HotWax Commerce Master Service Agreement
HotWax Software and Customer
This hosted agreement is intended for customers accepting HotWax Commerce terms through checkout, payment links, quotes, invoices, order forms, or other written ordering records.
Contents
- Agreement overview
- Definitions
- Software, implementation, hosting, and subscription fees
- Professional services
- Ownership rights
- Term and termination
- Remedies and limitations
- Confidentiality
- Miscellaneous
- Data Protection Addendum
- Self-Serve Subscription and Commercial Terms
Agreement overview
This HotWax Commerce Master Service Agreement is effective as of the date Customer accepts this Agreement through Provider’s online checkout or other written ordering process (the “Effective Date”), by and between HotWax Software, Inc, a Delaware corporation, with its headquarters at 175 S Main St, Suite 1310, Salt Lake City, UT 84111 (“Provider”), and the company, organization, or individual accepting this Agreement (“Client” or “Customer”). Provider and Client may each be referred to herein as “a Party” or “Parties.”
Recitals
Client desires Provider to provide certain software, implementation services, support services, and other professional services in accordance with the terms of this Agreement. Such services may include design and implementation of part or all of a Web-based software system, as well as technical framework implementation, customization, integration, and extension, business automation software consultation, general technical consultation, graphic design, project management, and other services. Provider has the technical, creative, and management personnel to provide such software and services as may be requested by Client from time to time.
Agreement
In consideration of the foregoing Recitals (which are incorporated herein) and the mutual covenants and agreements contained herein, the Parties hereto agree as follows:
1. Definitions
- “Affiliate” shall mean any person or entity directly or indirectly controlling, controlled by, or under common control with a Party, and for this purpose, “control,” “controlling” and “controlled by” shall mean the ownership and control of more than fifty percent (50%) of the outstanding voting securities or interest in capital or profits of any person or entity, or the right to direct or control the management or affairs of any person or entity by contract or similar arrangement. Should a Party divest an Affiliate or should an Affiliate cease to satisfy this definition, all existing Statements of Work with such divested Affiliate shall remain in effect, however, the divested Affiliate will no longer be authorized to initiate new Statements of Work under this Agreement.
- “Agreement” means this document and all exhibits and addenda referenced herein and attached Hereto.
- “Client” or “Customer” shall include the company, organization, or individual accepting this Agreement, together with its brands and Affiliates that use the Services under Customer’s subscription.
- “Intellectual Property” shall mean all inventions (whether or not protectable under patent laws), works of authorship, information fixed in any tangible medium of expression (whether or not protectable under copyright laws), moral rights, mask works, trademarks, trade names, trade dress, trade secrets, know-how, ideas (whether or not protectable under trade secret laws), concepts, techniques and all other subject matter protectable under patent, copyright, moral right, mask work, trademark, trade secret, or other laws, including without limitation all new or useful art, combinations, discoveries, formulae, manufacturing techniques, business methods, technical developments, artwork, software, programming, scripts, and designs.
- “Confidential Information” shall mean all information disclosed by a Party (“the disclosing Party”) to the other Party (“the receiving Party”) which is identified by the disclosing Party as proprietary or confidential at the time the information comes into possession or knowledge of the receiving Party and which is not (i) already known to the receiving Party through lawful means; (ii) in the public domain; (iii) conveyed to the receiving Party by a third party legally in possession of the information without restriction; (iv) released by the disclosing Party to third parties without restriction; or (v) independently developed by receiving Party without reference to disclosures made by the disclosing Party. For purposes of this definition, Confidential Information shall be deemed to include technical and proprietary business information concerning this Agreement, such as business plans, financial information, design details and specifications, engineering, procurement requirements, purchasing, manufacturing, customer lists, business forecasts, sales and merchandising, marketing plans, information, and the non-public Intellectual Property as well as derivative works, products, services, and information related thereto.
- “HotWax Commerce” shall mean Omnichannel Order Management software developed by the Provider and marketed under the name “HotWax Commerce,” for use by the Client and configured to manage data related to sales of Client’s goods and/or services, including executable code, source code, documentation, updates, etc.
- The “System” shall mean any hardware or combination of hardware having HotWax Commerce or any components thereof installed or operating thereon.
