THESE TERMS OF SERVICE (“AGREEMENT” OR “TERMS OF SERVICE”) GOVERNS YOUR PURCHASE AND RECEIPT OF THE SERVICES OFFERED BY HAPPYFORCE, S.L. (“HAPPYFORCE”) AND SETS FORTH THE LEGALLY BINDING TERMS AND CONDITIONS FOR YOUR USE OF THE SITES AND THE SERVICE (EACH AS DEFINED BELOW). 

BY USING THE SUBSCRIPTION SERVICE, YOU AGREE TO BE BOUND BY THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THESE TERMS AND CONDITIONS. 

1. SERVICE

1.1. Service License

HAPPYFORCE grants Customer a nonexclusive, nontransferable right and license (without right to sublicense) during the Service term specified in the Order Form, to (a) access and use the Service as described in an Order Form, solely for Customer’s internal business purposes and (b) download, install and use the Customer Libraries in connection with Customer’s authorized use of the Service. The Service is made available to Customer solely as hosted by or on behalf of HAPPYFORCE, and nothing in this Agreement shall be construed to grant Customer any right to receive any copy of the Service or any software (other than the Customer Libraries). Customer’s access and use of the Service shall comply with all other conditions set forth in the Order Form and Documentation (such as, for example, any requirements regarding data formats, number of permitted users or prohibited uses).

1.2. Service Access and Availability

(a) Customer Systems. Customer is responsible for providing (i) all equipment, subscriptions and credentials necessary for HAPPYFORCE to receive the Customer Data and (ii) all servers, devices, storage, software (other than the Customer Libraries), databases, network and communications equipment and ancillary services needed to connect to, access or otherwise use the Service at its facility (collectively, “Customer Systems”). Customer shall ensure that all Customer Systems are compatible with the Service and comply with all configurations and specifications described in the Documentation.

(b) Service Access. As part of the implementation process, Customer will identify a primary administrative username and password that will be used to set up Customer’s account. Customer may use the administrative user name and password to create subaccounts for its Users (each with unique login IDs and passwords). Customer shall be responsible for the acts or omissions of any person who accesses the Service using passwords or access procedures provided to or created by Customer. HAPPYFORCE reserves the right to refuse registration of, or to cancel, login IDs that violate the terms and conditions set forth in this Agreement. Customer agrees to notify HAPPYFORCE immediately upon learning of any unauthorized use of Customer’s account or any other breach of security. From time to time, HAPPYFORCE’ personnel may log in to the Service under Customer’s account in order to maintain or improve the Service, including providing Customer assistance with technical or billing issues. Customer hereby acknowledges and consents to such access. This access will be always performed using a Happyforce administrative account and never logging into an individual’s user account or under a customer user’s identity.

1.3. Service Availability

 HAPPYFORCE will use commercially reasonable efforts to maintain the Service availability to send and receive data, subject to downtimes resulting from maintenance, repairs and upgrades. HAPPYFORCE will attempt to notify Customer electronically via the Service in advance of any planned downtime. Notwithstanding the foregoing, HAPPYFORCE will not be liable for any failures in the Service or any other problems which are related to (a) the Customer Data or Customer Systems or (b) outages to any telecommunications or public Internet backbones, networks or servers, or other equipment or service outside of HAPPYFORCE’ facilities or control. 

1.4. Service Support

HAPPYFORCE will provide Customer with telephone and e-mail support for Customer’s use of the Service during HAPPYFORCE’ regular business hours. Customer agrees that HAPPYFORCE is not responsible to provide support for any issues resulting from problems, errors or inquiries related to Customer Systems.

1.5. Professional Services

From time to time, Customer may request and HAPPYFORCE may agree to provide certain custom development, consulting, training or other professional services as mutually agreed to by the parties (“Professional Services”). The terms and conditions of any such arrangement for Professional Services shall be set forth in a separate statement of work executed by the parties that specifically references this Agreement (each, a “Statement of Work”), each of which shall be governed by the terms of this Agreement. Unless otherwise agreed to by the parties and set forth in the applicable Statement of Work, all intellectual property, and all rights embodied therein, that are created by HAPPYFORCE during the performance of Professional Services shall be owned solely and exclusively by HAPPYFORCE. 

2. FREE DEMO

If you are elegible for a free demo, we will make one or more Services available to Customer on a trial basis free of charge until the earlier of (a) the end of the free demo period for which Customer registered to use the applicable Services or (b) the start date of any Services subscriptions ordered by Customer for such Services or (c) termination by HAPPYFORCE in our sole discretion. Additional trial terms and conditions may appear on the trial registration web page. Any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding.

3. LICENSE RESTRICTIONS AND CUSTOMER OBLIGATIONS

3.1. Service License Restrictions

Customer shall not directly or indirectly: (i) use the Service or any of HAPPYFORCE Property or Confidential Information to create any service, software or documentation that performs substantially the same functionality as the Service, (ii) disassemble, decompile, reverse engineer or use any other means to attempt to discover any source code, algorithms or trade secrets underlying the Service (except and only to the extent these restrictions are expressly prohibited by applicable statutory law), (iii) encumber, sublicense, transfer, distribute, rent, lease, time-share or use any HAPPYFORCE Property in any service bureau arrangement or otherwise for the benefit of any third party, (iv) copy, reproduce, translate, adapt, combine, create derivative works of or otherwise vary or modify any HAPPYFORCE Property, or (v) use or allow the transmission, transfer, export, re-export or other transfer of any software, technology or information it obtains or learns pursuant to this Agreement in violation of any export control or other laws and regulations of the United States or any other relevant jurisdiction. 

3.2. Unauthorized Use of Service

Customer shall not directly or indirectly: (i) exceed the average per Monthly Active User in a month; (ii) use unique values or a continuous set of values as inputs to event attributes, (iii) interfere or attempt to interfere with the proper working of the Service or any activities conducted on the Service; (iv) bypass any privacy settings or measures HAPPYFORCE may use to prevent or restrict access to the Service (or other accounts, computer systems or networks connected to the Service); (v) run mail list, any form of auto-responder or “spam” on the Service; or (vi) use manual or automated software, devices, or other processes to “crawl” or “spider” any page of the Sites.

