BRAINSTORM SUBSCRIPTION AGREEMENT
Last Modified: August 31, 2020
Effective: April 6, 2020 (unless otherwise agreed to)
PLEASE READ THIS AGREEMENT CAREFULLY.
This Subscription Agreement (this “Agreement”) is a contract between you (“You,” “Your,” or “Customer”) and us (“Us,” “We,” “Our,” or “BrainStorm”). Sometimes, this Agreement will refer to You and BrainStorm individually as a “Party” or collectively as the “Parties.” This Agreement describes the services BrainStorm will provide to You, how the Parties will interact, and other aspects of the business relationship between You and BrainStorm. We cannot provide the Service to You unless You agree to the terms and conditions of this Agreement. By using the Service, You accept and agree to be bound by these terms and conditions.
BrainStorm will periodically uaccpdate the terms and conditions of this Agreement as provided in Section 6.2 below. You will be notified of any material updates or changes via email or through the Admin Portal.
- “Agreement” means this Subscription Agreement and all materials referred to or linked to herein.
- “Billing Period” means the period for which You agree to prepay Fees under an Order Form, which will be the same as or shorter than the Subscription Term. For example, if You subscribe to the Service for a three (3) year Subscription Term, with a twelve (12) month upfront payment, the Billing Period will be twelve (12) months.
- "BrainStorm Content” means all data, text, information, images, audio and video clips, works of authorship and other content that is created by or for BrainStorm and provided to You via the Service or otherwise.
- “Confidential Information” means all confidential or proprietary information disclosed orally or in writing by one Party (the “Discloser”) to the other (the “Receiver”) that is identified at the time of disclosure as confidential. Confidential Information includes, without limitation, Customer Data, any information about the Discloser’s business plans or technical data, and the terms of the Order Form. Except when contradictory to applicable privacy laws and regulations, Confidential Information does not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Discloser, (ii) was known to the Receiver before receipt from the Discloser, or (iii) is lawfully disclosed to the Receiver by a third party without restriction on disclosure or any breach of confidence. Our Confidential Information includes, without limitation and regardless of whether it has been identified as confidential, (a) any content provided to You in connection with the Service, or (b) any materials or content provided to You as part of the implementation services or any other services provided by Us.
- “Customer Data” means all data, text, information, images, audio and video clips, works of authorship and other content that is created or originally provided by Customer and/or Users and submitted, uploaded, posted or displayed on or via the Service. Customer Data will not include any content prepared or created by or for BrainStorm or that is originally provided to Customer by BrainStorm.
- “Fees” means the amount You agree to pay for the Service and any other services we may provide, as evidenced by the Order Form.
- “Order Form” means a mutually accepted, formal, transaction document, such as the invoice or order form, as applicable, that includes some or all of the following information: a listing of the software applications and BrainStorm Content to be provided to Customer, the name of Customer, Customer’s address and billing information, the length of the Subscription Term (if applicable), the Fees due from Customer, the maximum number of Users authorized to access and use the Service, and any maintenance and support being purchased (if applicable).
- “Service” means the online, cloud-based software application(s) and BrainStorm Content that are identified in the Order Form as being included in Customer’s purchase and that are provided by BrainStorm to Customer via the website https://www.quickhelp.com.
- “Sensitive Information” means (a) credit or debit card numbers; personal financial account information; Social Security numbers or local equivalents; passport numbers; driver’s license numbers or similar identifiers; passwords; racial or ethnic origin; physical or mental health condition or information; or other employment, financial or health information, including any information subject to the Health Insurance Portability and Accountability Act (“HIPPA”), the Payment Card Industry Data Security Standards, and other regulations, laws or industry standards designed to protect similar information; and (b) any information defined under European Union data protection laws as “Sensitive Personal Data.”
- “Users” means individuals who are authorized by Customer to access and use the Service and who have been supplied user identifications and login credentials by Customer (or by BrainStorm at Customer’s request). Users may include employees, consultants, contractors and agents of Customer.
- “Subscription Term” means the Initial Term (as defined below) of Your subscription (or access) to the Service, as specified in the Order Form, and any subsequent Renewal Term (as defined below), during which You agree to pay (or prepay) the Fees under an Order Form.
- General Commercial Terms
- The Service.
- Access. Subject to the terms and conditions of this Agreement and the applicable Order Form, and upon Your payment of the applicable Fees, BrainStorm will provide You with access to the Service via the Internet during the Subscription Term. You understand and agree that Your purchase of a subscription to the Service is not contingent on the delivery of any future functionality or features nor dependent on any oral or written comments made by BrainStorm regarding future functionality or features.
- Maximum Authorized Users. The Service may not be accessed or used by more than the maximum number of Users, as set forth in the Order Form. User accounts cannot be shared or used by more than one User. You may, however, reassign a former User’s account to a new User. The maximum number of Users cannot be decreased during the Subscription Term. If, at the end of any year of the Subscription Term, the actual number of Users exceeds the maximum number of Users listed in the Order Form by ten percent (10%) or more, then BrainStorm will increase the Fees to account for such additional Users on a pro rata basis for the remainder of the Subscription Term. For this to happen, BrainStorm will complete a review of active Users between ninety (90) and sixty (60) days before the end of each year. BrainStorm will not count Users deleted, removed, or reassigned, unless the Users are temporarily removed to avoid a fee increase. This review and increase process will continue for each year of Your Subscription Term.
- Fees and Payment.
- Subscription Fees. The Fees are set forth in the Order Form and will remain fixed during Your Subscription Term unless (a) You exceed Your maximum Users (see Section 2.1.2), or (b) You and BrainStorm mutually agree in writing to modify or amend the Order Form. All payment obligations hereunder are non-cancelable and Fees paid are non-refundable, unless specifically provided otherwise in this Agreement.
- Fee Increases at Renewal. The pricing for any Renewal Term (as defined below) may be set forth in Your Order Form. If Your Order Form does not include any pricing for a Renewal Term, then BrainStorm’s standard pricing available at the date of renewal will apply. Prior to each Renewal Term, BrainStorm may increase the Fees to the then-current rate for the Service. BrainStorm will provide notice of any Fee increase prior to renewal.
- Payment by Credit Card. If You are paying by credit card, You authorize Us to charge Your credit card or bank account for all Fees payable during the Subscription Term. You further authorize Us to use a third party to process payments, and consent to the disclosure of Your payment information to such third party.
- Invoices. BrainStorm will invoice You in accordance with the terms of the Order Form (generally at the beginning of each Billing Period). Unless the Order Form states differently, all amounts invoiced are due and payable within thirty (30) days from the date of invoice.
- Late Fees. If BrainStorm does not receive payment of the invoiced Fees on the appropriate due date, then Your Fees will accrue late interest at the rate of one and a half percent (1.5%) of the outstanding Fees per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid.
- Suspension of the Service. BrainStorm will provide You with notice of non-payment of any amount due. If Your Fees are thirty (30) days or more overdue, BrainStorm may, without limiting its other rights and remedies, suspend Your access to the Service (or any portion thereof) until such amounts are paid in full.
- Payment Disputes. BrainStorm will not exercise its right to charge interest under Section 2.2.5 (Late Fees), or its right to suspend Your access to the Service under Section 2.2.6 (Suspension of the Service), if the applicable charges are under reasonable and good-faith dispute and You are cooperating diligently to resolve the dispute.
- Taxes. You agree to pay all applicable taxes levied by any tax authority on the Service or on Your use thereof, which may be separately invoiced, excluding any and all taxes based on the net income of BrainStorm.
- Additional BrainStorm Obligations.
- Maintenance and Support. In addition to the ongoing customer service support that BrainStorm will provide via a Client Success Manager, BrainStorm will provide product support during normal business hours of 8:00 AM - 6:00 PM MST, Monday through Friday, excluding holidays. Support is limited to the points of contact agreed to by the Parties (such as Your designated QuickHelp™ admins) and is generally not available directly to Your Users. You may contact BrainStorm by calling the support helpdesk at 801-229-1337 or sending an email to firstname.lastname@example.org. Except as provided in this Section 2.3, BrainStorm will not have any other maintenance or support obligations to You.
- Updates to the Service. BrainStorm will support, maintain, upgrade, and update the Service as appropriate and in BrainStorm’s sole determination in order to fulfill its obligations under this Agreement.
- Term and Termination.
- Term and Renewal. Your initial Subscription Term will be specified in Your Order Form (the “Initial Term”). Immediately following the Initial Term, Your subscription to the Service will automatically renew for an additional, successive one (1) year terms (each, a“Renewal Term”), unless either Party provides written notice of its intent not to automatically renew at least sixty (60) days prior to the end of the Initial Term or the then-current Renewal Term. You may notify BrainStorm of Your intent not to renew by sending such notice to email@example.com.
- No Early Termination; No Refunds. Unless renewed as provided in Section 2.4.1 above, the Subscription Term cannot be cancelled early and will end on the expiration date established in the Order Form. BrainStorm will not provide refunds if You decide to stop using the Service during Your Subscription Term.
- Termination for Cause. Either Party may terminate this Agreement for cause (i) upon thirty (30) days’ written notice to the other Party of a material breach if such breach remains uncured at the expiration of such period, or (ii) immediately if the other Party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors. BrainStorm may also terminate this Agreement for cause on thirty (30) days’ notice if We determine that You are acting, or have acted, in a way that has or may negatively reflect on or affect Us, Our prospects, or Our customers. This Agreement may not otherwise be terminated prior to the end of the Subscription Term.
- Effects of Termination. If You terminate this Agreement for cause, BrainStorm will refund any prepaid fees covering the unused portion of the Subscription Term. If BrainStorm terminates this Agreement for cause, without limiting any other available remedies, You will pay any unpaid fees covering the remainder of the Subscription Term after the effective date of termination. In no event will any termination relieve You of Your obligation to pay any Fees payable to BrainStorm for the period prior to the effective date of termination.
- Survival. Sections 1, 2.4.4, 3, 4, 5 and 6 and any other terms in this Agreement which by their nature must survive after the Subscription Term to give their intended effect will survive any termination or expiration of this Agreement.
- The Service.
- General Legal Terms
- Service Data
- Safeguards. BrainStorm will maintain commercially appropriate administrative, physical, and technical safeguards to protect Customer Data. You consent to the processing of Customer Data in the United States.
- EU/EEA and Switzerland Data Processing. To the extent that BrainStorm processes any Personal Data (as defined by the BrainStorm Data Processing Agreement) as part of Customer Data that is subject to the General Data Protection Regulation, on Your behalf, in the provision of the Service hereunder, the terms of the BrainStorm Data Processing Agreement, located at https://info.brainstorminc.com/legal#website-data, which are hereby incorporated by reference, will apply. For Customers that are located in the European Union or the European Economic Area, the Standard Contractual Clauses adopted by the European Commission and attached to the BrainStorm Data Processing Agreement, which provide adequate safeguards with respect to the Personal Data processed by Us under this Agreement and pursuant to the provisions of the BrainStorm Data Processing Agreement, will apply. You acknowledge in all cases that BrainStorm acts as the data processor of Customer Data and You are the data controller of Customer Data under all applicable data protection laws or regulations. You agree that, to the extent required, you have a lawful basis for the processing of the Personal Data. You also agree to obtain and maintain any consents necessary to permit the processing or cross-border transfer of Customer Data under this Agreement. To the extent that there is any conflict or discrepancy between this Agreement and the BrainStorm Data Processing Agreement, the latter will control.
- BrainStorm’s Proprietary Rights.
- Reservation of Rights. This is an Agreement for access to and use of the Service, and You are not granted a license to any software by this Agreement, or any other intellectual property right, other than the limited rights and licenses specified in this Agreement. The Service, and its associated code, content, etc., is protected by intellectual property laws and, as between the Parties, belongs to and is the property of BrainStorm and Our licensors (if any), and We retain all ownership rights therein.
- Copyrights, Trademarks, and Patents. The Service is copyrighted and protected by the laws of the United States and other countries, and by international treaty provisions. In no circumstance are You permitted to remove any copyright notice from the Service. “QuickHelp” is either a registered trademark or trademark of BrainStorm in the United States and/or other countries. One or more patents, as well as other patent pending technology, may apply to the Service.
- Suggestions. We encourage all Customers to provide comments, feedback, and suggestions to improve, correct, change, or modify the Service or its operation (“Suggestions”). You agree that all such Suggestions will be non-confidential and that BrainStorm will own all rights to use and incorporate such Suggestions into the Service, without payment or attribution to You. Any Suggestions incorporated into the Service shall not contain any Customer Data.
- Customer Responsibilities and Restrictions.
- You agree that:
- You and Your Users will comply with BrainStorm’s Content Submission Policy, which can be accessed at https://info.brainstorminc.com/legal#content-submission, as well as all applicable laws and regulations. You will promptly notify BrainStorm of any suspected or alleged violation of this Agreement by Your Users and will cooperate with BrainStorm in its efforts to (a) investigate any alleged or suspected violation of this Agreement and (b) enforce this Agreement.
- You will not attempt or permit others to attempt to gain unauthorized access to or use of the Service, and will notify BrainStorm promptly of any known or suspected unauthorized access or use. You will notify BrainStorm immediately of any known or suspected unauthorized use of Your Users’ identifications and passwords or Your account by contacting firstname.lastname@example.org.