2. Software, Implementation, Hosting, and Subscription Fees
- Software and Implementation. Provider shall implement the System, including HotWax Commerce, on behalf of Client in accordance with the applicable checkout, payment link, quote, order form, statement of work, or other ordering record accepted by Customer.
- Subscription Fees. Client and Provider hereby agree that Client shall pay Provider the subscription fees, usage limits, and other applicable fees set forth in the online checkout, payment link, quote, invoice, order form, pricing page, statement of work, or pricing addendum accepted by Client. The applicable subscription plan, payment terms, and plan-specific commercial terms are documented in the applicable ordering record unless otherwise agreed in writing.
- Audit Right. Provider may configure the System to keep correct and complete records concerning all of Client’s business activities involving the System. Client shall not alter, delete or otherwise destroy the records collected or maintained by the System. Subject to the confidentiality provisions of this Agreement, Provider shall be permitted to inspect and audit such records electronically via the System at any time and from time to time to determine the timeliness and accuracy of all payments made and fees due pursuant to this Agreement. Unless an inspection or audit leads to a disagreement between Provider and Client that cannot be settled without litigation, Provider shall hold all records, data, information, and reports produced by Client or developed by Provider in connection with the inspections or audits in strict confidence, and all parties acting for or on behalf of Provider shall be subject to this obligation of confidentiality. Provided, however, that in the event of a disagreement between Provider and Client that cannot be settled without litigation, Provider may only disclose such information to its bona fide attorneys and only to such extent as strictly necessary to provide advice concerning the dispute.
- Travel Expenses. Provider will only incur reimbursable travel expenses with prior written consent from Client. Emails and text messages shall satisfy the “written consent” requirement. Provider will then pass through all travel expenses incurred during the provision of the Consulting Services to Client, including airfare, rental car, and lodging, as well as a per diem amount to be determined based on Client’s location. Provider will invoice Client for these expenses as soon as possible after incurring the same, and Client shall pay the invoice no later than thirty (30) days after the invoice is received.
- Delinquent Accounts. In the event that any balance is not paid as agreed, the Provider may elect to suspend access to service until the Client pays any amounts that are past due for a period longer than thirty (30) days after the day Provider has given notice of the unpaid balance to the Client. In case of any unpaid balance for a period longer than thirty (30) days after notice was given to Client, Provider will give advance notice to the client prior to suspension, but retains the right to suspend service as a result of past due amounts owed by Client regardless. Provider shall not be liable for any loss of business or any other loss of the Client as a result of action taken under this Clause. The suspension of services of the Client shall not amount to termination of this Agreement and the services shall be resumed upon full payment of past due amounts.
3. Professional Services
- Professional Services. Client may request professional services from Provider, which will not be unreasonably withheld if Provider determines at its sole discretion that it has the resources available to provide such professional services to the Client.
- Professional Services Terms and Payment. If Client requests and Provider agrees to provide professional services, these services will be defined and mutually agreed in writing in advance in a Statement of Work signed by both Parties and incorporated in this Agreement by amendment. Email documentation with positive written agreement from both Parties will be accepted as professional service terms. The professional services will be provided, billed, and paid in accordance with the mutual written agreement.
4. Ownership Rights
- Ownership Rights. Unless otherwise provided in a Statement of Work, Provider shall retain all ownership of Intellectual Property created by Provider during the course of performance of this Agreement, and hereby grants to Client a non-exclusive, non-transferable, non-sublicensable right to use HotWax Commerce, and any Intellectual Property embodied therein, subject to the terms and conditions of this Agreement. The foregoing notwithstanding, Client shall not at any time have any ownership, license, rights, or access to any code base, code versioning, or code repository systems.
5. Term and Termination
- Term and Termination. This agreement shall commence on the Effective Date and shall continue for twelve (12) months thereafter (the “Initial Term”). This agreement shall automatically renew for successive twelve(12) month terms after the Initial Term (each a “Renewal Term”) unless either Party provides the other with at least thirty (30) days’ written notice prior to the expiration of the then-current Term of its intent not to renew. This Initial Term and all Renewal Terms shall be collectively referred to as the “Term”.