3.3. Privacy and Data Protection

Customer shall not provide any personally identifiable information relating to individual persons (“PII”) in connection with its use of the Service, unless HAPPYFORCE expressly agrees to receive such information and then solely as necessary in connection with Customer’s use of the Service. 

Each Party shall comply with its respective obligations under the Data Protection Legislation as set out in Annex A (Data Processing Agreement). 

4. ORDERS, FEES AND PAYMENTS

4.1. Order Form

The parties may enter into one or more Order Forms pursuant to this Agreement. Each Order Form shall specify the Service to be provided, Service Fees, the term during which the Service is to be provided, invoicing terms and any other terms mutually agreed to by the parties. HAPPYFORCE shall only be responsible to provide the Service identified in an Order Form for the term specified in the Order Form.

4.2. Service Fees

Customer shall pay a fee for the right to use the Service (“Service Fees”) in the amount and pursuant to the invoicing schedule set forth in the Order Form. Unless otherwise set forth in the Order Form, HAPPYFORCE shall invoice the Service Fees yearly in arrears.

4.3. Professional Services Fees

Customer shall pay for Professional Services at the rates and pursuant to the invoicing schedule set forth in the applicable Statement of Work.

4.4. Payment Terms

Payments shall be made in Euros at HAPPYFORCE’ address (or to an account specified by HAPPYFORCE), in full without set-off, counterclaim or deduction within thirty (30) days of the date of the invoice. Past due amounts which are not subject to a good faith dispute shall bear a late payment charge, until paid, at the rate of 1.5% per month or the maximum amount permitted by law, whichever is less. Customer agrees to reimburse HAPPYFORCE for all costs (including attorneys’ fees) incurred by HAPPYFORCE in collecting late payments. In addition to its other rights and remedies, HAPPYFORCE may, at its option, suspend Customer’s access to the Service or terminate this Agreement in the event that Customer is not current in the payment of fees owed to HAPPYFORCE.

4.5. Taxes

All payments required by this Agreement are exclusive of taxes, duties, tariffs, levies, withholdings and similar assessments (including without limitation, sales taxes, use taxes and value added taxes). All amounts payable by Customer hereunder, including all Service Fees, shall be grossed-up for any withholding taxes imposed by any foreign government on Customer’s payment of such amounts to HAPPYFORCE.

5. CONFIDENTIALITY 

5.1. Scope

“Confidential Information” means all financial, business, operational, marketing or technical information disclosed by or for a party in relation to this Agreement whether disclosed in tangible, written, oral or electronic form, which is of a nature that should reasonably be considered to be confidential and proprietary. Without limitation, (a) the Service, HAPPYFORCE Property and pricing information are HAPPYFORCE’ Confidential Information and (b) all Customer Data (including any PII) shall be deemed Customer’s Confidential Information for purposes of this Section 5. Confidential Information expressly excludes any information (other than PII) to the extent that a recipient can demonstrate such information is (a) already known by it prior to receipt for the disclosing party without restriction, (b) rightfully furnished to it without restriction by a third party not in breach of any obligation to the disclosing party, (c) generally available to the public without breach of this Agreement or (d) independently developed by the recipient without reference to or use of any of the disclosing party’s Confidential Information.

5.2. Confidentiality

Except for the specific rights expressly granted by this Agreement, the receiving party shall not use, copy or disclose any of the disclosing party’s Confidential Information without disclosing party’s prior written consent. The receiving party shall use the disclosing party’s Confidential Information solely for the purpose of exercising its rights and performing its obligations hereunder. The receiving party shall only disclose Confidential Information to its employees, contractors and agents (“Representatives”) who have a need to know for the purposes of this Agreement and are bound by substantially similar confidentiality obligations and shall use reasonable care to safeguard the disclosing party’s Confidential Information. Each party shall be responsible for any breach of confidentiality by its Representatives, as applicable. Promptly upon the disclosing party’s request at any time, the receiving party shall return all of the disclosing party’s tangible Confidential Information, permanently erase all Confidential Information in electronic form and destroy all information, records, copies, summaries, analyses and materials developed therefrom. Each party may disclose the general nature, but not the specific terms, of this Agreement without the prior consent of the other party; provided, however, that either party may provide a copy of this Agreement or otherwise disclose its terms on a confidential basis in connection with any financing transaction or due diligence inquiry.

5.3. Compelled Disclosure

Nothing herein shall prevent a party from disclosing this Agreement or any of the other’s Confidential Information as necessary pursuant to any court order or any legal, regulatory, law enforcement or similar requirement or investigation; provided, prior to any such disclosure, the receiving party shall use reasonable efforts to (a) promptly notify the disclosing party in writing of such requirement to disclose and (b) cooperate with the disclosing party in protecting against or minimizing any such disclosure or obtaining a protective order.

6. PROPRIETARY RIGHTS

6.1. Results and Customer Data

Customer shall own all right, title and interest (including all intellectual property and other proprietary rights) in and to the Results, Customer Data and Customer Systems. Customer hereby grants HAPPYFORCE a nonexclusive, royalty-free right and license to access, use, copy, process and store the Customer Data solely for the purpose of providing the Service. Customer agrees that the Service depends on the availability of the Customer Data. Customer will be solely responsible for all Customer Data collected from Users as a result of Customer’s use of the Service including the accuracy and completeness of such information. Unless otherwise set forth in the Order Form, HAPPYFORCE shall not have any obligation to store any Customer Data or Results. Except for the limited rights and licenses expressly granted hereunder, no other license is granted, no other use is permitted and Customer shall retain all right, title and interest (including all intellectual property and proprietary rights embodied therein) in and to the Results, Customer Data and Customer Systems. 