- You will not make access to or use of the Service and/or Customer Data a condition of any User’s employment if such a requirement would violate any privacy or security law or regulation. If User consents are required for You to provide to Us, or for Us to access or use, any Customer Data, You will be solely responsible for obtaining and documenting such consents and ensuring that such consents are freely and validly provided by each User. You will make such records of consents available to BrainStorm upon request.
- You will not (a) make the Service available to anyone other than Your Users, (b) sell, resell, rent or lease the Service, (c) interfere with or disrupt the integrity or performance of the Service or any of its content, or (d) attempt to gain unauthorized access to the Service’s underlying systems or networks.
- You may not access and use the Service if You are a direct competitor or are affiliated with a direct competitor of BrainStorm.
- You will not use the Service if You are legally prohibited from receiving or using the Service under the laws of the country in which You are a resident or from which You access or use the Service. The Service is not designed to comply with industry-specific regulations such as HIPAA, the Gramm-Leach-Bliley Act (GLBA), or the Federal Information Security Management Act (FISMA), so You may not use the Service or upload Customer Data to the Service where Your use would be subject to such laws.
- YOU AGREE NOT TO USE THE SERVICE TO COLLECT, MANAGE OR PROCESS SENSITIVE INFORMATION. YOU FURTHER AGREE THAT YOU WILL NOT PROVIDE ANY SENSITIVE INFORMATION TO US. WE WILL NOT HAVE ANY LIABILITY THAT MAY RESULT FROM YOUR USE OF THE SERVICE TO COLLECT OR MANAGE SENSITIVE INFORMATION.
- You will only access or use the Service as expressly permitted by this Agreement.
- You will not copy, rent, lease, sell, distribute, or create derivative works based on the Service or BrainStorm Content, in whole or in part, by any means and for any reason whatsoever, except as expressly authorized in writing by BrainStorm.
- The Service constitutes the proprietary information and trade secrets of BrainStorm or its licensors, and/or suppliers, whether or not any portion thereof is or may be the subject of a valid copyright, trademark or patent.
- You agree that:
- Confidentiality. Each Party (as a Receiver), agrees to hold the other’s (as a Discloser) Confidential Information in confidence, and not to use or disclose such Confidential Information other than in connection with the performance of its obligations hereunder. Notwithstanding the foregoing, either Party may disclose any of the other Party’s Confidential Information to its employees, subcontractors, advisers, and/or agents that have a need to know such Confidential Information in connection with such Party’s performance under this Agreement and that have agreed to be bound by confidentiality obligations similar to those in this Section. Upon notice to the Discloser, the Receiver may disclose Confidential Information if required to do so under any federal, state, or local law, statute, rule or regulation, subpoena or legal process.
- Indemnification. Each Party (each, an “Indemnifying Party”) agrees to defend the other Party (each, an “Indemnified Party”) from and against any claims, demands, suits, or proceedings (each, a “Claim”) made or brought by a third party against the Indemnified Party alleging that material provided by the Indemnifying Party (the Service, in the case of BrainStorm as the Indemnifying Party, and Customer Data, in the case of Customer as the Indemnifying Party) infringes or misappropriates the intellectual property rights of a third party or arising out of a failure by Customer to comply with Sections 3.3 and BrainStorm’s Content Submission Policy, located at https://info.brainstorminc.com/legal#content-submission and to indemnify the Indemnified Party from any damages finally awarded by a court of competent jurisdiction against the Indemnified Party or amounts agreed to in settlement in connection with any such Claim. The Indemnifying Party’s obligations under this paragraph will only apply to the extent that: (a) the Indemnified Party promptly notifies the Indemnifying Party in writing of the Claim, provided that failure to give or delay in giving such notice to the Indemnifying Party will not relieve the Indemnifying Party of its obligations hereunder except to the extent that the Indemnifying Party demonstrates that the defense of such action is materially prejudiced thereby; (b) the Indemnifying Party has control of the defense and all related settlement negotiations relating to the Claim, provided, however, the settlement of any Claim will not be made without advance written permission of the Indemnified Party, which will not be unreasonably withheld; and (c) the Indemnified Party provides the Indemnifying Party with the assistance, information and authority reasonably necessary to perform the above. In no event will BrainStorm have any obligation or liability under this paragraph for any Claim or action under any legal theory to the extent that the Claim or action is caused by, or results from: (i) Customer’s combination, operation or use of the Service with software or other materials not supplied by BrainStorm, (ii) any alteration or modification of the Service by Customer, (iii) Customer’s continued allegedly infringing activity after being notified thereof or after being provided modifications that would have avoided the alleged infringement, (iv) the actions or omissions of any person or entity other than BrainStorm, or (v) Customer’s failure to comply with Sections 3.3 and BrainStorm’s Content Submission Policy, located at https://info.brainstorminc.com/legal#content-submission.
- Indemnification for Unauthorized Use. You agree to defend, indemnify, and hold BrainStorm harmless from and against any and all claims arising out of Your unauthorized use of the Service or other breach of this Agreement.
- Remedy for Infringement. Should Your right to use the Service pursuant to this Agreement be subject to a Claim of infringement or if BrainStorm reasonably believes such a Claim of infringement may arise, BrainStorm may, at its option and in its sole discretion, (i) procure for You the right to continue to access and use the Service; (ii) modify the Service to render it non-infringing but substantially functionally equivalent to the Service prior to such modification; or (iii) if the alternatives described in clauses (i) and (ii) of this paragraph are not commercially practicable, then BrainStorm may terminate this Agreement and refund to You any amounts prepaid by You for the Service for the unused portion of the Subscription Term.
- BrainStorm Warranties. BrainStorm warrants that the Service will be provided materially in accordance with BrainStorm’s published documentation for the Service, as found on BrainStorm’s websites, www.brainstorminc.com, support.quickhelp.com, and www.quickhelp.com. For any breach of such warranty, Customer’s exclusive remedy will be as provided in the “Termination for Cause” and “Effects of Termination” sections above. BrainStorm will have no liability under this section if the Service has been modified or altered by anyone other than BrainStorm, or if the Service has been abused or misapplied. If You promptly report a reproducible defect under this warranty, BrainStorm shall, in its sole discretion, either use its commercially reasonable efforts to resolve the nonconformity or terminate this Agreement and refund Your prepaid Fees for the unused portion of the Subscription Term.
- Customer Warranties. When You share Customer Data with BrainStorm or upload Customer Data to the Service, You represent and warrant that You are the creator and owner of, or that You have the necessary licenses, rights, consents, and permissions to use and to authorize BrainStorm to use and distribute, Customer Data as necessary for BrainStorm to provide You with access to the Service and to otherwise perform its obligations under this Agreement.
- Disclaimer. EXCEPT AS EXPRESSLY PROVIDED HEREIN, QUICKHELP IS PROVIDED ON AN “AS IS” BASIS WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. BRAINSTORM DOES NOT WARRANT THAT QUICKHELP WILL SATISFY YOUR REQUIREMENTS OR (WITHOUT PREJUDICE TO THE LIMITED WARRANTY ABOVE) THAT IT IS WITHOUT DEFECT OR ERROR OR THAT YOUR ACCESS THERETO WILL BE UNINTERRUPTED.
- LIMITATION OF LIABILITY. IN NO EVENT WILL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER FOR ANY LOST PROFITS OR REVENUES OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES, HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. EXCEPT FOR BRAINSTORM’S INDEMNIFICATION OBLIGATIONS CONTAINED HEREIN, BRAINSTORM’S CUMULATIVE LIABILITY FOR DAMAGES UNDER THIS AGREEMENT FOR ANY CAUSE WHATSOEVER, AND REGARDLESS OF THE FORM OF THE ACTION, WILL BE LIMITED TO NO GREATER THAN THE AMOUNT OF MONEY PAID TO BRAINSTORM FOR QUICKHELP DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE INCIDENT. THE FOREGOING WILL NOT LIMIT YOUR OBLIGATION TO PAY FEES UNDER THIS AGREEMENT AND THE ORDER FORM. YOU ACKNOWLEDGE THAT THE AMOUNT OF FEES PAYABLE BY YOU TO BRAINSTORM HEREUNDER REFLECT THE ALLOCATION OF RISK SET FORTH IN THIS AGREEMENT AND THAT BRAINSTORM WOULD NOT HAVE ENTERED INTO THIS AGREEMENT WITHOUT THE LIMITATIONS ON ITS LIABILITY CONTAINED IN THIS SECTION. THESE LIABILITY LIMITATIONS APPLY EVEN IF CONTRACTUAL REMEDIES FAIL OF THEIR ESSENTIAL PURPOSE.
- THIRD-PARTY PRODUCTS. BRAINSTORM DISCLAIMS ALL LIABILITY WITH RESPECT TO THIRD-PARTY PRODUCTS THAT YOU USE. OUR LICENSORS WILL HAVE NO LIABILITY OF ANY KIND UNDER THIS AGREEMENT.
- Service Data
- Publicity. You agree that BrainStorm may disclose Your company’s name, whether in written or oral form, as a user of the Service in a factual listing of BrainStorm’s Customers to be published within marketing and promotional materials, in presentations, on tradeshow signs and materials, on BrainStorm’s external website and/or to financial and industry analysts.
- GOVERNING LAW; SUBMISSION TO JURISDICTION AND VENUE. THIS AGREEMENT AND ANY AND ALL CLAIMS ARISING UNDER THIS AGREEMENT WILL BE GOVERNED BY THE LAWS OF THE STATE OF UTAH AND THE UNITED STATES OF AMERICA, EXCLUDING ITS PRINCIPLES OF CONFLICT OR CHOICE OF LAWS. TO THE EXTENT PERMITTED BY APPLICABLE LAW, EACH OF THE PARTIES HERETO HEREBY IRREVOCABLY SUBMITS TO THE EXCLUSIVE JURISDICTION OF ANY UTAH STATE COURT OR UNITED STATES FEDERAL COURT, IN EITHER CASE SITTING IN UTAH OVER ANY SUIT, ACTION OR OTHER PROCEEDING BROUGHT BY ANY PARTY ARISING OUT OF OR RELATING TO THIS AGREEMENT, AND EACH OF THE PARTIES HERETO IRREVOCABLY AGREES THAT ALL CLAIMS WITH RESPECT TO ANY SUCH SUIT, ACTION OR OTHER PROCEEDING WILL BE HEARD AND DETERMINED IN SUCH COURTS. REGARDLESS OF THE APPLICABLE GOVERNING LAW, CUSTOMER AND BRAINSTORM AGREE TO EXCLUDE APPLICATION OF THE UNITED NATIONS CONVENTION ON CONTRACTS FOR THE INTERNATIONAL SALE OF GOODS. TO THE EXTENT PERMITTED UNDER APPLICABLE LAW, BRAINSTORM MAY BRING AN ACTION IN ANY JURISDICTION FOR THE PURPOSE OF: (A) ENFORCING A JUDGMENT OR (B) PROTECTING BRAINSTORM’S INTELLECTUAL PROPERTY RIGHTS. In the event that a Party hereto who is required to engage the services of legal counsel to enforce the terms and conditions hereof against the other is successful in doing so, such Party will be entitled to the reimbursement by the other Party of all reasonable attorneys’ fees and court costs incurred by the successful Party.
- Amendment; No Waiver. BrainStorm may update and change any part or all of this Agreement, including the fees and charges associated with the use of the Service (but, Your Fees and charges won’t change during the Subscription Term except as explained in the Fees section above). If We update or change these terms and conditions, the updated terms and conditions will be posted to this page and We will let You know via email and/or in-app notification. The updated Agreement will become effective and binding on the effective date indicated at the top of the updated Agreement. If You do not agree with a modification to this Agreement, You must notify Us in writing within thirty (30) days after receiving notice of the modification. If You give Us this notice, Your subscription will continue to be governed by the terms and conditions of this Agreement prior to modification for the remainder of Your current Subscription Term. Upon renewal, the updated Agreement, as published on BrainStorm’s website, will apply. No delay in exercising any right or remedy or failure to object will be a waiver of such right or remedy or any other right or remedy. A waiver on one occasion will not be a waiver of any right or remedy on any future occasion.
- Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement will remain in effect.
- Assignment. You may not assign, sublicense, or transfer this Agreement, Your access to the Service, any right to maintenance and/or support, or any rights or obligations hereunder without prior written consent of BrainStorm. Any such purported assignment, sublicense, or transfer will be null and void. BrainStorm may terminate this Agreement in the event of any such attempted assignment, sublicense, or transfer by providing You written notice.
- Authority. Each Party represents and warrants to the other that it has full power and authority to enter into this Agreement and that it is binding upon such Party and enforceable in accordance with its terms.
- No Third-Party Beneficiaries. Unless otherwise specifically agreed to in the Order Form, You agree that there will be no third-party beneficiaries to this Agreement.
- Precedence. In the event of a conflict between the terms of this Agreement and an Order Form, the terms of the Order Form will control, but only as to that Order Form.
- Force Majeure. Neither Party will be responsible for failure or delay of performance if caused by: an act of war, hostility, or sabotage; act of God; electrical, Internet, or telecommunication outage that is not caused by the obligated Party; government restrictions; or other event outside the reasonable control of the obligated Party. Each Party will use reasonable efforts to mitigate the effect of a force majeure event.