- Voluntary Termination. Either Party may terminate this agreement by providing an unambiguous written notice of intent to terminate to the other Party pursuant to and at the address set forth in Section 9.10 at least thirty (30) days in advance of the termination date.
- Termination for Cause. In the event of a material breach by either Party, the non-breaching Party may terminate this Agreement by providing at least thirty (30) days’ written notice to the breaching Party at the address listed in Section 9.10, providing a clear and unambiguous statement describing the breach and an opportunity to cure the material breach. If the breaching Party cures the material breach within the notice period, the non-breaching Party shall not terminate the Agreement. A material breach includes but is not limited to a failure to maintain as secret and confidential the Confidential Information, including the obtaining of written confidentiality agreements from any third parties to whom the Confidential Information is disclosed. Termination shall be in addition to and not in lieu of any other remedies.
- The System. Upon expiration or termination of this agreement:
- Provider will not support, upgrade, or otherwise modify the System for Client.
- Client will not have access to the System in any form.
- Client will not have access to Provider’s code repository or any other Intellectual Property.
- Provider will not have access to, and will cease any prior use of, Client Intellectual Property and Client Confidential Information, and will return to Client or destroy, at Client’s direction, all Client Intellectual Property and Client Confidential Information.
- Payment and Survival. In the event of any expiration or termination of this Agreement, Client shall pay Provider all amounts due up to the date of expiration or termination. All provisions of this Agreement which by their nature are intended to survive termination, including, by way of example and not limitation, ownership rights, confidentiality, and remedies shall so survive.
6. Remedies and Limitations
- Exclusive Remedy. Except as provided in the following Section “Injunctive Relief” below, Client’s sole remedy under this Agreement shall be to require Provider to use its best efforts to correct all failures of the System to perform in accordance with the terms of this Agreement. IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES. UNDER NO CIRCUMSTANCES WILL PROVIDER’S LIABILITY EXCEED THE AMOUNT PAID UNDER THIS AGREEMENT.
- Injunctive Relief. The Parties each expressly agree that due to the nature of the disclosing Party’s Confidential Information, monetary damages would be inadequate to compensate the disclosing Party for any breach by the receiving Party of its covenants and agreements set forth in the confidentiality provisions of this Agreement. Accordingly, the Parties each agree and acknowledge that any such violation or threatened violation shall cause irreparable injury to the disclosing Party and that the disclosing Party shall be entitled to obtain injunctive relief against the threatened breach of the confidentiality provisions of this Agreement or the continuation of any such breach by the receiving Party, without the necessity of proving actual damages.
- Indemnification. Each Party shall indemnify, defend, and hold harmless the other party from and against any and all costs, damages, and liabilities in connection with any claim of any third party arising from each party's conduct or alleged conduct.
7. Confidentiality and Use of Confidential Information
- The confidentiality relationship between the Parties shall be governed in all aspects by this Agreement. This Agreement supersedes any prior agreements, except for any term specifically noted in the non-disclosure agreement (“MNDA”) executed between the Parties prior to this Agreement, and except for any term specifically noted in the MNDA and not covered in this Agreement, for which the MNDA shall control only for purposes of the applicable Confidential Information specifically noted.
- Provider’s use of Client’s name, logo, and a description of services for marketing purposes on Provider’s website, customer lists, and other marketing materials, including press releases, shall not be deemed to be a breach of Provider’s confidentiality obligations.
- Each Party shall protect the Confidential Information of the other Party by using at least the same degree of care to prevent unauthorized use, dissemination, or publication of the Confidential Information as the receiving Party uses to protect its own confidential information of a like nature, provided that in no case shall the receiving Party use less than a commercially reasonable degree of care. The receiving Party may disclose such Confidential Information only to those of the receiving Party’s and its Affiliates’ employees or consultants who have a need to know such Confidential Information in connection with performance of the obligations in this Agreement. The receiving Party shall ensure that such employees or consultants are under obligations of confidentiality to the receiving Party as a function of employment or otherwise, which are not less stringent than those contained in this Agreement.
- Each Party agrees that the Confidential Information of the other Party shall only be used for the purposes set forth in this Agreement, absent express written permission of the owning Party. For example, Client’s Confidential Information may be used by Provider for System implementation, hosting, auditing, maintenance, and support.