6.2. Service Feedback

Customer may, from time to time and in its sole discretion, make suggestions for changes, modifications or improvements to the Service at support@myhappyforce.com or http://myhappyforce.uservoice.com (“Feedback”). All Feedback shall be solely owned by HAPPYFORCE (including all intellectual property rights therein and thereto) and shall also be HAPPYFORCE’ Confidential Information. Customer shall and hereby does make all assignments necessary to achieve such ownership.

6.3. HAPPYFORCE Property

The Customer acknowledges and agrees that the HAPPYFORCE Platform, including software, hardware and related documents, has been created by HAPPYFORCE, who will maintain all intellectual property rights, patent rights or any other rights over the HAPPYFORCE Platform, and that it shall not be the object of ulterior modification, copy, alteration, reproduction, adaptation or translation by the Customer.

The structure, characteristics, codes, work methodology, information systems, development tools, know-how, methodologies, processes, technologies or algorithms of the HAPPYFORCE Platform are the property of HAPPYFORCE, or its providers, having been, when the latter, object of license or assignment by them, and are protected by the Spanish and international rules of intellectual property and patent rights, and cannot be the object of ulterior modification, copy, alteration, reproduction, adaptation or translation by the Customer. 

The provision by the Customer of the HAPPYFORCE Platform does not mean, in any case, the assignment of its ownership or the grant of a right of use in favor of the Customer other than the one set forth in this Agreement or the Order Forms.

To the extent that HAPPYFORCE includes any HAPPYFORCE Property in the Results (including the Report Template), then subject to all terms and conditions of this Agreement, HAPPYFORCE agrees to grant Customer (without the right to sublicense) a nonexclusive, nontransferable, royalty-free right and license to use such HAPPYFORCE Property, including the HAPPYFORCE Platform, as combined with or embodied in the applicable Results, solely for Customer’s internal business purposes in connection with its use of the Results. Except for the limited rights and licenses expressly granted hereunder, no other license is granted, no other use is permitted and HAPPYFORCE (and its licensors) shall retain all right, title and interest (including all intellectual property and proprietary rights embodied therein) in and to the Service and the HAPPYFORCE Properties.

6.4. General Learning, Aggregate Data. 

Customer agrees that HAPPYFORCE is free to (i) collect, use and create derivative works of data regarding Service usage and performance derived from the Results; (ii) aggregate such data with other data to create compilations and analysis of such data (the “Aggregated Data”); and (iii) use, copy, modify, create derivative works of, publish and disclose such Aggregated Data in a manner that does not directly or indirectly identify Customer or any individual person. HAPPYFORCE shall own all right, title and interest to the Aggregated Data and any derivative works thereof. In addition, HAPPYFORCE shall be free to reuse all general knowledge, experience, know-how, works and technologies (including ideas, concepts, processes and techniques) related to the Results or acquired during provision of the Service (including without limitation, that which it could have acquired performing the same or similar services for another customer).

7. WARRANTIES AND DISCLAIMERS

7.1. Customer Data

Customer represents and warrants that it owns all right, title and interest, or possesses sufficient license rights, in and to the Customer Data and PII as may be necessary to permit the use contemplated under this Agreement.

7.2. Service

HAPPYFORCE represents and warrants to Customer that the Service will be provided in a professional manner in accordance with the terms of this Agreement and the Documentation. Any warranty claim under this Section 7.2 must be made in writing within thirty (30) days after performance of the portion of the Services giving rise to the claim. HAPPYFORCE’ sole liability and Customer’s exclusive right and remedy for a breach of such warranty is for HAPPYFORCE to correct or re-perform the nonconforming Service.

7.3. Disclaimers

EXCEPT AS SPECIFICALLY PROVIDED FOR IN THIS SECTION 7, TO THE FULLEST EXTENT PERMITTED BY LAW, EACH PARTY HEREBY DISCLAIMS (FOR ITSELF, ITS AFFILIATES AND THEIR SUPPLIERS) ALL REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS OR IMPLIED, ORAL OR WRITTEN, INCLUDING WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE AND ALL WARRANTIES ARISING FROM ANY COURSE OF DEALING, COURSE OF PERFORMANCE OR USAGE OF TRADE. WITHOUT LIMITING THE FOREGOING, HAPPYFORCE MAKES NO WARRANTY THAT THE SERVICE WILL MEET CUSTOMER’S REQUIREMENTS OR BE UNINTERRUPTED, ERROR-FREE OR BUG-FREE.

8. INDEMNIFICATION

8.1. HAPPYFORCE Infringement Indemnity

Except as provided below, HAPPYFORCE agrees to (a) defend Customer against any allegation demand, claim, action, proceeding or suit (each, a “Claim”) by a third party that Customer’s authorized use of the Service infringes any US patent or copyright or misappropriates any trade secret of such third party and (b) indemnify Customer for settlement amounts or damages, liabilities, costs and expenses (including reasonable attorneys’ fees, “Loss(es)”) awarded to such third party by a court of competent jurisdiction or agreed to as part of a monetary settlement arising out of such Claim; provided, that (i) Customer promptly provides HAPPYFORCE with written notice thereof and reasonable cooperation, information, and assistance in connection therewith, and (ii) HAPPYFORCE shall have sole control and authority to defend, settle or compromise such Claim. If the Service becomes or, in HAPPYFORCE’ opinion, is likely to become, the subject of any injunction preventing its use as contemplated herein, HAPPYFORCE may, at its option (1) obtain for Customer the right to continue using the Service or (2) replace or modify the Service so that it becomes non-infringing without substantially compromising its principal functions. If (1) and (2) are not reasonably available to HAPPYFORCE, then it may terminate this Agreement upon written notice to Customer and refund to Customer any unused prepaid Service Fees, pro-rated for the remainder of the prepaid period. HAPPYFORCE shall have no liability or obligation to Customer hereunder with respect to any Claim or Loss to the extent based upon (a) any unauthorized use of the Service, (b) any modification or combination of the Service with data, software, hardware, or systems not provided by HAPPYFORCE, (c) any portion of the Service that implements Customer’s specific requirements, (d) Customer’s continuing allegedly infringing activity after being notified to cease use as provided for herein or (e) Customer’s continuing use of any version of the HAPPYFORCE Properties after being provided modifications that would have avoided the alleged infringement. The foregoing states the sole and exclusive liability of HAPPYFORCE, and Customer’s sole and exclusive remedy, with respect to any actual or alleged violation of intellectual property rights by the Service or any part thereof or by its use or operation.