- Relationship of the Parties. The Parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the Parties.
- Notice. Notice will be sent to the contact address set forth herein, and will be deemed delivered as of the date of actual receipt.
If to BrainStorm: BrainStorm, Inc.
Ten South Center Street
American Fork, Utah 84003
Attn: Legal Department
To You: Your address as You have provided to Us. We may give electronic notices by general notice via the Service Admin Portal to the emails You provide, via email to Your e-mail address(es) on record in Our account information for You, or as otherwise agreed. We may give notice to You by telephone calls to the telephone numbers on record in Our account information for You. You must keep all of Your account information current.
- Injunctive Relief. You hereby expressly agree that BrainStorm, in addition to any other rights or remedies that BrainStorm may possess, will be entitled to seek injunctive and other equitable relief (including specific performance) without having to post bond or other security to prevent a material breach or continuing material breach of this Agreement.
- Audit. You will permit BrainStorm or its agents, at BrainStorm’s expense, to conduct audits to verify Your compliance with this Agreement. Such audits will be conducted during normal business hours and after reasonable advance notice from BrainStorm to You.
- Service Supplied to the Government. The Service is a “commercial item,” “commercial computer software” and/or “commercial computer software documentation.” Consistent with DFAR section 227.7202 and FAR section 12.212, any use, modification, reproduction, release, performance, display, disclosure or distribution of the Service by the U.S. government will be governed solely by the terms of this Agreement and will be prohibited except to the extent expressly permitted herein.
- Export Law Assurances. You will not export or re-export or allow the export or re-export of the Service or any copy, portion or direct product of the foregoing, in violation of any export laws, restrictions, national security controls or regulations of the United States or other applicable foreign agency or authority.
- Waiver. No action taken pursuant to this Agreement, including any investigation by or on behalf of any Party, will be deemed to constitute a waiver by such Party of any representation, warranty, covenant or agreement contained herein. The waiver by any Party hereto of a breach of any provision of this Agreement or failure to perform by the other Party will not operate or be construed as a further or continuing waiver of such breach or failure to perform or as a waiver of any other or subsequent breach or failure to perform. No failure on the part of any Party to exercise, and no delay in exercising, any right, power or remedy hereunder will operate as a waiver thereof, nor will any single or partial exercise of such right, power or remedy by such Party preclude any other or further exercise thereof or the exercise of any other right, power or remedy. All remedies hereunder are cumulative and are not exclusive of any other remedies provided by applicable law.
Effective Date: January 1, 2020
Last Updated: June 18, 2020
WHO WE ARE
BrainStorm is an innovative industry leader in software and services for change management to support business investment in technology. BrainStorm provides learning solutions for its clients’ employees to enable change management and promote maximum effectiveness in the client’s adoption of business and other application software. BrainStorm’s change management and learning solutions include its online, cloud-based QuickHelp™ software application and electronic instructional content, instructor-led training (“ILT”) and immersive cloud-based training and facilitator bootcamp (“CIE”).
- https://www.brainstorminc.com/, https://quickhelp.com, and http://cie.brainstorminc.com/ (collectively referred to as “Websites”)
- Our QuickHelp™ platform
- ILT or CIE events
- Our service and support for our software, training and services
- Our other communications to you, including when you interact with us through our Websites, or when we communicate by phone, email, live chat and social media
WHAT IS PERSONAL INFORMATION?
“Personal Information” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. Under specific laws, Personal Information may include any information relating to a household.
PERSONAL INFORMATION WE PROCESS
We process Personal Information on behalf of customers, third-party distributors and resellers to fulfill our contractual obligations as a third-party service provider. We also process Personal Information that we collect directly such as when a user navigates to our website or when we engage a vendor or customer. This data may be collected through information you actively submit to us, information provided by our customers, third-party distributors, or resellers who administer your account, or through automated processes.
Personal Information that you actively submit to us
We collect Personal Information that you actively submit to us through your account, website forms, email subscriptions, feedback and suggestions, surveys, events, customer service, inquiries, live chat, social media accounts, and other interactions. You will know when we collect your Personal Information because we will directly ask you for the information. We will require certain Personal Information so you can use our Services or for us to be able to contact you. There may also be circumstances where providing Personal Information is optional and does not impact your access to Services. For example, we provide you an option to include a photo with your profile data in our QuickHelp™ software application.
Personal Information we collect from our customers, third-party distributors, or resellers or other third-party sources
We collect Personal Information from our customers, third-party distributors, or resellers who administer user accounts. Personal Information is collected about the users who are granted access to our Services, including the QuickHelp™ software application. We use this information to create user profiles, assign a User Group, record participation in training, webinars, and use of software products, to assess user ranking, perform analytics, and provide reporting information.
Personal Information collected generally includes a first name, last name, job title, company name, email address, profile photo, and verification information. We authenticate users through their Microsoft Office 365 workplace account.
Personal Information we automatically collect through your use of the Services
We collect some Personal Information automatically when you visit or use BrainStorm Services. This includes information about the device, browser, and operating system you use when accessing our site and Services, your IP address, the website that referred you, which pages you request and visit, and the date and time of each request you make. We may combine this automatically-collected information with other information we collect about you. If you contact us over the telephone or via fax, we may also log telephony information such as your phone number and the type of call.
For QuickHelp™ software application use, we automatically collect Personal Information to, among other things, provide you information and benchmarking based upon your usage of the Services, which are used in analyzing trends, administering the Services, tracking users’ utilization and to gather information about our user community as a whole. For example, if enabled by your administrator, we use third-party services such as Microsoft Graph that help us understand details about your usage of Microsoft Office 365, including without limitation total numbers of communications, methods of making attachments, timing of logging into social media and other details that provide us with statistics about how you interact with the software so that we can better assist you in learning new features and capabilities. BrainStorm does not have any access or ability to read the content of your Microsoft Office 365 usage.
Personal Information not actively collected or processed
We do not actively collect or otherwise process Personal Information from minors. The age of a minor varies by country. For the purposes of Information collected from the European Union, the age of a minor is under age sixteen (16). We do not actively collect or otherwise process Personal Information relating to criminal convictions and offences. We do not actively collect or otherwise process Personal Information revealing racial origin, ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Tracking Technologies, Cookies, And Clear Gifs
We use tracking technologies, cookies and clear GIFs to collect information. Tracking technologies are used to collect information from your web browser through our servers or filtering systems when you visit any of our sites.
Cookies store small text files onto a user’s computer hard drive with the user’s browser, containing the session ID and other data. Cookies enable a web site to track a user’s activities on the website for the following purposes: (1) enable essential features; (2) provide analytics to improve website performance and effectiveness; (3) store user preferences; and (4) facilitate relevant targeted advertising on advertising platforms or networks. Users are free to change their web browsers to prevent the acceptance of cookies. Cookies may also be set within emails in order to track how often our emails are opened.
A clear GIF is a transparent graphic image placed on a website. The use of clear GIFs allows us to monitor your actions when you open a web page and makes it easier for us to follow and record the activities of recognized browsers. Clear GIFs are used in combination with cookies to obtain information on how visitors interact with our websites.
Information collected may include but is not limited to your browser type, your operating system, your language preference, any referring web page you were visiting before you came to our site, the date and time of each visitor request, and information you search for on our sites. We can also track the path of page visits on a website and monitor aggregate usage and web traffic routing on our sites. We collect this information to better understand how you use and interact with our sites in order to improve your experience. We also collect this information to better understand what services and marketing promotions may be more relevant to you. We may also share this information with our employees, service providers and customer affiliates.
You can change your web browser settings to stop accepting cookies or to prompt you before accepting a cookie from the sites you visit. If you do not accept cookies, however, you may not be able to use some sections or functions of our sites. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.allaboutcookies.org. To opt out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout.
HOW WE USE YOUR PERSONAL INFORMATION
We use your Personal Information to operate our Services, fulfill our contractual obligations in our service contracts with customers, third-party distributors and resellers, to review and enforce compliance with our Terms and Conditions agreement, guidelines, and policies, to analyze the use of the Services in order to understand how we can improve our content and service offerings and products, and for administrative and other business purposes. We process Personal Information for payments, employee training, sales and marketing, data analysis, security monitoring, auditing, research, and to comply with applicable laws, exercise legal rights, and meet tax and other regulatory requirements.
In this context, the legal basis for our processing of your Personal Information is either the necessity to perform contractual and other obligations, our legitimate business interest as a provider of change management services and software, regulatory requirements, or your explicit consent.
SHARING OF PERSONAL INFORMATION
We do not sell your Personal Information!
We may share your Personal Information in the following circumstances:
We share Personal Information with our customers, generally the employer, or the agent assigned to administer your user account. The information shared relates to your participation in training and webinars and your use of software products. If requested by our customers, we also provide an employee ranking of all users assigned to a User Group. Similarly, your Personal Information may be shared with our third-party distributors and resellers, who administer your user account on behalf of your employer.
Your User Group
Our Services are focused on workplace participation. As such, employees are assigned to a User Group. Where the ranking feature has been activated, the rankings of all users in a User Group along with the user’s name, job title, photo, badges earned, and allocated points are made available to the entire User Group.
Third-party Service Providers
We may share information we collect about you with third-party service providers to perform tasks on our behalf in supporting the Services. The types of service providers, or sub-processors, to whom we entrust Personal Information include: (i) technology providers; (ii) providers of hosting services; (iii) email delivery service providers; (iv) sales and marketing providers; (v) technical support services; (vi) providers of analytic data services; and (vii) utilization services.
Regulatory Bodies, Public Authorities, and Law Enforcement
We may access and disclose your Personal Information to regulatory bodies if we have a good-faith belief that doing so is required under applicable law or regulation. This may include submitting Personal Information required by tax authorities. We may disclose your Personal Information in response to lawful requests by public authorities or law enforcement, including to meet national security or law enforcement requirements. If we are going to release your Personal Information in this instance, our policy is to provide you with notice unless we are prohibited from doing so by law or court order.
Merger, Sale, or Other Asset Transfers
We may also disclose your Personal Information to exercise or defend legal rights; to take precautions against liability; to protect the rights, property, or safety of the Services, of any individuals, or of the general public; to maintain and protect the security and integrity of our services or infrastructure; to protect ourselves and our services from fraudulent, abusive, or unlawful uses; or to investigate and defend ourselves against third-party claims or allegations. Disclosures may be made to courts of law, attorneys and law enforcement, or other relevant third parties in order to meet these purposes.
Please note that we share aggregated information and non-identifying information with third parties for industry research and analysis, demographic profiling, and other similar purposes. In addition, our Services may contain links to other websites not controlled by us, and these other websites may reference or link to our Services; we encourage you to read the privacy policies applicable to these other websites.
In cases of onward transfers of Personal Information received pursuant to the EU-U.S. Privacy Shield Framework or Swiss-U.S. Privacy Shield Framework (“Privacy Shield”) to third parties of data of individuals located in the European Economic Area (“EEA”), United Kingdom (“UK”), or Switzerland , BrainStorm remains liable for such Personal Information and the actions of such third parties.
California Consumer Privacy Act of 2018 (“CCPA”)
The categories of Personal Information we have collected about consumers and disclosed about consumers for a business purpose in the preceding 12 months are:
- Identifiers such as a real name, alias, email address, unique personal or online identifier, internet protocol address, account name;
- Internet or other electronic network activity information, including, browsing history, search history, and information regarding a consumer’s interaction with an internet website, or advertisement;
- Professional or employment-related information; and
- Inferences drawn from any of the information identified to create a profile about a consumer reflecting the consumer’s preferences, intelligence, abilities, and aptitudes (limited application applying to tracking and ranking of software training and use).
RETENTION OF PERSONAL INFORMATION
BrainStorm retains Personal Information for a reasonable time period to fulfill the processing purposes mentioned above, including retaining personal information to fulfil our obligations under service agreements. Personal Information is then archived for time periods required or necessitated by law or legal considerations. When archival is no longer required, Personal Information is deleted from our records.
You may choose to disable your BrainStorm account at any time. This means your user profile will no longer be visible on the Services. However, for the purposes mentioned above, we may need to retain information within our internal systems.
We retain Personal Information that we are required to retain to meet our regulatory obligations including tax records and transaction history. We regularly review our retention policy to ensure compliance with our obligations under data protection laws and other regulatory requirements. We regularly audit our databases and archived information to ensure that Personal Information is only stored and archived in alignment with our retention policies.
PROTECTION OF PERSONAL INFORMATION
BrainStorm uses technical and organization measures to protect the personal information that we store, transmit, or otherwise process, against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. We regularly consider appropriate new security technology and methods as we maintain and develop our software and systems.
BrainStorm hosts QuickHelp in Microsoft’s cloud computing service known as Azure. Full details on Azure’s data center may be found here. We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input. However, no method of transmission or storage is 100% secure. While we strive to use commercially reasonable and appropriate means to protect your personal information, we cannot guarantee its absolute security.
If you have any questions about security on our website, you can e-mail us at email@example.com with "Questions about Data Security" in the subject line.
INTERNATIONAL DATA TRANSFER
Your Personal Information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide your Personal Information to us, we will transfer your Personal Information to the United States and process it there. Where we transfer your Personal Information, we will take all reasonable steps to ensure that your privacy rights continue to be protected.