- The Parties acknowledge that breach of this Section can result in immediate and irreparable injury. In the event of violation of this Section, the aggrieved Party shall have the right to apply to a court of competent jurisdiction to restrain further disclosure of Confidential Information and to obtain any type of relief as may be appropriate, including injunctive relief as set forth in paragraph 6.2 above.
8. Miscellaneous
- Amendments. Except as otherwise expressly provided herein, this Agreement may not be modified, amended, or in any way altered except by a written agreement signed by the Parties hereto.
- Assignment. Except as set forth herein, neither Party may assign or otherwise transfer this Agreement without the written consent of the other Party, which consent shall not be unreasonably withheld. Nevertheless, upon written notice to the other Party, this Agreement may be assigned or transferred: (a) in connection with the assignment or transfer to an Affiliate; or (b) in connection with a combination, merger, or the sale of all or substantially all of a Party’s business or assets. Any such assignment shall be subject to the terms and conditions stated herein. After any such assignment or transfer, the assigning or transferring Party shall have no rights with regard to the transferred Agreement, and the acquiring party shall be deemed for all purposes to have assumed all of the rights and obligations of the transferring Party.
- Counterparts. This Agreement may be executed in multiple counterparts, each of which shall be deemed an original and all of which together shall be deemed the same agreement.
- Entire Agreement. This Agreement, the MNDA, and any addenda attached hereto constitute the entire Agreement between the Parties and supersedes all previous agreements, promises, proposals, representations, understanding and negotiations, whether written or oral, between the Parties respecting the subject matter hereof.
- Force Majeure. Neither Party shall be liable for any failure or delay in performing its obligations under this Agreement due to causes beyond its control (a “Force Majeure”), including, but not limited to, acts of God; acts of terrorism; acts of the United States of America, or any state, territory or political division thereof; or fires, floods or other natural disasters. If any such excusable delay shall last for a period of more than sixty (60) consecutive calendar days, the Party whose performance is not delayed may, at its option, terminate this Agreement without penalty.
- Governing Law; Jurisdiction and Venue. This Agreement shall be governed by and interpreted in accordance with the laws of the State of Utah, USA, without regard or reference to the Conflict-of-Laws provisions of Utah law or any other jurisdiction. The Parties agree that all actions and proceedings arising out of or related to this Agreement shall be brought only in a state or federal court located in Salt Lake City, Utah and the Parties hereby consent to the venue and to the jurisdiction of such courts over the subject matter of such proceeding and over themselves.
- Dispute Resolution. If a dispute arises out of or relates to this Agreement, or the breach thereof, and if the dispute cannot be settled through negotiation, the Parties agree first to try in good faith to settle the dispute by mediation before resorting to litigation, using a mediator selected by mutual agreement of the Parties. Such mediation shall take place in Salt Lake City, Utah, unless otherwise agreed by the Parties, and the Parties shall share equally in all fees and costs of the mediator.
- Independent Contractor. Provider is an independent contractor; nothing in this Agreement shall be construed to create a partnership, joint venture, or agency relationship between the Parties. Provider and Client each will be solely responsible for payment of all compensation owed to their respective employees, as well as employment-related taxes, insurance, benefits, etc. Subject only to the terms of this Agreement, Provider shall have complete control of its agents and employees engaged in the performance of the Services. Provider shall ensure that neither it nor its agents or employees shall act or hold themselves out as agents or employees of Client.
- Non-Solicitation. During the term of this Agreement, and for a period of twelve (12) months thereafter, Client agrees that it will refrain from soliciting or recruiting, directly or indirectly, any of Provider’s employees. Notwithstanding the foregoing, nothing in this Agreement shall prohibit either Party (in such case, the “Hiring Party”) from hiring the employees of the other where such hiring results from contact by the employee directly to the Hiring Party and not from any direct or indirect contact by the Hiring Party.
- Notices. Any legal notice, consent, or other communication will be in writing and may be delivered in person, or by Federal Express or other similar recognized overnight courier, providing proof of delivery. The notice will be effective upon delivery, provided that a Party may not defeat delivery by refusing acceptance or failing to respond to notices of attempts to deliver. Notice shall be addressed and delivered appropriately to the intended recipient, as follows:
- Provider:
- HotWax Software, Inc.
