA”) supplements the SaaS General Terms and any Orders as updated from time, between Customer and IPA,. In the event of a conflict between the DPA and Agreement, the terms and conditions of the DPA will prevail. IPA and Customer may collectively be referred to as the “Parties.”

 

1.    Definitions
Terms defined in the Agreement will, unless otherwise defined in this DPA, have the same meanings when used in this DPA. Further, the following capitalized terms used in this DPA will be defined as follows:

“Applicable Data Protection Law” refers to all laws and regulations applicable to IPA’s processing of Personal Data under the Agreement.

“Controller” means the Customer when, alone or jointly with others, it determines the purpose and means of processing Personal Data.

“Customer Account Data” means Personal Data that relates to Customer’s relationship with IPA, including the names and contact information of the individuals authorized by Customer to access Customer’s account and billing information of individuals that Customer has associated with its Account. Customer Account Data also includes any data IPA may need to collect for the purpose of identity verification (e.g., providing multi-factor authentication services) or as part of its legal obligations to maintain records.

“Customer Data” means any Customer-provided, non-public or proprietary information exchanged as a result of using the Service form, including Personal Data processed by IPA on behalf of Customer in connection with the Services, as further described in the Security Schedule. This includes the non-public or proprietary information (including Personal Data) of Customer clients for whom Customer acts as a processor.

“Data Subject” means a natural person who can be identified, directly or indirectly.

"Personal Data” means any information relating to a natural person who can be identified, directly or indirectly.

“process” or “processing” means any operation or set of operations which is performed upon Customer Data whether or not by automated means.

“Processor” means IPA when IPA processes Personal Data on behalf of Customer.

“Security Incident” means a breach of IPA’s security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data.

“Services” has the same meaning as defined in the Agreement, or if not defined in the Agreement, the processing of Customer Data by IPA on behalf of the Customer described in the Agreement.

"Subprocessor" means a processor appointed by IPA to process Customer Data.

2.    Data Processing

2.1.    Scope and Roles. This DPA applies when Customer Data is processed by IPA. In this context, IPA will act as processor to Customer, who can act either as controller or processor of Customer Data. 

2.2.    Generally. The Agreement and this DPA will be the Customer's instructions to IPA for the processing of Customer Data. IPA will process Customer Data solely for the limited and specific purpose of providing the Services set forth in the Agreement and will ensure that all individuals with access to the Customer Data have a duty of confidentiality with respect to that Customer Data. IPA will not sell, share, disclose, retain, or otherwise use Customer Data for any other purpose unless specifically authorized by Customer in writing or as required by law. 

2.3.    Regulatory and Legal Compliance. IPA will process Customer Data in compliance with Applicable Data Protection Law and provide at least the same level of privacy protection as required by Applicable Data Protection Law. Unless prohibited by law, IPA will notify Customer promptly of any inquiries or complaints received about the processing of Personal Data from regulators or law enforcement authorities. IPA will not respond to any such inquiries or complaints except on the documented instructions of Customer or as required by law.

2.4.    Data Subject Rights. Unless prohibited by law, IPA will promptly notify Customer of any request from a data subject with respect to Personal Data contained in Customer Data. IPA will not respond to any Data Subject request without Customer’s prior written consent, except to confirm that the request relates to Customer.

 

2.5.    Additional Costs. If any of the Customer's instructions require processing Customer Data in a manner that falls outside the scope of the Services, IPA may either (a) make the performance of any such instructions subject to the payment by the Customer of any costs and expenses incurred by IPA or such additional charges as IPA may reasonably determine; or (b) terminate the Agreement and the Services. 

3.    Security Measures and Audits

3.1.    Security Measures. IPA will implement reasonable physical, organizational, and technical measures to protect against any unauthorized or unlawful access, processing, loss, destruction, theft, damage, use or disclosure of Customer Data or systems (collectively, “Appropriate Safeguards”), including, at a minimum, the security measures set forth as Security Schedule. These Appropriate Safeguards will be appropriate to the harm that might result from any risks to Customer Data or Data Subjects given the nature of the Customer Data or system which is to be protected. 

 

3.2.    Variation of Measures. IPA may, by written notice to the Customer, vary the security measures set out in the Security Schedule, including (where applicable) following review by IPA of such measures, provided that such variation does not reduce the overall level of protection afforded to the Customer Data by IPA under this DPA.

4.    Security Breach and Response

4.1.    Security Incident. IPA will (a) notify Customer of a Security Incident without undue delay after becoming aware of the Security Incident, and (b) take appropriate measures to address the Security Incident, including measures to mitigate any adverse effects resulting from the Security Incident.

4.2.    Unsuccessful Security Incidents. Customer agrees that an a unsuccessful Security Incident will not be subject to this Section 4. An unsuccessful Security Incident is one that results in no unauthorized access to Customer Data or to any of IPA equipment or facilities storing Customer Data, and could include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access beyond headers) or similar incidents..