In the case of transfers of data out of the European Economic Area or the United Kingdom, we have committed to comply with the Privacy Shield and, where appropriate, implement Standard Contractual Clauses. We endeavor to utilize third-party service providers from the United States that have certified with Privacy Shield and provide adequate protections that are compliant with the EU General Data Protection Regulation (“GDPR”), such as implementing Standard Contractual Clauses or Binding Corporate Rules.
OUR COMMITMENT TO THE PRIVACY SHIELD
As part of its participation in Privacy Shield, BrainStorm is subject to the investigatory and enforcement powers of the Federal Trade Commission. Organizations participating in the Frameworks must respond within 45 days of receiving a complaint. If you have not received a timely or satisfactory response to your question or complaint, please contact the JAMS Privacy Shield Program. Their website can be accessed at: https://www.jamsadr.com/eu-us-privacy-shield.
Please note that this independent dispute resolution body is designated to address complaints and provide appropriate recourse free of charge to the individual. If an individual’s complaint cannot be resolved through BrainStorm’s internal processes, BrainStorm will cooperate with JAMS pursuant to the JAMS International Mediation Rules, available on the JAMS website at https://www.jamsadr.com/international-mediation-rules/. JAMS mediation may be commenced as provided for in the relevant JAMS rules. The mediator may propose any appropriate remedy, such as deletion of the relevant personal data, publicity for findings of noncompliance, payment of compensation for losses incurred as a result of noncompliance, or cessation of processing of the personal information of the individual who brought the complaint. The mediator or the individual also may refer the matter to the Federal Trade Commission. Under certain circumstances, individuals also may be able to invoke binding arbitration to address complaints about BrainStorm’s compliance with the Privacy Shield Principles.
Residents of the European Economic Area, United Kingdom and Switzerland
In compliance with the Privacy Shield, individuals have the right to access personal information and to correct, amend, restrict, or delete that information where it is inaccurate, or has been processed in violation of the Privacy Shield principles, except where the burden or expense of providing access is disproportionate to the risks to the individual’s privacy in the case in questions, or where the rights of persons other than the individual will be violated.
Privacy Shield ensures compliance with the EU General Data Protection Regulation, which grants rights to individuals in their personal data. These rights include the right to: (i) request access to and rectification or erasure of their Personal Information; (ii) obtain restriction of processing or to object to processing of their Personal Information; (iii) ask for a copy of their Personal Information to be provided to them, or a third party, in a digital format; and (iv) lodge a complaint about the processing of their Personal Information with their local data protection authority. If you wish to exercise one of the above-mentioned rights, please send us your request to the contact details set out below. To delete your personal information from the QuickHelp™ software application, you can select the DELETE DATA button available under the Privacy & Data menu. To access your personal information from the QuickHelp™ software application, you can select the REQUEST DATA button available under the Privacy & Data menu. You may also access software features to action certain rights, as described under the “All Users” section below.
Residents of California
Personal Information subject rights under the CCPA may also apply to certain individuals and households. These rights include the right to: (i) know what Personal Information is being collected about them, (ii) know whether their Personal Information is sold or disclosed at to whom, (iii) say no to the sale of Personal information, (iv) access their Personal Information, and (v) equal service and price, even if they exercise their privacy rights. If you are a resident of California and wish to exercise one of the above-mentioned rights, please send us your request to the contact details set out below. To access your personal information from the QuickHelp™ software application, you can select the REQUEST DATA button available under the Privacy & Data menu. You may also access software features to action certain rights, as described under the “All Users” section below.
BrainStorm respects and honors privacy rights and provides features for managing Personal Information that are available to all users.
- Users of QuickHelp™ can update their profile under the Settings menu;
- Users of QuickHelp™ have an option to upload their photo or delete their photo under the Settings menu;
- Users of QuickHelp™ can access information from the QuickHelp™ software application by selecting the REQUEST DATA button available under the Privacy & Data menu;
- All other inquiries and requests can be submitted to the contact details provided below.
Where we rely upon consent as a legal basis for processing, you may withdraw your consent at any time. Please note the withdrawal of your consent does not affect the lawfulness of processing based on consent before withdrawal.
CHANGES TO THIS POLICY
Inquiries may be made by contacting us through any of the following means:
Attn: Data Protection Officer
Ten South Center Street
American Fork, UT 84003
United States of America
DATA PROTECTION ADDENDUM
This BrainStorm, Inc. Data Protection Addendum (“DPA”) is between the parties with respect to the terms governing the Processing of Personal Data under the BrainStorm QuickHelp Subscription Agreement (the “Master Agreement”). This DPA sets out the additional terms, requirements and conditions on which BrainStorm, as Provider (defined below), will obtain, handle, process, disclose, transfer, or store Personal Information (defined below) when providing services under the Master Agreement. This DPA serves as an addendum to the Master Agreement and is effective upon its incorporation into the Master Agreement, which incorporation may be specified in the Master Agreement, the Order Form (as defined in the Master Agreement), or as otherwise agreed to between the parties.
BrainStorm will periodically update the terms and conditions of this DPA. You will be notified of any material updates or changes via email or through the Admin Portal.
Terms not otherwise defined in this DPA shall have the meaning as set forth in the Master Agreement.
- Definitions and Interpretation
- The following definitions and rules of interpretation apply in this DPA.
“Business Purpose” means the services described in the Master Agreement or any other purpose specifically identified in Appendix A.
“Customer” shall mean the Customer defined in the Master Agreement or Order Form, and who shall determine the purpose and means of the Processing of Personal Information.
“Data Subject” means an individual who is the subject of Personal Information.
“Personal Information” means any information the Provider processes for the Customer that (a) identifies or relates to an individual who can be identified directly or indirectly from that data alone or in combination with other information in the Provider’s possession or control or that the Provider is likely to have access to, or (b) the relevant Privacy and Data Protection Requirements otherwise define as protected personal information.
“Processing, processes, or process” means any activity that involves the use of Personal Information or that the relevant Privacy and Data Protection Requirements may otherwise include in the definition of processing, processes, or process. It includes obtaining, recording, or holding the data, or carrying out any operation or set of operations on the data including, but not limited to, organizing, amending, retrieving, using, disclosing, erasing, or destroying it. Processing also includes transferring Personal Information to third parties.
“Privacy and Data Protection Requirements” means all applicable federal, state, and international laws and regulations relating to the processing, protection, or privacy of Personal Information, including where applicable, the guidance and codes of practice issued by regulatory bodies in any relevant jurisdiction.
“Provider” shall mean BrainStorm, Inc., a Delaware corporation with offices located at Ten South Center Street, American Fork, Utah 84003, who shall process Personal Information on behalf of the Customer.
“Security Breach” means any act or omission that compromises the security, confidentiality, or integrity of Personal Information or the physical, technical, administrative, or organizational safeguards put in place to protect it. The loss of or unauthorized access, disclosure, or acquisition of Personal Information is a Security Breach whether or not the incident rises to the level of a security breach under the Privacy and Data Protection Requirements.
- This DPA is subject to the terms of the Master Agreement and is incorporated into the Master Agreement. Interpretations and defined terms set forth in the Master Agreement apply to the interpretation of this DPA.
- The Appendices form part of this DPA and will have effect as if set out in full in the body of this DPA. Any reference to this DPA includes the Appendices.
- A reference to writing or written includes email but not messages sent via fax.
- In the case of conflict or ambiguity between:
- any provision contained in the body of this DPA and any provision contained in the Appendices, the provision in the body of this DPA will prevail;
- the terms of any accompanying invoice or other documents annexed to this DPA and any provision contained in the Appendices, the provision contained in the Appendices will prevail;
- any of the provisions of this DPA and the provisions of the Master Agreement, the provisions of this DPA will prevail; and
- any of the provisions of this agreement and any executed Standard Contractual Clauses, the provisions of the executed Standard Contractual Clauses will prevail.
- Personal Information Types and Processing Purposes
- The Customer retains control of the Personal Information and remains responsible for its compliance obligations under the applicable Privacy and Data Protection Requirements, including providing any required notices and obtaining any required consents, and for the processing instructions it gives to the Provider.
- Appendix A describes the general Personal Information categories and Data Subject types the Provider may process to fulfill the Business Purposes of the Master Agreement.
- Provider’s Obligations
- The Provider will only process the Personal Information to the extent, and in such a manner, as is necessary for the Business Purposes in accordance with the Customer’s instructions. The Provider will not process the Personal Information for any other purpose or in a way that does not comply with this DPA or the Privacy and Data Protection Requirements. The Provider will promptly notify the Customer if, in its opinion, the Customer’s instruction would not comply with the Privacy and Data Protection Requirements.
- The Provider shall promptly comply with any Customer request or instruction requiring the Provider to amend, transfer, or delete the Personal Information, or to stop, mitigate, or remedy any unauthorized processing.
- The Provider will maintain the confidentiality of all Personal Information and will not disclose Personal Information to third parties unless the Customer or this DPA specifically authorizes the disclosure, or as required by law. If a law requires the Provider to process or disclose Personal Information, the Provider shall first inform the Customer of the legal requirement and give the Customer an opportunity to object or challenge the requirement, unless the law prohibits such notice.
- The Provider will reasonably assist the Customer with meeting the Customer’s compliance obligations under the Privacy and Data Protection Requirements, taking into account the nature of the Provider’s processing and the information available to the Provider.
- The Provider will promptly notify the Customer of any changes to Privacy and Data Protection Requirements that may adversely affect the Provider’s performance of the Master Agreement.
- The Customer acknowledges that the Provider is under no duty to investigate the completeness, accuracy, or sufficiency of any specific Customer instructions from Authorized Persons or the Personal Information other than as required under the Privacy and Data Protection Requirements.
- Provider’s Employees
- The Provider will limit Personal Information access to:
- those employees who require Personal Information access to meet the Provider’s obligations under this DPA and the Master Agreement; and
- the part or parts of the Personal Information that those employees strictly require for the performance of their duties.
- The Provider will ensure that all employees:
- are informed of the Personal Information’s confidential nature and use restrictions;
- have undertaken training on the Privacy and Data Protection Requirements relating to handling Personal Information and how it applies to their particular duties; and
- are aware both of the Provider’s duties and their personal duties and obligations under the Privacy and Data Protection Requirements and this DPA.
- The Provider will take reasonable steps to ensure the reliability, integrity, and trustworthiness of all of the Provider’s employees with access to the Personal Information.
- The Provider will limit Personal Information access to:
- The Provider will maintain appropriate technical and organizational measures designed to safeguard Personal Information against unauthorized or unlawful processing, access, copying, modification, storage, reproduction, display, or distribution, and against accidental loss, destruction, or damage. These shall include any security measures set out in Appendix . The Provider will periodically review these measures at least annually to ensure they remain current and complete.
- The Provider will immediately notify the Customer if it becomes aware of any advance in technology and methods of working, which indicate that the parties should adjust their security measures.
- The Provider will take reasonable precautions to preserve the integrity of any Personal Information it processes and to prevent any corruption or loss of the Personal Information, including but not limited to establishing effective back-up and data restoration procedures.
- Security Breaches and Personal Information Loss
- The Provider will promptly notify the Customer if any Personal Information is lost or destroyed or becomes damaged, corrupted, or unusable. The Provider will restore such Personal Information at its own expense.
- The Provider will immediately notify the Customer if it becomes aware of:
- any unauthorized or unlawful processing of the Personal Information; or
- any Security Breach.
- Immediately following any unauthorized or unlawful Personal Information processing or Security Breach, the parties will co-ordinate with each other to investigate the matter. The Provider will reasonably co-operate with the Customer in the Customer’s handling of the matter, including:
- assisting with any investigation;
- providing the Customer with physical access to any facilities and operations affected;
- facilitating interviews with the Provider’s employees, former employees and others involved in the matter; and
- making available all relevant records, logs, files, data reporting, and other materials required to comply with all Privacy and Data Protection Requirements or as otherwise reasonably required by the Customer.
- The Provider will not inform any third party of any Security Breach without first obtaining the Customer’s prior written consent, except when law or regulation requires it.
- The Provider agrees that the Customer has the sole right to determine:
- whether to provide notice of the Security Breach to any Data Subjects, regulators, law enforcement agencies, or others, as required by law or regulation or in the Customer’s discretion, including the contents and delivery method of the notice; and
- whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy.
- The Provider will cover all reasonable expenses associated with the performance of the obligations under clause 2 and 6.3, unless the matter arose from the Customer’s specific instructions, negligence, willful default, or breach of this DPA, in which case the Customer will cover all reasonable expenses.
- The Provider will also reimburse the Customer for actual reasonable expenses the Customer incurs when responding to and mitigating damages, to the extent that the Provider caused a Security Breach, including all costs of notice and any remedy as set out in clause 5.
- Cross-Border Transfers of Personal Information
- If the Privacy and Data Protection Requirements restrict cross-border Personal Information transfers, the Customer will only transfer that Personal Information to the Provider under the following conditions:
- the Provider, either through its location or participation in a valid cross-border transfer mechanism under the Privacy and Data Protection Requirements, as identified in Appendix A, may legally receive that Personal Information, however the Provider will immediately inform the Customer of any change to that status;
- the Customer obtained valid Data Subject consent to the transfer under the Privacy and Data Protection Requirements; or
- the transfer otherwise complies with the Privacy and Data Protection Requirements for the reasons set forth in Appendix A.