- 175 S Main St, Suite 1310
- Salt Lake City, UT 84111, USA
- ATTN: Legal Notices
- Client:
- Customer legal notice contact and address provided through checkout, account registration, billing records, or written notice to Provider.
Each Party may change its address for notification purposes by giving the other Party written notice of the new address and the date that it will become effective. Each Party shall be obligated to keep its notification information current.
- Severability. If any part or application of this Agreement shall be adjudged by any court of competent jurisdiction to be invalid, illegal, or unenforceable, the validity, legality, and enforceability of the remaining provisions or other applications shall in no way be affected or impaired thereby and shall be enforced to the maximum extent permitted by applicable law.
- Waiver. No purported waiver by any Party of any default by any other Party of any term or provision contained herein (whether by omission, delay, or otherwise) shall be deemed to be a waiver of such term or provision unless the waiver is in writing, specifically identifying the subject of the waiver, and signed by the waiving Party. No such waiver shall in any event be deemed a waiver of any prior or subsequent default under the same or any other term or provision contained herein.
Addendum A - Data Protection Addendum
This Data Protection Addendum (the “Addendum”) is incorporated by reference into the Agreement This Addendum is entered into and effective as of the Effective Date of the Agreement. In the event of a conflict between this Addendum and the Agreement, this Addendum controls.
- Defined Terms. The terms used in this Addendum have the meaning set forth below. Capitalized terms not defined herein have the meaning given to them in the Agreement.
- “Controller” or "Business" means the entity which alone or jointly with others determines the purposes and the means of the Processing of Personal Data.
- “Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed
- “Data Protection Laws” means all applicable laws, regulations, and other legally binding requirements in any jurisdiction relating to privacy, data protection, data security, breach notification, or the Processing of Personal Data, including without limitation, to the extent applicable, the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. and any associated regulations and amendments, including, when effective, the California Privacy Rights Act amendments (“CCPA”); the General Data Protection Regulation, Regulation (EU) 2016/679 (“GDPR”); Canadian Privacy Laws - Quebec’s law 25.
- “Data Subject” means any natural person whose Personal Data is Processed in the context of this Addendum.
- “Personal Data” includes “personal data,” “personal information,” “personally identifiable information,” and similar terms, and such terms shall have the same meaning as defined by applicable Data Protection Laws.
- “Processor” or "Service Provider" means the entity which processes Personal Data on behalf of a Controller.
- “Processing” or “Process” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Services” means the OMS services provided by HotWax Software to Client under the Agreement.
- “Client Personal Data” means the Personal Data that is Processed by HotWax Software in the context of the provision of the Services under the Agreement.
- Role of the Parties
- To the extent HotWax processes Client Personal Data as a Data Controller, it has the authority to determine the purposes and means of processing Client Personal Data. With respect to Client Personal Data subject to applicable Data Protection Laws, each party is an independent Controller. In such situations, the parties acknowledge and confirm that neither party acts as a Processor on behalf of the other party, and that the Agreement does not create a joint-Controllership or a Controller-processor relationship between the parties. For the avoidance of doubt, HotWax is responsible for performing the Services to Client as set forth in the Agreement, in particular OMS services.
- To the extent HotWax Processes client Personal Data as a Data Processor or Service Provider, it will only Process such client Personal Data on client's behalf as a Data Controller or Business or as otherwise permitted by applicable Data Protection Law, including the ability to Process client Personal Data for OMS services pursuant to CCPA regulation Section 999.314(c).
- The Parties' Obligations as Independent Controllers or Businesses. In the event that the Parties serve as independent data Controllers or Businesses under the Agreement, the Parties agree as follows:
- Cooperation. Each party will reasonably cooperate with the other party to fulfill compliance obligations under applicable Data Protection Law and enter into any further privacy, confidentiality, or information security agreement reasonably requested by the other party for purposes of compliance with applicable Data Protection Law. In case of any conflict between the Agreement and any such further privacy, confidentiality, or information security agreement, such further agreement shall prevail with regard to the Processing of client Personal Data covered by it.