8.2. Customer Indemnity

Customer agrees to (i) defend HAPPYFORCE against any Claim by a third party that results from or arises out of (a) any breach by Customer of any of its obligations in Section 3.3 hereof, (b) any breach by Customer of its representations and warranties set forth in Section 7.1 hereof, or (c) any violation of any third party’s (including any of Customer’s Users) privacy right or PII arising out of Customer’s use of the Service; and (ii) indemnify HAPPYFORCE for any Losses awarded by a court of competent jurisdiction or agreed to as part of a monetary settlement and arising out of such Claim; provided, that (i) HAPPYFORCE promptly provides Customers with written notice thereof and reasonable cooperation, information, and assistance in connection therewith, and (ii) Customer shall have sole control and authority to defend, settle or compromise such Claim.

9. LIMITATION OF LIABILITY

IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY CONCERNING THE SUBJECT MATTER OF THIS AGREEMENT, REGARDLESS OF THE FORM OF ANY CLAIM OR ACTION (WHETHER IN CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE), FOR ANY (A) LOSS OR INACCURACY OF OR DAMAGE TO DATA, LOSS OR INTERRUPTION OF USE, OR COST OF PROCURING SUBSTITUTE TECHNOLOGY, GOODS OR SERVICES, (B) INDIRECT, PUNITIVE, INCIDENTAL, RELIANCE, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING, BUT NOT LIMITED TO, LOSS OF BUSINESS, REVENUES, PROFITS AND GOODWILL, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR (C) DAMAGES, IN THE AGGREGATE, IN EXCESS OF THE TOTAL OF THE AMOUNTS PAID TO IT (IN THE CASE OF HAPPYFORCE) OR THE TOTAL OF THE AMOUNTS PAID AND PAYABLE HEREUNDER (IN THE CASE OF CUSTOMER) DURING THE THEN CURRENT TERM OF THE ORDER FORM GIVING RISE TO THE CLAIM. THESE LIMITATIONS ARE INDEPENDENT FROM ALL OTHER PROVISIONS OF THIS AGREEMENT AND SHALL APPLY NOTWITHSTANDING THE FAILURE OF ANY REMEDY PROVIDED HEREIN. THE LIMITATIONS SET FORTH IN THIS SECTION SHALL NOT APPLY TO ANY BREACH OF CONFIDENTIALITY OR PROPRIETARY RIGHTS OR FOR COST OF DEFENSE OR LIABILITIES ARISING OUT OF A PARTY’S INDEMNIFICATION OBLIGATIONS HEREUNDER.

10. TERM AND TERMINATION

10.1. Term of Agreement

This Agreement shall commence on the Effective Date and continue in effect thereafter until the later of (i) such time as a party provides thirty (30) days prior written notice of termination to the other party if there is no Order Form(s) then in effect or (ii) if there is one or more existing Order Form(s) then in effect, upon the expiration of the last to expire of such existing Order Forms.

10.2. Term of Order Form

Initial term shall be the term stated in the Order Form (the “Initial Term”). Thereafter, the Order Form will be extended automatically for additional terms of one (1) year each (each “Renewal Term”) at the end of the Initial Term and each Renewal Term (the Initial Term and all Renewal Term, collectively, as the “Term”), unless either party gives written notice of non-renewal at least thirty (30) days prior to the end of the then current Term. An Order Form shall not be subject to termination except as provided in Section 10.3 hereof.

10.3. Termination of Order Form

An Order Form may be earlier terminated by either party (a) if the other party materially breaches a material term of this Agreement or the Order Form and fails to cure such breach within thirty (30) days after receiving written notice of such breach from the other party, or (b) immediately upon written notice, if the other party makes any assignment for the benefit of creditors, or a receiver, trustee in bankruptcy or similar officer is appointed to take charge of any or all of the other party’s property, or the other party seeks protection under any bankruptcy, receivership, trust deed, creditors arrangement, composition or comparable proceeding or such a proceeding is instituted against the other party and is not dismissed within ninety (90) days, or the other party becomes insolvent or, without a successor, dissolves, liquidates or otherwise fails to operate in the ordinary course.

10.4. Effects of Termination

Upon any expiration or termination of this Agreement, all rights, obligations and licenses of the parties shall cease, except that all obligations that accrued prior to the effective date of termination (including without limitation, all payment obligations) and all remedies for breach of this Agreement shall survive, confidentiality, proprietary rights provisions, warranties and disclaimers), indemnification, limitation of liability, and general provisions shall survive. HAPPYFORCE has no obligation to retain any Customer Data or Results after the Term and will destroy all Customer Data and Results in its possession within ninety (90) days after the end of the Term; provided, upon Customer’s written request received within thirty (30) days after termination, HAPPYFORCE will deliver to Customer a copy of the Customer Data then currently stored by HAPPYFORCE (in the same format maintained by HAPPYFORCE).

11. GENERAL CLAUSES

11.1. Entire Agreement

This Agreement (including the Order Form and all Statements of Work) constitutes the entire agreement, and supersedes all prior negotiations, understandings or agreements (oral or written), between the parties about the subject matter of this Agreement. Any inconsistent or additional terms on any related purchase order, confirmation or similar form, even if signed by the parties after the date hereof, shall have no force or effect under this Agreement. No waiver, consent or modification of this Agreement shall bind either party unless in writing and signed by the party against which enforcement is sought. The failure of either party to enforce its rights under this Agreement at any time for any period will not be construed as a waiver of such rights. If any provision of this Agreement is determined to be illegal or unenforceable, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. Any use of the terms “include,” “included” or “including” shall also be deemed to mean “but not limited to” or “without limitation.”