- The Provider will not transfer any Personal Information to another country unless the transfer complies with the Privacy and Data Protection Requirements. In Appendix A, the Provider shall identify the legal basis supporting any transfers it makes and will promptly inform the Customer of any change to that status.
- If the Privacy and Data Protection Requirements restrict cross-border Personal Information transfers, the Customer will only transfer that Personal Information to the Provider under the following conditions:
- The Provider may only authorize a third party (subcontractor) other than those set forth in Appendix A to process the Personal Information if:
- the Customer is given an opportunity to object within 14 days after the Provider supplies the Customer with details regarding the subcontractor’s proposed role with respect to the Personal Information, contact information for the subcontractor’s data protection officer or other data-protection point-of-contact, and the terms on which the subcontractor shall be able to process the Personal Information;
- the Provider enters into a written contract with the subcontractor that contains terms substantially the same as those set out in this DPA and, upon the Customer’s written request, provides the Customer with copies of such contracts;
- the Provider maintains control over all Personal Information it entrusts to the subcontractor; and
- the subcontractor’s contract terminates automatically on termination of this DPA for any reason.
- The Provider shall list all subcontractors that it anticipates using to carry out the Business Purposes in Appendix A and include each subcontractor’s name and location and contact information for the person responsible for privacy and data protection compliance. The Customer’s agreement to this DPA shall authorize the Provider to use the subcontractors as described in Appendix A.
- If a subcontractor fails to fulfill its obligations under such written agreement, the Provider remains responsible to the Customer for the subcontractor’s performance of its obligations.
- Upon the Customer’s written request, the Provider will audit a subcontractor’s compliance with its obligations regarding the Customer’s Personal Information and provide the Customer with a summary of the audit results.
- The Provider may only authorize a third party (subcontractor) other than those set forth in Appendix A to process the Personal Information if:
- Complaints, Data Subject Requests, and Third-Party Rights
- The Provider shall notify the Customer promptly if it receives any complaint, notice, or communication that directly or indirectly relates to the Personal Information processing or to either party’s compliance with the Privacy and Data Protection Requirements.
- The Provider will notify the Customer within 5 working days if it receives a request from a Data Subject regarding their Personal Information unless the Provider is able to fully handle and respond to such request.
- The Provider will give the Customer its full co-operation and assistance in responding to any complaint, notice, communication, or Data Subject request.
- The Provider shall not disclose the Personal Information to any Data Subject or to a third party unless the disclosure is either at the Customer’s request or instruction, permitted by this DPA, or is otherwise required by law.
- Term and Termination
- This DPA will remain in full force and effect so long as:
- the Master Agreement remains in effect; or
- the Provider retains any Personal Information related to the Master Agreement in its possession or control (the “Term”).
- Any provision of this DPA that expressly or by implication should come into or continue in force on or after termination of the Master Agreement in order to protect Personal Information will remain in full force and effect.
- If a change in any Privacy and Data Protection Requirement prevents either party from fulfilling all or part of its Master Agreement obligations, the parties will suspend the processing of Personal Information until that processing complies with the new requirements. If the parties are unable to bring the Personal Information processing into compliance with the Privacy and Data Protection Requirement within a reasonable time, they may terminate the Master Agreement upon written notice to the other party.
- This DPA will remain in full force and effect so long as:
- Data Return and Destruction
- At the Customer’s request, the Provider will give the Customer a copy of or access to all or part of the Customer’s Personal Information in its possession or control in the format and on the media reasonably specified by the Customer.
- On termination of the Master Agreement for any reason or expiration of its term, the Provider will securely destroy or, if directed in writing by the Customer, return and not retain, all or any Personal Information related to this agreement in its possession or control, except for one copy that it may retain and use for audit purposes only.
- If any law, regulation, or government or regulatory body requires the Provider to retain any documents or materials that the Provider would otherwise be required to return or destroy, it will notify the Customer in writing of that retention requirement, giving details of the documents or materials that it must retain, the legal basis for retention, and establishing a specific timeline for destruction once the retention requirement ends. The Provider may only use this retained Personal Information for the required retention reason or audit purposes.
- If Customer requests, the Provider will certify in writing that it has destroyed the Personal Information within 14 days after receiving the Customer’s request.
- The Provider will keep detailed, accurate, and up-to-date records regarding any processing of Personal Information it carries out for the Customer, including but not limited to, the access, control, and security of the Personal Information, approved subcontractors and affiliates, the processing purposes, and any other records required by the applicable Privacy and Data Protection Requirements (the “Records”).
- The Provider will ensure that the Records are sufficient to enable the Customer to verify the Provider’s compliance with its obligations under this DPA.
- The Customer and the Provider shall review the information listed in the Appendices to this DPA annually to confirm its current accuracy and update it if required to reflect current practices.
- At least annually, the Provider will audit its Personal Information processing practices and the information technology and information security controls for all facilities and systems used in complying with its obligations under this DPA, including, but not limited to, obtaining a network-level vulnerability assessment performed by a recognized third-party audit firm based on recognized industry best practices.
- Upon the Customer’s written request, the Provider will make the relevant audit reports available to the Customer for review. The Customer will treat such audit reports as the Provider’s confidential information under this Agreement.
- The Provider will promptly address any issues, concerns, or exceptions noted in the audit reports with the development and implementation of a corrective action plan by the Provider’s management.
- The Provider warrants and represents that:
- its employees, subcontractors, agents, and any other person or persons accessing Personal Information on its behalf are reliable and trustworthy and have received the required training on the Privacy and Data Protection Requirements relating to the Personal Information; and
- it and anyone operating on its behalf will process the Personal Information in compliance with both the terms of this DPA and all applicable Privacy and Data Protection Requirements and other laws, enactments, regulations, orders, standards, and other similar instruments; and
- it has no reason to believe that any Privacy and Data Protection Requirements prevent it from providing any of the Master Agreement’s contracted services; and
- considering the current technology environment and implementation costs, it will take appropriate technical and organizational measures to prevent the unauthorized or unlawful processing of Personal Information and the accidental loss or destruction of, or damage to, Personal Information, and ensure a level of security appropriate to:
- the harm that might result from such unauthorized or unlawful processing or accidental loss, destruction, or damage; and
- the nature of the Personal Information protected; and
- comply with all applicable Privacy and Data Protection Requirement and its information and security policies, including the security measures required in clause 1.
- The Customer warrants and represents that the Provider’s expected use of the Personal Information for the Business Purpose and as specifically instructed by the Customer will comply with all Privacy and Data Protection Requirements.
- The Provider warrants and represents that:
- The Provider agrees to indemnify the Customer against all costs, claims, damages, or expenses incurred by the Customer or for which the Customer may become liable due to any failure by the Provider or its employees, subcontractors, or agents to comply with any of its obligations under this DPA or applicable Privacy and Data Protection Requirements.
- The limitations on liability set forth in the Master Agreement shall apply to this DPA’s indemnity or reimbursement obligations.
- Any notice or other communication given to a party under or in connection with this DPA shall be in writing and delivered to:
For the Customer: (i) to the points of contact Customer designates in the Master Agreement or Order Form, or (ii) to the Customer’s Admins such as Customer may identify in the QuickHelp Admin Portal;
For the Provider: BrainStorm, Inc. Ten South Center Street, American Fork, Utah 84003, firstname.lastname@example.org.
- Clause 1 does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.
Personal Information Processing Purposes and Details
Business Purposes: To provide Customer with the Service, as set forth in the Master Agreement.
Personal Information Categories: The personal data transferred includes the name, work email, title, department, IP address, and other data in an electronic form in the context of Provider’s Service.
Data Subject Types: The data subjects include Customer’s representatives and end-users, primarily Customer’s employees, but also, potentially, contractors, affiliates and their affiliate’s employees and contractors, and collaborators thereof.
Approved Subcontractors: Microsoft Azure (hosting services); Google Analytics (data analytics); HubSpot (communications platform within the Service), and SendGrid (email messaging tool within the Service)
Provider’s legal basis for receiving Personal Information with cross-border transfer restrictions: EU/US Privacy Shield Certified
Provider will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of the data uploaded to the service, as described in the Master Agreement or in this DPA, or otherwise made reasonably available by Provider. The security practices described int his Appendix B are currently observed by Provider. Although it reserves the right to modify or update these practices, Provider will not materially decrease the overall security of the Service during a subscription term.
PHYSICAL ACCESS CONTROLS: QuickHelp is hosted in Microsoft Azure, a multi-tenant environment. The physical and environmental security controls are audited for SOC 2 Type II compliance, among other certifications.
SYSTEM ACCESS CONTROLS: Access controls within the Service are designed to permit role-based access control using least privileged access principals. Provider utilizes multi-factor authentication for access to management system portals.
DATA ACCESS CONTROLS: Users of the Service have access to non-public data via the application. Customers and their users are not allowed direct access to the underlying infrastructure of the Service. Only Provider has direct access to Customer data and Customer’s Personal Information. The authorization protocols is designed to permit only designated individuals access to the underlying infrastructure. Authorization to data sets is performed through validating the user’s permissions against the attributes associated with each data set.
TRANSMISSION CONTROLS: Provider encrypts all QuickHelp data and Personal Information at rest and in-transit using HTTPS encryption.
INPUT CONTROLS: Provider logs information regarding system behavior, system authentication, and other application requests. Utilizing Azure Threat Detection, Provider is able to monitor and be responsive to malicious, unintended, or anomalous activities. Provider also maintains a record of security incidents. Any suspected or confirmed security incident is investigated by Provider’s personnel, who then identify appropriate steps to resolve the incident and minimize damage or unauthorized disclosure (if any).
DATA BACKUPS. By hosting the Service in Azure, Provider is able to ensure redundancy and fail-over protections, including geo-redundancy. All databases are backed up and maintained using industry standard methods.
Standard Contractual Clauses
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.
The Customer, as defined in the Subscription Agreement (the “data exporter”)
BrainStorm, Inc., 10 South Center Street, American Fork, Utah 84003, United States (the “data importer”)
each a “party”; together “the parties”,
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
Clause 1: Definitions
For the purposes of the Clauses:
- ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
- ‘the data exporter’ means the controller who transfers the personal data;
- ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
- ‘the subprocessor’ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
- ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
- ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Clause 2: Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Clause 3: Third-party beneficiary clause
- The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
- The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
- The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
- The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Clause 4: Obligations of the data exporter
The data exporter agrees and warrants:
- that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
- that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
- that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
- that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
- that it will ensure compliance with the security measures;
- that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
- to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
- to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
- that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
- that it will ensure compliance with Clause 4(a) to (i).
Clause 5: Obligations of the data importer
The data importer agrees and warrants:
- to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
- that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
- that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
- that it will promptly notify the data exporter about: (i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation, (ii) any accidental or unauthorised access, and (iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;
- to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
- at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
- to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
- that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
- that the processing services by the subprocessor will be carried out in accordance with Clause 11;
- to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
Clause 6: Liability
- The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
- If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
- If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
Clause 7: Mediation and jurisdiction
- The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject: (a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority; (b) to refer the dispute to the courts in the Member State in which the data exporter is established.
- The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Clause 8: Cooperation with supervisory authorities
- The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
- The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
- The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).
Clause 9: Governing Law
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
Clause 10: Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
Clause 11: Sub-processing
- The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement.
- The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
- The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
- The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.
Clause 12: Obligation after the termination of personal data processing services
- The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
- The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
Appendix 1 to the Standard Contractual Clauses
This Appendix forms part of the Clauses.
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.
The data exporter is the Customer listed under the DPA.
The data importer is BrainStorm, Inc.
Please see Appendix A of the DPA.
Categories of data
Please see Appendix A of the DPA.
Special categories of data (if appropriate)
The parties do not anticipate the transfer of special categories of data.
Please see Appendix A of the DPA.
Appendix 2 to the Standard Contractual Clauses
This Appendix forms part of the Clauses.
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
Please see Appendix B of the DPA.
BRAINSTORM CONTENT SUBMISSION POLICY
This Content Submission Policy (this “Policy”) covers any Content (as defined below) submitted by you, the customer (“You”), a user of BrainStorm, Inc.’s (“BSI”) online, cloud-based QuickHelp™ software application (the “Service”), and is incorporated by reference to the QuickHelp Subscription Agreement (the “Agreement”) covering the Service. Terms not otherwise defined in this Policy shall have the meaning as set forth in the Agreement.
The Service, among other things, allows certain authorized users to submit content to the Service and BSI is willing to allow You to submit content to the Service and to otherwise access and use the additional functionality of the Service in accordance with the terms of the Agreement and this Policy. Except as otherwise provided in this Policy, the terms of the Agreement will continue to govern Customer’s and Your access to and use of the Service. Unless otherwise agreed to in a separate writing between BSI and Customer, this Policy sets out the general duties that all of Customer’s users of the Service must follow with regard to any Content they submit to the Service.
BY SUBMITTING CONTENT TO THE SERVICE, YOU ACCEPT AND AGREE TO THE TERMS AND CONDITIONS OF THIS POLICY. IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS, YOU MAY NOT UPLOAD OR SUBMIT ANY CONTENT TO THE SERVICE.