- Data Breach. Each party will promptly report to the other party any Data Breach related to client Personal Data processed in connection with the Agreement and use diligent efforts to remedy such Data Breach in a timely manner. Except as prohibited by law, the content of any filings, communications, notices, press releases or reports related to any such Data Breach in connection with the Agreement must be prepared in cooperation with the other party before any such publication or communication.
- Cooperation. The Parties agree to reasonably cooperate with one another in responding to requests from relevant supervisory authorities and in responding to Data Subject requests related to the Processing of client Personal Data under the Agreement.
- Client will indemnify HotWax for any damages or claims arising from a violation of client’s obligations to comply with applicable Data Protection Law, in particular from a failure to provide notice to, and where required under applicable Data Protection Law obtain consent from, individuals as specified under Section 4(c) below.
- Client’s Obligations as a Data Controller. In addition to the obligations in Section 3, where client serves as a data Controller, client hereby agrees to:
- only provide instructions to HotWax that are lawful;
- comply with and perform its obligations under applicable Data Protection Law, including with regard to Data Subject rights, data security and confidentiality, ensuring an appropriate legal basis for the Processing of client Personal Data; and
- provide Data Subjects with all necessary information (including by means of offering a transparent and easily accessible public privacy notice) regarding, HotWax's and client's Processing of client Personal Data for the purposes described in the Agreement and this Addendum.
- HotWax's Obligations when Acting as a Data Processor or Service Provider
- Obligations. To the extent HotWax is acting as a Data Processor or Service Provider to client, HotWax will:
- Process client Personal Data solely: (1) to fulfill its obligations to client under the Agreement, including this Addendum; (2) on client’s behalf; and (3) in compliance with Data Protection Laws. HotWax will not “sell” client Personal Data (as such term in quotation marks is defined in applicable Data Protection Laws), “share” or Process client Personal Data for purposes of “cross-context behavioral advertising” or “targeted advertising” (as such terms in quotation marks are defined in applicable Data Protection Laws), or otherwise Process client Personal Data for any purpose other than for the specific purposes set forth herein or outside of the direct business relationship with client.
- Not attempt to link, identify, or otherwise create a relationship between client Personal Data and non-Personal Data or any other data without the express authorization of the client.
- Ensure that the persons it authorizes to Process client Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
- Taking into account the nature of the processing, assist the client by implementing appropriate technical and organizational measures, including but not limited to appropriate updates to software functionality or facilitation by support staff to ensure that client may respond to request(s) from Data Subjects exercising their rights under Data Protection Laws.
- To the extent applicable, promptly notify client of (i) any third-party or Data Subject complaints regarding the Processing of client Personal Data; or (ii) any government or Data Subject requests for access to or information about HotWax’s Processing of client Personal Data on client’s behalf, unless prohibited by applicable Data Protection Laws. HotWax will provide the client with reasonable cooperation and assistance in relation to any such request. If HotWax is prohibited by applicable Data Protection Laws from disclosing the details of a government request to client, HotWax shall inform client that it can no longer comply with client’s instructions under this Addendum without providing more details and await client’s further instructions.
- Provide reasonable assistance to and cooperation with client for client’s performance of a data protection impact assessment of Processing or proposed Processing of client Personal Data, when required by applicable Data Protection Laws, and at client’s reasonable expense.
- Provide reasonable assistance to and cooperation with client for client’s consultation with regulatory authorities in relation to the Processing or proposed Processing of client Personal Data, including complying with any obligation applicable to HotWax under Data Protection Laws to consult with a regulatory authority in relation to HotWax’s Processing or proposed Processing of client Personal Data.
- Security Incident. HotWax will notify client without undue delay (and in accordance with applicable law) of any known Security Incident and will assist client in client’s compliance with its Security Incident-related obligations, including without limitation:
- by taking commercially reasonable steps to mitigate the effects of the Security Incident and reduce the risk to Data Subjects whose Personal Data was involved;
- providing client with the following information, to the extent known and applicable: 1) the nature of the Security Incident, including, where possible, how the Security Incident occurred, the categories and approximate number of Data Subjects concerned, and the categories and approximate number of client Personal Data records concerned; 2) the likely consequences of the Security Incident; and 3) measures taken or proposed to be taken by HotWax to address the Security Incident, including, where appropriate, measures to mitigate its possible adverse effects.