11.2. Governing Law and Dispute Resolution

This Agreement shall be governed by and construed in accordance with the laws of Spain, without regard to its conflicts of law provisions. Neither the United Nations Convention on Contracts for the International Sale of Goods nor any implementation of the Uniform Computer Information Transactions Act in any jurisdiction shall apply to this Agreement. Except with respect to claims for injunctive or other equitable relief, which may be brought at any time before any court of competent jurisdiction, in the event of any dispute arising from or relating to the subject matter of this Agreement, the senior executive officers of the parties shall meet within thirty (30) days following receipt of notice of such dispute, and shall use good faith efforts to attempt to amicably resolve the dispute within such thirty (30) day period. In the event the parties are unable to amicably resolve the dispute within such thirty (30) day period, the Parties expressly agree to submit to the jurisdiction of the Courts of Barcelona (Spain), and expressly waive any other jurisdiction to which they may be entitled.

 

In any action or proceeding to enforce or interpret this Agreement, the prevailing party will be entitled to recover from the other party its costs and expenses (including reasonable attorneys’ fees) incurred in connection with such action or proceeding and enforcing any judgment or order obtained.

11.3. Compliance with Laws

Each party shall comply with all applicable, laws and regulations in connection with the performance of its obligations and the exercise of its rights under this Agreement.

11.4. Remedies

Except as specifically provided otherwise, each right and remedy in this Agreement is in addition to any other right or remedy, which may be available at law or in equity. Each party agrees that, in the event of any breach or threatened breach of Section 5 (Confidentiality) or 6 (Proprietary Rights) or the scope of any license granted hereunder, the non-breaching party will suffer irreparable damage for which it will have no adequate remedy at law. Accordingly, the non-breaching party shall be entitled to seek injunctive and other equitable remedies to prevent or restrain such breach or threatened breach, without the necessity of posting any bond.

11.5. Force Majeure

In the event that either party is prevented from performing, or is unable to perform, any of its obligations under this Agreement (except payment obligations) due to any cause beyond its reasonable control, the affected party shall give written notice thereof to the other party and its performance shall be extended for the period of delay or inability to perform due to such occurrence.

11.6. Publicity

HAPPYFORCE will not use Customer’s trademarks, service marks and logos (“Customer Marks”) in press releases or as a testimonial without obtaining Customer’s prior written approval. Customer hereby consents to inclusion of its name and logos in customer lists that may be published as part of HAPPYFORCE’ marketing and promotional efforts.

11.7. Notices

Any notice or communication hereunder shall be in writing and either personally delivered or recognized express delivery courier or certified or registered mail, prepaid and return receipt requested, addressed to the other party at its address specified herein, or at such other address designated in a subsequent notice. All notices shall be in English, effective upon receipt. 

11.8. Assignment

Except as expressly provided herein, this Agreement and the rights and obligations hereunder may not be assigned, in whole or in part, by either party without the other party’s written consent. However, without consent, each party may assign this Agreement to any successor to all or substantially all of its business that concerns this Agreement (whether by sale of assets or equity, merger, consolidation or otherwise). Any assignment in violation of this Section 11.8 shall be deemed null and void ab initio. HAPPYFORCE may use contractors and other third party service providers in performing the Service provided that HAPPYFORCE shall be liable for the acts and omissions of its subcontractors to the same extent as for its own acts and omissions. This Agreement shall be binding upon, and inure to the benefit of, the successors, representatives and permitted assigns of the parties hereto.

11.9. Independent Contractors

The parties shall be independent contractors under this Agreement, and nothing herein will constitute either party as the employer, employee, agent or representative of the other party, or both parties as joint venturers or partners for any purpose.

11.10. Severability

If any Term of this Agreement is deemed invalid or unenforceable, in whole or in part, such invalidity or unenforceability will only affect such provision or the part thereof that is deemed invalid or unenforceable, surviving in force the rest of the terms of the Agreement, and considering the affected provision or the part affected by it as not included.

11.11. No Third-Party Beneficiaries

This Agreement does not confer any benefits on any third party unless it expressly states that it does

11.12. Miscellaneous

This Agreement may be executed in counterparts, which, taken together, will constitute one and the same instrument. The exchange of a fully executed Agreement (in counterparts or otherwise) by electronic means or in writing shall be sufficient to bind the parties to the terms and conditions of this Agreement.

12. DEFINITIONS

12.1. “Customer” means the customer.

12.2. “Customer Data” means all information, data and other content provided by Customer in connection with its authorized use of the Service, including, without limitation, all data and information transmitted to the Service via the Customer Libraries.

12.3. “Customer Libraries” means the customer libraries provided by HAPPYFORCE and installed within Customer’s application(s) for the purpose of collecting Customer Data and sending such Customer Data to HAPPYFORCE’ servers. 

12.4. “Documentation” means the implementation guides; help information and other User documentation regarding the Service that is provided by HAPPYFORCE to Customer in electronic or other form.

12.5. “HAPPYFORCE Platform” means the end-to-end platform owned by HAPPYFORCE that boosts employees' engagement helping companies to understand what makes them happy at work. Capture anonymous feedback in real time through the apps installed in.

12.6. “HAPPYFORCE Property” means all ideas, concepts, inventions, systems, platforms, software, interfaces, tools, utilities, templates, forms, techniques, methods, processes, algorithms, know-how, trade secrets and other technologies and information acquired, created, developed or licensed by HAPPYFORCE prior to or outside the scope of this Agreement and any improvement, modification, extension or other derivative works thereof and all intellectual property rights thereto including without limitation the Service, Customer Libraries, Documentation, Report Templates, and Aggregate Data. HAPPYFORCE Property excludes Customer Data and Results.

12.7. “Monthly Active User” means each individual installation of a Customer application that can transmit Customer Data during the billing period. 