- The Service contains interactive features that allow users to post, upload, submit, publish, display, or transmit content or other materials on or through the Service and that allow BSI to deliver the Content back to Customer and its users. All Content must comply with the Content Standards set forth in paragraph 4 below (the “Content Standards”). You are responsible for any Content submitted or contributed to the Service by You, including its legality, reliability, accuracy, and appropriateness. BSI is not responsible or liable for the content or accuracy of any Content posted by Customer, You or any other users. For purposes of this Policy, “Content” means all data, text, information, images, audio and video clips, sounds, musical works, works of authorship, links, and other content or materials that is created or originally provided by You or any other user of the Service and submitted, uploaded, posted or displayed on or via the Service. Content shall not include any content prepared or created by or for BSI or that is originally provided to You or Customer by BSI.
- Reservation of Rights; License to Use. By providing Content to BSI via the Service, You represent and warrant that You or Customer own or control all rights in and to the Content uploaded or posted on or through the Service. Except for Content, as between the parties, BSI and its licensors own and retain all right, title and interest in and to all other content created, submitted, uploaded, posted or displayed by, to, on or through the Service. BSI does not claim ownership of any Content posted on or uploaded to the Service by You, Customer or any other user of the Service. Instead, and only as necessary for BSI to provide the Service, You and Customer hereby grant to BSI a worldwide, assignable, sublicensable, royalty-free, irrevocable, perpetual license to display, perform, reproduce, distribute, transmit, create Derivatives of, provide user access to, and otherwise use Content and any Derivatives. For purposes of the Agreement, the term “Derivatives” of any subject matter shall mean and include, without limitation, all derivatives, enhancements, extensions, improvements, modifications, new products and the like, that to any extent incorporate or are based on or related to any portion of that subject matter.
- You agree not to upload any Content to the Service that (i) violates any applicable federal, state, local, or international law or regulation (including, without limitation, any laws regarding the export of data or software to and from the United States or other countries), including, but not limited to, copyright and trademark laws, (ii) does not comply with the Content Standards, (iii) introduces any viruses, Trojan horses, worms, logic bombs, or other material that is malicious or technologically harmful, or attempts to gain unauthorized access to any parts of the Service, or (iv) otherwise interferes with the proper working of the Service.
- Content Standards. Content must not (i) contain any material that is defamatory, obscene, indecent, abusive, offensive, harassing, violent, hateful, inflammatory, or otherwise objectionable, (ii) promote or contain any sexually explicit or pornographic material, violence, or discrimination based on race, sex, religion, nationality, disability, sexual orientation, or age, (iii) infringe any patent, trademark, trade secret, copyright, or other intellectual property or other rights of any other person, (iv) violate the legal rights (including the rights of publicity and privacy) of others or contain any material that could give rise to any civil or criminal liability under applicable laws or regulations or that otherwise may be in conflict with the Agreement, (v) be likely to deceive any person, (vi) promote any illegal activity, or advocate, promote, or assist any unlawful act, (vii) cause annoyance, inconvenience, or needless anxiety or be likely to upset, embarrass, alarm, or annoy any other person, (viii) impersonate any person, or misrepresent Customer’s or any user’s identity or affiliation with any person or organization, (ix) involve commercial activities, advertising or sales, such as contests, sweepstakes and other sales promotions, or (x) give the impression that Content emanates from or is endorsed by BSI or any other person or entity. The foregoing restrictions are collectively referred to as the “Content Standards.”
- Violations of this Policy may, at BSI’s sole discretion, result in the suspension or termination of Your and/or Customer’s access to the Service and/or immediate removal of Content. If Content uploaded by You violates this Policy, You and/or Customer will bear legal responsibility for that Content. By uploading Content to the Service, You and Customer agree that BSI is not responsible for Content uploaded.
- Changes and Updates to This Policy. BSI reserves the right, in its sole discretion, to change the terms and conditions contained in this Policy from time to time. Unless BSI makes a change for legal or administrative reasons, BSI will provide reasonable advance notice before the updated terms to this Policy become effective (“Updated Policy Terms”). All Updated Policy Terms will be posted to the Service, and will be effective as of the time of posting, or such later date as may be specified in the Updated Policy Terms.
THREAT DEFENSE SERVICES ADDENDUM
The following terms apply to the Professional Services to be provided by BrainStorm to Customer. This addendum (this “Addendum”) is incorporated into BrainStorm Subscription Agreement (the “Agreement”) above.
The parties hereby agree as follows:
- Capitalized terms used but not defined in this Addendum have the meanings given in the Agreement.
- “Third Party Marks” shall mean any of the following that are owned by a person or entity other than BrainStorm or Customer (a) trademarks, service marks, trade dress, trade names, and other indicia of source or origin, and (b) internet domain names, social media accounts, and usernames (including “handles”).
- “Threat Defense Service” shall mean those phishing simulation services, including, but not limited to, content, campaigns, and assessments, identified in an Order Form as being included in Customer’s purchase and that are provided by BrainStorm to Customer via the Cloud Service.
- THE THREAT DEFENSE SERVICE
- Provision of the Threat Defense Service. Subject to the terms and conditions of the Agreement, this Addendum and the applicable Order Form, and upon Customer’s payment of the applicable fees set forth in Section 2.2. below, BrainStorm shall make the Threat Defense Service available to Customer via the Internet during the Term. Customer agrees that its purchase of a subscription to the Threat Defense Service is neither contingent on the delivery of any future functionality or features nor dependent on any oral or written comments made by BrainStorm regarding future functionality or features.
- Fees and Payment. In consideration of BrainStorm’s performance of the Threat Defense Service, Customer agrees to pay BrainStorm the Fees described in the applicable Order Form (the “Threat Defense Service Fees”). Except as otherwise specified in an Order Form, the fees are based on the type of license, the applications included in the Threat Defense Service, and/or the number of subscriptions purchased and not on actual usage, and payment obligations are non-cancelable and fees paid for the Cloud Service are non-refundable.
- Limitation of BrainStorm Content. Customer’s rights under this Addendum to Threat Defense Service entitles Customer to access only the content expressly listed in the Order Form. The All content and data associated with the Threat Defense Service, including the remedial training content, is hosted and accessed via the Cloud Service. Customer recognizes that, due to technical, BrainStorm cannot currently partition off and block Customer from accessing the BrainStorm Content generally available in the Cloud Service beyond the content associated with the Threat Defense Service. Therefore, Customer agrees that should Customer or its Users access any BrainStorm Content not expressly authorized in the Order Form, then BrainStorm shall have the right to charge Customer the applicable Fees (at the then current rate) for access to the Cloud Service for the remainder of the Term.
- Services Support. Support is limited to the points of contact agreed to by the parties and is generally not available to Customer’s Users. Customer’s point of contact may reach the support helpdesk email@example.com. Except as provided herein and in Section 2. of this Addendum, BrainStorm shall have no other maintenance or support obligations to Customer.
- Updates to the Threat Defense Service. BrainStorm will support, maintain, upgrade, and update the Threat Defense Service as appropriate and in BrainStorm’s sole determination in order to fulfill its obligations under this Addendum and the Agreement.
- PROPRIETARY RIGHTS, RESPONSIBILITIES, & SUGGESTIONS
- Reservation of Rights. As between the parties, the Threat Defense Service (including without limitation, any updates, upgrades modifications, customizations, and improvements thereto) and all intellectual property rights therein, are and will remain the sole property of BrainStorm, and no rights are granted to Customer with respect to the Threat Defense Service, or the intellectual property rights therein, other than the limited rights and licenses specified in this Addendum or the Agreement. Customer will not access or use the Threat Defense Service except as expressly permitted by this Addendum or the Agreement.
- Customer Responsibilities. In addition to the Customer Responsibilities set forth elsewhere in this Threat Defense Service Addendum, Customer shall (i) be responsible for Customer’s and its Users’ compliance with this Addendum and the Agreement and all applicable laws and regulations, (ii) use commercially reasonable efforts to prevent unauthorized access to or use of the Threat Defense Service, and notify BrainStorm promptly of any such known or suspected unauthorized access or use, and (iii) be responsible for Customer’s and Users’ use of the Threat Defense Service, including, without limitation, Customer shall solely be responsible for any use of the Threat Defense Service that is in violation of applicable laws and regulations.
- Customer shall not, and shall not permit any third party to (i) access or use the Threat Defense Service except, except for its Users, and as permitted herein or in an Order Form, (ii) create derivative works based on the Threat Defense Service, (iii) copy, frame, mirror or otherwise distribute any part or content of the Threat Defense Service, (iv) reverse engineer the Threat Defense Service, or (v) access the Threat Defense Service in order to (a) build a competitive product or service, or (b) copy any content, features, functions or graphics of the Threat Defense Service.
- Suggestions. BrainStorm shall have a royalty-free, worldwide, transferable, sub-licenseable, irrevocable, perpetual license to use or incorporate into the Threat Defense Service any suggestions, enhancement requests, recommendations or other feedback provided by Customer, including Users, relating to the operation of the Threat Defense Service.
- THIRD PARTY MARKS.
- Customer is not obligated, but may choose, to utilize certain Third Party Marks in the Threat Defense Service. Customer acknowledges that (a) all such Third Party Marks are registered or unregistered trademarks of their respective owners, (b) BrainStorm does not have an express license and neither BrainStorm nor Customer has been expressly authorized by the owners of the Third Party Marks to use the Third Party Marks in the Threat Defense Service, and (c) use of the Third Party Marks does not imply any affiliation with or sponsorship or endorsement by the owners of the Third Party Marks. Any references to Third Party Marks in the Threat Defense Service are provided for informational purposes only. These references do not represent the opinions of BrainStorm. Such references are neither an endorsement or approval by BrainStorm.
- NOTWITHSTANDING ANYTHING IN THE AGREEMENT OR THIS ADDENDUM TO THE CONTRARY, BrainStorm DISCLAIMS ALL REPRESENTATIONS AND WARRANTIES, WHETHER WRITTEN, ORAL, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, CONCERNING THE THIRD PARTY MARKS, INCLUDING ALL IMPLIED WARRANTIES THAT THE THIRD PARTY MARKS AND/OR THE USE OF THE THIRD PARTY MARKS WILL NOT INFRINGE OR OTHERWISE VIOLATE THE RIGHTS OF ANY PERSON OR APPLICABLE LAWS.
- NOTWITHSTANDING ANYTHING IN THE AGREEMENT OR THIS ADDENDUM TO THE CONTRARY, TO THE FULLEST EXTENT PERMITTED BY LAW, BRAINSTORM WILL HAVE NO LIABILITY WHATSOEVER TO CUSTOMER OR ANY OTHER PERSON FOR OR ON ACCOUNT OF INJURY, LOSS, OR DAMAGE ARISING OUT OF OR IN CONNECTION WITH OR RESULTING FROM THE THIRD PARTY MARKS AND/OR THEIR USE, INCLUDING, WITHOUT LIMITATION, ANY INJURY TO OR LOSS OF GOODWILL, REPUTATION, BUSINESS, PRODUCTION, REVENUES, PROFITS, ANTICIPATED PROFITS, CONTRACTS, OR OPPORTUNITIES, OR FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, SPECIAL, PUNITIVE, OR ENHANCED DAMAGES WHETHER ARISING OUT OF BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, VIOLATION OF APPLICABLE LAW, OR OTHERWISE, REGARDLESS OF WHETHER SUCH LOSS OR DAMAGE WAS FORESEEABLE OR THE PARTY AGAINST WHOM SUCH LIABILITY IS CLAIMED HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE, AND NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE.
- Notwithstanding anything in the Agreement (including, without limitation, Section 7.1) and this Addendum to the contrary, Customer shall indemnify, defend, and hold harmless BrainStorm from and against any and all losses, damages, liabilities, deficiencies, claims, actions, judgments, settlements, interest, awards, penalties, fines, costs, or expenses of whatever kind, including reasonable attorneys’ fees, arising out of or in connection with Customer’s or its designee’s use of the Third Party Marks, including, without limitation, any infringement, dilution, violation of any intellectual property rights, or other violation of applicable law.
- CUSTOMER ACKNOWLEDGES THAT THIS SECTION 4 REPRESENTS THE NEGOTIATED ASSIGNMENT OF RISK BETWEEN THE PARTIES WITH REGARD TO THE THIRD PARTY MARKS AND BRAINSTORM WOULD NOT ENTER INTO THIS ADDENDUM WITHOUT IT.
- REPRESENTATIONS AND WARRANTIES
- Performance of the Threat Defense Services. BrainStorm warrants that it will perform the Threat Defense Services:
- In accordance with the terms and subject to the conditions set out in the applicable Order Form, this Addendum, and the Agreement.
- Using personnel of industry standard skill, experience, and qualifications.
- In a timely, workmanlike, and professional manner in accordance with generally recognized industry standards for similar services.
- BrainStorm’s sole and exclusive liability and Customer’s sole and exclusive remedy for breach of this warranty shall be as follows:
- BrainStorm shall use commercially reasonable efforts to promptly cure any such breach; provided, that if BrainStorm cannot cure such breach within a reasonable time after Customer’s written notice of such breach, Customer may, at its option, terminate this Addendum by serving written notice of termination in accordance with the terms of the Agreement.