- Return or Destruction of Personal Data. When the Agreement terminates or when HotWax ceases to process client Personal Data, upon client's request, HotWax shall either delete or return all client Personal Data, unless HotWax is required or authorized by applicable Data Protection Law to store client Personal Data for a longer period.
- Liability. Notwithstanding anything to the contrary in the Agreement or this Addendum, HotWax will not be liable for any claim made by a Data Subject arising from or related to HotWax's acts or omissions with respect to the Processing of client Personal Data, to the extent that HotWax was acting in accordance with client's instructions.
- Data Security.
- Measures taken to protect the Confidentiality and Integrity of client and End User Information:
- Access to the production environment is limited to authorized employees based on job function and business need. Production infrastructure is segregated from the non-production environment and from public-facing infrastructure.
- A Defense in Depth control strategy is implemented which includes multiple layers of perimeter defense around core application and database servers including network and application firewalls, load balancers, logical access restrictions, and threat monitoring and logging utilities.
- Personal Data is encrypted at rest and when in transit over the public internet. In the event that data cannot be encrypted at rest due to business purposes, compensating controls, including access controls, are established.
- Information Security Program: A written Information Security Program is maintained that is designed to help secure Personal Data against accidental or unlawful loss, access, or disclosure, identify reasonably foreseeable and internal risks to security and unauthorized access, and minimize security risks.
- Network Security: Access controls and policies are maintained to manage access from each network connection and user. Firewalls or functionality equivalent technology and authentication controls are utilized. Corrective action and incident response plans are utilized to respond to potential security threats.
- Periodic Reviews: Reviews of the security of the network and Information Security program are conducted on a regular basis against industry security standards. Upgrades and additions to protective measures are added as warranted by these reviews.
- Data Transfers
- HotWax will not engage in any cross-border Processing of client Personal Data, or transmit, directly or indirectly, any client Personal Data to any country outside of the country from which such client Personal Data was collected, without complying with applicable Data Protection Laws. Where HotWax engages in an onward transfer of client Personal Data, HotWax shall ensure that a lawful data transfer mechanism is in place prior to transferring client Personal Data from one country to another.
Addendum C - Subscription and Commercial Terms
- Applicability. This Addendum applies when Customer purchases a HotWax Commerce subscription through Provider’s online checkout, payment link, quote, invoice, or other self-serve ordering process. If Customer signs a separate order form, statement of work, or pricing addendum with Provider, the separately signed document controls to the extent it conflicts with this Addendum.
- Purchased Plan. Customer’s purchased subscription plan, including whether Customer purchases a Starter, Professional, Enterprise, or other available plan, is identified in the applicable checkout, payment link, quote, invoice, order form, or account record accepted by Customer.
- Fees and Billing. Subscription fees, billing frequency, payment timing, discounts, taxes, renewal terms, and payment method requirements are set forth in the applicable checkout, payment link, quote, invoice, order form, or other ordering record accepted by Customer. Provider may update generally available list prices from time to time, but changes to Customer’s active subscription will apply only as permitted by this Agreement and the applicable ordering record.
- Plan Limits and Included Services. Plan-specific limits, included order volume, included retail locations, feature access, implementation scope, onboarding options, support level, and other plan entitlements are set forth in the applicable checkout, payment link, quote, invoice, order form, statement of work, or published plan description accepted by Customer.
- Payment Method. Customer authorizes Provider and Provider’s payment processor to charge Customer’s selected payment method for subscription fees, applicable taxes, and any other agreed charges according to the billing cadence accepted at checkout or in the applicable ordering record.
- Overage and Expansion. If Customer’s usage exceeds the limits included in the selected plan or otherwise requires expanded services, Provider may require Customer to upgrade plans, enter into a custom enterprise order, or pay additional fees agreed in writing before expanded usage is supported.
- Enterprise and Custom Pricing. Enterprise subscriptions, custom implementation scopes, custom service levels, white-glove onboarding, and non-standard commercial terms require a separately agreed order form, statement of work, or pricing addendum.
- Taxes. Fees are exclusive of taxes unless stated otherwise. Customer is responsible for all applicable taxes, duties, levies, and similar governmental assessments, excluding taxes based on Provider’s income.