12.8. “Order Form” shall mean an order form referencing this Agreement that has been mutually agreed to and executed by the parties.

12.9. “Report Template” means the content, formatting, look and feel of the templates used for the reports, charts, graphs and other presentation in which the Results are presented to Customer.

12.10. “Results” means the work product resulting from the Service delivered to Customer by HAPPYFORCE through the Service, to the extent based on the Customer Data. Results expressly exclude all HAPPYFORCE Property.

12.11. “Service” means HAPPYFORCE’ service of measuring anonymously happiness and employee productivity (including any HAPPYFORCE Property used to provide such service), as hosted by or on behalf of HAPPYFORCE and provided to Customer under this Agreement, as identified in an Order Form, as updated from time to time by HAPPYFORCE in its sole discretion.

12.12. “Sites” means websites operated by HAPPYFORCE that are made accessible to Customer under this Agreement.

12.13. “User” means an individual who is authorized by Customer to use a Service, for whom Customer has purchased a subscription (or in the case of any Services provided by us without charge, for whom a Service has been provided), and to whom Customer (or, when applicable, HAPPYFORCE at your request) have supplied a user identification and password (for Services utilizing authentication). Users may include, for example, Customers’ employees, consultants, contractors and agents, and third parties which Customer transact business.

______________________________________________________________

 Annex A 

DATA PROCESSING ADDENDUM
(HAPPYFORCE AS VENDOR)

This Data Processing Addendum (“DPA” or "Addendum") forms part of the main agreement ("Principal Agreement") entered into between both parties (Client & Happyforce S.L.).

HAPPYFORCE enters into this DPA on behalf of itself and, to the extent required under applicable Data Protection Laws, in the name and on behalf of any authorized Subprocessor. 

In the course of providing the Services to Client by HAPPYFORCE pursuant to the Principal Agreement, HAPPYFORCE may process Personal Data on behalf of Client and the Parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.

The terms used in this Addendum shall have the meanings set forth in this Addendum. Capitalized terms not otherwise defined herein shall have the meaning given to them in the Principal Agreement. Except as modified below, the terms of the Principal Agreement shall remain in full force and effect.

In consideration of the mutual obligations set out herein, the parties hereby agree that the terms and conditions set out below shall be added as an Addendum to the Principal Agreement. Except where the context requires otherwise, references in this Addendum to the Principal Agreement are to the Principal Agreement as amended by, and including, this Addendum.

1.OBJECT

1.1. The present Addendum regulates the terms and conditions that will apply to the treatment of Personal Data that HAPPYFORCE may have access by virtue of the Services.

1.2. For the purposes of the present Addendum, terms shall have the meanings set out in Annex 1.2.

2.PROCESSING OBJECTIVES

2.1. HAPPYFORCE undertakes to process personal data on behalf of the Company in accordance with the conditions laid down in this DPA. The processing will be executed exclusively within the framework of the Agreement, and for all such purposes as may be agreed to subsequently. 

2.2. HAPPYFORCE shall refrain from making use of the personal data for any purpose other than as specified by the Company. The Company will inform HAPPYFORCE of any such purposes which are not contemplated in this DPA.

2.3. All personal data processed on behalf of the Company shall remain the property of the Company and/or the relevant Data subjects.

2.4. HAPPYFORCE shall take no unilateral decisions regarding the processing of the personal data for other purposes, including decisions regarding the provision thereof to third parties and the storage duration of the data.

2.5. Annex 2.5 to this Addendum sets out certain information regarding the Contracted Processors' Processing of the Company Personal Data as required by article 28(3) of the GDPR (and, possibly, equivalent requirements of other Data Protection Laws). Company may make reasonable amendments to Annex 2.5 by written notice to HAPPYFORCE from time to time as Company reasonably considers necessary to meet those requirements. Nothing in Annex 2.5 confers any right or imposes any obligation on any party to this Addendum.

3.HAPPYFORCE’S OBLIGATIONS

3.1. HAPPYFORCE shall warrant compliance with the applicable laws and regulations, including laws and regulations governing the protection of personal data.

3.2. HAPPYFORCE shall furnish the Company promptly on request with details regarding the measures it has adopted to comply with its obligations under this Addendum.

3.3. HAPPYFORCE’s obligations arising under the terms of this Addendum apply also to whomsoever processes Company Personal Data under HAPPYFORCE’s instructions. 

4.HAPPYFORCE AND HAPPYFORCE AFFILIATE PERSONNEL

4.1. HAPPYFORCE and each HAPPYFORCE Affiliate shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to the Company Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know or access the relevant Company Personal Data, as strictly necessary for the purposes of the Principal Agreement, and to comply with Applicable Laws in the context of that individual's duties to the Contracted Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

5.SECURITY

5.1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, HAPPYFORCE and each HAPPYFORCE Affiliate shall implement appropriate technical and organizational measures to protect the Data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorized disclosure of, or access to the Data. At a minimum, such measures shall include the security measures identified Annex 5.1 

5.2. In assessing the appropriate level of security, HAPPYFORCE and each HAPPYFORCE Affiliate shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.

6.SUBPROCESSING

6.1. Company acknowledges and agrees that HAPPYFORCE shall use Subprocessors (including HAPPYFORCE Affiliates) as set out in the then-current Subprocessor (meaningcloud, indico.io, mlab, onesignal and Intercom) to provide the Services. 

6.2. HAPPYFORCE shall enter into a written agreement with each such Subprocessor that imposes obligations on the Subprocessor that are substantially similar to those imposed on HAPPYFORCE under this Addendum. HAPPYFORCE shall only retain Subprocessors that HAPPYFORCE can reasonably expect to appropriately protect the privacy, confidentiality and security of the Personal Data. 

7.DATA SUBJECT RIGHTS

7.1. Taking into account the nature of the Processing, HAPPYFORCE and each HAPPYFORCE Affiliate shall assist each Company Group Member by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Company Group Members' obligations, as reasonably understood by Company, to respond to requests to exercise Data Subject rights under the Data Protection Laws.