- In the event the Agreement is terminated pursuant to Section 2.4 above, BrainStorm shall within thirty (30) days after the effective date of termination, refund to Customer any fees paid by Customer as of the date of termination for the Threat Defense Services, less a deduction equal to the fees for BrainStorm’s performance of such Threat Defense Services up to and including the date of termination on a pro-rated basis.
- The foregoing remedy shall not be available unless Customer provides written notice of such breach within thirty (30) days after delivery or performance of such Threat Defense Services.
- NO WARRANTIES. IN ADDITION TO SECTION 3.6.3 OF THE AGREEMENT AND SECTION 4.2 OF THIS ADDENDUM, BRAINSTORM EXPRESSLY DISCLAIMS ANY REPRESENTATION OR WARRANTY AS TO WHETHER (I) THE INFORMATION ACCESSIBLE OR PROVIDED VIA THE THREAT DEFENSE SERVICES IS ACCURATE, RELIABLE, COMPLETE, OR CURRENT, (II) USE OF THE THREAT DEFENSE SERVICES OR THE ASSOCAITED BRAINSTORM CONTENT WILL BE UNINTERRUPTED OR ERROR-FREE, (C) THE THREAT DEFENSE SERVICES AND ASSOCIATED BRAINSTORM CONTENT WILL BE AVAILABLE AT ANY PARTICULAR TIME, OR (D) THE THREAT DEFENSE SERVICES ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. BRAINSTORM WILL BE LIABLE WITH RESPECT TO ANY DECISIONS MADE BY CUSTOMER OR ANY OTHER PERSON AS A RESULT OF RELIANCE ON THE THREAT DEFENSE SERVICES AND BRAINSTORM MATERIAL.
- Performance of the Threat Defense Services. BrainStorm warrants that it will perform the Threat Defense Services:
- TERM AND TERMINATION. The term of this Addendum will be coterminous with the Agreement. Unless otherwise terminated as provided in the Agreement or this Addendum, this Addendum commences on the Effective Date and continues until the expiration of the term specified in the applicable Order Form. Any termination of this Addendum shall not affect the Agreement or any other Addendum between the parties.
- INTELLECTUAL PROPERTY RIGHTS. The parties acknowledge and agree that this is a services arrangement only and that BrainStorm is not developing or preparing any deliverables that will be owned by Customer. Accordingly, the parties agree that, except as otherwise provided in the Agreement, BrainStorm and its licensors are, and shall remain, the sole and exclusive owners of all right, title, and interest in and to the Threat Defense Services and all results thereof, and any and all intellectual property rights in and to the foregoing.
- This Addendum is intended to be consistent with and supplementary to the Agreement. However, in the event of a direct conflict between language included in this Addendum and language included in the Agreement, the provisions of this Addendum will control solely with respect to the Threat Defense Service.
INSTRUCTOR-LED TRAINING TERMS AND CONDITIONS
These BrainStorm, Inc. (“BrainStorm” or “We”) Instructor-Led (“ILT”) Terms and Conditions are applicable to all ILT Services, unless otherwise mutually agreed to by the parties. For the purposes of these Terms and Conditions, “ILT Services” consists of the instructor led training services described in the attached Quote or Statement of Work (collectively, the “SOW”).
Fees & Expenses
In consideration of BrainStorm’s performance of the ILT Services, You agree to pay BrainStorm the fees and expenses described in the SOW (the “Training Fees”). All Training Fees are due and payable within 30 days of the date of the invoice. Any amounts that are unpaid after the due date shall be subject to a late fee of 1.5% per month, or the highest rate allowed by law if lower, from the due date until such amounts are paid. Without limiting its rights or remedies hereunder, BrainStorm shall have the right to suspend the Services if any payment is not received within 30 days of the invoice date. Client shall be responsible for any taxes imposed on the Services, other than taxes measured by any net income derived by BrainStorm.
ILT Services Policies
The following policies are subject to change at any time and for any reason.
All trainings must be scheduled and confirmed at least twenty (20) business days prior to the start date of the requested training. Customers scheduling a training within fifteen (15) business days of the start date will be charged a scheduling rush premium of thirty percent (30%) of the price for the services delivered and flat travel rate within the rush period.
The customer will confirm and provide BrainStorm with the training location for all onsite trainings no later than ten (10) business days prior to the start date of the training. If a customer confirms a training under (10) business days prior to the start date of the training, customers will be charged actual travel costs.
One training day is defined as a consecutive, 10-hour time period between 8:30 a.m. – 8:00 p.m. EST/EDT. This 10-hour consecutive time includes a one-hour prep period, 30-minute breaks between sessions, and a one-hour lunch break. If sessions need to be scheduled outside of these hours, this preference must be indicated upon requesting training dates. Training outside of BrainStorm’s supported training hours has an associated price premium. Finally, when delivering training outside of BrainStorm’s standard hours, the customer understands there is limited technical support available from BrainStorm.
Buzz Session - Attendee Limit
Buzz Sessions are capped at 200 attendees per session, and are priced accordingly.
Cancellation and Rescheduling Policy
Customers cancelling or rescheduling confirmed training dates within fifteen (15) business days of the start date will be charged fifty percent (50%) of the total cost of canceled or rescheduled services + non-refundable travel expenses. Canceling or rescheduling confirmed training dates within ten (10) business days of the start date will incur 100% the cost of canceled services + non-refundable travel expenses.
Recording and Distribution Policy
BrainStorm does not allow the recording or distribution of any instructor-led training service.
Curriculum Customization Policy
Any customization of the training curriculum must be finalized at least ten (10) business days prior to the start date of training. Customizations that are not finalized at least ten (10) business days prior to the start date are not guaranteed to be implemented during the training.
Online Training Policy
BrainStorm has assembled a best-in-class technology solution and has further added redundancies to ensure seamless trainings. 95% of the time these trainings are completed without incident. However, due to specific client technology setups, internet speed variability, etc., there are rare occasions where users may experience technology issues or failure.
To mitigate most issues, BrainStorm will conduct a tech check session prior to online training events and provide troubleshooting documentation to all clients. This documentation includes step-by-step resolution for common issues and tech support contact information.
In the event that a training has to be cancelled, we are unable to deliver the agreed upon curriculum, or the majority of users are unable to access the training environment due to technology issues, we will offer a make-up session to ensure all users have the opportunity to complete the training.
We monitor and evaluate our online meeting technology on an ongoing basis to ensure we are providing the best possible experience for our clients. As technology changes, we will continue to adopt best- in-class solutions.
Online Training Audio Solutions
BrainStorm’s primary audio options for virtual training are:
- VoIP (integrated computer audio)
- BrainStorm’s toll conference bridge
- Customer provided conference bridge
Please note that BrainStorm’s primary conference bridge is a toll conferencing solution. Any costs incurred by callers are based solely on the caller's long-distance plan with their provider. Most providers do not charge for long distance calling. However, if unsure, please verify with your provider that this is the case.
We recommend participants outside of the US or Canada use the VoIP solution. Using the toll conference bridge will result in a long-distance charge to callers outside of North America, rates varying by provider.
You may also choose to supply their own conference bridge for a virtual training. Note that in this case, the audio is not integrated with VoIP.
Materials; Intellectual Property Rights
As part of the ILT Services, BrainStorm may provide You with handouts or other written materials (the “Materials”). BrainStorm hereby grants You a worldwide, perpetual, non-exclusive, non-transferable, royalty-free license to retain and use all such Materials for Your internal business purposes. BrainStorm retains all ownership and all intellectual property rights in and to such Materials.
The ILT Services that BrainStorm will provide may be in support of Your purchase or license, under separate agreement(s), of BrainStorm’s QuickHelp™ software (the “Software”) and/or BrainStorm’s Quick Start™ Cards (the “Cards”). Such separate agreement(s) shall govern Your use of the Software and/or the Cards. Neither these Terms and Conditions nor any Statement of Work grants You any right or license to access or use such Software or Cards.
You acknowledge that BrainStorm’s obligations hereunder are limited to providing the Services and BrainStorm shall not be deemed to have guaranteed any results or the achievement of any certain performance levels as a result of the Services. BRAINSTORM PROVIDES THE SERVICES ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT WARRANTY OF ANY KIND. ACCORDINGLY, BRAINSTORM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE AND ANY IMPLIED WARRANTIES ARISING OUT OF COURSE OF PERFORMANCE OR COURSE OF DEALING.
BrainStorm agrees to defend You against any claim, demand, suit, or proceeding (each, a "Claim") made or brought against You by a third party alleging that the ILT Services infringe or misappropriate the intellectual property rights of such third party and to indemnify You from any damages finally awarded by a court of competent jurisdiction against You or amounts agreed to in settlement in connection with any such Claim. BrainStorm’s obligations under this Section shall only apply to the extent that: (a) You promptly notify BrainStorm in writing of the Claim; (b) BrainStorm has control of the defense and all related settlement negotiations relating to the Claim; and (c) You provide BrainStorm with the assistance, information and authority reasonably necessary to perform the above. The foregoing constitutes BrainStorm’s total liability with respect to any Claim. Should BrainStorm’s right to provide the ILT Services pursuant to these Terms and Conditions be subject to a Claim of infringement or if BrainStorm reasonably believes such a Claim of infringement may arise, BrainStorm may, at its option and in its sole discretion and at no cost to Client: (i) procure the right to continue to provide the ILT Services; (ii) modify the ILT Services to render them non-infringing; or (iii) immediately cease providing the ILT Services.
“Confidential Information” means all confidential or proprietary information disclosed orally or in writing by one Party to the other that is identified as confidential or the confidential nature of which is reasonably apparent. Confidential Information shall not include information which: (a) is or becomes a part of the public domain through no fault of the receiving Party; (b) was in the receiving Party’s lawful possession prior to the disclosure; (c) is lawfully disclosed to the receiving Party by a third party without restriction on disclosure or any breach of confidence; (d) is independently developed by the receiving Party; or (e) is required to be disclosed by law. Each Party agrees to hold the other’s Confidential Information in confidence, and to not use or disclose such Confidential Information other than in connection with the performance of its obligations hereunder.
Limitation of Liability
UNDER NO CIRCUMSTANCES SHALL BRAINSTORM BE LIABLE TO YOU WITH RESPECT TO ANY SUBJECT MATTER OF THE ILT SERVICES OR THESE TERMS AND CONDITIONS, WHETHER UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER LEGAL OR EQUITABLE THEORY, FOR (I) ANY INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, OR LOST PROFITS; OR (II) ANY AMOUNTS THAT IN THE AGGREGATE ARE IN EXCESS OF THE AMOUNTS YOU PAY TO BRAINSTORM, REGARDLESS OF WHETHER BRAINSTORM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Except for the payment of money, neither Party shall be liable for any delays or nonperformance resulting from circumstances or causes beyond its reasonable control, including, without limitation, fire or other casualty, act of God, strike or labor dispute, failures or outages of the Internet or other information transmission systems, war or other violence, or any law, order, or requirement of any governmental agency or authority.
It is understood and agreed that each Party hereto is an independent contractor and that neither Party is, nor shall be considered to be, the other’s agent, partner, fiduciary, joint venturer, co-owner, or representative. Neither Party shall act or represent itself, directly or by implication, in any such capacity or in any manner assume or create any obligation on behalf of, or in the name of, the other.
You may not assign or transfer the ILT Services or these Terms and Conditions without the prior written consent of BrainStorm, and any attempt to do so shall be void. Subject to the foregoing, the ILT Services or these Terms and Conditions shall be binding upon and inure to the benefit of the Parties hereto and their permitted successors and assigns. Any notice required to be given hereunder by either Party shall be in writing and shall be delivered personally or sent by certified or registered mail, postage prepaid, or by private courier to the other Party to the address set forth in the SOW, or to such other address as either Party may designate from time to time. No waiver of any of the provisions of these Terms and Conditions shall be deemed, or shall constitute, a waiver of any other provision, whether or not similar, nor shall any waiver constitute a continuing waiver. Any waiver, modification or amendment of any provision of the ILT Services or these Terms and Conditions shall be effective only if in writing in a document that specifically refers to the ILT Services or these Terms and Conditions and such document is signed by both of the Parties hereto. If any provision of these Terms and Conditions shall be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that these obligations shall otherwise remain in full force and effect and enforceable. The ILT Services and these Terms and Conditions shall be governed by and construed in accordance with the laws of the State of Utah, without reference to choice of law principles. The Parties hereby submit themselves to the exclusive jurisdiction of the federal and state courts located in Salt Lake City, Utah. In the event of any litigation or arbitration arising out of the ILT Services or these Terms and Conditions, the prevailing Party shall be entitled to be reimbursed for all reasonable costs and expenses, including reasonable attorneys’ fees incurred in connection with such litigation or arbitration. Without limiting the foregoing, You agrees to pay all costs and expenses incurred by BrainStorm in any attempt to collect any amount due to BrainStorm for the provision of the ILT Services, including all costs of legal action and reasonable attorneys’ fees. These Terms and Conditions constitute the full and complete understanding and agreement of the Parties hereto with respect to the subject matter covered herein and supersedes all prior oral or written understandings and agreements with respect thereto. No terms, provisions or conditions of any purchase order, acknowledgement or other business form that either of the Parties may use in connection with the Services will have any effect on the rights, duties or obligations of the Parties under, or otherwise modify, the ILT Services or these Terms and Conditions, regardless of any failure of the other Party to object to such terms, provisions or conditions. BrainStorm may, in its reasonable discretion, use subcontractors to perform any of its obligations hereunder. Your rights under these Terms and Conditions are non-exclusive and nothing herein shall be deemed to prohibit BrainStorm from providing training or other services that are similar to the ILT Services for its other customers and clients.