 

4.3.    Cooperation and Remediation. IPA will (i) cooperate with Customer in the manner reasonably requested by Customer and in accordance with law to investigate and resolve the Security Breach and to mitigate any harmful effects of the Security Breach; (ii) promptly implement any necessary remedial measures to ensure the protection of Customer Data; and (iii) document responsive actions taken related to any Security Breach. 

 

4.4.    Information to Third Parties. Except as required by applicable law or regulation, IPA will not inform any third party of any Security Breach without first obtaining Customer’s prior written consent, other than to inform a complainant that Customer will be informed of the Security Breach. Customer will have the sole right to determine whether notice of the Security Breach is to be provided to any individuals, Supervisory Authorities, regulators, law enforcement agencies, consumer reporting agencies, or others and the contents of any such notice.

 

5.    Liability
Any exclusions or limitations of liability set out in the Agreement will apply to any losses suffered by either Party (whether in contract, tort (including negligence) or for restitution, or for breach of statutory duty or misrepresentation or otherwise) under this DPA.

​

6.    Duration and Termination

 

6.1.    Return/Deletion of Customer Data. IPA will, within 30 days of the date of termination or expiry of the Agreement (a) if requested by the Customer within that period, return a complete copy of all Customer Data by secure file transfer in such a format as reasonably agreed to by the Customer to IPA; and (b) other than any Customer Data retained by IPA after termination of the Agreement as expressly permitted by this DPA or the Agreement, delete, and use all reasonable efforts to procure the deletion of all other copies of Customer Data processed by IPA or any sub-processors. Upon Customer’s request, IPA must promptly certify in writing to Customer that it has destroyed or returned all Customer Data. 

 

6.2.    Compliance with this DPA. In the event that IPA determines that it can no longer meet its obligations under this DP or Applicable Data Protection Law, IPA will notify Customer of that determination within 5 business days and work with Customer to take reasonable and appropriate steps to stop and remediate the unauthorized use of Customer Data.

 

7.    Law and Jurisdiction
Except to the extent expressly overridden in this DPA, the Parties agree that the laws, jurisdictions, and venues set forth in the Agreement will also govern this DPA. 

 

8.    General

 

8.1.    Third Party Rights. A person who is not a party to this DPA may not enforce any of its terms, except to the extent mandated by applicable law.

 

8.2.    Rights and remedies. Except as expressly provided in the Agreement, the rights and remedies provided in this DPA are in addition to, and not exclusive of, any rights or remedies provided by law.

 

8.3.    No partnership or agency. Nothing in the DPA is intended to, or will be deemed to, establish any partnership or joint venture

between any of the Parties, constitute any Party the agent of another Party, or authorise any Party to make or enter into any commitments for or on behalf of any other Party. 

 

8.4.    Waiver. No forbearance or delay by either Party in enforcing its rights will prejudice or restrict the rights of that Party, and no waiver of any such rights or any breach of any contractual terms will be deemed to be a waiver of any other right or of any later breach.

 

8.5.    Severability. If any provision of the DPA is judged to be illegal or unenforceable, the continuation in full force and effect of the remainder of the provisions of the DPA will not be prejudiced 

 

SECURITY SCHEDULE

A.    IPA’s Obligations Related to Customer Data. IPA will comply with the following provisions: 

 

1.    Information Security Program.

a.    IPA has and will maintain a comprehensive, written Information Security Program that complies with all applicable laws and regulations and that is designed to (a) ensure the security, privacy and confidentiality of Customer Data, (b) protect against any reasonably anticipated threats or hazards to the security or integrity of Customer Data, and (c) protect against unauthorized access to, use, deletion, or modification of Customer Data. 
b.    A named, qualified person that is accountable and responsible for the Information Security Program.
c.    Customer may review IPA’s Information Security Program from time to time during the Term of the Agreement upon 30 days written notice.

a.    Encryption of Customer Data. All communications and storage of Customer Data over public networks shall be encrypted using standard commercial encryption, both at rest and in transit. 

 

2.    IPA’s Personnel Access Management. With respect to all agents or employees of IPA who at any time have access rights to Customer Data, IPA shall follow the principle of least privilege when handling Customer Data. 

 

3.    Logical Access Controls. IPA will maintain access control policies and to manage what access is allowed to the Services from each network connection and user, including the use of firewalls or functionally equivalent technology and authentication controls. 

 

4.    Physical Access Controls. Physical components comprising the Services are operated and housed in third party facilities (the “Facilities”). Physical barrier controls are used to prevent unauthorized entrance to the Facilities both at the perimeter and at building access points. Passage through the physical barriers at the Facilities requires either electronic access control validation (for example, card access systems, etc.) or validation by human security personnel (for example, contract or in-house security guard service, receptionist, etc.). Visitors and any other contractors are required to sign-in with designated personnel, must show appropriate identification, are assigned a visitor ID badge that must be worn while the visitor or contractor is at any of the Facilities, and are continually escorted by authorized employees or contractors while visiting the Facilities.  

 

B.    Remediation of Deficiencies or Weaknesses. IPA will promptly remediate identified deficiencies or weakness relating to the subject of this agreement that are categorized as critical or high risk, as reasonably necessary to manage cyber security exposure, at IPA’s sole expense.