7.2. HAPPYFORCE shall:

7.2.1. Promptly notify Company if any Contracted Processor receives a request from a Data Subject under any Data Protection Law in respect of Company Personal Data.

7.2.2. Ensure that the Contracted Processor does not respond to that request except on the documented instructions of Company or the relevant Company Affiliate or as required by Applicable Laws to which the Contracted Processor is subject, in which case HAPPYFORCE shall to the extent permitted by Applicable Laws inform Company of that legal requirement before the Contracted Processor responds to the request.

8.PERSONAL DATA BREACH

8.1. HAPPYFORCE shall notify Company without undue delay upon HAPPYFORCE or any Subprocessor becoming aware of a Personal Data Breach affecting Company Personal Data, providing Company with sufficient information to allow each Company Group Member to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.

 

8.2. HAPPYFORCE shall co-operate with Company and each Company Group Member and take such reasonable commercial steps as are directed by Company to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

9.HAPPYFORCE ASSISTANCE

9.1. HAPPYFORCE will assist the Company in ensuring compliance with its obligations pursuant to articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to HAPPYFORCE

10.DELETION OR RETURN OF COMPANY PERSONAL DATA

10.1. Upon termination or expiry of the Agreement, HAPPYFORCE shall (at Company's election) destroy or return to Company all Company Personal Data (including all copies of the Data) in its possession or control (including any data subcontracted to a third party for processing). This requirement shall not apply to the extent that HAPPYFORCE is required by any applicable law to retain some or all of the Data, in which event HAPPYFORCE shall isolate and protect the Data from any further processing except to the extent required by such law. 

10.2. Upon request by Company, HAPPYFORCE shall provide a written certification that it has complied with the requirements of this Section signed by an officer of HAPPYFORCE.

11.COMPLIANCE DEMONSTRATION

11.1. HAPPYFORCE shall make available to the Company the information necessary to demonstrate compliance with the obligations laid down in article 28 of the GDPR and, if needed, allow to audits conducted by the Company that is not a competitor of HAPPYFORCE.

12.RESTRICTED TRANSFERS

12.1. Each Company Group Member (as "data exporter") and each Contracted Processor, as appropriate, (as "data importer") will enter into the Standard Contractual Clauses in respect of any Restricted Transfer from that Company Group Member to that Contracted Processor.

12.2. The Standard Contractual Clauses shall come into effect on the later of: 

12.2.1. The data exporter becoming a party to them.

12.2.2. The data importer becoming a party to them. 

12.2.3. Commencement of the relevant Restricted Transfer.

12.3. Section 12.1 shall not apply to a Restricted Transfer unless its effect, together with other reasonably practicable compliance steps (which, for the avoidance of doubt, do not include obtaining consents from Data Subjects), is to allow the relevant Restricted Transfer to take place without breach of applicable Data Protection Law.

12.4. HAPPYFORCE warrants and represents that, before the commencement of any Restricted Transfer to a Subprocessor which is not a HAPPYFORCE Affiliate, HAPPYFORCE's or the relevant HAPPYFORCE Affiliate’s entry into the Standard Contractual Clauses, and agreement to variations to those Standard Contractual Clauses, as agent for and on behalf of that Subprocessor will have been duly and effectively authorized (or subsequently ratified) by that Subprocessor.

13.GENERAL TERMS

13.1. Governing law and jurisdiction

13.1.1. The Addendum and the implementation thereof will be governed by Spanish law.

13.1.2 .Any dispute which may arise in connection with and/or arising from this Addendum shall be governed by the courts of the City of Barcelona (Spain).

13.2. Order of precedence

13.2.1. Nothing in this Addendum reduces HAPPYFORCE's or any HAPPYFORCE Affiliate’s obligations under the Principal Agreement in relation to the protection of Personal Data or permits HAPPYFORCE or any HAPPYFORCE Affiliate to Process (or permit the Processing of) Personal Data in a manner which is prohibited by the Principal Agreement. In the event of any conflict or inconsistency between this Addendum and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail. 

13.2.2. Subject to section 13.2, with regard to the subject matter of this Addendum, in the event of inconsistencies between the provisions of this Addendum and any other agreements between the parties, including the Principal Agreement and including (except where explicitly agreed otherwise in writing, signed on behalf of the parties) agreements entered into or purported to be entered into after the date of this Addendum, the provisions of this Addendum shall prevail.

13.3. Severance

13.3.1. Should any provision of this Addendum be invalid or unenforceable, then the remainder of this Addendum shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.

IN WITNESS WHEREOF, this Addendum is entered into and becomes a binding part of the Principal Agreement with effect from the date that the Order Form was signed by both parties (Client & Happyforce S.L.)

ANNEX 1.2: DEFINITIONS

In this Addendum, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly: 

1. "Applicable Laws" means (a) European Union or Member State laws with respect to any Company Personal Data in respect of which any Company Group Member is subject to EU Data Protection Laws; and (b) any other applicable law with respect to any Company Personal Data in respect of which any Company Group Member is subject to any other Data Protection Laws;

2. "Company Affiliate" means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Company, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise; 

3. "Company Group Member" means Company or any Company Affiliate;

4. "Company Personal Data" means any Personal Data Processed by a Contracted Processor on behalf of a Company Group Member pursuant to or in connection with the Principal Agreement; 

5. "Contracted Processor" means HAPPYFORCE or a Subprocessor;

6. "Data Protection Laws" means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;

7. "EEA" means the European Economic Area;

8. "EU Data Protection Laws" means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;

9. "GDPR" means EU General Data Protection Regulation 2016/679;

10. "Restricted Transfer" means:

(i) a transfer of Company Personal Data from any Company Group Member to a Contracted Processor; or

(ii) an onward transfer of Company Personal Data from a Contracted Processor to a Contracted Processor, or between two establishments of a Contracted Processor

In each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws) in the absence of (i) the Standard Contractual Clauses, or (ii) a self-certification to the Privacy Shield (to be maintained for so long as HAPPYFORCE processes the Company Personal Data), assuming that the scope of such self-certification covers all Company Personal Data that HAPPYFORCE processes under the Agreement and this Addendum, and HAPPYFORCE agrees to comply with the Privacy Shield Principles when processing any such Company Personal Data.