QUICK START CARD LICENSE AGREEMENT
PLEASE READ THIS LICENSE AGREEMENT CAREFULLY. BY UTILIZING THE LICENSED WORKS YOU ACCEPT AND AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS, YOU MAY NOT UTILIZE THE LICENSED WORKS, BUT CAN OBTAIN A REFUND.
This Quick Start Card License Agreement (this “Agreement”), is entered into by and between BrainStorm, Inc, a Delaware corporation, with principal offices at 10 South Center Street, American Fork, Utah 84003 (the “Licensor”), and YOU (the “Licensee”). This Agreement is effective as of the Effective Date of our Order Form or the date You download the Licensed Works (defined below), whichever is earlier (the “Effective Date”).
WHEREAS, Licensor owns the Quick Start Cards, which contain step-by-step instructions on how to use one or more off-the-shelf software programs on an electronic portable document format (.pdf) as further set forth Your Order Form (the “Licensed Works”). Licensee desires to license from Licensor certain rights with respect to the Licensed Works, as more fully set forth below.
NOW THEREFORE, in consideration of the covenants contained herein and other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties hereto hereby agree as follows:
- Grant of License. Subject to the terms and conditions of this Agreement, Licensor hereby grants to Licensee, under Licensor's applicable intellectual property rights, and Licensee hereby accepts from Licensor, upon the terms set forth in this Agreement, an non-exclusive, non-transferable (except as provided in Section 10(a)), non-sublicensable, time-limited, restricted, revocable, internal license to (a) host non-editable electronic copies (.pdf files) of the Licensed Works on an internal Licensee computer network, or intranet, for access by the number of authorized users set forth in Your Order Form attached hereto who are employees or independent contractors of Licensors (“Authorized Users”), and (b) print non-professional quality (e.g. inkjet, laserjet) for the sole purpose of providing computer and software training and support up to Authorized Users . Licensor shall include, and if already included, shall not remove or obscure, a copyright notice at the bottom of each Licensed Work indicating that Licensor is the copyright holder of the Licensed Works, and Licensee shall not remove or obscure such notice.
- Restrictions on Use. Licensee acknowledges that the Licensed Works constitute valuable property of Licensor. Accordingly, Licensee agrees that without Licensor’s prior written consent, it will not (a) modify, adapt, alter, translate, or create derivative works from the Licensed Works; (b) sublicense, lease, rent, loan, or otherwise transfer (except as provided in Section 10(a)) any portion of the Licensed Works or any copies (whether electronic or paper) thereof to any third party, (c) otherwise use or copy the Licensed Software except as expressly allowed in this Agreement, (d) sell, distribute, or provide access to, in part or in whole, internally or externally, professionally printed copies (e.g. card stock, laminated, etc.) of the Licensed Works, or (e) make the Licensed Works available to users who are not Authorized Users through any network or electronic media, including without limitation the Internet.
- Proprietary Rights. Licensee acknowledges and agrees that the Licensed Works and all right, title and interest therein, is and shall remain the exclusive property of Licensor. Licensee agrees never to contest Licensor’s rights in and to the Licensed Works, and agrees never to take any action that could reasonably be expected to limit or diminish Licensor’s rights in the Licensed Works.
- Payment. Licensee shall submit payment to Licensor for the Licensed Works in the amounts set forth in the invoice issued by Licensor to Licensee and in accordance with the payment terms set forth in Schedule A attached hereto.
- Term. The term of this Agreement commences on the Effective Date and shall terminate, unless sooner terminated by Licensor, on the ten (10) year anniversary hereof (the “Term”).
- Termination. Licensor may terminate this Agreement upon ten (10) days’ notice to Licensee if Licensee is in material breach of this Agreement and such breach has not been cured with such 10-day period (to the extent curable). Such termination shall not be deemed to be a waiver on Licensor’s part of any other rights or remedies it may have by reason of the circumstances on which the termination is predicated. Upon termination or expiration of this Agreement, Licensee shall immediately discontinue the use of the Licensed Works by its employees and independent contractors and remove all copies, regardless of the format or medium thereof, of the Licensed Works from its premises, servers, and cloud, and return to Licensor, within five (5) days, all the Licensed Works, including all copies thereof, regardless of the format or medium thereof. Upon termination or expiration of this Agreement, all rights granted to Licensee hereunder shall automatically revert to Licensor without further notice.
- DISCLAIMER OF WARRANTIES. LICENSOR LICENSES THE LICENSED WORKS TO LICENSEE “AS IS,” WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, AND LICENSOR HEREBY DISCLAIMS ALL OTHER WARRANTIES, EXPRESSED OR IMPLIED.
- DISCLAIMER OF DAMAGES; LIMITATION OF LIABILITY. UNDER NO CIRCUMSTANCE SHALL LICENSOR OR LICENSEE BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, EVEN IF LICENSOR OR LICENSEE, AS THE CASE MAY BE, HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. LICENSOR’S CUMULATIVE LIABILITY FOR DAMAGES FOR ANY CAUSE WHATSOEVER, AND REGARDLESS OF THE FORM OF THE ACTION, WILL BE LIMITED TO NO GREATER THAN THE AMOUNT OF MONEY PAID TO LICENSOR BY LICENSEE FOR THE LICENSED WORKS THAT CAUSED THE DAMAGES.
- Survival of Certain Provisions. Notwithstanding any provisions of this Agreement stating otherwise, the provisions of Sections 2, 3, 6, 7, 8, 9, and 10 shall survive any completion, rescission, expiration or termination of this Agreement, and be enforceable against the parties hereto.
- Miscellaneous Provisions.
(a) The parties hereto hereby certify that each has read and understands the terms hereof. Any term hereof may be amended or waived only with the written consent of both parties or their respective successors and assigns. This Agreement may be assigned only with the written consent of the both parties. This Agreement shall inure to the benefit of, and is binding upon the heirs, executors, administrators, successors, and assigns of the parties. This Agreement may be executed in two or more counterparts, each of which shall be deemed an original, and all of which together shall constitute one instrument. If any provision hereof is held by a court of competent jurisdiction to be void or unenforceable for any reason, the remaining provisions hereof shall nevertheless continue in full force and effect. This Agreement (including Schedule A and the invoice issued in connection herewith) constitutes the entire agreement between the parties hereto with respect to the subject matters covered by it, and supersedes all prior oral or written agreements between the parties hereto relating to such matters. All notices, requests and other communications to any party hereunder will be in writing and will be given to such party at its address stated in the invoice issued by Licensor to Licensee. In the event that a party hereto who is required to engage the services of legal counsel to enforce the terms and conditions hereof against the other is successful in doing so, regardless of whether such action results in litigation, such party shall be entitled to the reimbursement by the other party of all reasonable attorneys' fees and court costs incurred by the successful party. This Agreement shall be governed by the laws of the State of Utah without regard to its conflicts of laws rules. Each of the parties hereto consents to the exclusive jurisdiction and venue of the courts of the State of Utah or the Federal District Court for the District of Utah.
(b) The parties hereto acknowledge and agree that a violation of this Agreement may result in irreparable injury to the non-breaching party hereto, the exact amount of which may be difficult to ascertain and the remedies at law for which will not be reasonable or adequate compensation to the non-breaching party hereto for such a violation. Accordingly, each party hereto agrees that if it violates any of the provisions of this Agreement, in addition to any other remedy available at law or in equity, the other party hereto will be entitled to seek specific performance or injunctive relief without posting a bond, or other security, and without the necessity of proving actual damages.
TERMS & CONDITIONS:
Legal and Privacy Notices
This website is owned and operated by BrainStorm, Inc (BrainStorm) at https://www.brainstorminc.com. The material contained within this website is periodically checked for accuracy and is presented without any warranties, either expressed or implied. BrainStorm, will assume no, and hereby disclaims any, responsibility for any errors or omissions of this website's content. BrainStorm shall not be responsible for any damages incurred as a result of the content or use of this website.
By using the material at this website, all users agree to all terms and conditions contained in this website, which are subject to change without notice, as well as all applicable laws, and do so at their own risk. All changes to this legal notice will be posted to this website in a timely manner.
Materials contained within this website are intended for U.S. residents. While BrainStorm does ship internationally, any deliveries requested for addresses outside the U.S. are subject to refusal by BrainStorm, Inc.
Any link between BrainStormInc.com and any other website does not constitute an endorsement of the linked site. BrainStorm does not make and hereby disclaims any warranty as to the content of any other website linked to BrainStormInc.com. Exercise caution when communicating or interacting with any website.
This website and all information contained herein are provided "as is" and without warranties of any kind, express or implied. BrainStorm shall not be liable for any damages whatsoever arising out of or relating to the use by any person of this site, including but not limited to direct, indirect, consequential or punitive damages, including damages to hardware or software resulting from use of this site.
Any questions regarding these legal notices may be directed to:
Ten South Center
American Fork, UT
Our Pricing Policy
BrainStorm is committed to offering quality merchandise at fair, competitive prices. In most cases, the internet prices will reflect prices available by calling or otherwise contacting BrainStorm. However, there may be some exceptions. Prices and sales are subject to change without notice.
Our Return Policy
We are confident that you will be satisfied with your BrainStorm purchase. However, should you decide that the item(s) that you have purchased does not, for some reason, meet your needs, BrainStorm will accept returns for in-store credit (less original shipping amount) based on the following Return Policy:
- The item(s) is returned within thirty (30) calendar days of purchase.
- The item(s) is returned with its original BrainStorm receipt.
- The item(s) is in its original, unused condition (unless there is a product defect).
Please mail return item(s) to BrainStorm at one of the following addresses:
United States Postal Service:
Attn: Returns Department
Ten South Center
American Fork, UT
FedEx or UPS:
Attn: Returns Department
Ten South Center
American Fork, UT
Please note that return postage, and lost and damaged packages will be the responsibility of the returner. BrainStorm strongly suggests that you insure your return package. If you have any questions about BrainStorm's return policy, please email firstname.lastname@example.org.
Our Cancellation Policy
Customers cancelling within twenty (20) business days of the start date will be charged fifty percent (50%) of the total cost of services. Canceling within ten (10) business days of the start date will incur the total cost of services. Any such fee charged will not be applied to the price of any rescheduled courses. Customer will always incur any non-refundable travel expenses associated with a course cancellation.
Our Rescheduling Policy
Customers rescheduling within ten (10) business days of the start day of training will incur the cost of any non-refundable or change charges incurred for travel arrangements. Any rescheduling within five (5) business days of the start day of training will incur fifty percent (50%) of the total cost of services along with any non-refundable or change charges incurred.
Our Privacy Statement
BrainStorm will not share any information about our customers which we collect at our website with anyone. If you provide us with your personal information, comments, or requests for information, we keep your personal information private. We value your privacy as much as you do.
No unauthorized parties will be allowed access to your personal information and we will not sell or otherwise knowingly make your information available to anyone outside our organization, unless required to do so by law. As a customer, your information may be applied to our in-house marketing programs to inform you of product arrivals and other items we think you might find of interest. If you begin receiving materials from us and wish to have them stopped, simply contact us.
Privacy is of great importance on the internet. Technology is constantly changing, and we will change along with it. We will be on constant guard against piracy, and implement whatever measures are required to give you the most secure experience we can reasonably provide. We reserve the right to change this policy, and to apply any changes to information previously collected, as permitted by law.
Our site may link to other sites not controlled by BrainStorm. We are not responsible for the privacy or security practices of any other websites.
We reserve the right to change this policy at any time without notice.
The Children's Online Privacy Protection Act (COPPA)
The Children's Online Privacy Protection Act (COPPA) protects the online privacy and personal information of children under 13 years of age. In compliance with this act, BrainStorm does not promote online to children, and does not intentionally collect any personally identifiable information from children under 13.
Our Copyright Notice
The contents of this site are the property of BrainStorm and are subject to United States and worldwide laws and treaties restricting the copy, distribution, publishing and transmission of same. No portion of this site may be copied, distributed, published or transmitted without the express written consent of BrainStorm.
All of this website's content and supporting code are copyrighted by or licensed to BrainStorm and all rights are reserved. All content copies, either electronic or printed, are for personal use only. The content and supporting code contained herein may not be used in any other manner unless express written permission is obtained in advance.
Our Trademarks Policy
BrainStorm has attempted to supply trademark information about company names, products, and services mentioned on this website. The following list of trademarks was derived from various sources:
- BrainStorm, Inc. is a registered trademark of BrainStorm, Inc.
- NetWare, GroupWise, and Novell are registered trademarks of Novell, Inc. in the United States and other countries.
- Adobe is a registered trademark of Adobe Systems Incorporated. Microsoft is a registered trademark of Microsoft Corporation. All other product names mentioned herein may be trademarks or registered trademarks of their respective companies.