11. "Services" means the services and other activities to be supplied to or carried out by or on behalf of HAPPYFORCE for Company Group Members pursuant to the Principal Agreement;

12. "Standard Contractual Clauses" means the standard contractual clauses which are adopted either directly by the Commission or by a supervisory authority in accordance with art. 28.7 and 28.8 of the GDPR;

13. "Subprocessor" means any person (including any third party and any HAPPYFORCE Affiliate, but excluding an employee of HAPPYFORCE or any of its sub-contractors) appointed by or on behalf of HAPPYFORCE or any HAPPYFORCE Affiliate to Process Personal Data on behalf of any Company Group Member in connection with the Principal Agreement; and

14. "HAPPYFORCE Affiliate" means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with HAPPYFORCE, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise.

1.2. The terms, "Commission", "Controller", "Data Subject", "Member State", "Personal Data", "Personal Data Breach", "Processing" and "Supervisory Authority" shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.

1.3The word "include" shall be construed to mean include without limitation, and cognate terms shall be construed accordingly. 

ANNEX 2.5: DETAILS OF PROCESSING OF COMPANY PERSONAL DATA 

This Annex 2.5 includes certain details of the Processing of Company Personal Data as required by Article 28(3) GDPR.

Subject matter and duration of the Processing of Company Personal Data

The subject matter and duration of the Processing of the Company Personal Data are set out in the Principal Agreement and this Addendum. 

The nature and purpose of the Processing of Company Personal Data

Providing the Services to Client by HAPPYFORCE pursuant to the Principal Agreement.

Data subjects

The Client current and former employees. 

Categories of data

Corporate/personal emails address, age, name and surname, gender, bank accounts, credit cards. 

Special categories of data (if appropriate)

Client is prohibited under the DPA from submitting special categories of data or any other sensitive personal information to the Services.

Processing operations

The objective of processing of Personal Data by data importer is the performance of the covered Services pursuant to the Principal Agreement and any other document.

 

ANNEX 5.1 DESCRIPTION OF THE TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES TO BE IMPLEMENTED BY THE VENDOR

1. Information Security Program (ISP)

Vendor will maintain an ISP designed to (a) help Client secure Personal Data against accidental or unlawful loss, access or disclosure, (b) identify reasonably foreseeable and internal risks to security and unauthorized access to the Vendor Network (defined below), and (c) minimize security risks, including through risk assessment and regular testing. Vendor will appoint an employee to be accountable for the ISP.

1.1.Network Security
The Vendor Network will be accessible to employees, contractors and any other person as required to provide the data processing services. Vendor will maintain access controls and policies to manage access to the Vendor Network from each network connection and user, including the use of authentication controls, firewalls or Intrusion Detection systems. Vendor will maintain security incident response plans to handle potential security incidents. 

1.2.Physical Security
Physical components of the Vendor Network are housed in facilities (“Facilities”) controlled by an ISO 27001 certified company (i.e. Amazon Web Services) or in Facilities which meet or exceed all of the following physical security requirements:

(i) Physical Access Controls. Physical barrier controls are used to prevent unauthorized entrance to the Facilities both at the perimeter and at building access points. Passage through the physical barriers at the Facilities requires either electronic access control validation (e.g., card access systems, etc.) or validation by human security personnel (e.g., contract or in-house security guard service, receptionist, etc.). Employees and contractors are assigned photo-ID badges that must be worn while the employees and contractors are at any of the Facilities. Visitors are required to sign-in with designated personnel, must show appropriate identification, are assigned a visitor ID badge that must be worn while the visitor is at any of the Facilities, and are continually escorted by authorized employees or contractors while visiting the Facilities. 

(ii) Limited Employee and Contractor Access. Vendor provides access to the Facilities to those employees and contractors who have a legitimate business need for such access privileges. When an employee or contractor no longer has a business need for the access privileges assigned to him/her, the access privileges are promptly revoked, even if the employee or contractor continues to be an employee of Vendor or its affiliates. 

(iii) Physical Security Protections. All access points (except for main entry doors) are maintained in a locked state. Access points to the Facilities are monitored by video surveillance cameras designed to record all individuals accessing the Facilities. Vendor also maintains electronic intrusion detection systems designed to detect unauthorized access to the Facilities, including monitoring points of vulnerability (e.g., primary entry doors, emergency egress doors, roof hatches, dock bay doors, etc.) with door contacts, glass breakage devices, interior motion-detection, or other devices designed to detect individuals attempting to gain access to the Facilities. All physical access to the Facilities by employees and contractors is logged and routinely audited. 

1.3. Personal Data Security. Controls for the Protection of Personal Data. 

Vendor will maintain appropriate technical and organizational measures for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Personal Data), confidentiality and integrity of Personal Data appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of personal data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. Vendor regularly monitors compliance with these measures. Vendor will not materially decrease the overall security of the data processing services during a subscription term 

1.4.Business Continuity and Disaster Recovery 

Vendor will maintain a Business Continuity and Disaster Recovery plan based on risk. Recovery plan are tested at least annually to guarantee that full recovery us possible to meet expected SLA’s.

1.5. Employee security

Vendor will have signed confidentiality agreements with the employees and contractors. For positions with access to personal information, backgrounds checks are also performed. Also, all employees and contractors will have a common way to report incidents approved by the organization and they will undergo at least an annual security awareness training.

2. Ongoing Evaluation

Vendor must reassess and update their security policies on a periodic basis. Changes must be documented and employ change controls.

Last Updated: 31st March, 2019.

 

Did this answer your question?